Report - exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click

Report Overview

Visited public
2023-09-20 02:42:34
Tags
URL
exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=
Finishing URL
www.highcpmrevenuenetwork.com/swicednn0s?key=a969ca5c9ad2611762f11b79a526e2d2&submetric=17984656
IP / ASN
88.208.45.26
#39572 DataWeb Global Group B.V.
Title
highcpmrevenuenetwork.com/swicednn0s?key=a969ca5c9ad2611762f11b79a526e2d2&submetric=17984656

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
a.darkdepthdriller.top	unknown	2023-09-19	2023-09-19 09:02:15	2023-09-19 09:02:15	1.4 kB	32 kB	172.67.163.218
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-09-19 22:18:27	3.2 kB	99 kB	216.58.207.227
c.darkdepthdriller.top	unknown	unknown	No data	No data	3.9 kB	111 kB	172.67.163.218
welcome.unibet.com	242429	1997-12-11	2017-01-30 06:39:28	2023-09-19 21:40:12	11 kB	159 kB	172.64.144.152
tndmv.exnnan.com	unknown	unknown	No data	No data	3.8 kB	43 kB	88.208.45.26
exnnan.com	unknown	2023-08-07	2023-08-17 03:13:06	2023-09-18 02:31:37	1.5 kB	14 kB	88.208.45.26
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-09-19 19:07:29	1.3 kB	90 kB	151.101.194.137
bcuiaw.com	unknown	2023-07-31	2023-07-31 21:17:58	2023-09-19 21:19:03	1.1 kB	368 B	185.162.85.14
a1s-cdn.unibet.com	283505	1997-12-11	2014-04-23 17:07:51	2023-09-19 20:44:47	1.4 kB	1.7 kB	85.184.96.5
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-09-19 18:20:22	1.0 kB	89 kB	172.64.102.11
alvsx.darkdepthdriller.top	unknown	2023-09-19	2023-09-19 09:55:45	2023-09-20 00:19:07	3.9 kB	104 kB	172.67.163.218
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-09-19 18:12:02	1.3 kB	2.8 kB	142.250.74.131
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-09-19 21:40:14	3.6 kB	82 kB	142.250.74.35
ecrwqu.com	577459	2021-11-09	2021-11-09 21:59:02	2023-09-19 09:55:43	551 B	2.6 kB	185.162.85.19
s.viidirectory.com	unknown	2023-08-10	2023-09-07 11:44:03	2023-09-19 19:27:55	3.2 kB	471 B	31.220.27.135
goto.trackpshgoto.win	unknown	2023-02-17	2023-02-19 19:00:41	2023-09-19 04:34:18	591 B	1.3 kB	20.113.67.50
d.darkdepthdriller.top	unknown	unknown	No data	No data	2.6 kB	15 kB	172.67.163.218
adserving.unibet.com	98000	1997-12-11	2015-05-26 08:56:53	2023-09-19 21:40:12	586 B	1.4 kB	13.107.213.53
www.unibet.com	318338	1997-12-11	2014-04-29 03:07:51	2023-09-19 20:44:47	8.0 kB	120 kB	85.184.96.40
www.highcpmrevenuenetwork.com	unknown	2022-12-23	2022-12-23 15:30:56	2023-09-20 04:42:09	3.9 kB	5.9 kB	173.233.137.52
alvsx.cloudpsh.top	unknown	2023-01-18	2023-01-23 00:24:08	2023-09-19 07:24:12	578 B	615 B	5.75.133.219
cdnstatic.darkdepthdriller.top	unknown	unknown	No data	No data	3.6 kB	70 kB	172.67.163.218
b.darkdepthdriller.top	unknown	unknown	No data	No data	1.3 kB	2.8 kB	172.67.163.218

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-20 02:42:17	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-09-19	medium	bcuiaw.com	Sinkholed
2023-09-20	medium	exnnan.com	Sinkholed
2023-09-19	medium	bcuiaw.com	Sinkholed
2023-09-20	medium	exnnan.com	Sinkholed
2023-09-20	medium	exnnan.com	Sinkholed
2023-09-20	medium	exnnan.com	Sinkholed
2023-09-20	medium	exnnan.com	Sinkholed
2023-09-20	medium	exnnan.com	Sinkholed
2023-09-20	medium	exnnan.com	Sinkholed
2023-09-19	medium	ecrwqu.com	Sinkholed
2023-09-19	medium	highcpmrevenuenetwork.com	Sinkholed
2023-09-19	medium	highcpmrevenuenetwork.com	Sinkholed
2023-09-19	medium	highcpmrevenuenetwork.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	From	Size	First Seen	Last Seen
	welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js	ScriptElement	5.4 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5792 Hash ac64b59c98bbe50cf69b6c98fa39585c 0a5cc9fb43b8a208481baaf752dbd504078a764b 28ac02c7302149814ed1c1b8a31b96e1ea94247c3b64888a598f66955d28312c Loading...

	welcome.unibet.com/custom.js	ScriptElement	5.9 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/custom.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5794 Hash 7bf01e92dd55d5fa298f55fbcb9afd30 4db58eaa64d33bce2d1ae88d5ed6919d8986f8dc 2c13bba84b390447c18343fd8319ca7aea45208f53fb3143ed27c354fd5b2b1f Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:87019218-37950&btag=127656177_442EA76B505C4A10AE3D41344B913399&bid=37950&campaignId=2799402&pid=87019218	ScriptElement	147 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:87019218-37950&btag=127656177_442EA76B505C4A10AE3D41344B913399&bid=37950&campaignId=2799402&pid=87019218 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5793 Hash 1d18cffe3fc76896ca02254b5879b535 1a8fec7049c5644eaab6f7aecf8672f3f858d037 cb934bad0e7cb0b0b2edbc619a28b2d7ee4960dba893c3c2ce2a63e458d8af5b Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:87019218-37950&btag=127656177_442EA76B505C4A10AE3D41344B913399&bid=37950&campaignId=2799402&pid=87019218	ScriptElement	307 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:87019218-37950&btag=127656177_442EA76B505C4A10AE3D41344B913399&bid=37950&campaignId=2799402&pid=87019218 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5790 Hash 5633bd464ac4d5c3fab4b6c6db04c743 e9b255450e7612595382082329b0fe88904abcee ca8576fcf8d4ca2350c9fe2a7976729e6e3c6b42ca948060a509a1eed46e93fd Loading...

		Size	First Seen	Last Seen
	#1 Eval - 52a838bf9957f0cff2021c034f169cb0	88 B	2023-03-07 01:11	2024-08-21 09:44
Pretty Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen1304 Hash 52a838bf9957f0cff2021c034f169cb0 30a7327c54334eb310944b6fd01ddf34b4e2ad9d 5e05e2cf30322e8f71d65a22aa5f4a095923b67286a61d83b7787e3468f42f62 Loading...

	#2 Eval - 84b2cd04a3e6a53dd1e2d2281b4ec9d0	55 B	2023-03-07 01:11	2024-08-21 09:44
Pretty Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen631 Hash 84b2cd04a3e6a53dd1e2d2281b4ec9d0 453fd8561e4859d9adbbe37e66110d2584bc2c1d 14986cbd70f8b8a1770adf9800c113847daf392c2999dfff9dc71d2be98f3282 Loading...

	#3 Eval - 0df47f7ec8a7025bea46266133fe90c1	54 B	2023-03-07 01:11	2025-04-15 03:11
Pretty Observations First Seen2023-03-07 01:11 Last Seen2025-04-15 03:11 Times Seen660 Hash 0df47f7ec8a7025bea46266133fe90c1 407aeb860ef834517df3dfa568905e7c95d42d9f fc490a09c28110ae2a7c965801ebeb5c572587f55c3524889f547dbcc34c1d81 Loading...

	#4 Eval - add2d829cf386f4838b0cdef5348451c	71 B	2023-03-07 01:11	2025-04-14 20:51
Pretty Observations First Seen2023-03-07 01:11 Last Seen2025-04-14 20:51 Times Seen636 Hash add2d829cf386f4838b0cdef5348451c c8295463ce81113f7396d77c108349f473285c49 dcdd7e7e286c45c94638f28053384616d6ca9a1b396b0109cb51f1298ba342bb Loading...

	#5 Eval - d66a51311c2681be9b2814403d8e8308	60 B	2023-03-07 01:11	2025-01-27 14:29
Pretty Observations First Seen2023-03-07 01:11 Last Seen2025-01-27 14:29 Times Seen691 Hash d66a51311c2681be9b2814403d8e8308 284b626b87d046fe1adfc6899ade214d57f09655 9d51544cc513110b130345a977b1e9e630b5a7aa01518f7f7898758b79a9699f Loading...

	#6 Eval - 4b4768884dd164bcabacb4edf182609a	61 B	2023-03-07 01:11	2024-08-21 09:44
Pretty Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen631 Hash 4b4768884dd164bcabacb4edf182609a 881cdbd84f94dc256c40f2ee489d83f956c1b36b 9259355921509ced00b4d7d3e76c151037a06c88a646cd7d47d5d9c96984697c Loading...

	#7 Eval - a2bcebb48aaee0300030cf8123020f69	135 B	2023-03-07 01:11	2024-08-21 09:44
Pretty Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen631 Hash a2bcebb48aaee0300030cf8123020f69 365d67c7f5ce945805339efb40c083cc97d1f9b2 fc7b851f30df68c5cc6d1fb3f06c300b2b1d7271f76cc187224050270141f0ed Loading...

	#8 Eval - 596da5f7bb09f22c58c4073eb41d604e	62 B	2023-03-07 01:11	2024-08-21 09:44
Pretty Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen631 Hash 596da5f7bb09f22c58c4073eb41d604e 66603b30823c3a560dae4f1b6afb92ab5a0f91d5 adf0ca592504ef680d5ea02d5161b15be0572fd3e5b41d152b74f0c76aea6c42 Loading...

	#9 Eval - dddc8519e9834ad5d3074584ccf9f8b7	132 B	2023-03-07 01:11	2024-08-21 09:44
Pretty Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen631 Hash dddc8519e9834ad5d3074584ccf9f8b7 829d5d1a21eff85f38994e567322cc3bcce9c9cd 0a23e511994a2c03a725773de07810ff171878b9c0177f40a663038e4e251168 Loading...

		Size	First Seen	Last Seen
	#1 Write - ac798ac2b2c9559c3e64b701f845c78e	50 B	2023-03-07 01:11	2024-08-21 09:44
Pretty Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5804 Hash ac798ac2b2c9559c3e64b701f845c78e 288602cbfebecea88ca238ce32c92d133bf59bff a2b051fa7d206df6e4eeee27678781de0752c1ac7adcfd359c1a2fc7ff507449 Loading...

HTTP Transactions (81)

URL IP Response Size

bcuiaw.com/rpe?a=1&s=1&act=17&src=2&p=1125635&st=1155839&wd=370092&d=exnnan.com&tpl=78&rnd=0.3746377810696143&sbid=&sbid2=intent%3A%2F%2Fexnnan.com%2Fplay-2_1

185.162.85.14

0 B

URL
bcuiaw.com/rpe?a=1&s=1&act=17&src=2&p=1125635&st=1155839&wd=370092&d=exnnan.com&tpl=78&rnd=0.3746377810696143&sbid=&sbid2=intent%3A%2F%2Fexnnan.com%2Fplay-2_1
IP
185.162.85.14:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rpe?a=1&s=1&act=17&src=2&p=1125635&st=1155839&wd=370092&d=exnnan.com&tpl=78&rnd=0.3746377810696143&sbid=&sbid2=intent%3A%2F%2Fexnnan.com%2Fplay-2_1 HTTP/1.1
Host: bcuiaw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://exnnan.com
DNT: 1
Connection: keep-alive
Referer: https://exnnan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 20 Sep 2023 02:42:15 GMT
content-length: 0
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
X-Firefox-Spdy: h2

tndmv.exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si2=intent://exnnan.com/play-2_1&i=1

88.208.45.26

16 kB

URL
tndmv.exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si2=intent://exnnan.com/play-2_1&i=1
IP
88.208.45.26:0
ASN
#39572 DataWeb Global Group B.V.

File type
gzip compressed data, from Unix\012- data
Size
16 kB (16119 bytes)
Hash
a73e7fdcfac711d5dab3002fc28e2489
13be7fe36461aa875e68b53f320a9b28bb558bf2
3e09b7ce1d2287fb7d4a707a1c032e94fb69d9cf2cc3c1e2d636c168b33ff844

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si2=intent://exnnan.com/play-2_1&i=1 HTTP/1.1
Host: tndmv.exnnan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://exnnan.com/
Cookie: truniq=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.21.1
date: Wed, 20 Sep 2023 02:42:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-zone: eu4
content-encoding: gzip
X-Firefox-Spdy: h2

bcuiaw.com/rpe?a=1&s=1&act=17&src=2&p=1125635&st=1155839&wd=370092&d=exnnan.com&tpl=78&rnd=0.8460183517910532&sbid=&sbid2=intent%3A%2F%2Fexnnan.com%2Fplay-2_1

185.162.85.14

0 B

URL
bcuiaw.com/rpe?a=1&s=1&act=17&src=2&p=1125635&st=1155839&wd=370092&d=exnnan.com&tpl=78&rnd=0.8460183517910532&sbid=&sbid2=intent%3A%2F%2Fexnnan.com%2Fplay-2_1
IP
185.162.85.14:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /rpe?a=1&s=1&act=17&src=2&p=1125635&st=1155839&wd=370092&d=exnnan.com&tpl=78&rnd=0.8460183517910532&sbid=&sbid2=intent%3A%2F%2Fexnnan.com%2Fplay-2_1 HTTP/1.1
Host: bcuiaw.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://tndmv.exnnan.com
DNT: 1
Connection: keep-alive
Referer: https://tndmv.exnnan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 20 Sep 2023 02:42:15 GMT
content-length: 0
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
X-Firefox-Spdy: h2

tndmv.exnnan.com/images/play-2/icon3.png

88.208.45.26

7.8 kB

URL
tndmv.exnnan.com/images/play-2/icon3.png
IP
88.208.45.26:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
7.8 kB (7847 bytes)
Hash
8f3cc830da0b1fdf66bda7d1d734747b
94588f041eec3a78a8780c8124c56a1434a89277
ea3698c32039a115b03c2528cbb29c3ff97bbd49ad1345d5095e98d1fd0ea8ba

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/play-2/icon3.png HTTP/1.1
Host: tndmv.exnnan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si2=intent://exnnan.com/play-2_1&i=1
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.21.1
date: Wed, 20 Sep 2023 02:42:15 GMT
content-type: image/png
content-length: 7847
last-modified: Wed, 19 Jul 2023 08:21:00 GMT
etag: "64b79cec-1ea7"
x-zone: eu3
accept-ranges: bytes
X-Firefox-Spdy: h2

exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=

88.208.45.26

14 kB

URL
exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=
IP
88.208.45.26:0
ASN
#39572 DataWeb Global Group B.V.

File type
gzip compressed data, from Unix\012- data
Size
14 kB (13467 bytes)
Hash
d70713cfb4dfac396d8348bc9198158d
9059a560cbbba8fa97169388cecafca91c7bad7f
31432a927a3f1d7ca22368c96e3251d0a333a1616f92bbbe000b5138d212ff8b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2=intent://exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si1=&si2= HTTP/1.1
Host: exnnan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.21.1
date: Wed, 20 Sep 2023 02:42:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: truniq=1; expires=Thu, 21-Sep-2023 02:42:15 GMT; Max-Age=86400; path=/; domain=exnnan.com
x-zone: eu
content-encoding: gzip
X-Firefox-Spdy: h2

tndmv.exnnan.com/images/play-2/icon4.png

88.208.45.26

7.0 kB

URL
tndmv.exnnan.com/images/play-2/icon4.png
IP
88.208.45.26:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
7.0 kB (7032 bytes)
Hash
7ad7f32c1c0df7b4975cc41bda4ac435
81d57e996ee6cd9e122592e68ffa3d55c1ba10ff
c0af6cb2280bba97d235dfad7c72d22353a0d2cf277733ce9fc4701df7ed1d5f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/play-2/icon4.png HTTP/1.1
Host: tndmv.exnnan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si2=intent://exnnan.com/play-2_1&i=1
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.21.1
date: Wed, 20 Sep 2023 02:42:15 GMT
content-type: image/png
content-length: 7032
last-modified: Wed, 19 Jul 2023 08:21:00 GMT
etag: "64b79cec-1b78"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2

tndmv.exnnan.com/images/play-2/icon5.png

88.208.45.26

3.3 kB

URL
tndmv.exnnan.com/images/play-2/icon5.png
IP
88.208.45.26:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3264 bytes)
Hash
1e1a7582b5da63e10485d63f97abc9a0
ca3ee3067f96c732f455bc7c99ec5100194f13f6
196083352a09a19cf2d4364e3ad406606fedb562f2096c1bef373ff2c485b503

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/play-2/icon5.png HTTP/1.1
Host: tndmv.exnnan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si2=intent://exnnan.com/play-2_1&i=1
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.21.1
date: Wed, 20 Sep 2023 02:42:15 GMT
content-type: image/png
content-length: 3264
last-modified: Wed, 19 Jul 2023 08:21:00 GMT
etag: "64b79cec-cc0"
x-zone: eu
accept-ranges: bytes
X-Firefox-Spdy: h2

tndmv.exnnan.com/images/play-2/icon8.png

88.208.45.26

4.1 kB

URL
tndmv.exnnan.com/images/play-2/icon8.png
IP
88.208.45.26:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced\012- data
Size
4.1 kB (4064 bytes)
Hash
f92d6474ebc6a3a0b576749cfb4afe98
0f4ce3dcf04873b8098c01d20c44967fb9fce0cc
3a7abff293d71fd8c5a58deacb964b50fe074a6f458575d37abbd367a3a930a1

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/play-2/icon8.png HTTP/1.1
Host: tndmv.exnnan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si2=intent://exnnan.com/play-2_1&i=1
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.21.1
date: Wed, 20 Sep 2023 02:42:15 GMT
content-type: image/png
content-length: 4064
last-modified: Wed, 19 Jul 2023 08:21:00 GMT
etag: "64b79cec-fe0"
x-zone: eu3
accept-ranges: bytes
X-Firefox-Spdy: h2

tndmv.exnnan.com/images/play-2/icon7.png

88.208.45.26

3.3 kB

URL
tndmv.exnnan.com/images/play-2/icon7.png
IP
88.208.45.26:0
ASN
#39572 DataWeb Global Group B.V.

File type
PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced\012- data
Size
3.3 kB (3283 bytes)
Hash
b512735542cb07b3b2dcf153a7dfe456
93bde8875412ce266600e2af1c37123483a50376
e9c661cc8adbaa1b9cd4cf65f0ba93a1c24211cb5f94ed0950e0fbc973781718

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /images/play-2/icon7.png HTTP/1.1
Host: tndmv.exnnan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.exnnan.com/play-2_1?h=waWQiOjExMjU2MzUsInNpZCI6MTE1NTgzOSwid2lkIjozNzAwOTIsInNyYyI6Mn0=eyJ&click_id=a6a5ehoqnbg2twj6d2&si2=intent://exnnan.com/play-2_1&i=1
Cookie: truniq=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx/1.21.1
date: Wed, 20 Sep 2023 02:42:15 GMT
content-type: image/png
content-length: 3283
last-modified: Wed, 19 Jul 2023 08:21:00 GMT
etag: "64b79cec-cd3"
x-zone: eu4
accept-ranges: bytes
X-Firefox-Spdy: h2

ecrwqu.com/cuclc?aid=11375405363683544878&t=1695177736&s=74

185.162.85.19

1.3 kB

URL
ecrwqu.com/cuclc?aid=11375405363683544878&t=1695177736&s=74
IP
185.162.85.19:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1262), with no line terminators
Size
1.3 kB (1262 bytes)
Hash
e22b25eba5da4a87961a632d43f236bb
f577509020f2bb76614afa3cf64da4ef1c3ba059
65c8a7ae09c400324d9e4fb61a0dad327f0ea72e3aa62712503bede14998279e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /cuclc?aid=11375405363683544878&t=1695177736&s=74 HTTP/1.1
Host: ecrwqu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://tndmv.exnnan.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx/1.18.0
date: Wed, 20 Sep 2023 02:42:16 GMT
content-type: text/html; charset=utf-8
content-length: 1262
location: https://s.viidirectory.com/h/254/m2teuqoctv7vvh6d4wnitlgjwktuk54u4tmlvcgw355hqgd2n57hyeduafrcpzps4h7e4kq6zm33gwpmk2h7o7osgo2ie6piohfo5rxmucizxzg4nsbesonaipay5hhflo2fn4nm37fdd4tqtxlyhulj2zxffyklmm4sf6skp2cuaz75gfziqrswwnzxjgrqopzhxhe46vx44342u73gbn3os7dpd3saufidircztrkk5k5w745ze4pikkmes36gndmphygjohhu4ulhpz5umyqbpjxxoylqivbfaa2bifagoqltlf2f4zx3jvqkk2k4vzpkasveldpulo2pwneji7mlgwkxvl222faliqtikfn4yyevnfftnlsmkl5vmn65lvc7orxb7duj47ta7rjhruegwfxebx5ji5xwy2tabzbcfm2ylyz7armbwn44ky766r5jaungxjtly3ltfatroqs7pv5geltvinsag6rzo5txoeyraqfeks2pmajxscdsb5uss6kx65xuxqcu2kviiunoj5gpsvkuy2sfv53q6hikwr47nri5xaltxfr3jlhv7s6zpo64g7ke5vsfh43qkbkydvorkfzed5sbunangmqdseq7bistyolggund2gl4nubqgjyajiavghycivteg7sxozohmobacujfa633mr6xerlhaf6wy7lbpjcumuyucejqynixeuod6ulbpf7uofache6gw63mimlbw6l6eextofahbrjr4lirgrgssabqlfrhy62vcfnhu73dp4ruayycf46ce33ujbbfeukbcrgdgsjilzyhmfkbiniekxlyobqxc5kcnitmbep673yjn7n77bzvv6eetcigwbdkqk6e5meaninmzxmhyn2axnxh2gevyi4rz2vltcunq6xy6sygix6fdfp2zdpww2dply3fqur3ii4sq7tynqkaga2wcmccomyfcugtmdzwcr4faqsyoj5w6zrbdq7amm3qizt4xso4zi2eqr3qkfujzhsojsom2qkmeusnp4ldz6asc2qpjvmeif3j3bdn244elisl6aasir4sira3luewghcuzw6rt6tnqyeq====?u=
X-Firefox-Spdy: h2

s.viidirectory.com/favicon.ico

31.220.27.135

0 B

URL
s.viidirectory.com/favicon.ico
IP
31.220.27.135:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: s.viidirectory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://s.viidirectory.com/h/254/m2teuqoctv7vvh6d4wnitlgjwktuk54u4tmlvcgw355hqgd2n57hyeduafrcpzps4h7e4kq6zm33gwpmk2h7o7osgo2ie6piohfo5rxmucizxzg4nsbesonaipay5hhflo2fn4nm37fdd4tqtxlyhulj2zxffyklmm4sf6skp2cuaz75gfziqrswwnzxjgrqopzhxhe46vx44342u73gbn3os7dpd3saufidircztrkk5k5w745ze4pikkmes36gndmphygjohhu4ulhpz5umyqbpjxxoylqivbfaa2bifagoqltlf2f4zx3jvqkk2k4vzpkasveldpulo2pwneji7mlgwkxvl222faliqtikfn4yyevnfftnlsmkl5vmn65lvc7orxb7duj47ta7rjhruegwfxebx5ji5xwy2tabzbcfm2ylyz7armbwn44ky766r5jaungxjtly3ltfatroqs7pv5geltvinsag6rzo5txoeyraqfeks2pmajxscdsb5uss6kx65xuxqcu2kviiunoj5gpsvkuy2sfv53q6hikwr47nri5xaltxfr3jlhv7s6zpo64g7ke5vsfh43qkbkydvorkfzed5sbunangmqdseq7bistyolggund2gl4nubqgjyajiavghycivteg7sxozohmobacujfa633mr6xerlhaf6wy7lbpjcumuyucejqynixeuod6ulbpf7uofache6gw63mimlbw6l6eextofahbrjr4lirgrgssabqlfrhy62vcfnhu73dp4ruayycf46ce33ujbbfeukbcrgdgsjilzyhmfkbiniekxlyobqxc5kcnitmbep673yjn7n77bzvv6eetcigwbdkqk6e5meaninmzxmhyn2axnxh2gevyi4rz2vltcunq6xy6sygix6fdfp2zdpww2dply3fqur3ii4sq7tynqkaga2wcmccomyfcugtmdzwcr4faqsyoj5w6zrbdq7amm3qizt4xso4zi2eqr3qkfujzhsojsom2qkmeusnp4ldz6asc2qpjvmeif3j3bdn244elisl6aasir4sira3luewghcuzw6rt6tnqyeq====?u=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx/1.23.2
date: Wed, 20 Sep 2023 02:42:16 GMT
X-Firefox-Spdy: h2

s.viidirectory.com/cnt/api/index

31.220.27.135

0 B

URL
s.viidirectory.com/cnt/api/index
IP
31.220.27.135:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cnt/api/index HTTP/1.1
Host: s.viidirectory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 3287
Origin: https://s.viidirectory.com
DNT: 1
Connection: keep-alive
Referer: https://s.viidirectory.com/h/254/m2teuqoctv7vvh6d4wnitlgjwktuk54u4tmlvcgw355hqgd2n57hyeduafrcpzps4h7e4kq6zm33gwpmk2h7o7osgo2ie6piohfo5rxmucizxzg4nsbesonaipay5hhflo2fn4nm37fdd4tqtxlyhulj2zxffyklmm4sf6skp2cuaz75gfziqrswwnzxjgrqopzhxhe46vx44342u73gbn3os7dpd3saufidircztrkk5k5w745ze4pikkmes36gndmphygjohhu4ulhpz5umyqbpjxxoylqivbfaa2bifagoqltlf2f4zx3jvqkk2k4vzpkasveldpulo2pwneji7mlgwkxvl222faliqtikfn4yyevnfftnlsmkl5vmn65lvc7orxb7duj47ta7rjhruegwfxebx5ji5xwy2tabzbcfm2ylyz7armbwn44ky766r5jaungxjtly3ltfatroqs7pv5geltvinsag6rzo5txoeyraqfeks2pmajxscdsb5uss6kx65xuxqcu2kviiunoj5gpsvkuy2sfv53q6hikwr47nri5xaltxfr3jlhv7s6zpo64g7ke5vsfh43qkbkydvorkfzed5sbunangmqdseq7bistyolggund2gl4nubqgjyajiavghycivteg7sxozohmobacujfa633mr6xerlhaf6wy7lbpjcumuyucejqynixeuod6ulbpf7uofache6gw63mimlbw6l6eextofahbrjr4lirgrgssabqlfrhy62vcfnhu73dp4ruayycf46ce33ujbbfeukbcrgdgsjilzyhmfkbiniekxlyobqxc5kcnitmbep673yjn7n77bzvv6eetcigwbdkqk6e5meaninmzxmhyn2axnxh2gevyi4rz2vltcunq6xy6sygix6fdfp2zdpww2dply3fqur3ii4sq7tynqkaga2wcmccomyfcugtmdzwcr4faqsyoj5w6zrbdq7amm3qizt4xso4zi2eqr3qkfujzhsojsom2qkmeusnp4ldz6asc2qpjvmeif3j3bdn244elisl6aasir4sira3luewghcuzw6rt6tnqyeq====?u=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
server: nginx/1.23.2
date: Wed, 20 Sep 2023 02:42:16 GMT
content-type: application/json
content-length: 0
access-control-allow-headers: X-Requested-With, Cache-Control, Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-credentials: true
access-control-allow-origin: https://s.viidirectory.com
X-Firefox-Spdy: h2

goto.trackpshgoto.win/15GTdq?camp=634900&site=1325064704969431&category=126&cost=3.0E-4&external_id=cnv52724f70757a304bdf87970c3f4c9b06

20.113.67.50

320 B

URL
goto.trackpshgoto.win/15GTdq?camp=634900&site=1325064704969431&category=126&cost=3.0E-4&external_id=cnv52724f70757a304bdf87970c3f4c9b06
IP
20.113.67.50:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document, ASCII text, with very long lines (320), with no line terminators
Size
320 B (320 bytes)
Hash
383f5797d64fadb16e0a5eb98f777ab3
9c1c080aee156b64a98d07ae105051133c7b838f
2f0898c86c3e3eb531f8cca17c551c2543065499edc9714f53545a259b5c5b8b

HTTP Headers

GET /15GTdq?camp=634900&site=1325064704969431&category=126&cost=3.0E-4&external_id=cnv52724f70757a304bdf87970c3f4c9b06 HTTP/1.1
Host: goto.trackpshgoto.win
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.23.0
Date: Wed, 20 Sep 2023 02:42:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 320
Connection: keep-alive
X-Powered-By: Express
Set-Cookie: 15GTdqo=20230920051695178517951; domain=.goto.trackpshgoto.win; path=/;expires=Thu, 21 Sep 2023 02:42:17 GMT;  httpOnly=true;SameSite=None; Secure;
_pc_lc_id=15GTdq; domain=.goto.trackpshgoto.win; path=/;expires=Thu, 21 Sep 2023 02:42:17 GMT;  httpOnly=true;SameSite=None; Secure;
peerclickcid=5d87b5d10493c57eb32e493fabf33d2b-42510-0920; domain=.goto.trackpshgoto.win; path=/;expires=Thu, 21 Sep 2023 02:42:17 GMT;  httpOnly=true;SameSite=None; Secure;
_norg=1; domain=.goto.trackpshgoto.win; path=/;expires=Thu, 21 Sep 2023 02:42:17 GMT;  httpOnly=true;SameSite=None; Secure;
Location: https://alvsx.cloudpsh.top/?pl=ewFXUS8HLUyIQl_3c1i3OA&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431
Vary: Accept

alvsx.cloudpsh.top/?pl=ewFXUS8HLUyIQl_3c1i3OA&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431

5.75.133.219

0 B

URL
alvsx.cloudpsh.top/?pl=ewFXUS8HLUyIQl_3c1i3OA&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431
IP
5.75.133.219:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=ewFXUS8HLUyIQl_3c1i3OA&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431 HTTP/1.1
Host: alvsx.cloudpsh.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Wed, 20 Sep 2023 02:42:17 GMT
content-length: 0
location: https://alvsx.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
set-cookie: ewFXUS8HLUyIQl_3c1i3OA=1; max-age=345600; path=/; samesite=lax
__pl=c0f4b683-4465-4d28-bd53-51e7e406ef13; expires=Sat, 20 Sep 2025 02:42:17 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
X-Firefox-Spdy: h2

alvsx.darkdepthdriller.top/space-robot/assets/corner.png

172.67.163.218

300 B

URL
alvsx.darkdepthdriller.top/space-robot/assets/corner.png
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 44 x 44, 8-bit colormap, non-interlaced\012- data
Size
300 B (300 bytes)
Hash
f66c38fa2cd7c50bd1989d41da28fb80
e1de333eca72647f3c1831083fe678cfa8fe9eab
3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2

HTTP Headers

GET /space-robot/assets/corner.png HTTP/1.1
Host: alvsx.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://alvsx.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:17 GMT
content-type: image/png
content-length: 300
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: "649c0dba-12c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5213
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Z5aZmQrNhAJEp%2B4MOpOlHvyoRK3dipvZyucYjg4C8zSVSQ7Xj2NT6ett0XOS8gVodVSapSbG%2FbwqW3rBREpAwF1FuG5hYrbVr4wbr0hM0xtHWM5i8IlE3ppP%2FMT4B54IdPqYts0o99P9JzJbw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6dba9eeb529-OSL
alt-svc: h3=":443"; ma=86400

alvsx.darkdepthdriller.top/space-robot/assets/apple-touch-icon.png

172.67.163.218

23 kB

URL
alvsx.darkdepthdriller.top/space-robot/assets/apple-touch-icon.png
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (23177 bytes)
Hash
f500ba7eee0ae7d1ceb44236ac253165
0614de220ecadb48038ed894d91120ba102c8367
ba5a3083c38d71a2191ee7e614a96812d1f9d88bbfb360d3b61dbb1ffcd51de5

HTTP Headers

GET /space-robot/assets/apple-touch-icon.png HTTP/1.1
Host: alvsx.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://alvsx.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:19 GMT
content-type: image/png
content-length: 23177
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: "649c0dba-5a89"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3896
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K7GjC2WPZgJ3hnnDyff48SaYz6q3TUL2Ow5hbUn5QdZ4NnZDr7SQU2BKa1ndQP302Ykk5DJbQBxppwkx52uKoHSg8yB34jHz55z1hMRIljKwwBuULoISTy5Gz10hKqBuRYoXwWdykcA8DcfYTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6e82eecb529-OSL
alt-svc: h3=":443"; ma=86400

alvsx.darkdepthdriller.top/space-robot/assets/favicon-16x16.png

172.67.163.218

1.2 kB

URL
alvsx.darkdepthdriller.top/space-robot/assets/favicon-16x16.png
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
1.2 kB (1163 bytes)
Hash
9d35b617fd258f648c37812252297dd3
7e32fd007f1c6fe1466d15439173082c0fbe82da
e8a768f8122da75777dc64b6d35e756a1848c4f330f293920c18480df085000a

HTTP Headers

GET /space-robot/assets/favicon-16x16.png HTTP/1.1
Host: alvsx.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://alvsx.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:19 GMT
content-type: image/png
content-length: 1163
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: "649c0dba-48b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 579
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FUdxbcXl1hKy8jBDp2mpz7AZZBAEi1rg4d6P0ByZiQY%2FaXfRizLfbSIb%2F4eFJ%2Bp2fbOlazfm0SBr9m44RSmfLx4ngqB93Hm%2B62r6wn2Hy56ObmIByylkzUZPbDU%2Boq4YwdWdOZ1mxqC%2FullaMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6e82eedb529-OSL
alt-svc: h3=":443"; ma=86400

code.jquery.com/jquery-2.1.4.min.js

151.101.194.137

30 kB

URL
code.jquery.com/jquery-2.1.4.min.js
IP
151.101.194.137:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (32025)
Size
30 kB (29519 bytes)
Hash
f9c7afd05729f10f55b689f36bb20172
43dc554608df885a59ddeece1598c6ace434d747
f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c

HTTP Headers

GET /jquery-2.1.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://alvsx.darkdepthdriller.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-14979"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 20 Sep 2023 02:42:20 GMT
age: 377087
x-served-by: cache-lga21971-LGA, cache-bma1635-BMA
x-cache: HIT, HIT
x-cache-hits: 67, 7793
x-timer: S1695177741.721253,VS0,VE0
vary: Accept-Encoding
content-length: 29519
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f53b2b7aa921ea170cc18d0871f87f8b
c38b9e04da43fd752005c1c82a277856f322e366
e204019f2aecb95f0b6dc967adfa49dbbfa747eb080814f62b8e91f218198c73

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 20 Sep 2023 02:42:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

alvsx.darkdepthdriller.top/space-robot/assets/style.css

172.67.163.218

18 kB

URL
alvsx.darkdepthdriller.top/space-robot/assets/style.css
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
18 kB (17618 bytes)
Hash
7feec4414f4e2edba88689df63afec05
675c9be930c44dbd09c44195df4cd5e4bc91be8c
ffbc9a90757bba679af7f0ff813ce5168d68f98f9e752b194f8d05b02d5445f7

HTTP Headers

GET /space-robot/assets/style.css HTTP/1.1
Host: alvsx.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://alvsx.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:17 GMT
content-type: text/css
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: W/"649c0dba-251e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5699
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FvLleqYwhOLothtT3PJI9rR4hScnuP5dt1pBZt10jpJIZtDA%2FGy0BI7lxV4O7rH5xW%2F7KrEoBAYQ%2B%2F88GhdwDXwyZC8jLMl%2Fd6WZKI6fouRTEerxTIU%2FN48plhsyMaRWxatjYJDGw8pIDEW1Xg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6db99ebb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f53b2b7aa921ea170cc18d0871f87f8b
c38b9e04da43fd752005c1c82a277856f322e366
e204019f2aecb95f0b6dc967adfa49dbbfa747eb080814f62b8e91f218198c73

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 20 Sep 2023 02:42:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdnstatic.darkdepthdriller.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&appspot=&d=https%3A%2F%2Fcdnstatic.darkdepthdriller.top

172.67.163.218

16 kB

URL
cdnstatic.darkdepthdriller.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&appspot=&d=https%3A%2F%2Fcdnstatic.darkdepthdriller.top
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (24963), with no line terminators
Size
16 kB (15730 bytes)
Hash
e684355597ad155dbd4071c2a54a4eb4
2fc780c54ced203d6f285a36ffef0fc533d3cd20
feb5eb2556b0f35349e506516618424d4360bd7ef0232feceb8865f7039584d3

HTTP Headers

GET /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&appspot=&d=https%3A%2F%2Fcdnstatic.darkdepthdriller.top HTTP/1.1
Host: cdnstatic.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://alvsx.darkdepthdriller.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:20 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
set-cookie: __psu=08bbd531-b8a5-4543-bf1c-ade5ea7c381f; expires=Sat, 20 Sep 2025 02:42:20 GMT; path=/; secure; samesite=none
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yyksQZlsJ582qhFU1WKulnfRMIiWWxUlIuS4uRamIELbtaKkuLl6Mkl8jQdm%2BWW3VBD8iwQyDb1xRW%2BDnYYe%2F94V4GwzErwYgVvnIolqZpWzDU98g0Y%2BdqfJFZLAMyWyqkY%2BL53YAfxA%2ByzzEFtM9DU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f06a68b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://alvsx.darkdepthdriller.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 15:30:29 GMT
expires: Wed, 18 Sep 2024 15:30:29 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 40312
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

a.darkdepthdriller.top/space-robot/assets/corner.png

172.67.163.218

300 B

URL
a.darkdepthdriller.top/space-robot/assets/corner.png
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 44 x 44, 8-bit colormap, non-interlaced\012- data
Size
300 B (300 bytes)
Hash
f66c38fa2cd7c50bd1989d41da28fb80
e1de333eca72647f3c1831083fe678cfa8fe9eab
3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2

HTTP Headers

GET /space-robot/assets/corner.png HTTP/1.1
Host: a.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:21 GMT
content-type: image/png
content-length: 300
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: "649c0dba-12c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4344
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JlyNFn14rMNALf%2BydGJU6R3AMNpCHePSN94bAZRDoNqocKpaP0PrA88YWXZFRipSlnmjOP9Rz3vMuoYLVPNo2nA1I1gXhq%2FoJtRb2vaY9O7vUCddx7EUeUKaqao6qfgiHYzsReXAHCqf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f27b2fb529-OSL
alt-svc: h3=":443"; ma=86400

alvsx.darkdepthdriller.top/space-robot/assets/main.js

172.67.163.218

30 kB

URL
alvsx.darkdepthdriller.top/space-robot/assets/main.js
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1794), with no line terminators
Size
30 kB (30008 bytes)
Hash
e007064d63d81a6d97c2f89715028389
2d198eb80febf99c6378586092731c6d1cf72c7a
f392f08652d464570cdc9c514ba60a5fa93b8837d6e12fe1b225e700cde8fa72

HTTP Headers

GET /space-robot/assets/main.js HTTP/1.1
Host: alvsx.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://alvsx.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:17 GMT
content-type: application/javascript
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: W/"649c0dba-702"
cache-control: max-age=14400
cf-cache-status: HIT
age: 5699
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CG5%2FsMvqttB5XK0KSqUeb46JPEUPNoY0JTQPW4ZkjbM4V2gmBDWu4G2gcEcSfgDMh7dcwCtU50sKCcXxjLTVZ5Dt6uIQDjDvJIRrakrpHrr7xEKcNnVNQ6QpQP2Kyn5KOrNjrfgkmpGSzczoFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6dba9f1b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://a.darkdepthdriller.top
DNT: 1
Connection: keep-alive
Referer: https://a.darkdepthdriller.top/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 05:45:56 GMT
expires: Wed, 18 Sep 2024 05:45:56 GMT
cache-control: public, max-age=31536000
age: 75385
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037

172.67.163.218

30 kB

URL
a.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (474)
Size
30 kB (30115 bytes)
Hash
362cc16a13356513da97f2aba48e92be
64d308482d64fd8a452759d1b5b714820860d312
d03b8912673e855345ce2beb15eff3625410ab371e4dbe2ac3f4643a23e4abc7

HTTP Headers

GET /space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037 HTTP/1.1
Host: a.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://alvsx.darkdepthdriller.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:21 GMT
content-type: text/html
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Bxk5LgeQ%2FC7ABTLXOTF5vbcAxQYmL9xhPTgFjakkt%2B140BGiZ8RVC%2FfBHcv05Euh6XtUtDG1fHKPxBAkHXfADK8DFgI1HhxGGQKsE0Y2JmzsexefnWxdOJXFd%2BTFkRRa8LP8GuAvbIFj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8096b6f1fafab529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

172.67.163.218

10 kB

URL
cdnstatic.darkdepthdriller.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&appspot=&d=https%3A%2F%2Fcdnstatic.darkdepthdriller.top
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (24963), with no line terminators
Size
10 kB (10130 bytes)
Hash
e684355597ad155dbd4071c2a54a4eb4
2fc780c54ced203d6f285a36ffef0fc533d3cd20
feb5eb2556b0f35349e506516618424d4360bd7ef0232feceb8865f7039584d3

HTTP Headers

GET /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&appspot=&d=https%3A%2F%2Fcdnstatic.darkdepthdriller.top HTTP/1.1
Host: cdnstatic.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.darkdepthdriller.top/
Cookie: __psu=08bbd531-b8a5-4543-bf1c-ade5ea7c381f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:21 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rPQleumuMGELjnzfbVw70NON44ApRIZDNRvffcybgqbOdNVmChaE99YoGH6MRQldEgMQEYrQLQKkrK0m%2F8R18NvEZN7dDB8HRZKiZ9mkaIjEerDF6WCFzGhYPyjydlUiCPwYnJARPBO4hpGkcNB3pE8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f30b68b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cdnstatic.darkdepthdriller.top/ps/config.js?id=ewFXUS8HLUyIQl_3c1i3OA

172.67.163.218

7.0 kB

URL
cdnstatic.darkdepthdriller.top/ps/config.js?id=ewFXUS8HLUyIQl_3c1i3OA
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
7.0 kB (6993 bytes)
Hash
819df168f0587f04b31966844a79e07a
4e4ff7cf09a4460655810d1fd9572268dba920a9
7b3e429fd07d2831236e33f6ba0862a6d27b55cd14bd966541a369b0b1bbbbe5

HTTP Headers

GET /ps/config.js?id=ewFXUS8HLUyIQl_3c1i3OA HTTP/1.1
Host: cdnstatic.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.darkdepthdriller.top/
Cookie: __psu=08bbd531-b8a5-4543-bf1c-ade5ea7c381f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:21 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MD6ZrT4z45G1LWj3f07aEpKSdxNhMJv4Ks86ip%2BX00xjs9sMeAqwiap%2FYX7w58%2F0mukAlAoyv%2FtvXA%2ByvcPz2AjPbeQjhxNqcXSTm4WIQK4EXS98VIBaPgvUFJHr0byCcfTi5fT6Pr6aXKsPjb99NqQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f36b8bb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.darkdepthdriller.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 15:30:29 GMT
expires: Wed, 18 Sep 2024 15:30:29 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 40312
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

b.darkdepthdriller.top/space-robot/assets/corner.png

172.67.163.218

300 B

URL
b.darkdepthdriller.top/space-robot/assets/corner.png
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 44 x 44, 8-bit colormap, non-interlaced\012- data
Size
300 B (300 bytes)
Hash
f66c38fa2cd7c50bd1989d41da28fb80
e1de333eca72647f3c1831083fe678cfa8fe9eab
3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2

HTTP Headers

GET /space-robot/assets/corner.png HTTP/1.1
Host: b.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:21 GMT
content-type: image/png
content-length: 300
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: "649c0dba-12c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4335
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j3UwbYeWdOwK4g82d27Gqc4fg%2FD0dA8SC7PRNE7Sw%2FqN7EXcmfdj62Pa8yQflIfTqbAurulj5HIIGwiBjPH0QZhJghiuzuQ7jpOKm0A1AIuUZdvx0zxocGJzqxOjgok0AZIo%2FlOhPo3i"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f49c07b529-OSL
alt-svc: h3=":443"; ma=86400

code.jquery.com/jquery-2.1.4.min.js

151.101.194.137

30 kB

URL
code.jquery.com/jquery-2.1.4.min.js
IP
151.101.194.137:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (32025)
Size
30 kB (29519 bytes)
Hash
f9c7afd05729f10f55b689f36bb20172
43dc554608df885a59ddeece1598c6ace434d747
f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c

HTTP Headers

GET /jquery-2.1.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.darkdepthdriller.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-14979"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 20 Sep 2023 02:42:21 GMT
age: 377088
x-served-by: cache-lga21971-LGA, cache-bma1635-BMA
x-cache: HIT, HIT
x-cache-hits: 67, 7795
x-timer: S1695177742.546967,VS0,VE0
vary: Accept-Encoding
content-length: 29519
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://b.darkdepthdriller.top
DNT: 1
Connection: keep-alive
Referer: https://b.darkdepthdriller.top/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 05:45:56 GMT
expires: Wed, 18 Sep 2024 05:45:56 GMT
cache-control: public, max-age=31536000
age: 75385
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

172.67.163.218

32 kB

URL
cdnstatic.darkdepthdriller.top/ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&appspot=&d=https%3A%2F%2Fcdnstatic.darkdepthdriller.top
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (24963), with no line terminators
Size
32 kB (32144 bytes)
Hash
e684355597ad155dbd4071c2a54a4eb4
2fc780c54ced203d6f285a36ffef0fc533d3cd20
feb5eb2556b0f35349e506516618424d4360bd7ef0232feceb8865f7039584d3

HTTP Headers

GET /ps/ps.js?&edg=true&sw=&fullscreen=true&pl=true&pp=false&id=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&appspot=&d=https%3A%2F%2Fcdnstatic.darkdepthdriller.top HTTP/1.1
Host: cdnstatic.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.darkdepthdriller.top/
Cookie: __psu=08bbd531-b8a5-4543-bf1c-ade5ea7c381f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:21 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KtdlZwqiXbY9pb%2FJRHIRmbWR7iw36pMhnOhPM%2B9SLSNKHLM6HF%2FbrkD1vg7kLZ7dEkLDd9SV3DqGqPYIYGqKmhm9tQyGO8M5G8jgoeeDYgdIemLyCFCE3pe8nNEpk9NjnOoXA1fvy0HlM0PtuhHKpqw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f51c2cb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

b.darkdepthdriller.top/space-robot/assets/favicon-16x16.png

172.67.163.218

1.2 kB

URL
b.darkdepthdriller.top/space-robot/assets/favicon-16x16.png
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
1.2 kB (1163 bytes)
Hash
9d35b617fd258f648c37812252297dd3
7e32fd007f1c6fe1466d15439173082c0fbe82da
e8a768f8122da75777dc64b6d35e756a1848c4f330f293920c18480df085000a

HTTP Headers

GET /space-robot/assets/favicon-16x16.png HTTP/1.1
Host: b.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:21 GMT
content-type: image/png
content-length: 1163
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: "649c0dba-48b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 580
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zgNS2jfxyIfUP8k1Mod5Tz0EFizq%2Fm7nCzfMTS%2FYUMqjwLpqFeH9QnyAZ8yoveYTYT4Ovu0NO5aI8mUk3l7gubPEOsS7ZpkhxLweZRxPDG5jL57hU5q4KCF%2FNEsD%2FAJ6xuy8j8tt%2BRMB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f56c67b529-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

142.250.74.35

6.8 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
e20da9cfaabf0b23d89c2335c06e2b03
b1af5616825acaba44bd714bd2685327abe896fd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.darkdepthdriller.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 18 Sep 2023 01:03:30 GMT
expires: Tue, 17 Sep 2024 01:03:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 178731
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.darkdepthdriller.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 15:30:29 GMT
expires: Wed, 18 Sep 2024 15:30:29 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 40312
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

c.darkdepthdriller.top/space-robot/assets/corner.png

172.67.163.218

300 B

URL
c.darkdepthdriller.top/space-robot/assets/corner.png
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 44 x 44, 8-bit colormap, non-interlaced\012- data
Size
300 B (300 bytes)
Hash
f66c38fa2cd7c50bd1989d41da28fb80
e1de333eca72647f3c1831083fe678cfa8fe9eab
3059be4046e0315ad1c0d1cb163d9daaf759bdf16e906e908842fac07e5608a2

HTTP Headers

GET /space-robot/assets/corner.png HTTP/1.1
Host: c.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:21 GMT
content-type: image/png
content-length: 300
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: "649c0dba-12c"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4326
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g2Ibm46r2QDJtsMCYXaAvbpIp87Tks31JG79NfzHERH9XoZrv4T%2Fi4nqNZS59bWTL2FJo3eKzkxDp7HdJqXLyVhs2Cb5%2FRHcmq9FX%2FrL55qAp3rPjGHrUVMY6UVc%2BUgL4G2NhGm8PITO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f6ccf2b529-OSL
alt-svc: h3=":443"; ma=86400

code.jquery.com/jquery-2.1.4.min.js

151.101.194.137

30 kB

URL
code.jquery.com/jquery-2.1.4.min.js
IP
151.101.194.137:0
ASN
#54113 FASTLY

File type
ASCII text, with very long lines (32025)
Size
30 kB (29519 bytes)
Hash
f9c7afd05729f10f55b689f36bb20172
43dc554608df885a59ddeece1598c6ace434d747
f16ab224bb962910558715c82f58c10c3ed20f153ddfaa199029f141b5b0255c

HTTP Headers

GET /jquery-2.1.4.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.darkdepthdriller.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-14979"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Wed, 20 Sep 2023 02:42:21 GMT
age: 377088
x-served-by: cache-lga21971-LGA, cache-bma1635-BMA
x-cache: HIT, HIT
x-cache-hits: 67, 7796
x-timer: S1695177742.884655,VS0,VE0
vary: Accept-Encoding
content-length: 29519
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://c.darkdepthdriller.top
DNT: 1
Connection: keep-alive
Referer: https://c.darkdepthdriller.top/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 05:45:56 GMT
expires: Wed, 18 Sep 2024 05:45:56 GMT
cache-control: public, max-age=31536000
age: 75385
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

c.darkdepthdriller.top/space-robot/assets/apple-touch-icon.png

172.67.163.218

23 kB

URL
c.darkdepthdriller.top/space-robot/assets/apple-touch-icon.png
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced\012- data
Size
23 kB (23177 bytes)
Hash
f500ba7eee0ae7d1ceb44236ac253165
0614de220ecadb48038ed894d91120ba102c8367
ba5a3083c38d71a2191ee7e614a96812d1f9d88bbfb360d3b61dbb1ffcd51de5

HTTP Headers

GET /space-robot/assets/apple-touch-icon.png HTTP/1.1
Host: c.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:22 GMT
content-type: image/png
content-length: 23177
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: "649c0dba-5a89"
cache-control: max-age=14400
cf-cache-status: HIT
age: 7012
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BLxIvnDq94qYpVuYODyDcKiFyBOTTnUmaSS%2FHNkoCPwgmdPRzDShH6nqg%2FbsaYTbhoI7h9j7Xta64Ap61AIMlgieBHs0FVftgOrLwEyxgC%2Bmas1IWgtfjRo6cFsq%2FjJ3Qr1n%2FZbXuw9c"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f79d7db529-OSL
alt-svc: h3=":443"; ma=86400

c.darkdepthdriller.top/space-robot/assets/style.css

172.67.163.218

12 kB

URL
c.darkdepthdriller.top/space-robot/assets/style.css
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
12 kB (12196 bytes)
Hash
7feec4414f4e2edba88689df63afec05
675c9be930c44dbd09c44195df4cd5e4bc91be8c
ffbc9a90757bba679af7f0ff813ce5168d68f98f9e752b194f8d05b02d5445f7

HTTP Headers

GET /space-robot/assets/style.css HTTP/1.1
Host: c.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:21 GMT
content-type: text/css
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: W/"649c0dba-251e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4326
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TGQ99o4c34b4Mdm6P5zolawSMBM2%2BuCTUKJeA2QIaVjUwT7OecWYhyjNZsiN3hhK%2BDEUm%2BVLuLQo5OycAgEMsb4u5TbpH2%2FT2bqotOkt6dpJswZCOvLhTc24fJ75byZiCT6UBz3Edi%2Bh"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f6bcecb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

142.250.74.35

6.8 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
e20da9cfaabf0b23d89c2335c06e2b03
b1af5616825acaba44bd714bd2685327abe896fd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.darkdepthdriller.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 18 Sep 2023 01:03:30 GMT
expires: Tue, 17 Sep 2024 01:03:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 178732
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.darkdepthdriller.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 15:30:29 GMT
expires: Wed, 18 Sep 2024 15:30:29 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 40313
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdnstatic.darkdepthdriller.top/ps/config.js?id=ewFXUS8HLUyIQl_3c1i3OA

172.67.163.218

760 B

URL
cdnstatic.darkdepthdriller.top/ps/config.js?id=ewFXUS8HLUyIQl_3c1i3OA
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
760 B (760 bytes)
Hash
819df168f0587f04b31966844a79e07a
4e4ff7cf09a4460655810d1fd9572268dba920a9
7b3e429fd07d2831236e33f6ba0862a6d27b55cd14bd966541a369b0b1bbbbe5

HTTP Headers

GET /ps/config.js?id=ewFXUS8HLUyIQl_3c1i3OA HTTP/1.1
Host: cdnstatic.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.darkdepthdriller.top/
Cookie: __psu=08bbd531-b8a5-4543-bf1c-ade5ea7c381f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:21 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xs1tdOBoqPDP214E85tY0Ugxp%2FtGYp2VjBQZ3OCnIPZgkP63%2FV0zh%2BKbydQ%2FVgvJ5eIb7RwwnEft9vjpvSbxNx7V5Ba91NA%2FBJ3Df06u9%2FInAOZzGQwdD%2FBvYaF7Kvlw2Jgnc6rKw6GJD3Ee0gmxrkY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f56c6ab529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c.darkdepthdriller.top/space-robot/assets/trls.js

172.67.163.218

33 kB

URL
c.darkdepthdriller.top/space-robot/assets/trls.js
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (357), with CRLF line terminators
Size
33 kB (32919 bytes)
Hash
59f05330688d8f2e5212cc7d7c5aea35
005ada82704b96f73669d53d8ac1373aa8852c48
19d86cc07a7da0beb9ede38f5c79c41e0e2576883c63593a548e3fe0d7c95f1e

HTTP Headers

GET /space-robot/assets/trls.js HTTP/1.1
Host: c.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:21 GMT
content-type: application/javascript
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: W/"649c0dba-1e7e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4326
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7t6U46NprpPdyRPv%2B2OHR1iF%2FuAsRGmhGdxq4hHAvE5ZdCL2FeEt8yzAIS39nk7k0VIX3%2Fdecx8wNk5nFj%2F7tFXk8gxIyrfWlaDsKRhc9jr084Y7cR9GEGlunhjSMMaLh%2Bj%2FzRpxzAXD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f6bcebb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://d.darkdepthdriller.top
DNT: 1
Connection: keep-alive
Referer: https://d.darkdepthdriller.top/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 05:45:56 GMT
expires: Wed, 18 Sep 2024 05:45:56 GMT
cache-control: public, max-age=31536000
age: 75386
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

c.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037

172.67.163.218

38 kB

URL
c.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (474)
Size
38 kB (37748 bytes)
Hash
362cc16a13356513da97f2aba48e92be
64d308482d64fd8a452759d1b5b714820860d312
d03b8912673e855345ce2beb15eff3625410ab371e4dbe2ac3f4643a23e4abc7

HTTP Headers

GET /space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037 HTTP/1.1
Host: c.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://b.darkdepthdriller.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:21 GMT
content-type: text/html
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B5onw6Tpjug%2FywiUCeM6uvpt9P2jn5S7vNCLh%2BBntrZldjRuvnEeBMPcwsHYKpsfIBQLSDy9J%2FF5gpkXoQJu%2FWzY0js272Q1XLHHcf7O6rhY%2BcMvC4OuS%2BeB%2BEQDc0S55KExCCdEEAm6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8096b6f64cadb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

d.darkdepthdriller.top/space-robot/assets/favicon-16x16.png

172.67.163.218

1.2 kB

URL
d.darkdepthdriller.top/space-robot/assets/favicon-16x16.png
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Size
1.2 kB (1163 bytes)
Hash
9d35b617fd258f648c37812252297dd3
7e32fd007f1c6fe1466d15439173082c0fbe82da
e8a768f8122da75777dc64b6d35e756a1848c4f330f293920c18480df085000a

HTTP Headers

GET /space-robot/assets/favicon-16x16.png HTTP/1.1
Host: d.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:22 GMT
content-type: image/png
content-length: 1163
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: "649c0dba-48b"
cache-control: max-age=14400
cf-cache-status: HIT
age: 581
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vBSDPRicKt%2FSWP%2FQj8YpFQm8r5pXmg8V5q4XYKj5hV%2FcQ0dLbxYb%2Ff%2BcllyL6YMPHQlGWxo5snkoPw4V8gDCY84F96FK2mcpOdk2ptwcVV1atgdSANhqBSg0qLKZNgqiPP81VXtYQn2j"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6fa1eabb529-OSL
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/8.4.1/firebase-app.js

142.250.74.35

6.8 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-app.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (21158)
Size
6.8 kB (6763 bytes)
Hash
e20da9cfaabf0b23d89c2335c06e2b03
b1af5616825acaba44bd714bd2685327abe896fd
d4d5669220045e130b79770e93dc7dca5fdfa00c9d7047639dbb15c4f28eb2e2

HTTP Headers

GET /firebasejs/8.4.1/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.darkdepthdriller.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 6763
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 18 Sep 2023 01:03:30 GMT
expires: Tue, 17 Sep 2024 01:03:30 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:11 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 178732
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js

142.250.74.35

11 kB

URL
www.gstatic.com/firebasejs/8.4.1/firebase-messaging.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40976)
Size
11 kB (10908 bytes)
Hash
a498cb0f91ef52cc08969e1737b34638
c0e12b338ca7adea31b105546fde021edecbfc3c
a8d6389e6811b9fea7ff683cb31a57a6e0b29781407d7f5d45994aae1b5725b7

HTTP Headers

GET /firebasejs/8.4.1/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.darkdepthdriller.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10908
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 19 Sep 2023 15:30:29 GMT
expires: Wed, 18 Sep 2024 15:30:29 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 13 Apr 2021 06:56:17 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 40313
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

d.darkdepthdriller.top/space-robot/assets/trls.js

172.67.163.218

3.9 kB

URL
d.darkdepthdriller.top/space-robot/assets/trls.js
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (357), with CRLF line terminators
Size
3.9 kB (3903 bytes)
Hash
59f05330688d8f2e5212cc7d7c5aea35
005ada82704b96f73669d53d8ac1373aa8852c48
19d86cc07a7da0beb9ede38f5c79c41e0e2576883c63593a548e3fe0d7c95f1e

HTTP Headers

GET /space-robot/assets/trls.js HTTP/1.1
Host: d.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:22 GMT
content-type: application/javascript
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: W/"649c0dba-1e7e"
cache-control: max-age=14400
cf-cache-status: HIT
age: 3138
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a%2B7AowTGeZXz0ckspJ27qGh%2FkH9wbYVkYiwHs5l%2B9szFny1wPZpNaGBZOmkSMDpJ%2F9OUGiTI1j%2BKwiN0ZNQ%2FHqW9BjNazJftGcd5INTDO%2B7ESbrSEIdi3du8xXEBE2J4%2FdfPi7pToKJL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f91e36b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

d.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037

172.67.163.218

4.9 kB

URL
d.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (474)
Size
4.9 kB (4937 bytes)
Hash
362cc16a13356513da97f2aba48e92be
64d308482d64fd8a452759d1b5b714820860d312
d03b8912673e855345ce2beb15eff3625410ab371e4dbe2ac3f4643a23e4abc7

HTTP Headers

GET /space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037 HTTP/1.1
Host: d.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.darkdepthdriller.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:22 GMT
content-type: text/html
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zOtwvc0JX%2BiUGFzhVH0izfnuBk%2BaHlNs%2BIMnAFqvfgk1DWHIZvCIXeb3iM8XiV9pxHSG9TOHYZBS673O03gMPnDOGyPCiBCRCi2PtnEm%2FbEjjYWqNYkJB3V16bFSHXgyZaqaxcR3KBv0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8096b6f87deeb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

c.darkdepthdriller.top/space-robot/assets/main.js

172.67.163.218

489 B

URL
c.darkdepthdriller.top/space-robot/assets/main.js
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1794), with no line terminators
Size
489 B (489 bytes)
Hash
e007064d63d81a6d97c2f89715028389
2d198eb80febf99c6378586092731c6d1cf72c7a
f392f08652d464570cdc9c514ba60a5fa93b8837d6e12fe1b225e700cde8fa72

HTTP Headers

GET /space-robot/assets/main.js HTTP/1.1
Host: c.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://c.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:21 GMT
content-type: application/javascript
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: W/"649c0dba-702"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4326
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hUeNxZFmuUXIXFWLPClon52lI2CVB6V0EswiociEeNslmJ1NzfBXQhdNXlbVAoAYPqJMCU%2FpaZ%2FyPcM1qgGCv%2BWBJxPxP51yHAj4nqd1%2FLziZPJNLs%2BhmxfcJqXIhKnXzw2sW7oPKLQy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f6dcfab529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=17984656

13.107.213.53

0 B

URL User Request GET
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=17984656
IP
13.107.213.53:0
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=17984656 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highcpmrevenuenetwork.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_442EA76B505C4A10AE3D41344B913399&sref=ADST&ADST=17984656&affiliateId=1&pid=87019218&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a87019218%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1695177748947)%5c%2f%22%2c%22CookieTag%22%3a%223795087019218451240919C2023920242%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210224346228%7c1%22%7d%5d; domain=.unibet.com; expires=Fri, 20-Sep-3022 02:42:28 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-powered-by: ASP.NET
x-azure-ref: 0FFwKZQAAAAAyI4nIthiyT4eHPEmhlOUaU1ZHMjBFREdFMDYxMwAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Wed, 20 Sep 2023 02:42:28 GMT
content-length: 0
X-Firefox-Spdy: h2

www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_442EA76B505C4A10AE3D41344B913399&sref=ADST&ADST=17984656&affiliateId=1&pid=87019218&bid=37950

85.184.96.40

0 B

URL
www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_442EA76B505C4A10AE3D41344B913399&sref=ADST&ADST=17984656&affiliateId=1&pid=87019218&bid=37950
IP
85.184.96.40:0
ASN
#47171 Unibet Services Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_442EA76B505C4A10AE3D41344B913399&sref=ADST&ADST=17984656&affiliateId=1&pid=87019218&bid=37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highcpmrevenuenetwork.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a87019218%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1695177748947)%5c%2f%22%2c%22CookieTag%22%3a%223795087019218451240919C2023920242%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Wed, 20 Sep 2023 02:42:29 GMT
content-length: 0
location: https://www.unibet.com:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_442EA76B505C4A10AE3D41344B913399&sref=ADST&ADST=17984656&affiliateId=1&pid=87019218&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A87019218-37950
set-cookie: JSESSIONID=node01o80npcz1sx6nitwx5mtrcxjp4992169.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node01o80npcz1sx6nitwx5mtrcxjp; Path=/; Domain=.unibet.com; Expires=Fri, 19-Sep-2025 02:42:29 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Fri, 19-Sep-2025 02:42:29 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://www.highcpmrevenuenetwork.com/"; Path=/; Domain=.unibet.com; Expires=Fri, 19-Sep-2025 02:42:29 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.com; Secure; SameSite=None
B-TAG=127656177_442EA76B505C4A10AE3D41344B913399; Path=/; Domain=.unibet.com; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
PID=87019218; Path=/; Domain=.unibet.com; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fwww.highcpmrevenuenetwork.com%2F; Path=/; Domain=.unibet.com; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_442EA76B505C4A10AE3D41344B913399%26sref%3DADST%26ADST%3D17984656%26affiliateId%3D1%26pid%3D87019218%26bid%3D37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
referer: https://www.highcpmrevenuenetwork.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Wed, 20 Sep 2023 02:42:29 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_442EA76B505C4A10AE3D41344B913399&sref=ADST&ADST=17984656&affiliateId=1&pid=87019218&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A87019218-37950

85.184.96.40

0 B

URL
www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_442EA76B505C4A10AE3D41344B913399&sref=ADST&ADST=17984656&affiliateId=1&pid=87019218&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A87019218-37950
IP
85.184.96.40:0
ASN
#47171 Unibet Services Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_442EA76B505C4A10AE3D41344B913399&sref=ADST&ADST=17984656&affiliateId=1&pid=87019218&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A87019218-37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highcpmrevenuenetwork.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a87019218%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1695177748947)%5c%2f%22%2c%22CookieTag%22%3a%223795087019218451240919C2023920242%22%7d%5d; __ucbt=node01o80npcz1sx6nitwx5mtrcxjp; uniattr=ST.0.T; uniattr_ref="https://www.highcpmrevenuenetwork.com/"; affiliateId=1; B-TAG=127656177_442EA76B505C4A10AE3D41344B913399; BID=37950; PID=87019218; REFERER=https%3A%2F%2Fwww.highcpmrevenuenetwork.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_442EA76B505C4A10AE3D41344B913399%26sref%3DADST%26ADST%3D17984656%26affiliateId%3D1%26pid%3D87019218%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Wed, 20 Sep 2023 02:42:29 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:87019218-37950&btag=127656177_442EA76B505C4A10AE3D41344B913399&bid=37950&campaignId=2799402&pid=87019218
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Wed, 20 Sep 2023 02:42:29 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png

172.64.144.152

0 B

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:87019218-37950&btag=127656177_442EA76B505C4A10AE3D41344B913399&bid=37950&campaignId=2799402&pid=87019218
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a87019218%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1695177748947)%5c%2f%22%2c%22CookieTag%22%3a%223795087019218451240919C2023920242%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210224346228%7c1%22%7d%5d; __ucbt=node01o80npcz1sx6nitwx5mtrcxjp; uniattr=ST.0.T; uniattr_ref="https://www.highcpmrevenuenetwork.com/"; affiliateId=1; B-TAG=127656177_442EA76B505C4A10AE3D41344B913399; BID=37950; PID=87019218; REFERER=https%3A%2F%2Fwww.highcpmrevenuenetwork.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_442EA76B505C4A10AE3D41344B913399%26sref%3DADST%26ADST%3D17984656%26affiliateId%3D1%26pid%3D87019218%26bid%3D37950; btag=127656177_442EA76B505C4A10AE3D41344B913399
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Wed, 20 Sep 2023 02:42:29 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b72709c056a5-OSL
X-Firefox-Spdy: h2

a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js

85.184.96.5

956 B

URL
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
85.184.96.5:0
ASN
#47171 Unibet Services Limited

File type
ASCII text
Size
956 B (956 bytes)
Hash
fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47

HTTP Headers

GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a87019218%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1695177748947)%5c%2f%22%2c%22CookieTag%22%3a%223795087019218451240919C2023920242%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210224346228%7c1%22%7d%5d; __ucbt=node01o80npcz1sx6nitwx5mtrcxjp; uniattr=ST.0.T; uniattr_ref="https://www.highcpmrevenuenetwork.com/"; affiliateId=1; B-TAG=127656177_442EA76B505C4A10AE3D41344B913399; BID=37950; PID=87019218; REFERER=https%3A%2F%2Fwww.highcpmrevenuenetwork.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_442EA76B505C4A10AE3D41344B913399%26sref%3DADST%26ADST%3D17984656%26affiliateId%3D1%26pid%3D87019218%26bid%3D37950; btag=127656177_442EA76B505C4A10AE3D41344B913399
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 20 Sep 2023 02:42:29 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2

cdnstatic.darkdepthdriller.top/ps/config.js?id=ewFXUS8HLUyIQl_3c1i3OA

172.67.163.218

701 B

URL
cdnstatic.darkdepthdriller.top/ps/config.js?id=ewFXUS8HLUyIQl_3c1i3OA
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
701 B (701 bytes)
Hash
819df168f0587f04b31966844a79e07a
4e4ff7cf09a4460655810d1fd9572268dba920a9
7b3e429fd07d2831236e33f6ba0862a6d27b55cd14bd966541a369b0b1bbbbe5

HTTP Headers

GET /ps/config.js?id=ewFXUS8HLUyIQl_3c1i3OA HTTP/1.1
Host: cdnstatic.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.darkdepthdriller.top/
Cookie: __psu=08bbd531-b8a5-4543-bf1c-ade5ea7c381f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:22 GMT
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3LefJXFIRm0PkzrokjGXOufEDibZ7C3R78Dpd9UskE6Z9nm31bNBrquAYCwPLmnKQKBCcyDYe%2BQtbeASXqW8Zq5nQ0Mq17aRHAA0v6Z6ESS3hpBfuxzoyRhyrIpp0IF8HrxdeatVu7qFcZ%2FgqYuV47Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6fa2eb7b529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

d.darkdepthdriller.top/shared-js/assets/static-pl.js

172.67.163.218

2.2 kB

URL
d.darkdepthdriller.top/shared-js/assets/static-pl.js
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
2.2 kB (2155 bytes)
Hash
0eb67b3f8ad843ac2a8bc2c055216e6b
ac24b0abe03ffd2f82600ae8b9dd4c6146069af3
93972bbc62d530dd23e06c5174b3e9ed4fb5719279ecef774d0a7eacf1040a18

HTTP Headers

GET /shared-js/assets/static-pl.js HTTP/1.1
Host: d.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Wed, 20 Sep 2023 02:42:22 GMT
content-type: application/javascript
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
etag: W/"649c0dba-bf3"
cache-control: max-age=14400
cf-cache-status: HIT
age: 4994
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZNC7CMoytDi%2BqrZwEw%2Fq%2F6x3ENcHUWQfwV5masbTEhb1X6ngBzhp6s7Y%2BQlq1b%2BALYuZaclX3MpCEyhAR2VAF17AOjYj3GPMblhhN7lDDWzZb5OwEXEjOmS9eP6a4JN1mnRuwsgvUfKS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b6f92e3cb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:87019218-37950&btag=127656177_442EA76B505C4A10AE3D41344B913399&bid=37950&campaignId=2799402&pid=87019218

172.64.144.152

35 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:87019218-37950&btag=127656177_442EA76B505C4A10AE3D41344B913399&bid=37950&campaignId=2799402&pid=87019218
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
35 kB (34819 bytes)
Hash
698db77e2969bc8a7dcc14c21599b6b6
f7c29015d733283c62501bea89afd820eab643bf
168998f26593c8e933cf84a5d32762413177d1a72b1caa35a07cf721a4060e7e

HTTP Headers

GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:87019218-37950&btag=127656177_442EA76B505C4A10AE3D41344B913399&bid=37950&campaignId=2799402&pid=87019218 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highcpmrevenuenetwork.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a87019218%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1695177748947)%5c%2f%22%2c%22CookieTag%22%3a%223795087019218451240919C2023920242%22%7d%5d; __ucbt=node01o80npcz1sx6nitwx5mtrcxjp; uniattr=ST.0.T; uniattr_ref="https://www.highcpmrevenuenetwork.com/"; affiliateId=1; B-TAG=127656177_442EA76B505C4A10AE3D41344B913399; BID=37950; PID=87019218; REFERER=https%3A%2F%2Fwww.highcpmrevenuenetwork.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_442EA76B505C4A10AE3D41344B913399%26sref%3DADST%26ADST%3D17984656%26affiliateId%3D1%26pid%3D87019218%26bid%3D37950
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 20 Sep 2023 02:42:29 GMT
content-type: text/html; charset=utf-8
cf-ray: 8096b72488d856a5-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: aY23filpvIp9zBTCFZm2tg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0858f584-401e-0010-0c6c-ebd76a000000
x-ms-version: 2014-02-14
set-cookie: btag=127656177_442EA76B505C4A10AE3D41344B913399;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/css/all.css

172.64.102.11

12 kB

URL
use.fontawesome.com/releases/v5.7.1/css/all.css
IP
172.64.102.11:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (54456), with no line terminators
Size
12 kB (12318 bytes)
Hash
7b1d7f457d056ace7b230b587b9f3753
4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf

HTTP Headers

GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 20 Sep 2023 02:42:29 GMT
content-type: text/css
x-amz-id-2: bDlIamUY1QfJPc4QlUBnXFv1f1qQDGvTvEH6wm5EFeK9XBcJboUVX25kNqwZs6Ih/vyIsNf6eIM=
x-amz-request-id: 39MR148XF08XCMJM
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1603696
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ciUHwJ3u6qRJtqrZa2nApfLNRelUuleGnXLiQeystQR%2Fx6X9OFYM2hERRNms3DDRz%2FAwgdYiKYTmBl1NSuH86QCTnqZQ%2Fd9VCPXJLNr0C%2FQMMxBCvP1r1HNkggW5zEElzoqFTAeH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8096b7277e4b7306-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
da172efb0fd6da2c4ee844abac50aadc
084492ced57dd89b321f15d24352c905bee1e06a
d2e1252e318b7c2f54dd7b9701c1d2ad991f35719d474031202b2ad0b9fe666b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 20 Sep 2023 02:42:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png

172.64.144.152

0 B

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:87019218-37950&btag=127656177_442EA76B505C4A10AE3D41344B913399&bid=37950&campaignId=2799402&pid=87019218
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a87019218%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1695177748947)%5c%2f%22%2c%22CookieTag%22%3a%223795087019218451240919C2023920242%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210224346228%7c1%22%7d%5d; __ucbt=node01o80npcz1sx6nitwx5mtrcxjp; uniattr=ST.0.T; uniattr_ref="https://www.highcpmrevenuenetwork.com/"; affiliateId=1; B-TAG=127656177_442EA76B505C4A10AE3D41344B913399; BID=37950; PID=87019218; REFERER=https%3A%2F%2Fwww.highcpmrevenuenetwork.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_442EA76B505C4A10AE3D41344B913399%26sref%3DADST%26ADST%3D17984656%26affiliateId%3D1%26pid%3D87019218%26bid%3D37950; btag=127656177_442EA76B505C4A10AE3D41344B913399
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Wed, 20 Sep 2023 02:42:29 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 8096b728da9256a5-OSL
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg

172.64.144.152

98 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Size
98 kB (98453 bytes)
Hash
8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a87019218%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1695177748947)%5c%2f%22%2c%22CookieTag%22%3a%223795087019218451240919C2023920242%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210224346228%7c1%22%7d%5d; __ucbt=node01o80npcz1sx6nitwx5mtrcxjp; uniattr=ST.0.T; uniattr_ref="https://www.highcpmrevenuenetwork.com/"; affiliateId=1; B-TAG=127656177_442EA76B505C4A10AE3D41344B913399; BID=37950; PID=87019218; REFERER=https%3A%2F%2Fwww.highcpmrevenuenetwork.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_442EA76B505C4A10AE3D41344B913399%26sref%3DADST%26ADST%3D17984656%26affiliateId%3D1%26pid%3D87019218%26bid%3D37950; btag=127656177_442EA76B505C4A10AE3D41344B913399
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 20 Sep 2023 02:42:29 GMT
content-type: image/jpeg
content-length: 98453
cf-ray: 8096b728da9556a5-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 557937
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702B1549FF"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
cf-bgj: h2pri
content-md5: jm2a9e8brf6Slbj8lnk8KA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 2ceb0755-701e-0056-4059-e6e3ed000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2

172.64.144.152

11 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Size
11 kB (10924 bytes)
Hash
0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b

HTTP Headers

GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a87019218%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1695177748947)%5c%2f%22%2c%22CookieTag%22%3a%223795087019218451240919C2023920242%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210224346228%7c1%22%7d%5d; __ucbt=node01o80npcz1sx6nitwx5mtrcxjp; uniattr=ST.0.T; uniattr_ref="https://www.highcpmrevenuenetwork.com/"; affiliateId=1; B-TAG=127656177_442EA76B505C4A10AE3D41344B913399; BID=37950; PID=87019218; REFERER=https%3A%2F%2Fwww.highcpmrevenuenetwork.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_442EA76B505C4A10AE3D41344B913399%26sref%3DADST%26ADST%3D17984656%26affiliateId%3D1%26pid%3D87019218%26bid%3D37950; btag=127656177_442EA76B505C4A10AE3D41344B913399
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 20 Sep 2023 02:42:29 GMT
content-type: font/woff2
content-length: 10924
cf-ray: 8096b728fa9c56a5-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 557937
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702DB224D1"
last-modified: Wed, 13 Sep 2023 15:43:29 GMT
vary: Accept-Encoding
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e76a5471-101e-0050-6e59-e6d052000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

472 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d96cb786152bb72d6f09e98ca29809ac
ffb619a4d1e6a68fd44ad11d4ed2ca52d7a88c37
16c972ddd6ec3ecd9c906cb4a6ece797e6b95416637da172a1d905fd38866995

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 20 Sep 2023 02:42:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg

172.64.144.152

1.2 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1481), with no line terminators
Size
1.2 kB (1230 bytes)
Hash
29c87eb58ba8d395124b925a112ab5ac
82dc80de035d36cee22be43d057e223dab5ba80b
758ddcbcbe402aaf16d21ab756daa63b3353b2abf619ca1873a4b6c6b5ac53cf

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:87019218-37950&btag=127656177_442EA76B505C4A10AE3D41344B913399&bid=37950&campaignId=2799402&pid=87019218
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a87019218%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1695177748947)%5c%2f%22%2c%22CookieTag%22%3a%223795087019218451240919C2023920242%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210224346228%7c1%22%7d%5d; __ucbt=node01o80npcz1sx6nitwx5mtrcxjp; uniattr=ST.0.T; uniattr_ref="https://www.highcpmrevenuenetwork.com/"; affiliateId=1; B-TAG=127656177_442EA76B505C4A10AE3D41344B913399; BID=37950; PID=87019218; REFERER=https%3A%2F%2Fwww.highcpmrevenuenetwork.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_442EA76B505C4A10AE3D41344B913399%26sref%3DADST%26ADST%3D17984656%26affiliateId%3D1%26pid%3D87019218%26bid%3D37950; btag=127656177_442EA76B505C4A10AE3D41344B913399
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 20 Sep 2023 02:42:29 GMT
content-type: image/svg+xml
cf-ray: 8096b72709bf56a5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 557937
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702D1E3897"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Kch+tYuo05USS5JaESq1rA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0df8519a-b01e-0014-1259-e65a6d000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg

172.64.144.152

10 kB

URL
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP
172.64.144.152:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Size
10 kB (10345 bytes)
Hash
2e6f9dbfba55dfa91376da363e813261
b14b92d60cdf76622b9f91b3a56c7a8d98649c23
ec5264587927f5d20d839f8f7d97e98e8dd4d9cce69ffd27a0d63d13d2102498

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:87019218-37950&btag=127656177_442EA76B505C4A10AE3D41344B913399&bid=37950&campaignId=2799402&pid=87019218
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a87019218%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1695177748947)%5c%2f%22%2c%22CookieTag%22%3a%223795087019218451240919C2023920242%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210224346228%7c1%22%7d%5d; __ucbt=node01o80npcz1sx6nitwx5mtrcxjp; uniattr=ST.0.T; uniattr_ref="https://www.highcpmrevenuenetwork.com/"; affiliateId=1; B-TAG=127656177_442EA76B505C4A10AE3D41344B913399; BID=37950; PID=87019218; REFERER=https%3A%2F%2Fwww.highcpmrevenuenetwork.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_442EA76B505C4A10AE3D41344B913399%26sref%3DADST%26ADST%3D17984656%26affiliateId%3D1%26pid%3D87019218%26bid%3D37950; btag=127656177_442EA76B505C4A10AE3D41344B913399
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 20 Sep 2023 02:42:29 GMT
content-type: image/svg+xml
cf-ray: 8096b726f9b356a5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 557937
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DCB4E58"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 68bcfd9b-b01e-0066-1c59-e65d22000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2

172.64.102.11

74 kB

URL
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP
172.64.102.11:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Size
74 kB (74320 bytes)
Hash
3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9

HTTP Headers

GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 20 Sep 2023 02:42:29 GMT
content-type: font/woff2
content-length: 74320
x-amz-id-2: 7JHPP2BeVU5ANlt9sqHmUKzp7fn5DUZiWgTsgCd5ljWDlmUP0ZKYKAF2o05XV0hkjiMH8dFk4fc=
x-amz-request-id: 7A9QY3QV0HCY2BBV
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: "3638e62ea50e6f5859b6a15276c25c87"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1603539
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qPJ6akDreeHnIVhzPpFEK7KqNNy9zOo414qk0N9UgRiLZMLJOQSdPXxdXw6%2B2Dc7%2FABr5CQakZnNFdMFT59k3hfQFdiyACWgwYxS7ejQCA40Pd6U2ZVWy88ljU8YGgBpkBMEvVy9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8096b7293f917306-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 14 Sep 2023 04:50:55 GMT
expires: Fri, 13 Sep 2024 04:50:55 GMT
cache-control: public, max-age=31536000
age: 510695
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.unibet.com/

85.184.96.40

102 kB

URL
www.unibet.com/
IP
85.184.96.40:0
ASN
#47171 Unibet Services Limited

File type
gzip compressed data\012- data
Size
102 kB (102431 bytes)
Hash
7d866341845c597cdfa4f82053ca223b
c0e41c4942e2fdccce892611aa2418e2daf4e9db
d4fac56c67354068f85c8e36d7b0da3a85115795549250acdb391e04895761ad

HTTP Headers

GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a87019218%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1695177748947)%5c%2f%22%2c%22CookieTag%22%3a%223795087019218451240919C2023920242%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210224346228%7c1%22%7d%5d; __ucbt=node01o80npcz1sx6nitwx5mtrcxjp; uniattr=ST.0.T; uniattr_ref="https://www.highcpmrevenuenetwork.com/"; affiliateId=1; B-TAG=127656177_442EA76B505C4A10AE3D41344B913399; BID=37950; PID=87019218; REFERER=https%3A%2F%2Fwww.highcpmrevenuenetwork.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_442EA76B505C4A10AE3D41344B913399%26sref%3DADST%26ADST%3D17984656%26affiliateId%3D1%26pid%3D87019218%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_442EA76B505C4A10AE3D41344B913399
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 20 Sep 2023 02:42:29 GMT
content-type: text/html;charset=utf-8
x-request-id: da4759d5f9e64fdaf04cba28d613a500
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Wed, 20 Sep 2023 02:42:59 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

alvsx.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037

172.67.163.218

28 kB

URL
alvsx.darkdepthdriller.top/space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037
IP
172.67.163.218:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (474)
Size
28 kB (27606 bytes)
Hash
362cc16a13356513da97f2aba48e92be
64d308482d64fd8a452759d1b5b714820860d312
d03b8912673e855345ce2beb15eff3625410ab371e4dbe2ac3f4643a23e4abc7

HTTP Headers

GET /space-robot/?pl=ewFXUS8HLUyIQl_3c1i3OA&sm=space-robot&click_id=5d87b5d10493c57eb32e493fabf33d2b-42510-0920&sub_id=1325064704969431&hash=oGk17F-Jc35nFTffx1NUmw&exp=1695178037 HTTP/1.1
Host: alvsx.darkdepthdriller.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 20 Sep 2023 02:42:17 GMT
content-type: text/html
last-modified: Wed, 28 Jun 2023 10:38:50 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZQ985jynGooFW4OHq6PA6tWNraOYuBxj0t5ZBpeW40DEvgWBw%2F8e881KAHPJ44zul5RvLlghoChvbaUX30HZhkhPcvgegAjUR33YkmXFOzCihKJDvm8k2y9KTvBr0jubyNqY5KUfezN9syLug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8096b6d9fac2569f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 16 Sep 2023 11:13:54 GMT
expires: Sun, 15 Sep 2024 11:13:54 GMT
cache-control: public, max-age=31536000
age: 314916
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.unibet.com/

85.184.96.40

8.1 kB

URL
www.unibet.com/
IP
85.184.96.40:0
ASN
#47171 Unibet Services Limited

File type
gzip compressed data\012- data
Size
8.1 kB (8139 bytes)
Hash
8986a479b4dc009f3758ff5acdbf389f
38e9d92df0c93752e9c606846927a964d3c32bb0
2bf5719abcb6885a3fd2ceb056f9f6d7eefeb627f7e7f49df12de4c43475284a

HTTP Headers

GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a87019218%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1695177748947)%5c%2f%22%2c%22CookieTag%22%3a%223795087019218451240919C2023920242%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210224346228%7c1%22%7d%5d; __ucbt=node01o80npcz1sx6nitwx5mtrcxjp; uniattr=ST.0.T; uniattr_ref="https://www.highcpmrevenuenetwork.com/"; affiliateId=1; B-TAG=127656177_442EA76B505C4A10AE3D41344B913399; BID=37950; PID=87019218; REFERER=https%3A%2F%2Fwww.highcpmrevenuenetwork.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_442EA76B505C4A10AE3D41344B913399%26sref%3DADST%26ADST%3D17984656%26affiliateId%3D1%26pid%3D87019218%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_442EA76B505C4A10AE3D41344B913399
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Wed, 20 Sep 2023 02:42:29 GMT
content-type: text/html;charset=utf-8
x-request-id: da4759d5f9e64fdaf04cba28d613a500
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Wed, 20 Sep 2023 02:42:59 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

www.unibet.com/tp2

85.184.96.40

0 B

URL
www.unibet.com/tp2
IP
85.184.96.40:0
ASN
#47171 Unibet Services Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /tp2 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.unibet.com/
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Wed, 20 Sep 2023 02:42:30 GMT
content-length: 0
access-control-allow-origin: https://welcome.unibet.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, SP-Anonymous
access-control-max-age: 600
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
set-cookie: clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

www.unibet.com/tp2

85.184.96.40

2 B

URL
www.unibet.com/tp2
IP
85.184.96.40:0
ASN
#47171 Unibet Services Limited

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

HTTP Headers

POST /tp2 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 3078
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a87019218%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1695177748947)%5c%2f%22%2c%22CookieTag%22%3a%223795087019218451240919C2023920242%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210224346228%7c1%22%7d%5d; __ucbt=node01o80npcz1sx6nitwx5mtrcxjp; uniattr=BLP.1.T; uniattr_ref="https://www.highcpmrevenuenetwork.com/"; affiliateId=1; B-TAG=127656177_442EA76B505C4A10AE3D41344B913399; BID=37950; PID=87019218; REFERER=https%3A%2F%2Fwww.highcpmrevenuenetwork.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_442EA76B505C4A10AE3D41344B913399%26sref%3DADST%26ADST%3D17984656%26affiliateId%3D1%26pid%3D87019218%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_442EA76B505C4A10AE3D41344B913399; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=1585540135%7CMCIDTS%7C19621%7CMCMID%7C48659234543604818987215420606729216422%7CMCAID%7CNONE%7CMCOPTOUT-1695184950s%7CNONE%7CvVersion%7C4.4.0; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1; s_cc=true; _sp_ses.ab54=*; _sp_id.ab54=55fe3fba-b3ca-4d76-af31-ff312c325786.1695177751.1.1695177751..0c63cf79-696e-4251-8912-96261ae2e4eb..7844bf32-b514-4049-84c5-d9139202e87a.1695177750568.1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
date: Wed, 20 Sep 2023 02:42:30 GMT
content-type: text/plain; charset=UTF-8
content-length: 2
set-cookie: sp=84c5c3fb-8748-43a7-a9e4-9e4e7963cbb5; Expires=Thu, 19 Sep 2024 02:42:30 GMT; Domain=unibet.com; Path=/; Secure; HttpOnly; SameSite=Lax
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
access-control-allow-origin: https://welcome.unibet.com
access-control-allow-credentials: true
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

www.highcpmrevenuenetwork.com/swicednn0s?key=a1a6e26b9d32252d7ab1f90c2e7ebb32

173.233.137.52

200 OK

3.4 kB

URL User Request GET HTTP/1.1
www.highcpmrevenuenetwork.com/swicednn0s?key=a1a6e26b9d32252d7ab1f90c2e7ebb32
IP
173.233.137.52:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjecthighcpmrevenuenetwork.com
FingerprintDE:6B:FD:8F:4F:66:E5:C6:1D:0F:7F:FA:0D:2B:29:84:C2:D0:A7:9C
ValiditySun, 20 Aug 2023 06:36:17 GMT - Sat, 18 Nov 2023 06:36:16 GMT

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (3511), with no line terminators
Size
3.4 kB (3359 bytes)
Hash
23019dbfb9442f1d0ec778f59122e195
9bc3c285e84570348f190793688f54196ffee549
5164c40c2d2cbabb9f3e719a7cae3706a47818b933320226db5f317b62a63073

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /swicednn0s?key=a1a6e26b9d32252d7ab1f90c2e7ebb32 HTTP/1.1
Host: www.highcpmrevenuenetwork.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://d.darkdepthdriller.top/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Wed, 20 Sep 2023 02:42:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17984656; expires=Thu, 21 Sep 2023 02:42:22 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk4NDY1NiwiayI6ImExYTZlMjZiOWQzMjI1MmQ3YWIxZjkwYzJlN2ViYjMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDgyMzUyLCJwaWQiOjYxOTU0NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjoyOCwicHQiOjQsInBrIjoic3dpY2Vkbm4wcyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2QuZGFya2RlcHRoZHJpbGxlci50b3AvIn19.RcHlfoWYRcyoBXOyi6Hn26cSo_zAAZkb4rJ6G4szIXU; expires=Wed, 20 Sep 2023 02:43:22 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 03f5de4d14d6f61ca2ad2c34b10e0378
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.highcpmrevenuenetwork.com/favicon.ico

0.0.0.0

0 B

URL GET
www.highcpmrevenuenetwork.com/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://www.highcpmrevenuenetwork.com/swicednn0s?key=a1a6e26b9d32252d7ab1f90c2e7ebb32
Certificate
IssuerLet's Encrypt
Subjecthighcpmrevenuenetwork.com
FingerprintDE:6B:FD:8F:4F:66:E5:C6:1D:0F:7F:FA:0D:2B:29:84:C2:D0:A7:9C
ValiditySun, 20 Aug 2023 06:36:17 GMT - Sat, 18 Nov 2023 06:36:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.highcpmrevenuenetwork.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.highcpmrevenuenetwork.com/swicednn0s?key=a969ca5c9ad2611762f11b79a526e2d2&submetric=17984656
Cookie: u_pl=17984656; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk4NDY1NiwiayI6ImExYTZlMjZiOWQzMjI1MmQ3YWIxZjkwYzJlN2ViYjMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDgyMzUyLCJwaWQiOjYxOTU0NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjoyOCwicHQiOjQsInBrIjoic3dpY2Vkbm4wcyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2QuZGFya2RlcHRoZHJpbGxlci50b3AvIn19.RcHlfoWYRcyoBXOyi6Hn26cSo_zAAZkb4rJ6G4szIXU; cjs=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

www.highcpmrevenuenetwork.com/api/users?token=L3N3aWNlZG5uMHM_a2V5PWExYTZlMjZiOWQzMjI1MmQ3YWIxZjkwYzJlN2ViYjMyJnBzdD0xNjk1MTc3ODAyJnJlZmVyPWh0dHBzJTNBJTJGJTJGZC5kYXJrZGVwdGhkcmlsbGVyLnRvcCUyRiZybXRjPXQmc2h1PTUyYzNjM2YzZWQyM2M2ODEzYjQ3ZWNmOWNiNDdkNjRlYjZlYWQ4MDRkNTFjMDY0Yzg3NWFkODViZTlkMDc1MTNkZTcyZTA0ZjE1MWZiYzNiNTU2Y2IwMzAxODUyZmRhMzAwNzkzZGM1NDdjMTE2ZmI0NWY5YjgzYjNlMTZlNGQ3YmMzNGUwMWFlMmU3MmY0OThjYTZkOTAzMDQ3MjQzNWU4MDM5MmYxYTViZDlmYTk4ZjdiYzI3YjdhMmFhYWE2ZmRi&uuid=&pii=&in=false

0.0.0.0

0 B

URL User Request GET
www.highcpmrevenuenetwork.com/api/users?token=L3N3aWNlZG5uMHM_a2V5PWExYTZlMjZiOWQzMjI1MmQ3YWIxZjkwYzJlN2ViYjMyJnBzdD0xNjk1MTc3ODAyJnJlZmVyPWh0dHBzJTNBJTJGJTJGZC5kYXJrZGVwdGhkcmlsbGVyLnRvcCUyRiZybXRjPXQmc2h1PTUyYzNjM2YzZWQyM2M2ODEzYjQ3ZWNmOWNiNDdkNjRlYjZlYWQ4MDRkNTFjMDY0Yzg3NWFkODViZTlkMDc1MTNkZTcyZTA0ZjE1MWZiYzNiNTU2Y2IwMzAxODUyZmRhMzAwNzkzZGM1NDdjMTE2ZmI0NWY5YjgzYjNlMTZlNGQ3YmMzNGUwMWFlMmU3MmY0OThjYTZkOTAzMDQ3MjQzNWU4MDM5MmYxYTViZDlmYTk4ZjdiYzI3YjdhMmFhYWE2ZmRi&uuid=&pii=&in=false
IP
0.0.0.0:0
ASN
#0

Certificate
IssuerLet's Encrypt
Subjecthighcpmrevenuenetwork.com
FingerprintDE:6B:FD:8F:4F:66:E5:C6:1D:0F:7F:FA:0D:2B:29:84:C2:D0:A7:9C
ValiditySun, 20 Aug 2023 06:36:17 GMT - Sat, 18 Nov 2023 06:36:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3N3aWNlZG5uMHM_a2V5PWExYTZlMjZiOWQzMjI1MmQ3YWIxZjkwYzJlN2ViYjMyJnBzdD0xNjk1MTc3ODAyJnJlZmVyPWh0dHBzJTNBJTJGJTJGZC5kYXJrZGVwdGhkcmlsbGVyLnRvcCUyRiZybXRjPXQmc2h1PTUyYzNjM2YzZWQyM2M2ODEzYjQ3ZWNmOWNiNDdkNjRlYjZlYWQ4MDRkNTFjMDY0Yzg3NWFkODViZTlkMDc1MTNkZTcyZTA0ZjE1MWZiYzNiNTU2Y2IwMzAxODUyZmRhMzAwNzkzZGM1NDdjMTE2ZmI0NWY5YjgzYjNlMTZlNGQ3YmMzNGUwMWFlMmU3MmY0OThjYTZkOTAzMDQ3MjQzNWU4MDM5MmYxYTViZDlmYTk4ZjdiYzI3YjdhMmFhYWE2ZmRi&uuid=&pii=&in=false HTTP/1.1
Host: www.highcpmrevenuenetwork.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.highcpmrevenuenetwork.com/swicednn0s?key=a969ca5c9ad2611762f11b79a526e2d2&submetric=17984656
Cookie: u_pl=17984656; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk4NDY1NiwiayI6ImExYTZlMjZiOWQzMjI1MmQ3YWIxZjkwYzJlN2ViYjMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDgyMzUyLCJwaWQiOjYxOTU0NywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMSwiYWlkIjoyOCwicHQiOjQsInBrIjoic3dpY2Vkbm4wcyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoxNzkwODg5NDgsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTI0Mzg2LCJibiI6IkZpcmVmb3giLCJidiI6IjExMS4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2QuZGFya2RlcHRoZHJpbGxlci50b3AvIn19.RcHlfoWYRcyoBXOyi6Hn26cSo_zAAZkb4rJ6G4szIXU; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Wed, 20 Sep 2023 02:42:23 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=17984656
Set-Cookie: pdhtkv=true; expires=Thu, 21 Sep 2023 02:42:23 GMT
uncs=1; expires=Thu, 21 Sep 2023 02:42:23 GMT
pdhtkv28=true; expires=Thu, 21 Sep 2023 02:42:23 GMT
uncs28=1; expires=Thu, 21 Sep 2023 02:42:23 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bf106d5b4505f9fc1eefcbd7674c25dd
Strict-Transport-Security: max-age=0; includeSubdomains

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

Observations

Hash

HTTP Transactions (81)

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL

IP