Report - crystalview1.blogspot.com/2023/12/remembering-sandra-day-oconnor.html?m=1

Report Overview

Visited public
2023-12-01 20:20:29
Tags
URL
crystalview1.blogspot.com/2023/12/remembering-sandra-day-oconnor.html?m=1
Finishing URL
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
IP / ASN
172.217.21.161
#15169 GOOGLE
Title
Unibet

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
devoutdoubtfulsample.com	unknown	2023-11-28	2023-11-28 10:14:12	2023-12-01 00:21:51	3.0 kB	4.6 kB	192.243.59.20
skiofficerdemote.com	unknown	2023-11-28	2023-11-28 13:03:09	2023-12-01 18:13:41	5.9 kB	9.1 kB	173.233.139.164
conqueredallrightswell.com	unknown	2023-11-14	2023-11-16 20:49:45	2023-11-29 05:29:33	2.5 kB	4.4 kB	192.243.61.225
adserving.unibet.com	98000	1997-12-11	2015-05-26 08:56:53	2023-12-01 06:35:22	589 B	1.4 kB	13.107.246.53
welcome.unibet.com	242429	1997-12-11	2017-01-30 06:39:28	2023-12-01 11:51:43	30 kB	269 kB	172.64.144.152
crystalview1.blogspot.com	unknown	unknown	No data	No data	1.0 kB	34 kB	172.217.21.161
maxcdn.bootstrapcdn.com	724	2012-05-25	2014-06-18 02:37:31	2023-12-01 08:06:52	582 B	72 kB	104.18.11.207
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-01 06:19:54	940 B	864 B	18.184.210.76
cdn.cloudimagesb.com	23099	2020-10-06	2021-02-12 17:15:41	2023-12-01 06:35:15	2.0 kB	185 kB	45.133.44.10
use.fontawesome.com	942	2012-10-18	2017-01-30 05:43:25	2023-12-01 05:12:17	1.0 kB	130 kB	172.64.141.13
www.gstatic.com	unknown	2008-02-11	2016-07-26 11:37:06	2023-12-01 06:50:24	1.8 kB	42 kB	142.250.74.35
sixassertive.com	unknown	2023-11-28	2023-11-28 12:58:55	2023-11-30 19:44:29	2.9 kB	6.0 kB	173.233.137.36
vexationworship.com	unknown	unknown	No data	No data	4.1 kB	6.6 kB	192.243.61.227
www.unibet.com	318338	1997-12-11	2014-04-29 03:07:51	2023-11-30 18:16:42	5.6 kB	102 kB	85.184.96.28
a1s.unibet.com	297625	1997-12-11	2017-01-30 01:44:42	2023-12-01 06:35:23	2.9 kB	1.1 kB	85.184.96.5
www.topcreativeformat.com	unknown	2023-11-21	2023-11-22 20:49:06	2023-12-01 01:47:20	2.8 kB	70 kB	192.243.61.227
ocsp.r2m03.amazontrust.com	unknown	2007-05-11	2023-02-21 01:06:24	2023-12-01 08:11:25	350 B	942 B	54.230.218.11
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-01 08:02:13	924 B	118 kB	142.250.74.106
cdn.bannerflow.com	23819	2008-06-03	2018-02-22 13:57:21	2023-11-30 18:08:22	1.5 kB	33 kB	104.17.127.249
www.blogger.com	8975	1999-06-22	2012-05-22 09:35:03	2023-12-01 09:17:02	1.9 kB	77 kB	216.58.207.233
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-01 08:07:42	1.4 kB	101 kB	172.217.21.170
vvfal.rigelbetelgeuse.top	unknown	2023-05-11	2023-05-11 14:25:20	2023-11-28 09:13:44	608 B	1.0 kB	172.67.205.133
vvfal.veinmaster.top	unknown	2023-11-23	2023-11-26 13:21:34	2023-11-30 01:15:05	2.5 kB	21 kB	172.64.102.19
a1s-cdn.unibet.com	283505	1997-12-11	2014-04-23 17:07:51	2023-12-01 13:52:19	1.4 kB	1.7 kB	85.184.96.5
blogger.googleusercontent.com	16485	2008-11-17	2012-05-25 19:41:01	2023-12-01 05:09:52	4.9 kB	35 kB	142.250.74.97
bugstractorbring.com	unknown	unknown	No data	No data	6.0 kB	9.1 kB	192.243.61.227
bannerflow-feed-builder.azurewebsites.net	659103	2012-01-24	2017-11-23 14:27:15	2023-11-30 18:16:43	606 B	5.5 kB	104.40.147.180
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-01 05:29:09	3.8 kB	85 kB	142.250.74.67
rudimentarydelay.com	unknown	unknown	No data	No data	4.1 kB	6.6 kB	192.243.59.12
violationphysics.click	unknown	2023-02-10	2023-02-11 18:32:06	2023-12-01 09:03:21	926 B	601 B	192.64.81.118
www.toprevenuegate.com	unknown	2023-10-20	2023-10-23 18:22:31	2023-11-28 19:08:31	1.8 kB	947 B	192.243.59.12
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-01 06:26:25	435 B	68 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-12-01 20:20:21	medium	Client IP	Internal IP	ET DNS Query to a *.top domain - Likely Hostile

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-01	medium	topcreativeformat.com	Sinkholed
2023-12-01	medium	topcreativeformat.com	Sinkholed
2023-12-01	medium	topcreativeformat.com	Sinkholed
2023-12-01	medium	topcreativeformat.com	Sinkholed
2023-12-01	medium	topcreativeformat.com	Sinkholed
2023-12-01	medium	sixassertive.com	Sinkholed
2023-12-01	medium	topcreativeformat.com	Sinkholed
2023-12-01	medium	devoutdoubtfulsample.com	Sinkholed
2023-12-01	medium	bugstractorbring.com	Sinkholed
2023-12-01	medium	sixassertive.com	Sinkholed
2023-12-01	medium	devoutdoubtfulsample.com	Sinkholed
2023-12-01	medium	skiofficerdemote.com	Sinkholed
2023-12-01	medium	skiofficerdemote.com	Sinkholed
2023-12-01	medium	vexationworship.com	Sinkholed
2023-12-01	medium	bugstractorbring.com	Sinkholed
2023-12-01	medium	rudimentarydelay.com	Sinkholed
2023-12-01	medium	skiofficerdemote.com	Sinkholed
2023-12-01	medium	vexationworship.com	Sinkholed
2023-12-01	medium	bugstractorbring.com	Sinkholed
2023-12-01	medium	rudimentarydelay.com	Sinkholed
2023-12-01	medium	conqueredallrightswell.com	Sinkholed
2023-12-01	medium	conqueredallrightswell.com	Sinkholed
2023-12-01	medium	toprevenuegate.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (24)

	URL	From	Size	First Seen	Last Seen
	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	147 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5793 Hash 1d18cffe3fc76896ca02254b5879b535 1a8fec7049c5644eaab6f7aecf8672f3f858d037 cb934bad0e7cb0b0b2edbc619a28b2d7ee4960dba893c3c2ce2a63e458d8af5b Loading...

	a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js	ScriptElement	956 B	2023-03-07	2025-02-02
Pretty URL a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12 Last Seen2025-02-02 17:17 Times Seen4811 Hash fd48e87ecd4d06d9c5df490b91dc813e a65a437db44444634e4f41732c590c1d14433b3f 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47 Loading...

	unknown	ScriptElement	7.7 kB	2023-10-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 14:25 Last Seen2024-08-21 04:51 Times Seen5162 Hash d8109ab58402556ab737fe39834e6905 47aceb389987ff2659d00e7594f4b6f497fd776b 71020f8da24acc220d53e62c55ebf61e031f1d189dca99dd219c96ea2686dc96 Loading...

	unknown	ScriptElement	462 B	2023-11-06	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-06 12:29 Last Seen2024-08-20 20:41 Times Seen4510 Hash 0e8641478391e5943136bbd9dcf81687 43802b92092208cbe4b2c893a6cf8a66970a90ba f2492cbdb92a0b0870b3ae997b0343f648e0489b2877e12fbd4302cf29453436 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js	ScriptElement	4.5 kB	2023-03-07	2025-02-02
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5795 Hash 04fc48de78cbfc5d1557e9df399c7733 e1bf77a4fef1943b0eab404c4abbe9477cb373e0 4c6d70ebaf667a642560297cdca94fa760d3624e1f4cab0da08711f0c492fed6 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	307 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5790 Hash 5633bd464ac4d5c3fab4b6c6db04c743 e9b255450e7612595382082329b0fe88904abcee ca8576fcf8d4ca2350c9fe2a7976729e6e3c6b42ca948060a509a1eed46e93fd Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	295 B	2023-09-13	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-13 20:26 Last Seen2024-08-21 06:57 Times Seen5369 Hash c19afddc1697308e0ef68fc2225c7f22 c77de15393ad1ee1d0d49afd6cc7c1cdefa9a5b4 7d80f28d2d8c0b322d667bc27797d7e01c2e90fa2a7d1025db04252d5b83f202 Loading...

	welcome.unibet.com/custom.js	ScriptElement	5.9 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/custom.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5794 Hash 7bf01e92dd55d5fa298f55fbcb9afd30 4db58eaa64d33bce2d1ae88d5ed6919d8986f8dc 2c13bba84b390447c18343fd8319ca7aea45208f53fb3143ed27c354fd5b2b1f Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	218 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 06:57 Times Seen5369 Hash 91824c153a2424389807187ea41b9137 0ac7bf21044c90de1568152896efb9466c90b412 74abc0c84e63335fab7da57b01856b457f332b55d1ae539baadb180b13be726c Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	92 B	2023-03-07	2025-02-02
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5784 Hash 7f0f3c1a6218ba26e0a2303513a4b789 a8d06c9a0d0b367220509b18213f6b102f4b4fc0 faffe243fd7f581af68fd7dafdf86ff1e5c0824831f03d5758cb309da65fddda Loading...

	unknown	ScriptElement	2.6 kB	2023-03-07	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5802 Hash cd03538fc58df8693fe9af9337788f0f 408a15551710117d0538fc9442a55b5678bb85a5 cc933dd733a6db1a1a9ff1d7c0adb26717fa27d4d177b7a5a2cab0bfdb353562 Loading...

	welcome.unibet.com/widget/betslip/betslip.js	ScriptElement	15 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/widget/betslip/betslip.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5796 Hash 5770dc60397ffb834d1280aa7bcebbd0 f0bbf2136b83babe5a8f70eeff2308279e9a0d3a 42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52 Loading...

	unknown	ScriptElement	1.5 kB	2023-11-16	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 15:59 Last Seen2024-08-20 19:16 Times Seen3975 Hash aa815b3ab95f01113f06825d3482950a 8ba15b0202aeaf30c7db18cb23c5007dea0ed42b b9eb09d3ddb52bcd12443dedbb9194d9b07a2e5a29139a63adbc62eb158ad828 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-05-10
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 172.217.21.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-10 10:30 Times Seen57479 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC	ScriptElement	192 kB	2023-12-01	2023-12-02
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-01 10:17 Last Seen2023-12-02 07:27 Times Seen10 Hash 7826c802b22735480a47c0098c4c3af0 ee22e91c2127146cebc3c601225945c44c26a789 64186a37dfa114c3dd30b6bf95cfe56a712fa2cde23df057c02980cff096d230 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521	ScriptElement	364 B	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5771 Hash b7207d294237fb810195b41fdd3cac28 ff7ef257957cbc2074fa5814177bb7cbbac44eb2 12f39122cef3c11903118c0f4769199ddc1e0e5ba13d7dbe8373e5c77391baf5 Loading...

	unknown	ScriptElement	9.0 kB	2023-09-21	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-21 22:26 Last Seen2025-02-02 17:17 Times Seen5254 Hash 4bf85503f4a4c7bcfaab0141a5806d3d 27fe50a4fc3c8c70cbb4a7448497b078d4583afc f69fd5a7cc72a1b162c15eed2d8df99565cfb38316cfe1b946b868f809146305 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js	ScriptElement	5.4 kB	2023-03-07	2024-08-21
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5792 Hash ac64b59c98bbe50cf69b6c98fa39585c 0a5cc9fb43b8a208481baaf752dbd504078a764b 28ac02c7302149814ed1c1b8a31b96e1ea94247c3b64888a598f66955d28312c Loading...

	www.unibet.com/kindred_snow/s3.7.0/kindred_s.js	ScriptElement	74 kB	2023-03-12	2025-04-01
Pretty URL www.unibet.com/kindred_snow/s3.7.0/kindred_s.js IP 85.184.96.28 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:47 Last Seen2025-04-01 10:09 Times Seen6322 Hash 3fb00dbb8acb3c68fd5ddb674f22bb88 cf7bc4f71f0ff66037ac2e564963ff4c2737e766 7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 127ac839a41bdd9ab92ad47b7411cdaf	29 B	2023-03-08 14:23	2025-05-06 08:36
Pretty Observations First Seen2023-03-08 14:23 Last Seen2025-05-06 08:36 Times Seen675 Hash 127ac839a41bdd9ab92ad47b7411cdaf c2f81b12778c909f055c3967caa638b643c4916a b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4 Loading...

	#2 Eval - dfa24dacd196b4984820b0c7efe60e92	471 B	2023-12-01 21:20	2024-08-20 17:08
Pretty Observations First Seen2023-12-01 21:20 Last Seen2024-08-20 17:08 Times Seen3 Hash dfa24dacd196b4984820b0c7efe60e92 55d7edb3ff79dd7ea4bc46f3e042e67b98408c14 8e5b6552b8a73cfa9aca61f8ac6967db76cebe719163095ea00cbb1c4cf39e62 Loading...

	#3 Eval - ab0fbc60520f4d1e331e3b9863d3fa89	2.1 kB	2024-08-20 17:08	2024-08-20 17:08
Pretty Observations First Seen2024-08-20 17:08 Last Seen2024-08-20 17:08 Times Seen1 Hash ab0fbc60520f4d1e331e3b9863d3fa89 236edb61234e44f62ed9a7a92901fcef1fa64c03 9c4b730c59c18e15e39b82ec9b6a93d7be340549ed3c7f4732e26cf1033fdce3 Loading...

		Size	First Seen	Last Seen
	#1 Write - 0a61d2204916f611969e3e92b9724501	117 B	2023-12-01 21:20	2024-08-20 17:08
Pretty Observations First Seen2023-12-01 21:20 Last Seen2024-08-20 17:08 Times Seen3 Hash 0a61d2204916f611969e3e92b9724501 3fdd13a287d2573512445cfe3d25b526ef7080e7 6d606bf93c90759853f25f375530b1622e8e1798fdd2113125d24c68cd143e8a Loading...

	#2 Write - ac798ac2b2c9559c3e64b701f845c78e	50 B	2023-03-07 01:11	2024-08-21 09:44
Pretty Observations First Seen2023-03-07 01:11 Last Seen2024-08-21 09:44 Times Seen5804 Hash ac798ac2b2c9559c3e64b701f845c78e 288602cbfebecea88ca238ce32c92d133bf59bff a2b051fa7d206df6e4eeee27678781de0752c1ac7adcfd359c1a2fc7ff507449 Loading...

HTTP Transactions (100)

URL IP Response Size

crystalview1.blogspot.com/2023/12/remembering-sandra-day-oconnor.html?m=1

172.217.21.161

30 kB

URL
crystalview1.blogspot.com/2023/12/remembering-sandra-day-oconnor.html?m=1
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (6967)
Size
30 kB (30510 bytes)
Hash
4c9c91081f17b2f7f5088616ba5287dc
1ef17d7f99dd2a5aa9c7fe6f70e253e9791f380d
59faec004a59d64876a7abcb4f5d9e685f1d2425b0e44254fed153a59a3eb918

HTTP Headers

GET /2023/12/remembering-sandra-day-oconnor.html?m=1 HTTP/1.1
Host: crystalview1.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Fri, 01 Dec 2023 20:20:11 GMT
date: Fri, 01 Dec 2023 20:20:11 GMT
cache-control: private, max-age=0
last-modified: Fri, 01 Dec 2023 20:03:43 GMT
etag: W/"74c822f2e2e3af8d13f76d39c920a97222d143a52c9662ee24a83788248870fb"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 30510
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

crystalview1.blogspot.com/js/cookienotice.js

172.217.21.161

2.0 kB

URL
crystalview1.blogspot.com/js/cookienotice.js
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
2.0 kB (2026 bytes)
Hash
a705132a2174f88e196ec3610d68faa8
3bad57a48d973a678fec600d45933010f6edc659
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

HTTP Headers

GET /js/cookienotice.js HTTP/1.1
Host: crystalview1.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/2023/12/remembering-sandra-day-oconnor.html?m=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Fri, 01 Dec 2023 20:20:11 GMT
expires: Fri, 08 Dec 2023 20:20:11 GMT
cache-control: public, max-age=604800
last-modified: Fri, 01 Dec 2023 06:56:55 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.blogger.com/static/v1/jsbin/4235886812-comment_from_post_iframe.js

216.58.207.233

6.8 kB

URL
www.blogger.com/static/v1/jsbin/4235886812-comment_from_post_iframe.js
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2165)
Size
6.8 kB (6760 bytes)
Hash
49aad9405434d8887646881ecda8cf64
59bfe11a22024072043b6fc2562ce01b3d4b7344
d86e5bbbff2909f2cefcd5edbbb5b224660e76913e3872dc029758206955a8c6

HTTP Headers

GET /static/v1/jsbin/4235886812-comment_from_post_iframe.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 6760
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:37:44 GMT
expires: Thu, 28 Nov 2024 21:37:44 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 29 Nov 2023 17:00:16 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 168147
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css

216.58.207.233

7.8 kB

URL
www.blogger.com/static/v1/widgets/3566091532-css_bundle_v2.css
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (35959)
Size
7.8 kB (7756 bytes)
Hash
1e32420a7b6ddbdcb7def8b3141c4d1e
a1be54d42ff1f95244c9653539f90318f5bc0580
a9ca837900b6ae007386d400f659c233120b8af7d93407fd6475c9180d9e83d2

HTTP Headers

GET /static/v1/widgets/3566091532-css_bundle_v2.css HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 7756
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 12:58:11 GMT
expires: Thu, 28 Nov 2024 12:58:11 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 29 Nov 2023 01:58:19 GMT
content-type: text/css
vary: Accept-Encoding
age: 199320
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js

172.217.21.170

34 kB

URL
ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js
IP
172.217.21.170:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32341)
Size
34 kB (33576 bytes)
Hash
8fc25e27d42774aeae6edbc0a18b72aa
b66ed708717bf0b4a005a4d0113af8843ef3b8ff
b294e973896f8f874e90a8eb1a8908ac790980d034c4c4bdf0fc3d37b8abf682

HTTP Headers

GET /ajax/libs/jquery/1.11.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33576
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 17:23:55 GMT
expires: Thu, 28 Nov 2024 17:23:55 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 183376
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

172.217.21.170

34 kB

URL
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP
172.217.21.170:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32077)
Size
34 kB (33951 bytes)
Hash
4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

HTTP Headers

GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 18:55:29 GMT
expires: Thu, 28 Nov 2024 18:55:29 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 177882
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.blogger.com/static/v1/widgets/325989852-widgets.js

216.58.207.233

59 kB

URL
www.blogger.com/static/v1/widgets/325989852-widgets.js
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2258)
Size
59 kB (59316 bytes)
Hash
2aaaea7286ee481cbc12cfd76e10c0cf
6e8576cb84ac125faa0bc0a5fe5508166cc4eed8
4bfa00cdbc7a40f5dad3dfc3a21dada224e61e358e78d7b262bab098bccbc580

HTTP Headers

GET /static/v1/widgets/325989852-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 59316
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 14:08:07 GMT
expires: Fri, 29 Nov 2024 14:08:07 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 29 Nov 2023 05:57:17 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 108724
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

142.250.74.67

7.8 kB

URL
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Size
7.8 kB (7816 bytes)
Hash
25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crystalview1.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:00:51 GMT
expires: Fri, 29 Nov 2024 04:00:51 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
age: 145160
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

142.250.74.67

7.9 kB

URL
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crystalview1.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 02:38:20 GMT
expires: Fri, 29 Nov 2024 02:38:20 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
age: 150111
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.woff2?v=4.6.1

104.18.11.207

71 kB

URL
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/fonts/fontawesome-webfont.woff2?v=4.6.1
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 70728, version 4.393\012- data
Size
71 kB (70728 bytes)
Hash
926c93d201fe51c8f351e858468980c3
977357f82830f57fbdac2492dd421e5dcce44a1a
d3ebb498192527b985939ae62cc4e5eb5c108efc1896184126b45d866868e73d

HTTP Headers

GET /font-awesome/4.6.1/fonts/fontawesome-webfont.woff2?v=4.6.1 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crystalview1.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 20:20:11 GMT
content-type: font/woff2
content-length: 70728
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "926c93d201fe51c8f351e858468980c3"
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 09/10/2023 07:55:34
cdn-proxyver: 1.04
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 860
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-status: 200
cdn-requestid: d7609fb106dba2d71f6796e8c60d3131
cdn-cache: HIT
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 82ee0785abf456c1-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

142.250.74.67

7.7 kB

URL
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Size
7.7 kB (7748 bytes)
Hash
a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crystalview1.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:35:53 GMT
expires: Thu, 28 Nov 2024 21:35:53 GMT
cache-control: public, max-age=31536000
age: 168258
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBxqDBqgC7SCAeADzRJhrXTgj4IJVG5TfRMQxOa8bJEeNm5lfET9aJxl-SdaaE-XfLqVbM8pg1GSSCmUEE9wgfIfRETbzy8LegaJ3_B4YHtW4VTdeAC3ULxXMsfqmCbtueLikeO-33N-pHr2ycn1T2Slk_iKwuAM4Un-kbCbw9orTi9C36Zg-k0v2HWN-q/w72-h72-p-k-no-nu/Sandra-Day-NEW.jpg

142.250.74.97

2.3 kB

URL
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBxqDBqgC7SCAeADzRJhrXTgj4IJVG5TfRMQxOa8bJEeNm5lfET9aJxl-SdaaE-XfLqVbM8pg1GSSCmUEE9wgfIfRETbzy8LegaJ3_B4YHtW4VTdeAC3ULxXMsfqmCbtueLikeO-33N-pHr2ycn1T2Slk_iKwuAM4Un-kbCbw9orTi9C36Zg-k0v2HWN-q/w72-h72-p-k-no-nu/Sandra-Day-NEW.jpg
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Size
2.3 kB (2345 bytes)
Hash
8e711ad01d3e8d82e750f1727c5c9172
751aa67cb39a9c5e615c58df72b541742a73cc1e
d74d2512c619ba4c95f2a2fc0b44162d83add59e7b1291215b54f35011c8f54e

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEiBxqDBqgC7SCAeADzRJhrXTgj4IJVG5TfRMQxOa8bJEeNm5lfET9aJxl-SdaaE-XfLqVbM8pg1GSSCmUEE9wgfIfRETbzy8LegaJ3_B4YHtW4VTdeAC3ULxXMsfqmCbtueLikeO-33N-pHr2ycn1T2Slk_iKwuAM4Un-kbCbw9orTi9C36Zg-k0v2HWN-q/w72-h72-p-k-no-nu/Sandra-Day-NEW.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v73b"
expires: Sat, 02 Dec 2023 20:20:12 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Sandra-Day-NEW.jpg"
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 20:20:12 GMT
server: fife
content-length: 2345
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

142.250.74.97

11 kB

URL
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBxqDBqgC7SCAeADzRJhrXTgj4IJVG5TfRMQxOa8bJEeNm5lfET9aJxl-SdaaE-XfLqVbM8pg1GSSCmUEE9wgfIfRETbzy8LegaJ3_B4YHtW4VTdeAC3ULxXMsfqmCbtueLikeO-33N-pHr2ycn1T2Slk_iKwuAM4Un-kbCbw9orTi9C36Zg-k0v2HWN-q/s320/Sandra-Day-NEW.jpg
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 320x173, components 3\012- data
Size
11 kB (10944 bytes)
Hash
3e29304bc991b5ea7249fd9824a85630
2fcec9ac9dd5cc87215d1c353b556c1378a6e3f6
e1c626ad5f9689dfd7bd2202cd7e2513d93a6d98fbc8b1c448284d35addb0df6

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEiBxqDBqgC7SCAeADzRJhrXTgj4IJVG5TfRMQxOa8bJEeNm5lfET9aJxl-SdaaE-XfLqVbM8pg1GSSCmUEE9wgfIfRETbzy8LegaJ3_B4YHtW4VTdeAC3ULxXMsfqmCbtueLikeO-33N-pHr2ycn1T2Slk_iKwuAM4Un-kbCbw9orTi9C36Zg-k0v2HWN-q/s320/Sandra-Day-NEW.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v73b"
expires: Sat, 02 Dec 2023 20:20:12 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Sandra-Day-NEW.jpg"
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 20:20:12 GMT
server: fife
content-length: 10944
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhag8psA28LxCakHmktqFfIUvpT_fFKxCIqT1cnA0p0rg7_HyKJcFPzZq9AboYBD80oe8R6aeGNOHNC-TOAmj4h9_SqUONxGwjJ9qGy0wwn_GThyugb3emb9x2wfpwJveTKqIz5R_0n8lDCUclXfUTFCmtV7UZbT4hEN11EJB_9VLlMWdyjWnSwhY0kuK74/s72-c/_109266345_threre.png

142.250.74.97

3.5 kB

URL
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhag8psA28LxCakHmktqFfIUvpT_fFKxCIqT1cnA0p0rg7_HyKJcFPzZq9AboYBD80oe8R6aeGNOHNC-TOAmj4h9_SqUONxGwjJ9qGy0wwn_GThyugb3emb9x2wfpwJveTKqIz5R_0n8lDCUclXfUTFCmtV7UZbT4hEN11EJB_9VLlMWdyjWnSwhY0kuK74/s72-c/_109266345_threre.png
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Size
3.5 kB (3527 bytes)
Hash
956ff4b6ecbcefeca7cd886ed97030ea
33bae481bb8e9dedaed29e0d747dbd112ebcc409
32888920682864504840e95b9f15949604107e1eb7fa839f488e24df02c9d592

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEhag8psA28LxCakHmktqFfIUvpT_fFKxCIqT1cnA0p0rg7_HyKJcFPzZq9AboYBD80oe8R6aeGNOHNC-TOAmj4h9_SqUONxGwjJ9qGy0wwn_GThyugb3emb9x2wfpwJveTKqIz5R_0n8lDCUclXfUTFCmtV7UZbT4hEN11EJB_9VLlMWdyjWnSwhY0kuK74/s72-c/_109266345_threre.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v739"
expires: Sat, 02 Dec 2023 20:20:12 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="_109266345_threre.jpg"
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 20:20:12 GMT
server: fife
content-length: 3527
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

142.250.74.97

2.9 kB

URL
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhag8psA28LxCakHmktqFfIUvpT_fFKxCIqT1cnA0p0rg7_HyKJcFPzZq9AboYBD80oe8R6aeGNOHNC-TOAmj4h9_SqUONxGwjJ9qGy0wwn_GThyugb3emb9x2wfpwJveTKqIz5R_0n8lDCUclXfUTFCmtV7UZbT4hEN11EJB_9VLlMWdyjWnSwhY0kuK74/w72-h72-p-k-no-nu/_109266345_threre.png
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Size
2.9 kB (2882 bytes)
Hash
1630da2058760e0608561eafdf73af46
a61767d9cd7e1c50811699157b1bce32d85f9974
8c6668fea2dd647579fb5508323c0651fbf0e2a9adc0d92db3cda79f67d9c85a

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEhag8psA28LxCakHmktqFfIUvpT_fFKxCIqT1cnA0p0rg7_HyKJcFPzZq9AboYBD80oe8R6aeGNOHNC-TOAmj4h9_SqUONxGwjJ9qGy0wwn_GThyugb3emb9x2wfpwJveTKqIz5R_0n8lDCUclXfUTFCmtV7UZbT4hEN11EJB_9VLlMWdyjWnSwhY0kuK74/w72-h72-p-k-no-nu/_109266345_threre.png HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v739"
expires: Sat, 02 Dec 2023 20:20:12 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="_109266345_threre.jpg"
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 20:20:12 GMT
server: fife
content-length: 2882
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

142.250.74.97

2.2 kB

URL
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiBxqDBqgC7SCAeADzRJhrXTgj4IJVG5TfRMQxOa8bJEeNm5lfET9aJxl-SdaaE-XfLqVbM8pg1GSSCmUEE9wgfIfRETbzy8LegaJ3_B4YHtW4VTdeAC3ULxXMsfqmCbtueLikeO-33N-pHr2ycn1T2Slk_iKwuAM4Un-kbCbw9orTi9C36Zg-k0v2HWN-q/s72-c/Sandra-Day-NEW.jpg
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Size
2.2 kB (2241 bytes)
Hash
770e44f0c3e3362d5b5cd97b4266a681
dc9296885d8f745469fad81ae5afeba3b8d33aed
39ab045a4de2d37d90f98122ae1046994e9ee56ce5b65b45314c64fda49dc001

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEiBxqDBqgC7SCAeADzRJhrXTgj4IJVG5TfRMQxOa8bJEeNm5lfET9aJxl-SdaaE-XfLqVbM8pg1GSSCmUEE9wgfIfRETbzy8LegaJ3_B4YHtW4VTdeAC3ULxXMsfqmCbtueLikeO-33N-pHr2ycn1T2Slk_iKwuAM4Un-kbCbw9orTi9C36Zg-k0v2HWN-q/s72-c/Sandra-Day-NEW.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v73b"
expires: Sat, 02 Dec 2023 20:20:12 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="Sandra-Day-NEW.jpg"
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 20:20:12 GMT
server: fife
content-length: 2241
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHcedt_MQL-EobCt9CoH1IoeShVCyyAiAX1pTtHi-leOu3AfZizxjrl4c7qZnIE2E9u4ZL5_zytzFGw7DH55EqQWUqTqDnooOE16uSJXyaYuqet4m9DcUvDhADzKRMz55H9XyMy1n6LIVxCbOrNF6Uy5Cp3Rlpw1OZCxMSFQOllcTbKkCQAQCKZJF6p7zh/w72-h72-p-k-no-nu/1_SCRuoKcuEGCfgI9PwBbfMQ.jpg

142.250.74.97

4.8 kB

URL
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHcedt_MQL-EobCt9CoH1IoeShVCyyAiAX1pTtHi-leOu3AfZizxjrl4c7qZnIE2E9u4ZL5_zytzFGw7DH55EqQWUqTqDnooOE16uSJXyaYuqet4m9DcUvDhADzKRMz55H9XyMy1n6LIVxCbOrNF6Uy5Cp3Rlpw1OZCxMSFQOllcTbKkCQAQCKZJF6p7zh/w72-h72-p-k-no-nu/1_SCRuoKcuEGCfgI9PwBbfMQ.jpg
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Size
4.8 kB (4790 bytes)
Hash
0c2d8d04145f84bbdbfcee0b8aea62f1
ca2677062b6721799d4735eb7e96d99047ca3f9b
6813cef2b4201408c5176b12e275c40791705da37b6e4294f4c8d30d6feded8d

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEhHcedt_MQL-EobCt9CoH1IoeShVCyyAiAX1pTtHi-leOu3AfZizxjrl4c7qZnIE2E9u4ZL5_zytzFGw7DH55EqQWUqTqDnooOE16uSJXyaYuqet4m9DcUvDhADzKRMz55H9XyMy1n6LIVxCbOrNF6Uy5Cp3Rlpw1OZCxMSFQOllcTbKkCQAQCKZJF6p7zh/w72-h72-p-k-no-nu/1_SCRuoKcuEGCfgI9PwBbfMQ.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v72d"
expires: Sat, 02 Dec 2023 20:20:12 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="1_SCRuoKcuEGCfgI9PwBbfMQ.jpg"
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 20:20:12 GMT
server: fife
content-length: 4790
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

142.250.74.97

4.7 kB

URL
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhHcedt_MQL-EobCt9CoH1IoeShVCyyAiAX1pTtHi-leOu3AfZizxjrl4c7qZnIE2E9u4ZL5_zytzFGw7DH55EqQWUqTqDnooOE16uSJXyaYuqet4m9DcUvDhADzKRMz55H9XyMy1n6LIVxCbOrNF6Uy5Cp3Rlpw1OZCxMSFQOllcTbKkCQAQCKZJF6p7zh/s72-c/1_SCRuoKcuEGCfgI9PwBbfMQ.jpg
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Size
4.7 kB (4700 bytes)
Hash
cbcc3dd827a1716e1dfaf0077259e3db
9c919c5a0dd66a151cefed7d4424d5e1caee0a28
43f02e770ab28df672bfd55113045a0cd06d0021275064242b38f968a7b15d68

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEhHcedt_MQL-EobCt9CoH1IoeShVCyyAiAX1pTtHi-leOu3AfZizxjrl4c7qZnIE2E9u4ZL5_zytzFGw7DH55EqQWUqTqDnooOE16uSJXyaYuqet4m9DcUvDhADzKRMz55H9XyMy1n6LIVxCbOrNF6Uy5Cp3Rlpw1OZCxMSFQOllcTbKkCQAQCKZJF6p7zh/s72-c/1_SCRuoKcuEGCfgI9PwBbfMQ.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v72d"
expires: Sat, 02 Dec 2023 20:20:12 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="1_SCRuoKcuEGCfgI9PwBbfMQ.jpg"
x-content-type-options: nosniff
date: Fri, 01 Dec 2023 20:20:12 GMT
server: fife
content-length: 4700
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.blogger.com/dyn-css/authorization.css?targetBlogID=4373571602793013311&zx=e34ee747-45cb-46a0-90fc-8215372a0a71

216.58.207.233

21 B

URL
www.blogger.com/dyn-css/authorization.css?targetBlogID=4373571602793013311&zx=e34ee747-45cb-46a0-90fc-8215372a0a71
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
21 B (21 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

HTTP Headers

GET /dyn-css/authorization.css?targetBlogID=4373571602793013311&zx=e34ee747-45cb-46a0-90fc-8215372a0a71 HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See https://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
content-security-policy: script-src   'self' *.google.com *.google-analytics.com 'unsafe-inline'   'unsafe-eval' *.gstatic.com *.googlesyndication.com *.blogger.com   *.googleapis.com uds.googleusercontent.com https://s.ytimg.com   https://i18n-cloud.appspot.com   https://www.youtube.com   www-onepick-opensocial.googleusercontent.com   www-bloggervideo-opensocial.googleusercontent.com   www-blogger-opensocial.googleusercontent.com https://www.blogblog.com; report-uri /cspreport
content-type: text/css; charset=UTF-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 01 Dec 2023 20:20:12 GMT
last-modified: Fri, 01 Dec 2023 20:20:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
content-length: 21
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.topcreativeformat.com/e99a94fc23377de88d29af156218e732/invoke.js

192.243.61.227

11 kB

URL
www.topcreativeformat.com/e99a94fc23377de88d29af156218e732/invoke.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29595), with no line terminators
Size
11 kB (10907 bytes)
Hash
a3f31f1f07b712579cd2fcdb775825ee
93d90e4af99fe425ddd339af80177334e2520654
3ce4511b65b8691eb7d5aebfdb0b6ecde82906d0e119747720dc92353a1452f7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e99a94fc23377de88d29af156218e732/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 20:20:12 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a4032501dbb51d484d8239bac8c4f61d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2

142.250.74.67

8.0 kB

URL
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 8000, version 1.0\012- data
Size
8.0 kB (8000 bytes)
Hash
72993dddf88a63e8f226656f7de88e57
179f97ec0275f09603a8db94d4380eb584d81cd5
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://crystalview1.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 8000
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:53:49 GMT
expires: Fri, 29 Nov 2024 04:53:49 GMT
cache-control: public, max-age=31536000
age: 141984
last-modified: Wed, 27 Apr 2022 16:59:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.r2m03.amazontrust.com/

54.230.218.11

471 B

URL
ocsp.r2m03.amazontrust.com/
IP
54.230.218.11:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
5b7b378f2f2e1279be0c0f57ceb0cf93
f03e52739a3a7e746036c3b8b7c42015632a931a
a801964dabaa860b97b788b0dd71cc601c6b38279cf522be462c816352ce1265

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m03.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=7200
Date: Fri, 01 Dec 2023 20:20:13 GMT
Last-Modified: Fri, 01 Dec 2023 18:43:52 GMT
Server: ECAcc (ska/F749)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kM1zdSUg_vdiPi6MIYbQsU5BucNNZrPvbUW9WYpEDUUp1waGiNa6tg==
Age: 5781

www.topcreativeformat.com/e99a94fc23377de88d29af156218e732/invoke.js

192.243.61.227

11 kB

URL
www.topcreativeformat.com/e99a94fc23377de88d29af156218e732/invoke.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29619), with no line terminators
Size
11 kB (10912 bytes)
Hash
9b4a5c0fe11dd4241ad60412777fdf56
31e43750a4c80cbb347621b25f31b9e0b5597e6c
e0735b4021aa5916783590509a4baba8156941fa52de1e034a3a67ce23eaa9d7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e99a94fc23377de88d29af156218e732/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 20:20:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dd2a6e87a058b09002c35d1c0c972145
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.184.210.76

40 B

URL
proftrafficcounter.com/stats
IP
18.184.210.76:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
3fcd8b80ebb234eb547f10c4a7949c76
4656cbc3d2ccd82781a6e30381b28077930a94b3
526c04932b30e4e9c70c973c4a293991ade0fcf31bf933cf73f7cd8f28f279e6

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://crystalview1.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:13 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://crystalview1.blogspot.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=41268366-9ad5-4a4c-bf56-3898f4185414:1:1; expires=Mon, 28 Nov 2033 20:20:13 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

proftrafficcounter.com/stats

18.184.210.76

40 B

URL
proftrafficcounter.com/stats
IP
18.184.210.76:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
b7a75afcbc6389778f5c8687e4bbee06
83410be8e991d3268875dd4ca7c9e9435dbf6864
f6886e4b74823546f488db3e177f58931f831f534edc166ac19d0c1f7d72bd0c

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://crystalview1.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:13 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://crystalview1.blogspot.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=8f9ce19d-2ee2-48c6-b28c-739180d9eece:2:1; expires=Mon, 28 Nov 2033 20:20:13 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

www.topcreativeformat.com/e99a94fc23377de88d29af156218e732/invoke.js

192.243.61.227

11 kB

URL
www.topcreativeformat.com/e99a94fc23377de88d29af156218e732/invoke.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29607), with no line terminators
Size
11 kB (10908 bytes)
Hash
c4afbb0d486258e6f1df46e40faf6522
143a34de2ede656fff835eb0f16858f32e1a33c7
a0fe2d166f395d6b920b6357eda70d3cb394941a90a7e4cab1f1ab1e2d173932

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e99a94fc23377de88d29af156218e732/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 20:20:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7149d1fe877d8b43f36c3ff2d21a8211
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.topcreativeformat.com/e99a94fc23377de88d29af156218e732/invoke.js

192.243.61.227

11 kB

URL
www.topcreativeformat.com/e99a94fc23377de88d29af156218e732/invoke.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29607), with no line terminators
Size
11 kB (10909 bytes)
Hash
d0b10af7e6a239361b6b1c0f6463d476
be5d1c62d902f6a0a3d99f3c15311a97af10ac6c
ee7e6ea218aeb978df22d12f53f5657446dec1b1cb080c183cef48acc730172c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e99a94fc23377de88d29af156218e732/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 20:20:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a4b96db2fb34e544640a00906d2ddc9f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.topcreativeformat.com/e99a94fc23377de88d29af156218e732/invoke.js

192.243.61.227

11 kB

URL
www.topcreativeformat.com/e99a94fc23377de88d29af156218e732/invoke.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29604), with no line terminators
Size
11 kB (10908 bytes)
Hash
55cb76f5a0db4c1d8cd24376c4e2bf84
e86f75d57852f0973c4f5b23ae28690b613fa882
88a4391a5c97af2a7eebaa385bbf3467b687fea6a4bdc1ea71154a1a9b6ace47

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e99a94fc23377de88d29af156218e732/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 20:20:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bad9559f6b8a349509bca7ff638a9273
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

173.233.137.36

0 B

URL
sixassertive.com/watch.996843921750.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=41268366-9ad5-4a4c-bf56-3898f4185414%3A1%3A1
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.996843921750.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=41268366-9ad5-4a4c-bf56-3898f4185414%3A1%3A1 HTTP/1.1
Host: sixassertive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://crystalview1.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 20:20:13 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://crystalview1.blogspot.com
Access-Control-Allow-Origin: https://crystalview1.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://sixassertive.com/watch.996843921750.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=41268366-9ad5-4a4c-bf56-3898f4185414%3A1%3A1&shu=b89e351fba3ded71c18ad328204ae5ffeeb66f35babd5deaf6ce80a4bed63c708b63f09ab2a0922609f00764ebe0ac82617101efd2825c33b47579679eabc1faa236da904c2be13eb09d88ed2a002519af7faab0d8e26521ec1d9306f839c0cbfc&pst=1701462073&rmtc=t
Set-Cookie: u_pl=21386644; expires=Sat, 02 Dec 2023 20:20:13 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2NyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20vMjAyMy8xMi9yZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbD9tPTEiLCJhciI6W119fQ.Q2TJQO37AGi089yqVpFW2-1BKM3pt7hIuwwX0qa3eHw; expires=Fri, 01 Dec 2023 20:21:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 541843ac5078361fa0290aae528a70f4
Strict-Transport-Security: max-age=0; includeSubdomains

www.topcreativeformat.com/e99a94fc23377de88d29af156218e732/invoke.js

192.243.61.227

11 kB

URL
www.topcreativeformat.com/e99a94fc23377de88d29af156218e732/invoke.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
exported SGML document, ASCII text, with very long lines (29607), with no line terminators
Size
11 kB (10910 bytes)
Hash
f4babaf178cca3d55c1a4bb192f7c60a
644c30e8f21b233ca81aa5b3265536096ab59b0c
13d862af89de21fd851d5e030e69c4277fc3171949ee23d8a1ad2baa1f1f0043

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /e99a94fc23377de88d29af156218e732/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 20:20:13 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7d668ff73a5a87b08e35ace21ae00c11
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

192.243.59.20

0 B

URL
devoutdoubtfulsample.com/watch.168991099708.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.168991099708.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1 HTTP/1.1
Host: devoutdoubtfulsample.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://crystalview1.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 20:20:13 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://crystalview1.blogspot.com
Access-Control-Allow-Origin: https://crystalview1.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://devoutdoubtfulsample.com/watch.168991099708.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&shu=66683265701ffcdec8fe241ab9bdf5e883497233c0ad0f53d36b556fe1b84256a20485c17053eeb8a7d30a0c02a8c8eee03405f19d99198d897a73d7cc624585dcfbe6e3735e4b2f2c4534ce67f43a64b9b2055e091e721a6120af26cfca1c&pst=1701462073&rmtc=t
Set-Cookie: u_pl=21386644; expires=Sat, 02 Dec 2023 20:20:13 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2NyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20vMjAyMy8xMi9yZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbD9tPTEiLCJhciI6W119fQ.Q2TJQO37AGi089yqVpFW2-1BKM3pt7hIuwwX0qa3eHw; expires=Fri, 01 Dec 2023 20:21:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e00da6720c7af9903e44a828d5700409
Strict-Transport-Security: max-age=0; includeSubdomains

bugstractorbring.com/watch.1123078911430.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1

192.243.61.227

0 B

URL
bugstractorbring.com/watch.1123078911430.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1123078911430.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1 HTTP/1.1
Host: bugstractorbring.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://crystalview1.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 20:20:13 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://crystalview1.blogspot.com
Access-Control-Allow-Origin: https://crystalview1.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://bugstractorbring.com/watch.1123078911430.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&shu=3c1ef8b586d6f7810b4af3c2327191ff6b277cdcf7804187b77ac4c954884b65047c85d81f1b768c305ca90542a6f2e9b9e25c27be21afd99050d7c32844894561e9f3288f0608b3361d923862b2f384fbaa135fa761ba0d69944e0cae&pst=1701462073&rmtc=t
Set-Cookie: u_pl=21386644; expires=Sat, 02 Dec 2023 20:20:13 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2NyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20vMjAyMy8xMi9yZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbD9tPTEiLCJhciI6W119fQ.Q2TJQO37AGi089yqVpFW2-1BKM3pt7hIuwwX0qa3eHw; expires=Fri, 01 Dec 2023 20:21:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 61790d50e5cb326f73a9db79e0671128
Strict-Transport-Security: max-age=0; includeSubdomains

sixassertive.com/watch.996843921750.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=41268366-9ad5-4a4c-bf56-3898f4185414%3A1%3A1&shu=b89e351fba3ded71c18ad328204ae5ffeeb66f35babd5deaf6ce80a4bed63c708b63f09ab2a0922609f00764ebe0ac82617101efd2825c33b47579679eabc1faa236da904c2be13eb09d88ed2a002519af7faab0d8e26521ec1d9306f839c0cbfc&pst=1701462073&rmtc=t

173.233.137.36

2.1 kB

URL
sixassertive.com/watch.996843921750.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=41268366-9ad5-4a4c-bf56-3898f4185414%3A1%3A1&shu=b89e351fba3ded71c18ad328204ae5ffeeb66f35babd5deaf6ce80a4bed63c708b63f09ab2a0922609f00764ebe0ac82617101efd2825c33b47579679eabc1faa236da904c2be13eb09d88ed2a002519af7faab0d8e26521ec1d9306f839c0cbfc&pst=1701462073&rmtc=t
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2656)
Size
2.1 kB (2114 bytes)
Hash
b181dcc2fb1f616e63ea11a6a30ed314
4722448572004f56a2d94a66d68f9edadbf11e8f
9e73baaaee36fee8836630ea79fa4c5a9c2e8876c96b40f447ee94dd357b45d4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.996843921750.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=41268366-9ad5-4a4c-bf56-3898f4185414%3A1%3A1&shu=b89e351fba3ded71c18ad328204ae5ffeeb66f35babd5deaf6ce80a4bed63c708b63f09ab2a0922609f00764ebe0ac82617101efd2825c33b47579679eabc1faa236da904c2be13eb09d88ed2a002519af7faab0d8e26521ec1d9306f839c0cbfc&pst=1701462073&rmtc=t HTTP/1.1
Host: sixassertive.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://crystalview1.blogspot.com
Referer: https://crystalview1.blogspot.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21386644; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2NyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20vMjAyMy8xMi9yZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbD9tPTEiLCJhciI6W119fQ.Q2TJQO37AGi089yqVpFW2-1BKM3pt7hIuwwX0qa3eHw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 20:20:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://crystalview1.blogspot.com
Access-Control-Allow-Origin: https://crystalview1.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=41268366-9ad5-4a4c-bf56-3898f4185414:1:1; expires=Fri, 08 Dec 2023 20:20:13 GMT; secure; SameSite=None
iprc87b80b0b85860b8363522ad333ab8f33=3569808; expires=Sat, 02 Dec 2023 00:20:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 02 Dec 2023 20:20:13 GMT; secure; SameSite=None
uncs=1; expires=Sat, 02 Dec 2023 20:20:13 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sat, 02 Dec 2023 20:20:13 GMT; secure; SameSite=None
uncs23=1; expires=Sat, 02 Dec 2023 20:20:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ffdfa99e22415ecbf692ea600f535fb1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

devoutdoubtfulsample.com/watch.168991099708.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&shu=66683265701ffcdec8fe241ab9bdf5e883497233c0ad0f53d36b556fe1b84256a20485c17053eeb8a7d30a0c02a8c8eee03405f19d99198d897a73d7cc624585dcfbe6e3735e4b2f2c4534ce67f43a64b9b2055e091e721a6120af26cfca1c&pst=1701462073&rmtc=t

192.243.59.20

643 B

URL
devoutdoubtfulsample.com/watch.168991099708.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&shu=66683265701ffcdec8fe241ab9bdf5e883497233c0ad0f53d36b556fe1b84256a20485c17053eeb8a7d30a0c02a8c8eee03405f19d99198d897a73d7cc624585dcfbe6e3735e4b2f2c4534ce67f43a64b9b2055e091e721a6120af26cfca1c&pst=1701462073&rmtc=t
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document, ASCII text, with very long lines (603)
Size
643 B (643 bytes)
Hash
09222929e0a9eef36696cad3f9cce723
88523f21808c3d2c41bf98c172019015c42bc8ed
f73c79a2e9452cc025239c62a280453e01000030deec55b24af3d4369d1b74fa

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.168991099708.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&shu=66683265701ffcdec8fe241ab9bdf5e883497233c0ad0f53d36b556fe1b84256a20485c17053eeb8a7d30a0c02a8c8eee03405f19d99198d897a73d7cc624585dcfbe6e3735e4b2f2c4534ce67f43a64b9b2055e091e721a6120af26cfca1c&pst=1701462073&rmtc=t HTTP/1.1
Host: devoutdoubtfulsample.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://crystalview1.blogspot.com
Referer: https://crystalview1.blogspot.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21386644; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2NyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20vMjAyMy8xMi9yZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbD9tPTEiLCJhciI6W119fQ.Q2TJQO37AGi089yqVpFW2-1BKM3pt7hIuwwX0qa3eHw
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 20:20:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://crystalview1.blogspot.com
Access-Control-Allow-Origin: https://crystalview1.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8f9ce19d-2ee2-48c6-b28c-739180d9eece:2:1; expires=Fri, 08 Dec 2023 20:20:13 GMT; secure; SameSite=None
iprc3349e29eba804fe77ddadf2911afa656=2717343; expires=Sat, 02 Dec 2023 22:20:13 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 02 Dec 2023 20:20:13 GMT; secure; SameSite=None
uncs=1; expires=Sat, 02 Dec 2023 20:20:13 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sat, 02 Dec 2023 20:20:13 GMT; secure; SameSite=None
uncs23=1; expires=Sat, 02 Dec 2023 20:20:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1c13f8cb516b0fa5c815de605848812d
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

skiofficerdemote.com/watch.1598462979712.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1

173.233.139.164

0 B

URL
skiofficerdemote.com/watch.1598462979712.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1598462979712.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1 HTTP/1.1
Host: skiofficerdemote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://crystalview1.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 20:20:13 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://crystalview1.blogspot.com
Access-Control-Allow-Origin: https://crystalview1.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://skiofficerdemote.com/watch.1598462979712.js?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&shu=797188b8fe9182009c70b23ac5b931d04df4a147ec91291d6cbf0da43e65740b7794a90e9610f03cfe98554c02f8260d1ba820c90a53a6aeab02e48e4da9530f61ad1a6beb00bf794a749731d7c6dc1b3a9b54590e27dfe93d4628978597&pst=1701462073&rmtc=t
Set-Cookie: u_pl=21386644; expires=Sat, 02 Dec 2023 20:20:13 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2NyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20vMjAyMy8xMi9yZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbD9tPTEiLCJhciI6W119fQ.Q2TJQO37AGi089yqVpFW2-1BKM3pt7hIuwwX0qa3eHw; expires=Fri, 01 Dec 2023 20:21:13 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8c3cf06ee80832c71b3bd90c97865a20
Strict-Transport-Security: max-age=0; includeSubdomains

skiofficerdemote.com/watch.1598462979712?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1

192.243.59.13

1.5 kB

URL
skiofficerdemote.com/watch.1598462979712?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1152)
Size
1.5 kB (1543 bytes)
Hash
dcaa938e45714ab65833fd0384ffdc4e
a99219909839c263d236c8ca1d066ce84e4a6160
e7060c5f00def10f77e5cd7dd937cb32d4b6a34bdc554fc9b05facb99d93af07

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1598462979712?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1 HTTP/1.1
Host: skiofficerdemote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Cookie: u_pl=21386644; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2NyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20vMjAyMy8xMi9yZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbD9tPTEiLCJhciI6W119fQ.Q2TJQO37AGi089yqVpFW2-1BKM3pt7hIuwwX0qa3eHw
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 20:20:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOmZhbHNlLCJyIjoiaHR0cHM6Ly9jcnlzdGFsdmlldzEuYmxvZ3Nwb3QuY29tLzIwMjMvMTIvcmVtZW1iZXJpbmctc2FuZHJhLWRheS1vY29ubm9yLmh0bWw_bT0xIiwiYXIiOltdfX0.XZyLA9h8yOBP24SLGJT3xej5C822nkLBy5OIEL8rRpk; expires=Fri, 01 Dec 2023 20:21:14 GMT; secure; SameSite=None
uid_id2=8f9ce19d-2ee2-48c6-b28c-739180d9eece:2:1; expires=Fri, 08 Dec 2023 20:20:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f1a8e4020a98857d8c336d3ce16b1a8c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

vexationworship.com/watch.733750377315?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1

192.243.61.227

1.6 kB

URL
vexationworship.com/watch.733750377315?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1192)
Size
1.6 kB (1563 bytes)
Hash
f98b7a91dfcaf361b3ec441405928120
620fd870fd65259e56a474ddedee36e57670b240
53ea117fffea5370f9fdd8968e3aa941b8dc5b637e20b39a21313cc69654b2e6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.733750377315?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1 HTTP/1.1
Host: vexationworship.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 20:20:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=21386644; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2NyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20vMjAyMy8xMi9yZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbD9tPTEiLCJhciI6W119fQ.Q2TJQO37AGi089yqVpFW2-1BKM3pt7hIuwwX0qa3eHw; expires=Fri, 01 Dec 2023 20:21:14 GMT; secure; SameSite=None
uid_id2=8f9ce19d-2ee2-48c6-b28c-739180d9eece:2:1; expires=Fri, 08 Dec 2023 20:20:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7fb0ca113a74288bfd51ef6898a089b3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

bugstractorbring.com/watch.1123078911430?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1

192.243.59.13

1.6 kB

URL
bugstractorbring.com/watch.1123078911430?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1184)
Size
1.6 kB (1565 bytes)
Hash
5bf0055801bb83b541f88de8b285c266
2eff7773bc0fc30c1bb41db779dedd2fa37d4abc
1bae2dfed7d2033022ac4cf32da12dfbfb71e89890aa35bae9aa3eae12e3cd4e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1123078911430?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1 HTTP/1.1
Host: bugstractorbring.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Cookie: u_pl=21386644; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2NyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20vMjAyMy8xMi9yZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbD9tPTEiLCJhciI6W119fQ.Q2TJQO37AGi089yqVpFW2-1BKM3pt7hIuwwX0qa3eHw
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 20:20:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOmZhbHNlLCJyIjoiaHR0cHM6Ly9jcnlzdGFsdmlldzEuYmxvZ3Nwb3QuY29tLzIwMjMvMTIvcmVtZW1iZXJpbmctc2FuZHJhLWRheS1vY29ubm9yLmh0bWw_bT0xIiwiYXIiOltdfX0.XZyLA9h8yOBP24SLGJT3xej5C822nkLBy5OIEL8rRpk; expires=Fri, 01 Dec 2023 20:21:14 GMT; secure; SameSite=None
uid_id2=8f9ce19d-2ee2-48c6-b28c-739180d9eece:2:1; expires=Fri, 08 Dec 2023 20:20:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b83fa574eb771fb4651fb4567c7c1e65
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

rudimentarydelay.com/watch.13214382179?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1

192.243.59.12

1.6 kB

URL
rudimentarydelay.com/watch.13214382179?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1180)
Size
1.6 kB (1557 bytes)
Hash
c25d4dd33ac4864ccbf33d614d72fcba
387cdf98805e6daea8ea304cbf506ba68a875717
71a559a4b212a0d9fade5a248cb5d64f7b63e0b2fde7b2c7ab4623c2feb86dbf

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.13214382179?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1 HTTP/1.1
Host: rudimentarydelay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 20:20:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=21386644; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2NyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20vMjAyMy8xMi9yZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbD9tPTEiLCJhciI6W119fQ.Q2TJQO37AGi089yqVpFW2-1BKM3pt7hIuwwX0qa3eHw; expires=Fri, 01 Dec 2023 20:21:14 GMT; secure; SameSite=None
uid_id2=8f9ce19d-2ee2-48c6-b28c-739180d9eece:2:1; expires=Fri, 08 Dec 2023 20:20:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a32c7f6254c32bdeb7c5c1af6452b2af
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

skiofficerdemote.com/api/users?token=L3dhdGNoLjE1OTg0NjI5Nzk3MTI_ZGV2PWUma2V5PWU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyJmt3PSU1QiUyNnF1b3QlM0JyZW1lbWJlcmluZyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCc2FuZHJhJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JkYXklMjZxdW90JTNCJTJDJTI2cXVvdCUzQm8lMjZxdW90JTNCJTJDJTI2cXVvdCUzQmNvbm5vciUyNnF1b3QlM0IlMkMlMjZxdW90JTNCYSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCdHJhaWxibGF6ZXIlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmxlZ2FjeSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCbGl2ZXMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQm9uJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JjcmlzdGFsJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J2aWV3JTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTQ2MjA3NCZyZWZlcj1odHRwcyUzQSUyRiUyRmNyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20lMkYyMDIzJTJGMTIlMkZyZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbCUzRm0lM0QxJnJlcz0xNC4zMDk1JnJtdGM9dCZzaHU9MzIzMjc0YzQwNTNjMDg1YWM0ZDY5OGI3MGM1MTA5MzNmMTY1ZWViMDc0ODg3OTVhZmY3OTJkMWY2MzYxYThlM2ExNjYzN2JmODY1MzA0NzlhODkyN2Y5NmJjMDJhY2FhYTlkZTE1ZmQ5ODU4ZTJmNWU3ZjNkZjllMWY5NGE4MzIxM2ViMmJlZGM3M2Q0NGMyZmRkNDNjNmRhOGQxNjAxNTExZTkyMCZ0ej0wJnV1aWQ9OGY5Y2UxOWQtMmVlMi00OGM2LWIyOGMtNzM5MTgwZDllZWNlJTNBMiUzQTE%3D&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&pii=&in=false

192.243.59.13

1.8 kB

URL
skiofficerdemote.com/api/users?token=L3dhdGNoLjE1OTg0NjI5Nzk3MTI_ZGV2PWUma2V5PWU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyJmt3PSU1QiUyNnF1b3QlM0JyZW1lbWJlcmluZyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCc2FuZHJhJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JkYXklMjZxdW90JTNCJTJDJTI2cXVvdCUzQm8lMjZxdW90JTNCJTJDJTI2cXVvdCUzQmNvbm5vciUyNnF1b3QlM0IlMkMlMjZxdW90JTNCYSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCdHJhaWxibGF6ZXIlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmxlZ2FjeSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCbGl2ZXMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQm9uJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JjcmlzdGFsJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J2aWV3JTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTQ2MjA3NCZyZWZlcj1odHRwcyUzQSUyRiUyRmNyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20lMkYyMDIzJTJGMTIlMkZyZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbCUzRm0lM0QxJnJlcz0xNC4zMDk1JnJtdGM9dCZzaHU9MzIzMjc0YzQwNTNjMDg1YWM0ZDY5OGI3MGM1MTA5MzNmMTY1ZWViMDc0ODg3OTVhZmY3OTJkMWY2MzYxYThlM2ExNjYzN2JmODY1MzA0NzlhODkyN2Y5NmJjMDJhY2FhYTlkZTE1ZmQ5ODU4ZTJmNWU3ZjNkZjllMWY5NGE4MzIxM2ViMmJlZGM3M2Q0NGMyZmRkNDNjNmRhOGQxNjAxNTExZTkyMCZ0ej0wJnV1aWQ9OGY5Y2UxOWQtMmVlMi00OGM2LWIyOGMtNzM5MTgwZDllZWNlJTNBMiUzQTE%3D&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&pii=&in=false
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2540)
Size
1.8 kB (1833 bytes)
Hash
a20ccc5e2887d2508ddd25d91d98e639
3f1443e60ceb026c6b55a7402e3ec06800a9fabf
b41a4fb8da09e5638465dfc28c15bf28e035133e6c8b7d986020d3ffb19f75a6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3dhdGNoLjE1OTg0NjI5Nzk3MTI_ZGV2PWUma2V5PWU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyJmt3PSU1QiUyNnF1b3QlM0JyZW1lbWJlcmluZyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCc2FuZHJhJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JkYXklMjZxdW90JTNCJTJDJTI2cXVvdCUzQm8lMjZxdW90JTNCJTJDJTI2cXVvdCUzQmNvbm5vciUyNnF1b3QlM0IlMkMlMjZxdW90JTNCYSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCdHJhaWxibGF6ZXIlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmxlZ2FjeSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCbGl2ZXMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQm9uJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JjcmlzdGFsJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J2aWV3JTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTQ2MjA3NCZyZWZlcj1odHRwcyUzQSUyRiUyRmNyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20lMkYyMDIzJTJGMTIlMkZyZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbCUzRm0lM0QxJnJlcz0xNC4zMDk1JnJtdGM9dCZzaHU9MzIzMjc0YzQwNTNjMDg1YWM0ZDY5OGI3MGM1MTA5MzNmMTY1ZWViMDc0ODg3OTVhZmY3OTJkMWY2MzYxYThlM2ExNjYzN2JmODY1MzA0NzlhODkyN2Y5NmJjMDJhY2FhYTlkZTE1ZmQ5ODU4ZTJmNWU3ZjNkZjllMWY5NGE4MzIxM2ViMmJlZGM3M2Q0NGMyZmRkNDNjNmRhOGQxNjAxNTExZTkyMCZ0ej0wJnV1aWQ9OGY5Y2UxOWQtMmVlMi00OGM2LWIyOGMtNzM5MTgwZDllZWNlJTNBMiUzQTE%3D&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&pii=&in=false HTTP/1.1
Host: skiofficerdemote.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://skiofficerdemote.com/watch.1598462979712?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1
Cookie: u_pl=21386644; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOmZhbHNlLCJyIjoiaHR0cHM6Ly9jcnlzdGFsdmlldzEuYmxvZ3Nwb3QuY29tLzIwMjMvMTIvcmVtZW1iZXJpbmctc2FuZHJhLWRheS1vY29ubm9yLmh0bWw_bT0xIiwiYXIiOltdfX0.XZyLA9h8yOBP24SLGJT3xej5C822nkLBy5OIEL8rRpk; uid_id2=8f9ce19d-2ee2-48c6-b28c-739180d9eece:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 20:20:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://crystalview1.blogspot.com/2023/12/remembering-sandra-day-oconnor.html?m=1
Access-Control-Allow-Origin: https://crystalview1.blogspot.com/2023/12/remembering-sandra-day-oconnor.html?m=1
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8f9ce19d-2ee2-48c6-b28c-739180d9eece:2:1; expires=Fri, 08 Dec 2023 20:20:14 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
uncs=1; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
uncs23=1; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b13873d12369a8b717cbd9908068a672
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

vexationworship.com/api/users?token=L3dhdGNoLjczMzc1MDM3NzMxNT9kZXY9ZSZrZXk9ZTk5YTk0ZmMyMzM3N2RlODhkMjlhZjE1NjIxOGU3MzIma3c9JTVCJTI2cXVvdCUzQnJlbWVtYmVyaW5nJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JzYW5kcmElMjZxdW90JTNCJTJDJTI2cXVvdCUzQmRheSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCbyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY29ubm9yJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JhJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J0cmFpbGJsYXplciUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCbGVnYWN5JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JsaXZlcyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCb24lMjZxdW90JTNCJTJDJTI2cXVvdCUzQi0lMjZxdW90JTNCJTJDJTI2cXVvdCUzQmNyaXN0YWwlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnZpZXclMjZxdW90JTNCJTVEJnBzdD0xNzAxNDYyMDc0JnJlZmVyPWh0dHBzJTNBJTJGJTJGY3J5c3RhbHZpZXcxLmJsb2dzcG90LmNvbSUyRjIwMjMlMkYxMiUyRnJlbWVtYmVyaW5nLXNhbmRyYS1kYXktb2Nvbm5vci5odG1sJTNGbSUzRDEmcmVzPTE0LjMwOTUmcm10Yz10JnNodT1lODcxYjQ5OWZkY2YzYzkyNGRkODE1ZGYxZTU3YTZkY2UyOTJkZTg4N2JlNDZlOTE4ZDM1M2EyZjVlOWZjMmFlNGU0MTljNGZjODk3ODdmNDI2YzU5M2RlZTc2ZmVhODJmNGZlMzcyNzk4MmNiZDM5ZjkxYWIzYjM2NzFhNzZjOTVlYWJmOWRkOTdmOWZjNTI2Y2JlYzJmYjE1NGMzMjI3ZGE1MjIwMDMxYTA2MmE4ZjIzZWFkNDZhYTI2ZTA5YjMyODBlZTQmdHo9MCZ1dWlkPThmOWNlMTlkLTJlZTItNDhjNi1iMjhjLTczOTE4MGQ5ZWVjZSUzQTIlM0Ex&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&pii=&in=false

192.243.61.227

1.8 kB

URL
vexationworship.com/api/users?token=L3dhdGNoLjczMzc1MDM3NzMxNT9kZXY9ZSZrZXk9ZTk5YTk0ZmMyMzM3N2RlODhkMjlhZjE1NjIxOGU3MzIma3c9JTVCJTI2cXVvdCUzQnJlbWVtYmVyaW5nJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JzYW5kcmElMjZxdW90JTNCJTJDJTI2cXVvdCUzQmRheSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCbyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY29ubm9yJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JhJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J0cmFpbGJsYXplciUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCbGVnYWN5JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JsaXZlcyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCb24lMjZxdW90JTNCJTJDJTI2cXVvdCUzQi0lMjZxdW90JTNCJTJDJTI2cXVvdCUzQmNyaXN0YWwlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnZpZXclMjZxdW90JTNCJTVEJnBzdD0xNzAxNDYyMDc0JnJlZmVyPWh0dHBzJTNBJTJGJTJGY3J5c3RhbHZpZXcxLmJsb2dzcG90LmNvbSUyRjIwMjMlMkYxMiUyRnJlbWVtYmVyaW5nLXNhbmRyYS1kYXktb2Nvbm5vci5odG1sJTNGbSUzRDEmcmVzPTE0LjMwOTUmcm10Yz10JnNodT1lODcxYjQ5OWZkY2YzYzkyNGRkODE1ZGYxZTU3YTZkY2UyOTJkZTg4N2JlNDZlOTE4ZDM1M2EyZjVlOWZjMmFlNGU0MTljNGZjODk3ODdmNDI2YzU5M2RlZTc2ZmVhODJmNGZlMzcyNzk4MmNiZDM5ZjkxYWIzYjM2NzFhNzZjOTVlYWJmOWRkOTdmOWZjNTI2Y2JlYzJmYjE1NGMzMjI3ZGE1MjIwMDMxYTA2MmE4ZjIzZWFkNDZhYTI2ZTA5YjMyODBlZTQmdHo9MCZ1dWlkPThmOWNlMTlkLTJlZTItNDhjNi1iMjhjLTczOTE4MGQ5ZWVjZSUzQTIlM0Ex&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&pii=&in=false
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2519)
Size
1.8 kB (1828 bytes)
Hash
d15afd5bdf2cc530d0423194387585ca
9b7babb9de9e07133c1b0560850eb0f0882c2d95
04572ae455623e9171c543cc08f0d8857ac7701b597b30675510fbeb54d417e0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3dhdGNoLjczMzc1MDM3NzMxNT9kZXY9ZSZrZXk9ZTk5YTk0ZmMyMzM3N2RlODhkMjlhZjE1NjIxOGU3MzIma3c9JTVCJTI2cXVvdCUzQnJlbWVtYmVyaW5nJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JzYW5kcmElMjZxdW90JTNCJTJDJTI2cXVvdCUzQmRheSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCbyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY29ubm9yJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JhJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J0cmFpbGJsYXplciUyNnF1b3QlM0IlMkMlMjZxdW90JTNCcyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCbGVnYWN5JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JsaXZlcyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCb24lMjZxdW90JTNCJTJDJTI2cXVvdCUzQi0lMjZxdW90JTNCJTJDJTI2cXVvdCUzQmNyaXN0YWwlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnZpZXclMjZxdW90JTNCJTVEJnBzdD0xNzAxNDYyMDc0JnJlZmVyPWh0dHBzJTNBJTJGJTJGY3J5c3RhbHZpZXcxLmJsb2dzcG90LmNvbSUyRjIwMjMlMkYxMiUyRnJlbWVtYmVyaW5nLXNhbmRyYS1kYXktb2Nvbm5vci5odG1sJTNGbSUzRDEmcmVzPTE0LjMwOTUmcm10Yz10JnNodT1lODcxYjQ5OWZkY2YzYzkyNGRkODE1ZGYxZTU3YTZkY2UyOTJkZTg4N2JlNDZlOTE4ZDM1M2EyZjVlOWZjMmFlNGU0MTljNGZjODk3ODdmNDI2YzU5M2RlZTc2ZmVhODJmNGZlMzcyNzk4MmNiZDM5ZjkxYWIzYjM2NzFhNzZjOTVlYWJmOWRkOTdmOWZjNTI2Y2JlYzJmYjE1NGMzMjI3ZGE1MjIwMDMxYTA2MmE4ZjIzZWFkNDZhYTI2ZTA5YjMyODBlZTQmdHo9MCZ1dWlkPThmOWNlMTlkLTJlZTItNDhjNi1iMjhjLTczOTE4MGQ5ZWVjZSUzQTIlM0Ex&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&pii=&in=false HTTP/1.1
Host: vexationworship.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vexationworship.com/watch.733750377315?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1
Cookie: u_pl=21386644; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2NyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20vMjAyMy8xMi9yZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbD9tPTEiLCJhciI6W119fQ.Q2TJQO37AGi089yqVpFW2-1BKM3pt7hIuwwX0qa3eHw; uid_id2=8f9ce19d-2ee2-48c6-b28c-739180d9eece:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 20:20:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://crystalview1.blogspot.com/2023/12/remembering-sandra-day-oconnor.html?m=1
Access-Control-Allow-Origin: https://crystalview1.blogspot.com/2023/12/remembering-sandra-day-oconnor.html?m=1
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8f9ce19d-2ee2-48c6-b28c-739180d9eece:2:1; expires=Fri, 08 Dec 2023 20:20:14 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
uncs=1; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
uncs23=1; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 88ea61badbe398318fd3dd0c3517fc5a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

bugstractorbring.com/api/users?token=L3dhdGNoLjExMjMwNzg5MTE0MzA_ZGV2PWUma2V5PWU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyJmt3PSU1QiUyNnF1b3QlM0JyZW1lbWJlcmluZyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCc2FuZHJhJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JkYXklMjZxdW90JTNCJTJDJTI2cXVvdCUzQm8lMjZxdW90JTNCJTJDJTI2cXVvdCUzQmNvbm5vciUyNnF1b3QlM0IlMkMlMjZxdW90JTNCYSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCdHJhaWxibGF6ZXIlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmxlZ2FjeSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCbGl2ZXMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQm9uJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JjcmlzdGFsJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J2aWV3JTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTQ2MjA3NCZyZWZlcj1odHRwcyUzQSUyRiUyRmNyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20lMkYyMDIzJTJGMTIlMkZyZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbCUzRm0lM0QxJnJlcz0xNC4zMDk1JnJtdGM9dCZzaHU9OTg0MzI0Y2FiMWEzNGI1MmJiYTkyYjk2OGQxMmUzYzdlZTYyYWVmMDUyOTUwODI0OWRiZGY4OTVkZDhlMTk5M2ZkN2I5Y2M3ODYyMjY3NzBiNjdjZjUzOGJlZGQ2ZDc3ZDc0ZGJkZjkwOTQ3M2E4ZTJhMTAxMGM0ZThhMDY2N2EyOTk3MjM5ZTliNjFjNWJhMmQwM2FiYzE2YWUyN2U5MTNkNjViNzYwYTk0MjcwZjRhMzM2YjJmMWY5ZjY4ZCZ0ej0wJnV1aWQ9OGY5Y2UxOWQtMmVlMi00OGM2LWIyOGMtNzM5MTgwZDllZWNlJTNBMiUzQTE%3D&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&pii=&in=false

192.243.59.13

1.8 kB

URL
bugstractorbring.com/api/users?token=L3dhdGNoLjExMjMwNzg5MTE0MzA_ZGV2PWUma2V5PWU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyJmt3PSU1QiUyNnF1b3QlM0JyZW1lbWJlcmluZyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCc2FuZHJhJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JkYXklMjZxdW90JTNCJTJDJTI2cXVvdCUzQm8lMjZxdW90JTNCJTJDJTI2cXVvdCUzQmNvbm5vciUyNnF1b3QlM0IlMkMlMjZxdW90JTNCYSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCdHJhaWxibGF6ZXIlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmxlZ2FjeSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCbGl2ZXMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQm9uJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JjcmlzdGFsJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J2aWV3JTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTQ2MjA3NCZyZWZlcj1odHRwcyUzQSUyRiUyRmNyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20lMkYyMDIzJTJGMTIlMkZyZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbCUzRm0lM0QxJnJlcz0xNC4zMDk1JnJtdGM9dCZzaHU9OTg0MzI0Y2FiMWEzNGI1MmJiYTkyYjk2OGQxMmUzYzdlZTYyYWVmMDUyOTUwODI0OWRiZGY4OTVkZDhlMTk5M2ZkN2I5Y2M3ODYyMjY3NzBiNjdjZjUzOGJlZGQ2ZDc3ZDc0ZGJkZjkwOTQ3M2E4ZTJhMTAxMGM0ZThhMDY2N2EyOTk3MjM5ZTliNjFjNWJhMmQwM2FiYzE2YWUyN2U5MTNkNjViNzYwYTk0MjcwZjRhMzM2YjJmMWY5ZjY4ZCZ0ej0wJnV1aWQ9OGY5Y2UxOWQtMmVlMi00OGM2LWIyOGMtNzM5MTgwZDllZWNlJTNBMiUzQTE%3D&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&pii=&in=false
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2565)
Size
1.8 kB (1847 bytes)
Hash
fce946a00471885805f45a940acb3511
054b3ac0d4d6bf5a250e647b50d44434ec33c759
c9a434e67f39470fe44c41dae9f37375094b0122502a5260135e9787799741c4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3dhdGNoLjExMjMwNzg5MTE0MzA_ZGV2PWUma2V5PWU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyJmt3PSU1QiUyNnF1b3QlM0JyZW1lbWJlcmluZyUyNnF1b3QlM0IlMkMlMjZxdW90JTNCc2FuZHJhJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JkYXklMjZxdW90JTNCJTJDJTI2cXVvdCUzQm8lMjZxdW90JTNCJTJDJTI2cXVvdCUzQmNvbm5vciUyNnF1b3QlM0IlMkMlMjZxdW90JTNCYSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCdHJhaWxibGF6ZXIlMjZxdW90JTNCJTJDJTI2cXVvdCUzQnMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmxlZ2FjeSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCbGl2ZXMlMjZxdW90JTNCJTJDJTI2cXVvdCUzQm9uJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0ItJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JjcmlzdGFsJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0J2aWV3JTI2cXVvdCUzQiU1RCZwc3Q9MTcwMTQ2MjA3NCZyZWZlcj1odHRwcyUzQSUyRiUyRmNyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20lMkYyMDIzJTJGMTIlMkZyZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbCUzRm0lM0QxJnJlcz0xNC4zMDk1JnJtdGM9dCZzaHU9OTg0MzI0Y2FiMWEzNGI1MmJiYTkyYjk2OGQxMmUzYzdlZTYyYWVmMDUyOTUwODI0OWRiZGY4OTVkZDhlMTk5M2ZkN2I5Y2M3ODYyMjY3NzBiNjdjZjUzOGJlZGQ2ZDc3ZDc0ZGJkZjkwOTQ3M2E4ZTJhMTAxMGM0ZThhMDY2N2EyOTk3MjM5ZTliNjFjNWJhMmQwM2FiYzE2YWUyN2U5MTNkNjViNzYwYTk0MjcwZjRhMzM2YjJmMWY5ZjY4ZCZ0ej0wJnV1aWQ9OGY5Y2UxOWQtMmVlMi00OGM2LWIyOGMtNzM5MTgwZDllZWNlJTNBMiUzQTE%3D&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&pii=&in=false HTTP/1.1
Host: bugstractorbring.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bugstractorbring.com/watch.1123078911430?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1
Cookie: u_pl=21386644; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOmZhbHNlLCJyIjoiaHR0cHM6Ly9jcnlzdGFsdmlldzEuYmxvZ3Nwb3QuY29tLzIwMjMvMTIvcmVtZW1iZXJpbmctc2FuZHJhLWRheS1vY29ubm9yLmh0bWw_bT0xIiwiYXIiOltdfX0.XZyLA9h8yOBP24SLGJT3xej5C822nkLBy5OIEL8rRpk; uid_id2=8f9ce19d-2ee2-48c6-b28c-739180d9eece:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 20:20:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://crystalview1.blogspot.com/2023/12/remembering-sandra-day-oconnor.html?m=1
Access-Control-Allow-Origin: https://crystalview1.blogspot.com/2023/12/remembering-sandra-day-oconnor.html?m=1
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8f9ce19d-2ee2-48c6-b28c-739180d9eece:2:1; expires=Fri, 08 Dec 2023 20:20:14 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
uncs=1; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
uncs23=1; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3426a7e2cb4cfe371e680599665d5eda
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

rudimentarydelay.com/api/users?token=L3dhdGNoLjEzMjE0MzgyMTc5P2Rldj1lJmtleT1lOTlhOTRmYzIzMzc3ZGU4OGQyOWFmMTU2MjE4ZTczMiZrdz0lNUIlMjZxdW90JTNCcmVtZW1iZXJpbmclMjZxdW90JTNCJTJDJTI2cXVvdCUzQnNhbmRyYSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZGF5JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JvJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0Jjb25ub3IlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmElMjZxdW90JTNCJTJDJTI2cXVvdCUzQnRyYWlsYmxhemVyJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JzJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JsZWdhY3klMjZxdW90JTNCJTJDJTI2cXVvdCUzQmxpdmVzJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JvbiUyNnF1b3QlM0IlMkMlMjZxdW90JTNCLSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY3Jpc3RhbCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCdmlldyUyNnF1b3QlM0IlNUQmcHN0PTE3MDE0NjIwNzQmcmVmZXI9aHR0cHMlM0ElMkYlMkZjcnlzdGFsdmlldzEuYmxvZ3Nwb3QuY29tJTJGMjAyMyUyRjEyJTJGcmVtZW1iZXJpbmctc2FuZHJhLWRheS1vY29ubm9yLmh0bWwlM0ZtJTNEMSZyZXM9MTQuMzA5NSZybXRjPXQmc2h1PTc3MmFlYzg2OWJjNzY0M2Y1OGM2NjE5ODVkZTA3OGY3NTM1Y2YwNTlmOWYxYWQ4MWFiN2QwOGNhM2ZkODFlMWFlNjVjMjk4YmFjYWY2ZWU3ZjA1ODNjMDFlN2U2MTEzMjVlNjY5ZjAyY2E4OGIyZDdiZWEyNGFkOWRlMzYwNjk1NzYxYmEyNDExZmIxYTViYWNkNzE0YmYwYjkzNDExMTQwNTEyMmQ1ZTJjN2VlMzkwMzJjZWUwMjk5ZjBmZWMmdHo9MCZ1dWlkPThmOWNlMTlkLTJlZTItNDhjNi1iMjhjLTczOTE4MGQ5ZWVjZSUzQTIlM0Ex&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&pii=&in=false

192.243.59.12

1.8 kB

URL
rudimentarydelay.com/api/users?token=L3dhdGNoLjEzMjE0MzgyMTc5P2Rldj1lJmtleT1lOTlhOTRmYzIzMzc3ZGU4OGQyOWFmMTU2MjE4ZTczMiZrdz0lNUIlMjZxdW90JTNCcmVtZW1iZXJpbmclMjZxdW90JTNCJTJDJTI2cXVvdCUzQnNhbmRyYSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZGF5JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JvJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0Jjb25ub3IlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmElMjZxdW90JTNCJTJDJTI2cXVvdCUzQnRyYWlsYmxhemVyJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JzJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JsZWdhY3klMjZxdW90JTNCJTJDJTI2cXVvdCUzQmxpdmVzJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JvbiUyNnF1b3QlM0IlMkMlMjZxdW90JTNCLSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY3Jpc3RhbCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCdmlldyUyNnF1b3QlM0IlNUQmcHN0PTE3MDE0NjIwNzQmcmVmZXI9aHR0cHMlM0ElMkYlMkZjcnlzdGFsdmlldzEuYmxvZ3Nwb3QuY29tJTJGMjAyMyUyRjEyJTJGcmVtZW1iZXJpbmctc2FuZHJhLWRheS1vY29ubm9yLmh0bWwlM0ZtJTNEMSZyZXM9MTQuMzA5NSZybXRjPXQmc2h1PTc3MmFlYzg2OWJjNzY0M2Y1OGM2NjE5ODVkZTA3OGY3NTM1Y2YwNTlmOWYxYWQ4MWFiN2QwOGNhM2ZkODFlMWFlNjVjMjk4YmFjYWY2ZWU3ZjA1ODNjMDFlN2U2MTEzMjVlNjY5ZjAyY2E4OGIyZDdiZWEyNGFkOWRlMzYwNjk1NzYxYmEyNDExZmIxYTViYWNkNzE0YmYwYjkzNDExMTQwNTEyMmQ1ZTJjN2VlMzkwMzJjZWUwMjk5ZjBmZWMmdHo9MCZ1dWlkPThmOWNlMTlkLTJlZTItNDhjNi1iMjhjLTczOTE4MGQ5ZWVjZSUzQTIlM0Ex&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&pii=&in=false
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2517)
Size
1.8 kB (1823 bytes)
Hash
695c3b5c005e5cb9924c84572ae14e77
2c45a535359a1cd1c2bc0ff55000d729fb07f4c9
a7a17d79a15d15be41a134d6fac0a08ff32a6cebef99cc9b28c789567a84c07d

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3dhdGNoLjEzMjE0MzgyMTc5P2Rldj1lJmtleT1lOTlhOTRmYzIzMzc3ZGU4OGQyOWFmMTU2MjE4ZTczMiZrdz0lNUIlMjZxdW90JTNCcmVtZW1iZXJpbmclMjZxdW90JTNCJTJDJTI2cXVvdCUzQnNhbmRyYSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCZGF5JTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JvJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0Jjb25ub3IlMjZxdW90JTNCJTJDJTI2cXVvdCUzQmElMjZxdW90JTNCJTJDJTI2cXVvdCUzQnRyYWlsYmxhemVyJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JzJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JsZWdhY3klMjZxdW90JTNCJTJDJTI2cXVvdCUzQmxpdmVzJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JvbiUyNnF1b3QlM0IlMkMlMjZxdW90JTNCLSUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY3Jpc3RhbCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCdmlldyUyNnF1b3QlM0IlNUQmcHN0PTE3MDE0NjIwNzQmcmVmZXI9aHR0cHMlM0ElMkYlMkZjcnlzdGFsdmlldzEuYmxvZ3Nwb3QuY29tJTJGMjAyMyUyRjEyJTJGcmVtZW1iZXJpbmctc2FuZHJhLWRheS1vY29ubm9yLmh0bWwlM0ZtJTNEMSZyZXM9MTQuMzA5NSZybXRjPXQmc2h1PTc3MmFlYzg2OWJjNzY0M2Y1OGM2NjE5ODVkZTA3OGY3NTM1Y2YwNTlmOWYxYWQ4MWFiN2QwOGNhM2ZkODFlMWFlNjVjMjk4YmFjYWY2ZWU3ZjA1ODNjMDFlN2U2MTEzMjVlNjY5ZjAyY2E4OGIyZDdiZWEyNGFkOWRlMzYwNjk1NzYxYmEyNDExZmIxYTViYWNkNzE0YmYwYjkzNDExMTQwNTEyMmQ1ZTJjN2VlMzkwMzJjZWUwMjk5ZjBmZWMmdHo9MCZ1dWlkPThmOWNlMTlkLTJlZTItNDhjNi1iMjhjLTczOTE4MGQ5ZWVjZSUzQTIlM0Ex&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1&pii=&in=false HTTP/1.1
Host: rudimentarydelay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rudimentarydelay.com/watch.13214382179?key=e99a94fc23377de88d29af156218e732&kw=%5B%22remembering%22%2C%22sandra%22%2C%22day%22%2C%22o%22%2C%22connor%22%2C%22a%22%2C%22trailblazer%22%2C%22s%22%2C%22legacy%22%2C%22lives%22%2C%22on%22%2C%22-%22%2C%22cristal%22%2C%22view%22%5D&refer=https%3A%2F%2Fcrystalview1.blogspot.com%2F2023%2F12%2Fremembering-sandra-day-oconnor.html%3Fm%3D1&tz=0&dev=e&res=14.3095&uuid=8f9ce19d-2ee2-48c6-b28c-739180d9eece%3A2%3A1
Cookie: u_pl=21386644; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTM4NjY0NCwiayI6ImU5OWE5NGZjMjMzNzdkZTg4ZDI5YWYxNTYyMThlNzMyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjM4MzQyLCJwaWQiOjE0MjU3ODEsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6Im1pYnJjY3NjNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2NyeXN0YWx2aWV3MS5ibG9nc3BvdC5jb20vMjAyMy8xMi9yZW1lbWJlcmluZy1zYW5kcmEtZGF5LW9jb25ub3IuaHRtbD9tPTEiLCJhciI6W119fQ.Q2TJQO37AGi089yqVpFW2-1BKM3pt7hIuwwX0qa3eHw; uid_id2=8f9ce19d-2ee2-48c6-b28c-739180d9eece:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 20:20:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://crystalview1.blogspot.com/2023/12/remembering-sandra-day-oconnor.html?m=1
Access-Control-Allow-Origin: https://crystalview1.blogspot.com/2023/12/remembering-sandra-day-oconnor.html?m=1
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8f9ce19d-2ee2-48c6-b28c-739180d9eece:2:1; expires=Fri, 08 Dec 2023 20:20:14 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
uncs=1; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
uncs23=1; expires=Sat, 02 Dec 2023 20:20:14 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 482fcf95e666d795b9e73b4669d5b2ad
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

cdn.cloudimagesb.com/bi/10/cd/7b/10cd7ba1fe6361f6f7f057b97287800c/1688391410.jpg

45.133.44.10

48 kB

URL
cdn.cloudimagesb.com/bi/10/cd/7b/10cd7ba1fe6361f6f7f057b97287800c/1688391410.jpg
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=176, yresolution=184, resolutionunit=2], baseline, precision 8, 728x90, components 3\012- data
Size
48 kB (48083 bytes)
Hash
839a1349eedd2eb248512ee20a6fb746
95b0c922c58cd2bead9c77d842182628e1827130
3e0d8da85b93aefe0adb72b381eaaa7131212c5dd7de0e854003d05b394a25ce

HTTP Headers

GET /bi/10/cd/7b/10cd7ba1fe6361f6f7f057b97287800c/1688391410.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://skiofficerdemote.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:14 GMT
content-type: image/jpeg
content-length: 48083
server: nginx/1.21.6
last-modified: Mon, 03 Jul 2023 13:36:59 GMT
etag: "64a2cefb-bbd3"
expires: Sun, 03 Dec 2023 20:20:14 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/bi/07/12/8c/07128cc6bad6b6d51910e2b3d6c9b518/1665060024.jpg

45.133.44.10

20 kB

URL
cdn.cloudimagesb.com/bi/07/12/8c/07128cc6bad6b6d51910e2b3d6c9b518/1665060024.jpg
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 728x90, components 3\012- data
Size
20 kB (20393 bytes)
Hash
94d1e2e2c8c73f1bde9353287b4541a0
0075afbd7026a1540e8ad86cf0f051c974845f0d
ec9772874d296f97664e3ead44c5be5bc16a28105b20731028d6e129ee530ef0

HTTP Headers

GET /bi/07/12/8c/07128cc6bad6b6d51910e2b3d6c9b518/1665060024.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://bugstractorbring.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:14 GMT
content-type: image/jpeg
content-length: 20393
server: nginx/1.21.6
last-modified: Thu, 06 Oct 2022 12:40:32 GMT
etag: "633eccc0-4fa9"
expires: Sun, 03 Dec 2023 20:20:14 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/bi/44/5f/8f/445f8feb61ad7240b83b36058517a527/1676970465.jpg

45.133.44.10

56 kB

URL
cdn.cloudimagesb.com/bi/44/5f/8f/445f8feb61ad7240b83b36058517a527/1676970465.jpg
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2023:02:16 18:27:24], baseline, precision 8, 728x90, components 3\012- data
Size
56 kB (56175 bytes)
Hash
234d080e0ed545d0eb9da1f326943a46
483c3e817fcad049e3b46fa237cc4330056c96f4
7c3e30925daff2cfb25cf7187dbbb2fa91ded312be5252b9d8f584f21053d4fb

HTTP Headers

GET /bi/44/5f/8f/445f8feb61ad7240b83b36058517a527/1676970465.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vexationworship.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:15 GMT
content-type: image/jpeg
content-length: 56175
server: nginx/1.21.6
last-modified: Tue, 21 Feb 2023 09:07:53 GMT
etag: "63f489e9-db6f"
expires: Sun, 03 Dec 2023 20:20:15 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn.cloudimagesb.com/bi/d3/e2/c5/d3e2c56c56e036c3be5238f711bf7f64/1632782996.jpg

45.133.44.10

59 kB

URL
cdn.cloudimagesb.com/bi/d3/e2/c5/d3e2c56c56e036c3be5238f711bf7f64/1632782996.jpg
IP
45.133.44.10:0
ASN
#39572 DataWeb Global Group B.V.

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 22.5 (Windows), datetime=2021:09:24 12:59:12], baseline, precision 8, 728x90, components 3\012- data
Size
59 kB (59375 bytes)
Hash
39c54e60b457d049409d7c2740a27fe8
655fe30d265da708adffaf8468658a9fd94cc6b7
fd68d0c51d91b13b1f83503c6d5821088cf7376490778a53844e3916fc3ef86a

HTTP Headers

GET /bi/d3/e2/c5/d3e2c56c56e036c3be5238f711bf7f64/1632782996.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rudimentarydelay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:15 GMT
content-type: image/jpeg
content-length: 59375
server: nginx/1.21.6
last-modified: Mon, 27 Sep 2021 22:50:24 GMT
etag: "61524ab0-e7ef"
expires: Sun, 03 Dec 2023 20:20:15 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21386644

192.243.61.225

1.4 kB

URL
conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21386644
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (460)
Size
1.4 kB (1384 bytes)
Hash
4c286d4fa287be17fb9aefeaad43d395
f66ac21af706aed1d6b19895b4dd69df9e922079
999d9fa66f7b9bfd105f13c062631fee7be90d7820d4bdf0b7b64e27215b3439

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21386644 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 20:20:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Sat, 02 Dec 2023 20:20:15 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjEzODY2NDQiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9jcnlzdGFsdmlldzEuYmxvZ3Nwb3QuY29tLyIsImFyIjpbXX19.z2tP2jM8-zyIUzkPMhiOL2IAku11ORuoyzlFj9KYxgY; expires=Fri, 01 Dec 2023 20:21:15 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2a525b112a4ceff93d5f419efc412136
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxMzg2NjQ0JnBzdD0xNzAxNDYyMDc1JnJlZmVyPWh0dHBzJTNBJTJGJTJGY3J5c3RhbHZpZXcxLmJsb2dzcG90LmNvbSUyRiZybXRjPXQmc2h1PTk4ZGNkZGQ1ZmM2ZGYwMzA3ZTQyZDZmNDk1NTc3N2E0NThjYjNjOTRjOTVkOWFlNTVlNzcxOTA4Nzc0ODY2YzZmMDNiNTRhZjU0ZWI5Y2RjYjI1NDk3NDM5NDJjNzVjYTM3OTVkMjVlZDc5ZGRkODY4ZWU4MTc4MjY3NTY2ZDQ2NjI4YWEyOGFjNDM0ZmI5OGZkZWVkYzlmYTBmMjE4ODU3ZGQ5Y2Q%3D&uuid=&pii=&in=false

173.233.137.52

0 B

URL
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxMzg2NjQ0JnBzdD0xNzAxNDYyMDc1JnJlZmVyPWh0dHBzJTNBJTJGJTJGY3J5c3RhbHZpZXcxLmJsb2dzcG90LmNvbSUyRiZybXRjPXQmc2h1PTk4ZGNkZGQ1ZmM2ZGYwMzA3ZTQyZDZmNDk1NTc3N2E0NThjYjNjOTRjOTVkOWFlNTVlNzcxOTA4Nzc0ODY2YzZmMDNiNTRhZjU0ZWI5Y2RjYjI1NDk3NDM5NDJjNzVjYTM3OTVkMjVlZDc5ZGRkODY4ZWU4MTc4MjY3NTY2ZDQ2NjI4YWEyOGFjNDM0ZmI5OGZkZWVkYzlmYTBmMjE4ODU3ZGQ5Y2Q%3D&uuid=&pii=&in=false
IP
173.233.137.52:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxMzg2NjQ0JnBzdD0xNzAxNDYyMDc1JnJlZmVyPWh0dHBzJTNBJTJGJTJGY3J5c3RhbHZpZXcxLmJsb2dzcG90LmNvbSUyRiZybXRjPXQmc2h1PTk4ZGNkZGQ1ZmM2ZGYwMzA3ZTQyZDZmNDk1NTc3N2E0NThjYjNjOTRjOTVkOWFlNTVlNzcxOTA4Nzc0ODY2YzZmMDNiNTRhZjU0ZWI5Y2RjYjI1NDk3NDM5NDJjNzVjYTM3OTVkMjVlZDc5ZGRkODY4ZWU4MTc4MjY3NTY2ZDQ2NjI4YWEyOGFjNDM0ZmI5OGZkZWVkYzlmYTBmMjE4ODU3ZGQ5Y2Q%3D&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjEzODY2NDQiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9jcnlzdGFsdmlldzEuYmxvZ3Nwb3QuY29tLyIsImFyIjpbXX19.z2tP2jM8-zyIUzkPMhiOL2IAku11ORuoyzlFj9KYxgY; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Fri, 01 Dec 2023 20:20:16 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2fe4d858c1dc7bf2683fe7d58cfe2a6b&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
Set-Cookie: iprc49e06eef03c640633105f777c27c8586=4641329; expires=Sat, 02 Dec 2023 20:20:16 GMT
pdhtkv=true; expires=Sat, 02 Dec 2023 20:20:16 GMT
uncs=1; expires=Sat, 02 Dec 2023 20:20:16 GMT
pdhtkv28=true; expires=Sat, 02 Dec 2023 20:20:16 GMT
uncs28=1; expires=Sat, 02 Dec 2023 20:20:16 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0a8f55dec6fecc0d0592e5cf0b5c4c2a
Strict-Transport-Security: max-age=0; includeSubdomains

violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2fe4d858c1dc7bf2683fe7d58cfe2a6b&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625

192.64.81.118

0 B

URL
violationphysics.click/c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2fe4d858c1dc7bf2683fe7d58cfe2a6b&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625
IP
192.64.81.118:0
ASN
#19318 IS-AS-1

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c9b2l0k.php?key=wkroiqew1c9guvr0kbe2&SUB_ID_SHORT=2fe4d858c1dc7bf2683fe7d58cfe2a6b&COST_CPA=0.100000&PLACEMENT_ID=16122660&CAMPAIGN_ID=882703&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2569625 HTTP/1.1
Host: violationphysics.click
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.22.0
Date: Fri, 01 Dec 2023 20:20:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: uclick=h9x9m7ci37; expires=Sat, 02-Dec-2023 20:20:16 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=h9x9m7ci37-h9x9m7ci37-hq1m-0-q5a4bl-ftxofe-ft8pdz-4bb13f; expires=Sat, 02-Dec-2023 20:20:16 GMT; Max-Age=86400; path=/; secure; SameSite=none
Location: https://vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=455b1h9x9m7ci37fbe&sub_id=16122660
Strict-Transport-Security: max-age=31536000

vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=455b1h9x9m7ci37fbe&sub_id=16122660

172.67.205.133

0 B

URL
vvfal.rigelbetelgeuse.top/?pl=zKByXHsQK0ydGD7DogbGyA&click_id=455b1h9x9m7ci37fbe&sub_id=16122660
IP
172.67.205.133:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?pl=zKByXHsQK0ydGD7DogbGyA&click_id=455b1h9x9m7ci37fbe&sub_id=16122660 HTTP/1.1
Host: vvfal.rigelbetelgeuse.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 01 Dec 2023 20:20:17 GMT
content-length: 0
location: https://vvfal.veinmaster.top/youtube/?pl=zKByXHsQK0ydGD7DogbGyA&sm=youtube&click_id=455b1h9x9m7ci37fbe&sub_id=16122660&nrid=59d56d7ea6ae48cf9a14b0591798ebdd&hash=AfhdD4A615mNgq19FLwscA&exp=1701462317
set-cookie: zKByXHsQK0ydGD7DogbGyA=7; max-age=345600; path=/; samesite=lax
__pl=de13829b-da46-40ee-be04-7314f2ca7e70; expires=Mon, 01 Dec 2025 20:20:17 GMT; path=/; samesite=lax
__cap=1; max-age=3600; path=/; samesite=lax
cache-control: max-age=0, no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FGP0ypvGHm987zMcwkUU1RkuxTqLk1phUNZrnsrwfsArN8Z%2FSW63UT25bwihYsjqG9%2FGC4BKhnD%2BiI1iFQkG8QvnNPkvQTAAAj4zwWAwu7vSvXUe7ztB%2B9Crp9Lg%2B1nWD2iYkPYelJGT4GDz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ee07a76a8556c6-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

vvfal.veinmaster.top/favicon.ico

172.64.102.19

0 B

URL
vvfal.veinmaster.top/favicon.ico
IP
172.64.102.19:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/youtube/?pl=zKByXHsQK0ydGD7DogbGyA&sm=youtube&click_id=455b1h9x9m7ci37fbe&sub_id=16122660&nrid=59d56d7ea6ae48cf9a14b0591798ebdd&hash=AfhdD4A615mNgq19FLwscA&exp=1701462317
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 204 No Content
date: Fri, 01 Dec 2023 20:20:17 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 4391
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6A45sm%2FP5TDLk6tcI9jOS44wxjQXP4X9CBnEPHwhTAWf1Drsl6ROv7FyjgWnkcVry%2BJmr4LP6kYS1tLF1RoIJ%2FqHzcj1YC7X4ivotOpqn%2BIGEcoSVsPzbKYE0wtzveGcVTDs8qqiNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ee07ab5c4863ea-LHR
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.35

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 06:08:34 GMT
expires: Fri, 29 Nov 2024 06:08:34 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 137504
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:32 GMT
expires: Fri, 29 Nov 2024 05:05:32 GMT
cache-control: public, max-age=31536000
age: 141286
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

vvfal.veinmaster.top/shared-js/assets/static-pl.js?v=2

172.64.102.19

1.2 kB

URL
vvfal.veinmaster.top/shared-js/assets/static-pl.js?v=2
IP
172.64.102.19:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
1.2 kB (1213 bytes)
Hash
7224243dd0b18bb2508a1d77d4b2a0b2
bd833c24aa241861316053fd8bd46a1bef3d343f
920aa94a10634fc23234b5e4f55c428f6311fc7811d3591792381678cb492659

HTTP Headers

GET /shared-js/assets/static-pl.js?v=2 HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/youtube/?pl=zKByXHsQK0ydGD7DogbGyA&sm=youtube&click_id=455b1h9x9m7ci37fbe&sub_id=16122660&nrid=59d56d7ea6ae48cf9a14b0591798ebdd&hash=AfhdD4A615mNgq19FLwscA&exp=1701462317
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 20:20:17 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-dee"
cache-control: max-age=14400
cf-cache-status: HIT
age: 219
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=upIwvHRUEbz4lawSyglUXiDCRG3705jZdlNx9dBOjgbn2ypK6ApMCtpJuyzEg8rga5muzPOzhwLOlZwvneDXqfpSkkLvS%2FYeKPPBwTErJLJl7KRnIvTIsP2FF31hQOrgpkDlqHZRsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ee07aa0a6a63ea-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js

142.250.74.35

9.3 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-app-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (28368)
Size
9.3 kB (9308 bytes)
Hash
9900403b65514fad7df39a4e788a6e45
75f9ba061ef4e72bb23528c700f2a11c56d637e9
a202b2051ea9810cd9ba592b3f9418a89e2062f5c185e29e288080b28eb64fe5

HTTP Headers

GET /firebasejs/10.3.1/firebase-app-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9308
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 06:08:34 GMT
expires: Fri, 29 Nov 2024 06:08:34 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 31 Aug 2023 15:20:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 137504
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js

142.250.74.35

9.9 kB

URL
www.gstatic.com/firebasejs/10.3.1/firebase-messaging-compat.js
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (38231)
Size
9.9 kB (9934 bytes)
Hash
0541b823dfaf39162ef84cf075c9951b
e0934726455558cc1a59823efada9651e33aafaa
21f1d62f222007068c793f0947d98f4ccb7c1595adb68efeb783390fdd8b5522

HTTP Headers

GET /firebasejs/10.3.1/firebase-messaging-compat.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://a.veinmaster.top/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 9934
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:32 GMT
expires: Fri, 29 Nov 2024 05:05:32 GMT
cache-control: public, max-age=31536000
age: 141286
last-modified: Thu, 31 Aug 2023 15:20:50 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

vvfal.veinmaster.top/youtube/assets/style.css

172.64.102.19

1.9 kB

URL
vvfal.veinmaster.top/youtube/assets/style.css
IP
172.64.102.19:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with CRLF line terminators
Size
1.9 kB (1935 bytes)
Hash
b65e44569c4baf6a777b0af21688ef62
335910aecc324249f46f9720aeee60ada76b6803
aa2fd86d9cd7b3b71a8d0ed916d23606cdb1283845477aa076db98b3dea88b9f

HTTP Headers

GET /youtube/assets/style.css HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/youtube/?pl=zKByXHsQK0ydGD7DogbGyA&sm=youtube&click_id=455b1h9x9m7ci37fbe&sub_id=16122660&nrid=59d56d7ea6ae48cf9a14b0591798ebdd&hash=AfhdD4A615mNgq19FLwscA&exp=1701462317
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 20:20:17 GMT
content-type: text/css
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-6de"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fh9VWSqSrSYeL%2BgqiyiYAdTkyNiN%2Bi%2BpId4TubgiIFkJY1bRcqvhhkA03cfe2kWiqoxWkpjZFykE4Xa9H07nw1Xvs5otn%2FZjW3qhhJv%2BsC9mmVV5DXGziyF%2BLgU327bQPARRwhlEPg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ee07aa0a6763ea-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNDYyMDc5JnJtdGM9dCZzaHU9NTg0YThmNzRiZGU3YzNmMjJhMTZkMTY4YWEwNTVjMWUyNWUwNzZkOWRhODU2ZmQ2Yjg1ZTUzMWM3Yjg4MDhkZDFkNzk5YmQ0NDdiYjVkOTgxYjRlMTU3NGZmZTljNDgyNjI3NTMzMjE1YjBhMzU1ODYwNGRjZTdhMjg0ZTc0MTU5ZmM3ZGVkZDMwMGEyZGVhZWJjZDZkYTExNDA0MGIxNzY2N2FhYzUxYTAzZDlhNDY1MjRiN2IzODg4MDVkNzM0M2I%3D&uuid=&pii=&in=false

192.243.59.12

302 Found

0 B

URL User Request GET HTTP/1.1
www.toprevenuegate.com/api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNDYyMDc5JnJtdGM9dCZzaHU9NTg0YThmNzRiZGU3YzNmMjJhMTZkMTY4YWEwNTVjMWUyNWUwNzZkOWRhODU2ZmQ2Yjg1ZTUzMWM3Yjg4MDhkZDFkNzk5YmQ0NDdiYjVkOTgxYjRlMTU3NGZmZTljNDgyNjI3NTMzMjE1YjBhMzU1ODYwNGRjZTdhMjg0ZTc0MTU5ZmM3ZGVkZDMwMGEyZGVhZWJjZDZkYTExNDA0MGIxNzY2N2FhYzUxYTAzZDlhNDY1MjRiN2IzODg4MDVkNzM0M2I%3D&uuid=&pii=&in=false
IP
192.243.59.12:443
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjecttoprevenuegate.com
Fingerprint7D:44:5C:97:A8:B4:D2:87:5C:7C:4E:B7:DA:3A:38:99:85:00:67:40
ValidityFri, 20 Oct 2023 09:02:00 GMT - Thu, 18 Jan 2024 09:01:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3pqNzduY2NuYnM_a2V5PTdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkJnBzdD0xNzAxNDYyMDc5JnJtdGM9dCZzaHU9NTg0YThmNzRiZGU3YzNmMjJhMTZkMTY4YWEwNTVjMWUyNWUwNzZkOWRhODU2ZmQ2Yjg1ZTUzMWM3Yjg4MDhkZDFkNzk5YmQ0NDdiYjVkOTgxYjRlMTU3NGZmZTljNDgyNjI3NTMzMjE1YjBhMzU1ODYwNGRjZTdhMjg0ZTc0MTU5ZmM3ZGVkZDMwMGEyZGVhZWJjZDZkYTExNDA0MGIxNzY2N2FhYzUxYTAzZDlhNDY1MjRiN2IzODg4MDVkNzM0M2I%3D&uuid=&pii=&in=false HTTP/1.1
Host: www.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.toprevenuegate.com/zj77nccnbs?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=19854905
Cookie: u_pl=19854905; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTg1NDkwNSwiayI6IjdjMWVmODhmMjk0M2NhNjY2YmZmMDI3OTVmMjMwNjBkIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNzIyNjE4LCJwaWQiOjI0MDE2MywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxOSwiYWlkIjoyOCwicHQiOjQsInBrIjoiemo3N25jY25icyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiIiwiYXIiOltdfX0.2FQGO2YhCNPTmdlXXLBtr2hi4zXbhcFHRg0XwRi4mrk; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Fri, 01 Dec 2023 20:20:19 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
Set-Cookie: pdhtkv=true; expires=Sat, 02 Dec 2023 20:20:19 GMT
uncs=1; expires=Sat, 02 Dec 2023 20:20:19 GMT
pdhtkv28=true; expires=Sat, 02 Dec 2023 20:20:19 GMT
uncs28=1; expires=Sat, 02 Dec 2023 20:20:19 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9cb7b848bca11f04d1582bac319316d1
Strict-Transport-Security: max-age=0; includeSubdomains

adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905

13.107.246.53

307 Temporary Redirect

0 B

URL User Request GET HTTP/2
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905
IP
13.107.246.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=19854905 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; domain=.unibet.com; expires=Sun, 01-Dec-3022 20:20:20 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 0BEBqZQAAAADSEiXeCmUcQ4U8JnZwEBtlU1ZHMjBFREdFMDYyMAAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Fri, 01 Dec 2023 20:20:19 GMT
content-length: 0
X-Firefox-Spdy: h2

www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Fri, 01 Dec 2023 20:20:20 GMT
content-length: 0
location: https://www.unibet.com:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
set-cookie: JSESSIONID=node03uwusmn4989m13wbue9y4yftn5032039.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node03uwusmn4989m13wbue9y4yftn; Path=/; Domain=.unibet.com; Expires=Sun, 30-Nov-2025 20:20:20 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Sun, 30-Nov-2025 20:20:20 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://www.toprevenuegate.com/"; Path=/; Domain=.unibet.com; Expires=Sun, 30-Nov-2025 20:20:20 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.com; Secure; SameSite=None
B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; Path=/; Domain=.unibet.com; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
PID=94151521; Path=/; Domain=.unibet.com; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; Path=/; Domain=.unibet.com; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; Path=/; Domain=.unibet.com; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
referer: https://www.toprevenuegate.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Fri, 01 Dec 2023 20:20:20 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&sref=ADST&ADST=19854905&affiliateId=1&pid=94151521&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A94151521-37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Fri, 01 Dec 2023 20:20:20 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Fri, 01 Dec 2023 20:20:20 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png

172.64.144.152

302 Found

0 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Fri, 01 Dec 2023 20:20:21 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ee07bf5a7b569a-OSL
X-Firefox-Spdy: h2

vvfal.veinmaster.top/youtube/assets/trls.js

172.64.102.19

15 kB

URL
vvfal.veinmaster.top/youtube/assets/trls.js
IP
172.64.102.19:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (362), with CRLF line terminators
Size
15 kB (15378 bytes)
Hash
709bf95e5090d5ab9c1d5dd7f1a86d5b
ad43e17c491ccacbefeab7454c0e5bc4fe33f380
dafebe85a2439f7bdb03df03df905b7d2f1ec99d8cd9c1cb1808541a7498ea99

HTTP Headers

GET /youtube/assets/trls.js HTTP/1.1
Host: vvfal.veinmaster.top
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vvfal.veinmaster.top/youtube/?pl=zKByXHsQK0ydGD7DogbGyA&sm=youtube&click_id=455b1h9x9m7ci37fbe&sub_id=16122660&nrid=59d56d7ea6ae48cf9a14b0591798ebdd&hash=AfhdD4A615mNgq19FLwscA&exp=1701462317
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 01 Dec 2023 20:20:17 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 10:07:50 GMT
etag: W/"6569b076-1bbe"
cache-control: max-age=14400
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rv5%2BLIQZetc2ScoH3H7duP0oII%2BRp8G2QyimNu%2BPRYZBNfiLaAQziqTjLoiyUkG9eq7TbUzEAGjK5OhN1R%2FBa3ZJ2VtjHqfB%2BzBznalIxzqMzmXIx9pl8uAF%2F64bl0iKQjZ4YSDDpg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ee07a9fa6263ea-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400

welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg

172.64.144.152

200 OK

743 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (807), with no line terminators
Size
743 B (743 bytes)
Hash
41acdc0efbe24c5e799972ff33c90259
1e5df73ad5bfb5f075815bcb520fabe2e107fe2d
1a91fab46f128a63c74943fe6db7de41509d69ae9f4e36aab9f984cac94fa451

HTTP Headers

GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:20 GMT
content-type: image/svg+xml
cf-ray: 82ee07bf2a3a569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 223747
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B2489E0"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: QazcDvviTF55mXL/M8kCWQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 83e30576-601e-0028-58a9-1673aa000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

172.217.21.170

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 17:33:53 GMT
expires: Thu, 28 Nov 2024 17:33:53 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 182788
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a1s.unibet.com/orval/tracking/lastclick.min.js

85.184.96.5

304 Not Modified

0 B

URL GET HTTP/2
a1s.unibet.com/orval/tracking/lastclick.min.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 304 Not Modified
date: Fri, 01 Dec 2023 20:20:21 GMT
etag: "705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js

85.184.96.5

200 OK

956 B

URL GET HTTP/2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text
Size
956 B (956 bytes)
Hash
fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47

HTTP Headers

GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2

a1s.unibet.com/orval/tracking/lastclick.min.js

85.184.96.5

304 Not Modified

0 B

URL GET HTTP/2
a1s.unibet.com/orval/tracking/lastclick.min.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7; clientId=polopoly_desktop
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 304 Not Modified
date: Fri, 01 Dec 2023 20:20:21 GMT
etag: "705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2

welcome.unibet.com/widget/betslip/betslip.js

172.64.144.152

200 OK

3.8 kB

URL GET HTTP/2
welcome.unibet.com/widget/betslip/betslip.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text, with very long lines (693)
Size
3.8 kB (3843 bytes)
Hash
5770dc60397ffb834d1280aa7bcebbd0
f0bbf2136b83babe5a8f70eeff2308279e9a0d3a
42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52

HTTP Headers

GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82ee07c15d91569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 44201
cache-control: public, max-age=900, immutable
etag: W/"0x8D67ACF6D112CB5"
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
vary: Accept-Encoding
content-md5: V3DcYDl/+4NNEoCqe8670A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5135171d-601e-0075-7649-0c792e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Poppins:300,400,500,600,700

142.250.74.106

111 kB

URL
fonts.googleapis.com/css?family=Poppins:300,400,500,600,700
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression\012- data
Size
111 kB (110822 bytes)
Hash
04dd79d9b55b251d5d37a7b1b38802ae
92ffb4decb944bfbb2c9eb2d67ed61d0472a44dc
7a3a3443983d26ca278c7508fa1b687dc182ce750285d0ac9106226800710bf7

HTTP Headers

GET /css?family=Poppins:300,400,500,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://crystalview1.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 01 Dec 2023 20:20:11 GMT
date: Fri, 01 Dec 2023 20:20:11 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg

172.64.144.152

200 OK

15 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1356)
Size
15 kB (15352 bytes)
Hash
7a982245aa6326903b0e7893885e42fb
47fa69cfed4819f23a8764170e04f5744bd47cd6
18b0e4aa1e8678befe4e7db06e054447b9f96684d817b6424a6b8824042a45fb

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: image/svg+xml
cf-ray: 82ee07bf3a5c569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 145896
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DD4C2C5"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: epgiRapjJpA7DniTiF5C+w==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f0a9fb76-d01e-005f-5e18-15a63e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.unibet.com/

85.184.96.28

200 OK

20 kB

URL GET HTTP/2
www.unibet.com/
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
gzip compressed data\012- data
Size
20 kB (20409 bytes)
Hash
b313bd5182c521393c6b76aa0fdae08b
a264a9246bac8f44c439641c89c599623b824118
21050f5aa451a85e43e28869b1e5c0232f4f343fd83c63ecdddcdcbd28d351d9

HTTP Headers

GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: text/html;charset=utf-8
x-request-id: 4edd62517b34979af812252272447f43
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Fri, 01 Dec 2023 20:21:21 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2

172.64.141.13

200 OK

74 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP
172.64.141.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Size
74 kB (74320 bytes)
Hash
3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9

HTTP Headers

GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: font/woff2
content-length: 74320
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "3638e62ea50e6f5859b6a15276c25c87"
last-modified: Fri, 22 Sep 2023 01:45:51 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1614592
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0fBAt55NiGg6JLFFajTtSspqvkRNA91aVGhI4FbJPCVviS7KEPyYNWqvzqS2zZFpR9JRRtVgU8PI3ctfynfj%2Foxkmv65z0ZJanpgn%2B7Z7001xshjsCdV3JBCRuzLa3Y%2FM67EU%2BXV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ee07c2090a6383-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 141767
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg

172.64.144.152

200 OK

18 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5740), with no line terminators
Size
18 kB (17861 bytes)
Hash
d9f476ef25b46fd901a7f79b5bdbb9f4
c7d2758d17518dd1da5c352fed93654248fd37a7
bf35a33c9a8a912b82a62cffbca0c69a5db72aba6c622b77d471a1428b969dd2

HTTP Headers

GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: image/svg+xml
cf-ray: 82ee07bf4a6a569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 141593
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DDE5E49"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: 2fR27yW0b9kBp/ebW9u59A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e2bacc6f-401e-0010-6202-1cd76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 07:29:35 GMT
expires: Fri, 29 Nov 2024 07:29:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 132646
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC

142.250.74.168

200 OK

67 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (25136)
Size
67 kB (67321 bytes)
Hash
7826c802b22735480a47c0098c4c3af0
ee22e91c2127146cebc3c601225945c44c26a789
64186a37dfa114c3dd30b6bf95cfe56a712fa2cde23df057c02980cff096d230

HTTP Headers

GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 01 Dec 2023 20:20:21 GMT
expires: Fri, 01 Dec 2023 20:20:21 GMT
cache-control: private, max-age=900
last-modified: Fri, 01 Dec 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67321
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg

172.64.144.152

200 OK

98 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Size
98 kB (98453 bytes)
Hash
8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: image/jpeg
content-length: 98453
cf-ray: 82ee07c1ce81569a-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 52866
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702B1549FF"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: jm2a9e8brf6Slbj8lnk8KA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0ff811ce-901e-0013-7152-1c360e000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2

172.64.144.152

200 OK

11 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Size
11 kB (10924 bytes)
Hash
0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b

HTTP Headers

GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: font/woff2
content-length: 10924
cf-ray: 82ee07c1eec3569a-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 151514
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702DB224D1"
last-modified: Wed, 13 Sep 2023 15:43:29 GMT
vary: Accept-Encoding
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 079c49b7-601e-0028-537f-0c73aa000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg

104.17.127.249

200 OK

4.9 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP
104.17.127.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4999), with no line terminators
Size
4.9 kB (4873 bytes)
Hash
7506851c12654bfc54bb813a52957b68
b88e0179a85912068c3480f522a8b0958a23046c
0217e3f9fd1201390e06eee878ccbf84feba0077e7cdd01754170f78e18c274d

HTTP Headers

GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:22 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 90577b5d-e01e-0026-0f98-165a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 348
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ee07c5cbb85691-OSL
content-encoding: br
X-Firefox-Spdy: h2

www.unibet.com/kindred_snow/s3.7.0/kindred_s.js

85.184.96.28

200 OK

74 kB

URL GET HTTP/2
www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text, with very long lines (65378)
Size
74 kB (74304 bytes)
Hash
3fb00dbb8acb3c68fd5ddb674f22bb88
cf7bc4f71f0ff66037ac2e564963ff4c2737e766
7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246

HTTP Headers

GET /kindred_snow/s3.7.0/kindred_s.js HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=BLP.1.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 15:40:40 GMT
vary: Accept-Encoding
etag: W/"6569fe78-12240"
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
content-encoding: gzip
X-Firefox-Spdy: h2

bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no

104.40.147.180

200 OK

4.7 kB

URL GET HTTP/2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP
104.40.147.180:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint0A:12:F7:66:D9:79:A1:83:48:0D:FC:30:BC:F5:BD:27:AF:F4:1A:84
ValidityTue, 01 Aug 2023 09:55:22 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type
Unicode text, UTF-8 text, with very long lines (5178), with no line terminators
Size
4.7 kB (4706 bytes)
Hash
631915d845ca82d33ab60022714e1ff6
30f782357bfb04d2a311b19a4e116c7a0d00253a
225138234c65e4185b4d10ccddffeec9f5b674156fb2ca1819f5a89baf92f4a0

HTTP Headers

GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Fri, 01 Dec 2023 20:20:21 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=48768a3b039304e9b1fa7ae91a032ba86cf010beddc152b2be007691832f4002;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=48768a3b039304e9b1fa7ae91a032ba86cf010beddc152b2be007691832f4002;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg

172.64.144.152

200 OK

16 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Size
16 kB (15888 bytes)
Hash
2e6f9dbfba55dfa91376da363e813261
b14b92d60cdf76622b9f91b3a56c7a8d98649c23
ec5264587927f5d20d839f8f7d97e98e8dd4d9cce69ffd27a0d63d13d2102498

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: image/svg+xml
cf-ray: 82ee07bf3a5b569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 58068
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DCB4E58"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 76cbcfd3-901e-004e-01cc-1c3c8a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css

172.64.144.152

200 OK

22 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text
Size
22 kB (22452 bytes)
Hash
cd7901ab004cbe23cf68ae6b0486a998
11c4422439ed8b081e672eceef735ed1fcad6e90
01d6d6271e9cfda8348fcde699bbb334310b6ba858f1d01fbe2b08b6ceba6c1b

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:20 GMT
content-type: text/css; charset=utf-8
cf-ray: 82ee07bef9de569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 138740
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702AA0A0C4"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: zXkBqwBMviPPaK5rBIapmA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: dda9c37d-401e-0010-5ea4-13d76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

142.250.74.67

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
142.250.74.67:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:36:53 GMT
expires: Thu, 28 Nov 2024 21:36:53 GMT
cache-control: public, max-age=31536000
age: 168208
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg

104.17.127.249

200 OK

1.1 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP
104.17.127.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1065), with no line terminators
Size
1.1 kB (1053 bytes)
Hash
8994f187d31c33e41e6af6c078d8b4f3
e65a39fb2b4d56343b2af57a19ba38612eaa262f
e4f28e35c66413fc59cb5bdb97c30fd7de981c9408b0f38068c3f71661f52872

HTTP Headers

GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:22 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: 850b18b8-b01e-003b-137b-0c57a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 221
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ee07c5cbc25691-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico

172.64.144.152

200 OK

421 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Size
421 B (421 bytes)
Hash
ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed

HTTP Headers

GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: image/x-icon
cf-ray: 82ee07c3083d569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 223677
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702ABA666E"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: ac00a8bf-d01e-0002-5b3a-14acba000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg

172.64.144.152

200 OK

1.1 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1092), with no line terminators
Size
1.1 kB (1066 bytes)
Hash
72ece8ff11191ced6c715b6dffb50c8e
f31de9cc333fe23b895c701ac6bfe4a9388f456a
e51fdf1e222c2590c5436e649fbe707d5f80e6b3888bca1509510b9504b43949

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: image/svg+xml
cf-ray: 82ee07bf4a70569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 150132
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CDF8B61"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: 9k4H3E55HXB5I94VinrUOQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: edf675d7-401e-005d-54c3-0b1886000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg

172.64.144.152

200 OK

966 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1004), with no line terminators
Size
966 B (966 bytes)
Hash
60530a8226b6f89fbd6e188cd9bdb2fc
5ff9b1d4f00eb8dc12ecb50e0a87abadf144a17d
1c0ec6dc6f122167b6c09d4cafb6ab7312fa4908ba74693ea7105730a5a2ed93

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: image/svg+xml
cf-ray: 82ee07bf4a72569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 153754
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CE70450"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Z4302O+bSqlX5UM92U+35A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: aee50919-501e-006e-6628-0d472d000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/css/all.css

172.64.141.13

200 OK

54 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.7.1/css/all.css
IP
172.64.141.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (54456), with no line terminators
Size
54 kB (54456 bytes)
Hash
7b1d7f457d056ace7b230b587b9f3753
4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf

HTTP Headers

GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 1615076
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=90MvxZ2FyI170dlCLuoCYtH9LKEylI7cy8D%2F%2B6FGlJNmoGTWEWHkJmzZmPMBlrCT%2FE2zwVvCBTiFN4LcyQ6KMEtyizBmhJfWYnvVyXOMSnXCm2lJazZiWDMwEJoc%2B%2BpR1Qy%2FSgjY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ee07c02e2e6383-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521

172.64.144.152

200 OK

17 kB

URL User Request GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type

Size
17 kB (17265 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.toprevenuegate.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:20 GMT
content-type: text/html; charset=utf-8
cf-ray: 82ee07bccf5c569a-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: aY23filpvIp9zBTCFZm2tg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 383ec354-601e-0007-7593-247e61000000
x-ms-version: 2014-02-14
set-cookie: btag=127656177_7326747DE20044C5A13CB4DD784C15F7;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js

172.64.144.152

200 OK

4.5 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (4762), with no line terminators
Size
4.5 kB (4514 bytes)
Hash
cc638d634c8efd9452a05f3ed63a2c15
d680da0e128220e8310269d900408fb3727eca2d
9d2ff7f3c0209be9a5ba2736e033c4117893aed259278008797f0bfd43dea7fb

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:20 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82ee07bef9e5569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 565664
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E1B3700"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0799503c-801e-0042-7d02-19ab82000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg

172.64.144.152

200 OK

3.2 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3287), with no line terminators
Size
3.2 kB (3207 bytes)
Hash
910a470c87e6907732caefbe1b43f25c
709f3846db3c983a502d081a17c95404c545141c
c1912c86d189996a4995f3c142f73f88150fd922a203f914e1a17992f07a2db5

HTTP Headers

GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:20 GMT
content-type: image/svg+xml
cf-ray: 82ee07bf1a32569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 230172
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B55A494"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 862f85ee-201e-005b-777e-1e2b39000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg

172.64.144.152

200 OK

32 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
32 kB (31807 bytes)
Hash
bf06fba2ca517eddb1cc60ed26f47758
d184102516fbb91e198b99a09ac6f739d13d836d
6a91f72758fb0426e2cf9b5f36432666b620d80d825989e9dd6175a251c78475

HTTP Headers

GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: image/svg+xml
cf-ray: 82ee07bf5a7e569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 223824
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B7E8320"
last-modified: Wed, 13 Sep 2023 15:43:26 GMT
vary: Accept-Encoding
content-md5: vwb7ospRft2xzGDtJvR3WA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a95fdfb0-e01e-0019-5dda-1592b9000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js

172.64.144.152

200 OK

5.4 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document, ASCII text, with very long lines (5609), with no line terminators
Size
5.4 kB (5424 bytes)
Hash
41e296392bf29f4381ad03c8314479cd
6fd53f13908be09218cff171d1bf6d9a9e954e19
58020e44456892a4b398728d98b53b09fc9a208593afedc66ac2636721932d9d

HTTP Headers

GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:20 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 82ee07bf0a02569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 55409
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E25208C"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 348b4653-601e-0038-3c49-0cb6c2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500

142.250.74.106

200 OK

6.4 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (6530), with no line terminators
Size
6.4 kB (6362 bytes)
Hash
feddc562097e437af08febef83792dbe
4d1d430f50e555657f1a135bcf655877597b38ca
284e88ea80c2a259fedfeb2cd060bd55616e22a73693c779061741385239c46b

HTTP Headers

GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 01 Dec 2023 20:20:21 GMT
date: Fri, 01 Dec 2023 20:20:21 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg

104.17.127.249

200 OK

25 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP
104.17.127.249:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
25 kB (24901 bytes)
Hash
7857f5fa35651d9795bac512238caaf4
107c2b86078dd49ffd18c76724bd290018719037
bf1b321fe365e6fdb5429bcebb8a6b5b9ed554d84f4eced5e69cc31038455a81

HTTP Headers

GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:22 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: b31b4379-501e-0041-450f-134ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 348
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ee07c5cbc65691-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/custom.js

172.64.144.152

200 OK

5.9 kB

URL GET HTTP/2
welcome.unibet.com/custom.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text, with very long lines (6078), with no line terminators
Size
5.9 kB (5881 bytes)
Hash
f1d301b9a66fabf51fc0630bdcaf0bf8
45100e61056b88ffd1f2f4bc02f393cda328b595
9f86f4c23e72c39fe76f986ada1f7649af6abc8a1da08760e287498c84c772d5

HTTP Headers

GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:20 GMT
content-type: application/javascript
cf-ray: 82ee07bf1a2a569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 151608
etag: W/"0x8DA115DA300B0C1"
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
vary: Accept-Encoding
content-md5: e/Aekt1V1fopj1X7y5r9MA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b3159e82-501e-0041-530e-134ae6000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg

172.64.144.152

200 OK

1.5 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1513), with no line terminators
Size
1.5 kB (1481 bytes)
Hash
49bb8022b31261533a9fc360618129c2
35ab11ba839506015fe62c50a79bf3aff01d049c
559f2bd484ade1ad03ed79c5a5de1604fe9acc174164d3fd28d68eff7acbe2b3

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:94151521-37950&btag=127656177_7326747DE20044C5A13CB4DD784C15F7&bid=37950&campaignId=2799402&pid=94151521
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a94151521%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701462020286)%5c%2f%22%2c%22CookieTag%22%3a%223795094151521451240919C20231212020%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210648918298%7c1%22%7d%5d; __ucbt=node03uwusmn4989m13wbue9y4yftn; uniattr=ST.0.T; uniattr_ref="https://www.toprevenuegate.com/"; affiliateId=1; B-TAG=127656177_7326747DE20044C5A13CB4DD784C15F7; BID=37950; PID=94151521; REFERER=https%3A%2F%2Fwww.toprevenuegate.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_7326747DE20044C5A13CB4DD784C15F7%26sref%3DADST%26ADST%3D19854905%26affiliateId%3D1%26pid%3D94151521%26bid%3D37950; btag=127656177_7326747DE20044C5A13CB4DD784C15F7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 01 Dec 2023 20:20:21 GMT
content-type: image/svg+xml
cf-ray: 82ee07bf4a76569a-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 45119
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702D1E3897"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Kch+tYuo05USS5JaESq1rA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 89ff6622-901e-005e-7ca4-16f9e2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations