Report - worldcapacity.blogspot.com/

Report Overview

Submitted URL
worldcapacity.blogspot.com/
IP
172.217.21.161
ASN
#15169 GOOGLE
Submitted
2023-12-05 11:52:07
Access
public
Website Title
Unibet
Final URL
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
42

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16	2023-12-05	899 B	66 kB	142.250.74.74
www.blogger.com	8975	1999-06-22	2012-05-22	2023-12-04	452 B	60 kB	216.58.207.233
www.topcreativeformat.com	unknown	2023-11-21	2023-11-22	2023-12-04	2.8 kB	70 kB	173.233.137.60
welcome.unibet.com	242429	1997-12-11	2017-01-30	2023-12-04	30 kB	408 kB	172.64.144.152
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-12-05	437 B	193 kB	142.250.74.168
blogger.googleusercontent.com	16485	2008-11-17	2012-05-25	2023-12-05	1.4 kB	12 kB	142.250.74.97
proftrafficcounter.com	unknown	2023-11-16	2023-11-21	2023-12-04	465 B	433 B	18.184.210.76
whileinferioryourself.com	unknown	2023-11-28	2023-11-28	2023-12-05	2.5 kB	4.3 kB	192.243.61.225
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-12-05	4.9 kB	186 kB	142.250.74.163
pl21653577.toprevenuegate.com	unknown	unknown	No data	No data	469 B	10 kB	173.233.137.36
couldobliterate.com	unknown	unknown	No data	No data	3.1 kB	6.3 kB	173.233.137.60
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-12-05	453 B	40 kB	172.217.21.170
a1s.unibet.com	297625	1997-12-11	2017-01-30	2023-12-05	1.4 kB	17 kB	85.184.96.5
4.bp.blogspot.com	11215	2000-07-31	2012-05-21	2023-12-05	529 B	4.3 kB	142.250.74.161
attendancereporterwren.com	unknown	unknown	No data	No data	6.3 kB	12 kB	192.243.59.12
a1s-cdn.unibet.com	283505	1997-12-11	2014-04-23	2023-12-04	1.4 kB	1.7 kB	85.184.96.5
bannerflow-feed-builder.azurewebsites.net	659103	2012-01-24	2017-11-23	2023-12-04	604 B	5.5 kB	104.40.147.180
cdnjs.cloudflare.com	235	2009-02-17	2015-04-17	2023-12-05	1.6 kB	282 kB	104.17.24.14
adserving.unibet.com	98000	1997-12-11	2015-05-26	2023-12-04	593 B	1.4 kB	13.107.246.53
cdn.bannerflow.com	23819	2008-06-03	2018-02-22	2023-12-04	1.5 kB	33 kB	104.16.48.126
traumatizedenied.com	unknown	2023-11-28	2023-11-28	2023-12-03	4.7 kB	8.5 kB	192.243.59.12
manuretravelingaroma.com	unknown	2023-11-28	2023-11-28	2023-12-02	468 B	467 B	192.243.59.20
worldcapacity.blogspot.com	unknown	unknown	No data	No data	1.4 kB	65 kB	172.217.21.161
conqueredallrightswell.com	unknown	2023-11-14	2023-11-16	2023-12-04	2.6 kB	4.0 kB	192.243.61.227
www.unibet.com	318338	1997-12-11	2014-04-29	2023-12-04	7.1 kB	82 kB	85.184.96.28
use.fontawesome.com	942	2012-10-18	2017-01-30	2023-12-05	1.0 kB	130 kB	172.64.140.13

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-05	medium	topcreativeformat.com	Sinkholed
2023-12-05	medium	toprevenuegate.com	Sinkholed
2023-12-05	medium	topcreativeformat.com	Sinkholed
2023-12-05	medium	topcreativeformat.com	Sinkholed
2023-12-05	medium	topcreativeformat.com	Sinkholed
2023-12-05	medium	whileinferioryourself.com	Sinkholed
2023-12-05	medium	topcreativeformat.com	Sinkholed
2023-12-05	medium	traumatizedenied.com	Sinkholed
2023-12-05	medium	whileinferioryourself.com	Sinkholed
2023-12-05	medium	topcreativeformat.com	Sinkholed
2023-12-05	medium	couldobliterate.com	Sinkholed
2023-12-05	medium	traumatizedenied.com	Sinkholed
2023-12-05	medium	attendancereporterwren.com	Sinkholed
2023-12-05	medium	attendancereporterwren.com	Sinkholed
2023-12-05	medium	manuretravelingaroma.com	Sinkholed
2023-12-05	medium	couldobliterate.com	Sinkholed
2023-12-05	medium	traumatizedenied.com	Sinkholed
2023-12-05	medium	conqueredallrightswell.com	Sinkholed
2023-12-05	medium	attendancereporterwren.com	Sinkholed
2023-12-05	medium	attendancereporterwren.com	Sinkholed
2023-12-05	medium	conqueredallrightswell.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (24)

	URL	Size	First Seen	Last Seen
	a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js	956 B	2023-03-07	2024-06-22
Pretty URL a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12:05 Last Seen2024-06-22 17:43:16 Times Seen10505 Hash fd48e87ecd4d06d9c5df490b91dc813e a65a437db44444634e4f41732c590c1d14433b3f 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47 Loading...

	www.unibet.com/kindred_snow/s3.7.0/kindred_s.js	74 kB	2023-03-12	2024-07-13
Pretty URL www.unibet.com/kindred_snow/s3.7.0/kindred_s.js IP 85.184.96.28 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:47:14 Last Seen2024-07-13 08:02:00 Times Seen12308 Hash 3fb00dbb8acb3c68fd5ddb674f22bb88 cf7bc4f71f0ff66037ac2e564963ff4c2737e766 7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js	87 kB	2023-03-07	2024-07-27
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:02 Last Seen2024-07-27 01:23:33 Times Seen127317 Hash a09e13ee94d51c524b7e2a728c7d4039 0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef Loading...

	unknown	7.7 kB	2023-10-13	2024-06-22
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 14:25:06 Last Seen2024-06-22 17:43:16 Times Seen5167 Hash d8109ab58402556ab737fe39834e6905 47aceb389987ff2659d00e7594f4b6f497fd776b 71020f8da24acc220d53e62c55ebf61e031f1d189dca99dd219c96ea2686dc96 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js	4.5 kB	2023-03-07	2024-02-01
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2024-02-01 12:23:48 Times Seen8257 Hash 04fc48de78cbfc5d1557e9df399c7733 e1bf77a4fef1943b0eab404c4abbe9477cb373e0 4c6d70ebaf667a642560297cdca94fa760d3624e1f4cab0da08711f0c492fed6 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908	147 B	2023-03-07	2024-02-01
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11:26 Last Seen2024-02-01 12:23:48 Times Seen6862 Hash 1d18cffe3fc76896ca02254b5879b535 1a8fec7049c5644eaab6f7aecf8672f3f858d037 cb934bad0e7cb0b0b2edbc619a28b2d7ee4960dba893c3c2ce2a63e458d8af5b Loading...

	a1s.unibet.com/orval/tracking/lastclick.min.js	1.8 kB	2023-03-07	2024-06-22
Pretty URL a1s.unibet.com/orval/tracking/lastclick.min.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2024-06-22 17:43:16 Times Seen5727 Hash 8027969a31091dd0d3a7813f95ee7e10 591677c488b8b98532778e11adc9348253a014a4 5166be250f7de7d316b5fb9778843cc3268ce3e00f917530f65e99dcdb355b60 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908	307 B	2023-03-07	2024-02-01
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11:26 Last Seen2024-02-01 12:23:48 Times Seen6858 Hash 5633bd464ac4d5c3fab4b6c6db04c743 e9b255450e7612595382082329b0fe88904abcee ca8576fcf8d4ca2350c9fe2a7976729e6e3c6b42ca948060a509a1eed46e93fd Loading...

	welcome.unibet.com/widget/betslip/betslip.js	15 kB	2023-03-07	2024-02-01
Pretty URL welcome.unibet.com/widget/betslip/betslip.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2024-02-01 12:23:48 Times Seen13385 Hash 5770dc60397ffb834d1280aa7bcebbd0 f0bbf2136b83babe5a8f70eeff2308279e9a0d3a 42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908	295 B	2023-09-13	2024-02-01
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-09-13 20:26:16 Last Seen2024-02-01 12:23:48 Times Seen5374 Hash c19afddc1697308e0ef68fc2225c7f22 c77de15393ad1ee1d0d49afd6cc7c1cdefa9a5b4 7d80f28d2d8c0b322d667bc27797d7e01c2e90fa2a7d1025db04252d5b83f202 Loading...

	unknown	9.0 kB	2023-09-21	2024-06-22
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-21 22:26:08 Last Seen2024-06-22 17:43:16 Times Seen5258 Hash 4bf85503f4a4c7bcfaab0141a5806d3d 27fe50a4fc3c8c70cbb4a7448497b078d4583afc f69fd5a7cc72a1b162c15eed2d8df99565cfb38316cfe1b946b868f809146305 Loading...

	unknown	2.6 kB	2023-03-07	2024-06-22
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2024-06-22 17:43:16 Times Seen6832 Hash cd03538fc58df8693fe9af9337788f0f 408a15551710117d0538fc9442a55b5678bb85a5 cc933dd733a6db1a1a9ff1d7c0adb26717fa27d4d177b7a5a2cab0bfdb353562 Loading...

	unknown	1.5 kB	2023-11-16	2024-02-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 15:59:40 Last Seen2024-02-01 12:23:48 Times Seen3976 Hash aa815b3ab95f01113f06825d3482950a 8ba15b0202aeaf30c7db18cb23c5007dea0ed42b b9eb09d3ddb52bcd12443dedbb9194d9b07a2e5a29139a63adbc62eb158ad828 Loading...

	welcome.unibet.com/custom.js	5.9 kB	2023-03-07	2024-06-22
Pretty URL welcome.unibet.com/custom.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2024-06-22 17:43:16 Times Seen8698 Hash 7bf01e92dd55d5fa298f55fbcb9afd30 4db58eaa64d33bce2d1ae88d5ed6919d8986f8dc 2c13bba84b390447c18343fd8319ca7aea45208f53fb3143ed27c354fd5b2b1f Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908	218 B	2023-03-07	2024-02-01
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11:26 Last Seen2024-02-01 12:23:48 Times Seen5375 Hash 91824c153a2424389807187ea41b9137 0ac7bf21044c90de1568152896efb9466c90b412 74abc0c84e63335fab7da57b01856b457f332b55d1ae539baadb180b13be726c Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908	92 B	2023-03-07	2024-06-22
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11:26 Last Seen2024-06-22 17:43:16 Times Seen6847 Hash 7f0f3c1a6218ba26e0a2303513a4b789 a8d06c9a0d0b367220509b18213f6b102f4b4fc0 faffe243fd7f581af68fd7dafdf86ff1e5c0824831f03d5758cb309da65fddda Loading...

	unknown	462 B	2023-11-06	2024-02-01
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-06 12:29:33 Last Seen2024-02-01 12:23:48 Times Seen4515 Hash 0e8641478391e5943136bbd9dcf81687 43802b92092208cbe4b2c893a6cf8a66970a90ba f2492cbdb92a0b0870b3ae997b0343f648e0489b2877e12fbd4302cf29453436 Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js	5.4 kB	2023-03-07	2024-02-01
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2024-02-01 12:23:48 Times Seen8425 Hash ac64b59c98bbe50cf69b6c98fa39585c 0a5cc9fb43b8a208481baaf752dbd504078a764b 28ac02c7302149814ed1c1b8a31b96e1ea94247c3b64888a598f66955d28312c Loading...

	welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908	364 B	2023-03-07	2024-02-01
Pretty URL welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908 IP 172.64.144.152 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:11:26 Last Seen2024-02-01 12:23:48 Times Seen6836 Hash b7207d294237fb810195b41fdd3cac28 ff7ef257957cbc2074fa5814177bb7cbbac44eb2 12f39122cef3c11903118c0f4769199ddc1e0e5ba13d7dbe8373e5c77391baf5 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC	192 kB	2023-12-05	2023-12-05
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-05 09:25:56 Last Seen2023-12-05 22:04:11 Times Seen14 Hash b0b4175cf14760a93648ab9e369691d7 d3b79412060af66ad5bd72ea25369c32b3ae660d b9911b8bf9f2f33346cf4c46a52ca05130755b370396d5fd93a6390a4629c7f8 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 127ac839a41bdd9ab92ad47b7411cdaf	29 B	2023-03-08	2024-01-15
Pretty Observations First Seen2023-03-08 14:23:53 Last Seen2024-01-15 00:09:04 Times Seen889 Hash 127ac839a41bdd9ab92ad47b7411cdaf c2f81b12778c909f055c3967caa638b643c4916a b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4 Loading...

	#2 Eval - 208e7f0b53043028f7406f9c2e1bfbe6	471 B	2023-12-05	2023-12-05
Pretty Observations First Seen2023-12-05 12:52:14 Last Seen2023-12-05 12:52:14 Times Seen1 Hash 208e7f0b53043028f7406f9c2e1bfbe6 0f60c54bd371bfa041fba774c1b8baf05ce25512 a253871ee64fa4139bc955014a59d3f3e6b4fec3ec1b261322ea6888b12092d2 Loading...

		Size	First Seen	Last Seen
	#1 Write - ac798ac2b2c9559c3e64b701f845c78e	50 B	2023-03-07	2024-02-01
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2024-02-01 12:23:48 Times Seen6876 Hash ac798ac2b2c9559c3e64b701f845c78e 288602cbfebecea88ca238ce32c92d133bf59bff a2b051fa7d206df6e4eeee27678781de0752c1ac7adcfd359c1a2fc7ff507449 Loading...

	#2 Write - 3b01f1622c875f8a95c208e325616852	117 B	2023-12-05	2023-12-05
Pretty Observations First Seen2023-12-05 12:52:14 Last Seen2023-12-05 12:52:14 Times Seen1 Hash 3b01f1622c875f8a95c208e325616852 c7160b8bc65431129f1401b6a79acdbdac82d57f 3489fe233bfe79753f2580df144323a1513bfd02893046dcc7e0e4d7ec2e74a9 Loading...

HTTP Transactions (78)

URL IP Response Size

worldcapacity.blogspot.com/

172.217.21.161

59 kB

URL
worldcapacity.blogspot.com/
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (474)
Size
59 kB (58902 bytes)
Hash
0f5f34a3e4ed57fda2c92f8646c92191
caf291da1da3e0a011f9ab78e3495a313b1ff0e4
fac05f87ad4cd192bf6cab5775411b8d73202185e6e7af0cd1d0c9b7b262a4a5

HTTP Headers

GET / HTTP/1.1
Host: worldcapacity.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Tue, 05 Dec 2023 11:51:47 GMT
date: Tue, 05 Dec 2023 11:51:47 GMT
cache-control: private, max-age=0
last-modified: Tue, 05 Dec 2023 11:34:36 GMT
etag: W/"131d38c04e127236d3ce91bc08674e583da8cd17c531c2c67ef2b07e66611242"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 58902
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

worldcapacity.blogspot.com/js/cookienotice.js

172.217.21.161

2.0 kB

URL
worldcapacity.blogspot.com/js/cookienotice.js
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
2.0 kB (2026 bytes)
Hash
a705132a2174f88e196ec3610d68faa8
3bad57a48d973a678fec600d45933010f6edc659
068ffe90977f2b5b2dc2ef18572166e85281bd0ecb31c4902464b23db54d2568

HTTP Headers

GET /js/cookienotice.js HTTP/1.1
Host: worldcapacity.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 05:48:48 GMT
expires: Tue, 12 Dec 2023 05:48:48 GMT
cache-control: public, max-age=604800
last-modified: Mon, 04 Dec 2023 20:05:01 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 21780
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css

104.17.24.14

19 kB

URL
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/css/all.min.css
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (52276)
Size
19 kB (18778 bytes)
Hash
5222e06b77a1692fa2520a219840e6be
8b4236206a8b86af3761a244277663046d7ff7ee
0934b1fc0d3a766d41d3adf5e7a115875e66e98ebba408d965a41cf3d2cb4ab5

HTTP Headers

GET /ajax/libs/font-awesome/6.4.2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:48 GMT
content-type: text/css; charset=utf-8
content-length: 18778
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "64cac444-495a"
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1061039
expires: Sun, 24 Nov 2024 11:51:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0RmTh212rZxMujz%2BFDVWLgZj5D%2BcErEmMXK5vjB6AggumCPj42C8PoqaubvfeR5Zdxbs5spuS0ZvJ38PQ6Dcn4KzV5MBD44J8J8RimiJow5k9WDPkx9mpYNGVcu6ckxbiwbF4hIP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 830c144e9b4bb52d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js

142.250.74.74

34 kB

URL
ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32077)
Size
34 kB (33951 bytes)
Hash
4f252523d4af0b478c810c2547a63e19
5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb
668b046d12db350ccba6728890476b3efee53b2f42dbb84743e5e9f1ae0cc404

HTTP Headers

GET /ajax/libs/jquery/1.12.4/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 33951
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:14:46 GMT
expires: Fri, 29 Nov 2024 05:14:46 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 455822
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.blogger.com/static/v1/widgets/3754116945-widgets.js

216.58.207.233

59 kB

URL
www.blogger.com/static/v1/widgets/3754116945-widgets.js
IP
216.58.207.233:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (2258)
Size
59 kB (59286 bytes)
Hash
0f3580b0033bbd151cdb647634be7404
4d8508ef28b0e50fa8c28ccaeb1f2a6855a75bdc
38d944d88c98612f76ed693afb143f1c032ca27ba56ec46a6714ab3dc511f974

HTTP Headers

GET /static/v1/widgets/3754116945-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 59286
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 07:26:52 GMT
expires: Wed, 04 Dec 2024 07:26:52 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 30 Nov 2023 23:28:54 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 15896
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

4.bp.blogspot.com/-O3EpVMWcoKw/WxY6-6I4--I/AAAAAAAAB2s/KzC0FqUQtkMdw7VzT6oOR_8vbZO6EJc-ACK4BGAYYCw/w680/nth.png

142.250.74.161

3.7 kB

URL
4.bp.blogspot.com/-O3EpVMWcoKw/WxY6-6I4--I/AAAAAAAAB2s/KzC0FqUQtkMdw7VzT6oOR_8vbZO6EJc-ACK4BGAYYCw/w680/nth.png
IP
142.250.74.161:0
ASN
#15169 GOOGLE

File type
PNG image data, 680 x 349, 8-bit/color RGB, non-interlaced\012- data
Size
3.7 kB (3725 bytes)
Hash
6b640c8cb090eea4724a53b0c320b08f
92d00a5cdd667c0157a40e442cc9dd1485cdb290
fd7739e2674c5fe13e0a51140a51189b82c5bbaf087c18a04d30b62fad9648a8

HTTP Headers

GET /-O3EpVMWcoKw/WxY6-6I4--I/AAAAAAAAB2s/KzC0FqUQtkMdw7VzT6oOR_8vbZO6EJc-ACK4BGAYYCw/w680/nth.png HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
timing-allow-origin: *
access-control-expose-headers: Content-Length
content-disposition: inline;filename="nth.png"
x-content-type-options: nosniff
server: fife
content-length: 3725
x-xss-protection: 0
date: Tue, 05 Dec 2023 11:28:23 GMT
expires: Wed, 06 Dec 2023 11:28:23 GMT
cache-control: public, max-age=86400, no-transform
age: 1405
etag: "v76c"
content-type: image/png
vary: Origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2

104.17.24.14

110 kB

URL
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 109808, version 772.1280\012- data
Size
110 kB (109808 bytes)
Hash
005c9aa92b564b73b7582cc4f1fa49cb
373361ed756b1fe68ce2f5968d467826b6973bb5
faae6fc0aa94cc5bde5076647c817a23206096a1cbeda10d1c6f3d89d6163ed1

HTTP Headers

GET /ajax/libs/font-awesome/6.4.2/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 11:51:48 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 109808
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "64cac444-1acf0"
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1157478
expires: Sun, 24 Nov 2024 11:51:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XiL3n%2Fl5jxan8HQDuUrqtsnna6Ikiptvk494w%2BHUWdNzPhU64SLDzPaO4wFR8Oi5SUGS%2FMLmr9aRrnYhQ66glFcq%2BPVM4pZfTbrqShNNj7puEoZASsYEnGP8XDbu0yGw9xGaYnnf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 830c14501c55b500-OSL
alt-svc: h3=":443"; ma=86400

cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2

104.17.24.14

150 kB

URL
cdnjs.cloudflare.com/ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format (Version 2), TrueType, length 150020, version 772.1280\012- data
Size
150 kB (150020 bytes)
Hash
d5e647388e2415268b700d3df2e30a0d
97f0942c6627ddd89fb62170e5cac9a2cbd6c98c
886c86112a804ef1ddd1cb206af4c8c40e34b73c26652ca231404aa35a6b30d9

HTTP Headers

GET /ajax/libs/font-awesome/6.4.2/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://cdnjs.cloudflare.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Tue, 05 Dec 2023 11:51:48 GMT
content-type: application/octet-stream; charset=utf-8
content-length: 150020
access-control-allow-origin: *
cache-control: public, max-age=30672000
etag: "64cac444-24a04"
last-modified: Wed, 02 Aug 2023 21:01:56 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1060871
expires: Sun, 24 Nov 2024 11:51:48 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qLXZ0nsYrzNNhfwndbht74malld37Oe2dt0GJ6zCHFbDYYbHD2s6PZXuFtBgN54XSJ7TH5SDUoA4y0wM0nC2FEQbPX6PTkhlMsTLdgTJ0cojXdt2BhMQ66uXJnsgog8SmavgJADp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 830c14501c56b500-OSL
alt-svc: h3=":443"; ma=86400

fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

142.250.74.163

7.9 kB

URL
fonts.gstatic.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7884, version 1.0\012- data
Size
7.9 kB (7884 bytes)
Hash
9212f6f9860f9fc6c69b02fedf6db8c3
ac6d71b4d5fdd2b3dabc9a06ff6c001e4251da0b
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

HTTP Headers

GET /s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7884
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:00:07 GMT
expires: Fri, 29 Nov 2024 05:00:07 GMT
cache-control: public, max-age=31536000
age: 456701
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2

142.250.74.163

36 kB

URL
fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 35888, version 1.0\012- data
Size
36 kB (35888 bytes)
Hash
78be9c1daeadb1ae4f8d1e622d7b2011
60923c3b5dfe1a5a07b9092ec9c5583d004d0c5b
9f46649ea544819982ea288c6f386dd67d46da0f453f95da542196372b79731e

HTTP Headers

GET /s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35888
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 04:52:49 GMT
expires: Wed, 04 Dec 2024 04:52:49 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 21 Feb 2023 21:45:58 GMT
content-type: font/woff2
age: 25139
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

142.250.74.163

7.8 kB

URL
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7816, version 1.0\012- data
Size
7.8 kB (7816 bytes)
Hash
25b0e113ca7cce3770d542736db26368
cb726212d5d525021752a1d8470a0fb593e0c49e
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7816
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 01:53:03 GMT
expires: Wed, 04 Dec 2024 01:53:03 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
content-type: font/woff2
age: 35925
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2

142.250.74.163

7.7 kB

URL
fonts.gstatic.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 7748, version 1.0\012- data
Size
7.7 kB (7748 bytes)
Hash
a09f2fccfee35b7247b08a1a266f0328
0da2d17e738f46d2a09e6fb7969da451719a9820
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

HTTP Headers

GET /s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 7748
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:13:52 GMT
expires: Fri, 29 Nov 2024 05:13:52 GMT
cache-control: public, max-age=31536000
age: 455876
last-modified: Wed, 27 Apr 2022 16:21:30 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2

142.250.74.163

36 kB

URL
fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 35888, version 1.0\012- data
Size
36 kB (35888 bytes)
Hash
78be9c1daeadb1ae4f8d1e622d7b2011
60923c3b5dfe1a5a07b9092ec9c5583d004d0c5b
9f46649ea544819982ea288c6f386dd67d46da0f453f95da542196372b79731e

HTTP Headers

GET /s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35888
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 04:52:49 GMT
expires: Wed, 04 Dec 2024 04:52:49 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 21 Feb 2023 21:45:58 GMT
content-type: font/woff2
age: 25139
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2aQveBxmmMCdhoBNgAS9vo2B0NWej3QWFZa1Owmwge4Hh3Pkghl-BGPrvRGriKBb-cdg3GV8AHwpRiuO_VXMp2lhCpxZwV7eDUmhd4mCBUXoNGMY8LzUWZzQ_5Uhrdfo-nheiefCCemoxDWwHGke3VIinth2mQD1ghUMYFrzpYZWtYNwg1qvmepxQ0BQW/w72-h72-p-k-no-nu/images.jpg

142.250.74.97

3.7 kB

URL
blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg2aQveBxmmMCdhoBNgAS9vo2B0NWej3QWFZa1Owmwge4Hh3Pkghl-BGPrvRGriKBb-cdg3GV8AHwpRiuO_VXMp2lhCpxZwV7eDUmhd4mCBUXoNGMY8LzUWZzQ_5Uhrdfo-nheiefCCemoxDWwHGke3VIinth2mQD1ghUMYFrzpYZWtYNwg1qvmepxQ0BQW/w72-h72-p-k-no-nu/images.jpg
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 72x72, components 3\012- data
Size
3.7 kB (3688 bytes)
Hash
b954e82ab2c9eaeeee4d45674b52e2b5
8268d6bdf9ab40c44e82792934d532cc66d19667
b2ae9354d0d3026f61983fede79a93c7a9590034c675f59d709951ac700e5f02

HTTP Headers

GET /img/b/R29vZ2xl/AVvXsEg2aQveBxmmMCdhoBNgAS9vo2B0NWej3QWFZa1Owmwge4Hh3Pkghl-BGPrvRGriKBb-cdg3GV8AHwpRiuO_VXMp2lhCpxZwV7eDUmhd4mCBUXoNGMY8LzUWZzQ_5Uhrdfo-nheiefCCemoxDWwHGke3VIinth2mQD1ghUMYFrzpYZWtYNwg1qvmepxQ0BQW/w72-h72-p-k-no-nu/images.jpg HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v4"
expires: Wed, 06 Dec 2023 11:51:48 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="images.jpg"
x-content-type-options: nosniff
date: Tue, 05 Dec 2023 11:51:48 GMT
server: fife
content-length: 3688
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

blogger.googleusercontent.com/img/a/AVvXsEjlS0PmNOhMaAZP01rqqZfNA8II5_j6xN2jmw95_2wIsZXG9STMVRQ01QS0UYmQfxanPLHLgFZVKiYEiUvQwLgQY1fsdI72hgtnDr0CXcPWNqUCugjO-DNibi2vvhRJPt2mR6uH-xmNT8UW_eEoDLdipGxhx5zd-I3gbaWMKqcCvD5-edpp9Ww1fWva7sy0=s190

142.250.74.97

7.1 kB

URL
blogger.googleusercontent.com/img/a/AVvXsEjlS0PmNOhMaAZP01rqqZfNA8II5_j6xN2jmw95_2wIsZXG9STMVRQ01QS0UYmQfxanPLHLgFZVKiYEiUvQwLgQY1fsdI72hgtnDr0CXcPWNqUCugjO-DNibi2vvhRJPt2mR6uH-xmNT8UW_eEoDLdipGxhx5zd-I3gbaWMKqcCvD5-edpp9Ww1fWva7sy0=s190
IP
142.250.74.97:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 190x48, components 3\012- data
Size
7.1 kB (7118 bytes)
Hash
cc7e313ec0b044b17873e63ed8878e5a
057468feaf147fe79a61bc8290abf8534f92714d
979602f79544aa8982f2782bfec796cec4304d222058b970ba2029065c437929

HTTP Headers

GET /img/a/AVvXsEjlS0PmNOhMaAZP01rqqZfNA8II5_j6xN2jmw95_2wIsZXG9STMVRQ01QS0UYmQfxanPLHLgFZVKiYEiUvQwLgQY1fsdI72hgtnDr0CXcPWNqUCugjO-DNibi2vvhRJPt2mR6uH-xmNT8UW_eEoDLdipGxhx5zd-I3gbaWMKqcCvD5-edpp9Ww1fWva7sy0=s190 HTTP/1.1
Host: blogger.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
vary: Origin
access-control-expose-headers: Content-Length
etag: "v336c"
expires: Wed, 06 Dec 2023 11:51:48 GMT
cache-control: public, max-age=86400, no-transform
content-disposition: inline;filename="logo_kailas.jpg"
x-content-type-options: nosniff
date: Tue, 05 Dec 2023 11:51:48 GMT
server: fife
content-length: 7118
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js

173.233.137.60

11 kB

URL
www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29607), with no line terminators
Size
11 kB (10909 bytes)
Hash
3b517423a8d20e6e8fc9547a3c4ec7ac
14c328058f7a51d1fbfda9ffc65f47b2a2d5719a
0e4111eb31f2796b4e0126f18dda173d5db2645a4b7eeef319bbac0da62a188e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /549e9a387a457785e3ac1d4ea9353073/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f067e4e6a7216bf3811987f66f6e285e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

worldcapacity.blogspot.com/responsive/sprite_v1_6.css.svg

172.217.21.161

2.2 kB

URL
worldcapacity.blogspot.com/responsive/sprite_v1_6.css.svg
IP
172.217.21.161:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image\012- SVG XML document\012- XML 1.0 document text\012- SVG XML document\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7657)
Size
2.2 kB (2244 bytes)
Hash
d4dcfc8144f556815c7a1d84ed4e959e
22088bd6cdf970dcf7bfab9a74a4768548ca8890
73d16aca9b019e42dd2de3a10e5049b5606268ce0d8e3a167b05b37acb9b0e9c

HTTP Headers

GET /responsive/sprite_v1_6.css.svg HTTP/1.1
Host: worldcapacity.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 05:48:48 GMT
expires: Tue, 12 Dec 2023 05:48:48 GMT
cache-control: public, max-age=604800
last-modified: Mon, 04 Dec 2023 20:05:01 GMT
content-type: image/svg+xml
vary: Accept-Encoding
age: 21781
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2

142.250.74.163

36 kB

URL
fonts.gstatic.com/s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 35888, version 1.0\012- data
Size
36 kB (35888 bytes)
Hash
78be9c1daeadb1ae4f8d1e622d7b2011
60923c3b5dfe1a5a07b9092ec9c5583d004d0c5b
9f46649ea544819982ea288c6f386dd67d46da0f453f95da542196372b79731e

HTTP Headers

GET /s/lora/v32/0QIvMX1D_JOuMwr7Iw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 35888
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 04:52:49 GMT
expires: Wed, 04 Dec 2024 04:52:49 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 21 Feb 2023 21:45:58 GMT
content-type: font/woff2
age: 25140
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pl21653577.toprevenuegate.com/0917d030d0012f74940d9e988c4444e7/invoke.js

173.233.137.36

9.3 kB

URL
pl21653577.toprevenuegate.com/0917d030d0012f74940d9e988c4444e7/invoke.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
Unicode text, UTF-8 text, with very long lines (25099), with no line terminators
Size
9.3 kB (9284 bytes)
Hash
c3e54ca206290fd527e38b87926a8db8
20f7205a834fd30ebab049140914ae53d068ca3a
621e9382e3051d506e537b4d1cdef2c4caf747e88defafd7137a044b450c7ed5

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /0917d030d0012f74940d9e988c4444e7/invoke.js HTTP/1.1
Host: pl21653577.toprevenuegate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b8b9f2e81d6f7bcec019bbe7fc307b28
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

18.184.210.76

40 B

URL
proftrafficcounter.com/stats
IP
18.184.210.76:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
f344f43b1fd0a412dcc3f12bfcc9b524
935ca3bff002cd25d3104c674194958b36042ef2
0b666f07dece12824c59fbb4e58e92ebd73869f75e01b18b1ee9763a2f81ad31

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:49 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://worldcapacity.blogspot.com
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Fri, 02 Dec 2033 11:51:49 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js

173.233.137.60

11 kB

URL
www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29622), with no line terminators
Size
11 kB (10910 bytes)
Hash
63d335d0b8f6469f8d63d2486bb1b1ad
edd045f6126a890593de73d7e43dff1c2d9e5308
46e719563c89339802f7017778c7d8a0a8d24cf4f3c4d4d4a64871991a49931c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /549e9a387a457785e3ac1d4ea9353073/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d523102ceb3f6cbb65fb65fc0eb534e3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js

173.233.137.60

11 kB

URL
www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29625), with no line terminators
Size
11 kB (10913 bytes)
Hash
9ad37d49fe99f3bb2f04d1435fc6a824
e686e39fab9d3960b942e8ff2d742513c9384528
0837e3a346124fcc8112664ddb3b8089dbe5b858fed473807bcc0069daecff8c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /549e9a387a457785e3ac1d4ea9353073/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 11580f11522c707061c7427d024a6979
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js

173.233.137.60

11 kB

URL
www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29604), with no line terminators
Size
11 kB (10907 bytes)
Hash
fd97f2b0aec92b4bd2736e0f14564067
260452c8ee6d80dd1ccb96bf7fbe31188902d4da
de39398a435ded1da029a6d3e9b4cb307ecb6ed5bd7f8482dcd51befa39774dd

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /549e9a387a457785e3ac1d4ea9353073/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0c4b1fcc8523f29b0d8d5f0e5b80951c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

192.243.61.225

0 B

URL
whileinferioryourself.com/watch.49097395519.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.49097395519.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1 HTTP/1.1
Host: whileinferioryourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://worldcapacity.blogspot.com
Access-Control-Allow-Origin: https://worldcapacity.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://whileinferioryourself.com/watch.49097395519.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&shu=5e5bafd60f798b747a8cd146aa533ea664debceb69d16dc0be520c96c47898f9343b3e6c4f2b2b9920b1fe31a0280c3118dc82ec5ddb799bc1f79a0426ce52cd719387fd3f64352bae566c47b34b2dbeb1105ec5e978c855790ec63cf43538&pst=1701777170&rmtc=t
Set-Cookie: u_pl=21552854; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; expires=Tue, 05 Dec 2023 11:52:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: da0a48ca5650577395da7188e65c4395
Strict-Transport-Security: max-age=0; includeSubdomains

www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js

173.233.137.60

11 kB

URL
www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29625), with no line terminators
Size
11 kB (10913 bytes)
Hash
9ad37d49fe99f3bb2f04d1435fc6a824
e686e39fab9d3960b942e8ff2d742513c9384528
0837e3a346124fcc8112664ddb3b8089dbe5b858fed473807bcc0069daecff8c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /549e9a387a457785e3ac1d4ea9353073/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8a6c2f946523cdc8287e1d28fbf003f9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

traumatizedenied.com/watch.1414015984441.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1

192.243.59.12

0 B

URL
traumatizedenied.com/watch.1414015984441.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1414015984441.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1 HTTP/1.1
Host: traumatizedenied.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://worldcapacity.blogspot.com
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://worldcapacity.blogspot.com
Access-Control-Allow-Origin: https://worldcapacity.blogspot.com
Access-Control-Allow-Credentials: true
Location: https://traumatizedenied.com/watch.1414015984441.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&shu=f32b4173ffb93dfbf4dfd23c46a0829c2504030a038c1e0fb58144b8741f52f3ea8a620f733508a2770978d904f90f00cfcb33a261f0453750c645662a1cb0a0de5a957c94b0877713d4a9bab18609a0a40dfbdf728eb7fa2c348aec65&pst=1701777170&rmtc=t
Set-Cookie: u_pl=21552854; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; expires=Tue, 05 Dec 2023 11:52:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b63b0e528a111482781276e1a3a5711e
Strict-Transport-Security: max-age=0; includeSubdomains

whileinferioryourself.com/watch.49097395519.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&shu=5e5bafd60f798b747a8cd146aa533ea664debceb69d16dc0be520c96c47898f9343b3e6c4f2b2b9920b1fe31a0280c3118dc82ec5ddb799bc1f79a0426ce52cd719387fd3f64352bae566c47b34b2dbeb1105ec5e978c855790ec63cf43538&pst=1701777170&rmtc=t

192.243.61.225

643 B

URL
whileinferioryourself.com/watch.49097395519.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&shu=5e5bafd60f798b747a8cd146aa533ea664debceb69d16dc0be520c96c47898f9343b3e6c4f2b2b9920b1fe31a0280c3118dc82ec5ddb799bc1f79a0426ce52cd719387fd3f64352bae566c47b34b2dbeb1105ec5e978c855790ec63cf43538&pst=1701777170&rmtc=t
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document, ASCII text, with very long lines (603)
Size
643 B (643 bytes)
Hash
c29591c8292240497ef7f3f4cb62e12b
9c960b3810d498d633bce054bcf5185450e92083
42e02545394192d986fcf6fd3a4773c9eb0951dd538e575743ddfad54cd288b6

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.49097395519.js?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&shu=5e5bafd60f798b747a8cd146aa533ea664debceb69d16dc0be520c96c47898f9343b3e6c4f2b2b9920b1fe31a0280c3118dc82ec5ddb799bc1f79a0426ce52cd719387fd3f64352bae566c47b34b2dbeb1105ec5e978c855790ec63cf43538&pst=1701777170&rmtc=t HTTP/1.1
Host: whileinferioryourself.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://worldcapacity.blogspot.com
Referer: https://worldcapacity.blogspot.com/
DNT: 1
Connection: keep-alive
Cookie: u_pl=21552854; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://worldcapacity.blogspot.com
Access-Control-Allow-Origin: https://worldcapacity.blogspot.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:50 GMT; secure; SameSite=None
iprc3dd831b45a7a44f101d9ca7449dde3d5=2717343; expires=Wed, 06 Dec 2023 13:51:50 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 16b6c5fa0fe5ae8e2f7ca031f5793f61
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js

173.233.137.60

11 kB

URL
www.topcreativeformat.com/549e9a387a457785e3ac1d4ea9353073/invoke.js
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29613), with no line terminators
Size
11 kB (10910 bytes)
Hash
7694578f90a0016056e67ca3f7d42383
3955c62acfcabc57dc0d73111009220043e6de87
07f3db591fcf673e703b4f9832250504f47a49dfb81a8a1eed033e0dd3e6b31c

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /549e9a387a457785e3ac1d4ea9353073/invoke.js HTTP/1.1
Host: www.topcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ef422ffd85f03f1c7d88728efc95db82
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

couldobliterate.com/watch.1088725376277?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1

173.233.137.60

1.4 kB

URL
couldobliterate.com/watch.1088725376277?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (680)
Size
1.4 kB (1423 bytes)
Hash
8d85d59c80443f36aa8bef6ebee438ca
05f7299dc5ab08dbfe1f382fd18c1bf80e320a47
a895f1f406149d4ed5da77ecf453073f288da82a60987b16d3676aa6d896abc0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1088725376277?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1 HTTP/1.1
Host: couldobliterate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=21552854; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; expires=Tue, 05 Dec 2023 11:52:50 GMT; secure; SameSite=None
uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 717ed3b8747d3e3437105191647a075c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

traumatizedenied.com/watch.1414015984441?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1

173.233.137.60

1.4 kB

URL
traumatizedenied.com/watch.1414015984441?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (676)
Size
1.4 kB (1427 bytes)
Hash
2d5f0e4d4f3f53a28a704b2974376c55
be90761f4f8b52c2dae8042436a64445b263ef92
5017b9c4120430fe6b561ef41b1ea919957d9570a7ca937aed10b1c478cf206b

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1414015984441?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1 HTTP/1.1
Host: traumatizedenied.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Cookie: u_pl=21552854; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjpmYWxzZSwiciI6Imh0dHBzOi8vd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20vIiwiYXIiOltdfX0.CtfaWzSPploclPxlieb7qYAgLZeTVQMjNkLIDkRVBp8; expires=Tue, 05 Dec 2023 11:52:50 GMT; secure; SameSite=None
uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 711b6e584946b3a742f8bf3b9b70d336
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

attendancereporterwren.com/watch.971033042599?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1

192.243.59.12

1.4 kB

URL
attendancereporterwren.com/watch.971033042599?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (672)
Size
1.4 kB (1417 bytes)
Hash
a96f1c775d9bc532c9683507354106cf
c0c6c4c77a7e3fbdeb57bde137638a75a3b207b1
6415f85cc4d04bca784f0e2a5588974dc4bb024776585ee41a366c35b261e539

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.971033042599?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1 HTTP/1.1
Host: attendancereporterwren.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=21552854; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; expires=Tue, 05 Dec 2023 11:52:50 GMT; secure; SameSite=None
uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5875a70e76973bcb6390a69075d0439e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

attendancereporterwren.com/watch.1649353744429?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1

192.243.59.12

1.4 kB

URL
attendancereporterwren.com/watch.1649353744429?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (668)
Size
1.4 kB (1415 bytes)
Hash
d3dc184824b8c4f5865853cc8919e321
6404ee4a8c760fb254666f2111805a52d6824fc8
69e4cfed50df4e2335662dcb0e07aa963c8c8fdf1f1b46d9aaa223c4d2de5b88

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1649353744429?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1 HTTP/1.1
Host: attendancereporterwren.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=21552854; expires=Wed, 06 Dec 2023 11:51:50 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; expires=Tue, 05 Dec 2023 11:52:50 GMT; secure; SameSite=None
uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:50 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 242e5d0e80873aba299e950c73b0c21f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

manuretravelingaroma.com/pixel/nvrwe?error=timeout

192.243.59.20

0 B

URL
manuretravelingaroma.com/pixel/nvrwe?error=timeout
IP
192.243.59.20:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pixel/nvrwe?error=timeout HTTP/1.1
Host: manuretravelingaroma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 11:51:50 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

couldobliterate.com/api/users?token=L3dhdGNoLjEwODg3MjUzNzYyNzc_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT05ZDRkNGVmYjM5ZmYyMjkyOTNjZGEzZTdhZTg4MTgyYTJkMmVhZmFhZjUzMzkzYWUwMmM5ZDE2ZmNhMWViOTFlMzY3MzZiNTYxNjRiZmU2NTJkNDc5NTFlZmM1OGVkMGY2OWU1NDk2N2RmZjgwMmFmZTg1OTgyMTk5MWQwNWJhMDcwNTA3YTlmYzY1YzM4OGNmYmFjZjE5YjQ3ZTkzODEwNzZkYzRhNzNjMzg4ZmIwNmRkNDc3Mzc4MGQ0MmRiY2MxMCZ0ej0wJnV1aWQ9M2Q5N2U1YzUtYWNmNC00MTJkLTgyYzYtOGNhN2RmMmFkMTIwJTNBMiUzQTE%3D&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false

173.233.137.60

1.9 kB

URL
couldobliterate.com/api/users?token=L3dhdGNoLjEwODg3MjUzNzYyNzc_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT05ZDRkNGVmYjM5ZmYyMjkyOTNjZGEzZTdhZTg4MTgyYTJkMmVhZmFhZjUzMzkzYWUwMmM5ZDE2ZmNhMWViOTFlMzY3MzZiNTYxNjRiZmU2NTJkNDc5NTFlZmM1OGVkMGY2OWU1NDk2N2RmZjgwMmFmZTg1OTgyMTk5MWQwNWJhMDcwNTA3YTlmYzY1YzM4OGNmYmFjZjE5YjQ3ZTkzODEwNzZkYzRhNzNjMzg4ZmIwNmRkNDc3Mzc4MGQ0MmRiY2MxMCZ0ej0wJnV1aWQ9M2Q5N2U1YzUtYWNmNC00MTJkLTgyYzYtOGNhN2RmMmFkMTIwJTNBMiUzQTE%3D&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2582)
Size
1.9 kB (1853 bytes)
Hash
91bbd96edb6bcf044e2190bfacf70edd
69aee4db08c805f485db868731f547419742a88b
39e183d1c7c25ec49418295cd6b620e7594014f3b01ca11df17b916bd892bb8a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3dhdGNoLjEwODg3MjUzNzYyNzc_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT05ZDRkNGVmYjM5ZmYyMjkyOTNjZGEzZTdhZTg4MTgyYTJkMmVhZmFhZjUzMzkzYWUwMmM5ZDE2ZmNhMWViOTFlMzY3MzZiNTYxNjRiZmU2NTJkNDc5NTFlZmM1OGVkMGY2OWU1NDk2N2RmZjgwMmFmZTg1OTgyMTk5MWQwNWJhMDcwNTA3YTlmYzY1YzM4OGNmYmFjZjE5YjQ3ZTkzODEwNzZkYzRhNzNjMzg4ZmIwNmRkNDc3Mzc4MGQ0MmRiY2MxMCZ0ej0wJnV1aWQ9M2Q5N2U1YzUtYWNmNC00MTJkLTgyYzYtOGNhN2RmMmFkMTIwJTNBMiUzQTE%3D&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false HTTP/1.1
Host: couldobliterate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://couldobliterate.com/watch.1088725376277?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
Cookie: u_pl=21552854; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://worldcapacity.blogspot.com/
Access-Control-Allow-Origin: https://worldcapacity.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e1289c48ea79a5a4bd192ecaca6af3f7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

traumatizedenied.com/api/users?token=L3dhdGNoLjE0MTQwMTU5ODQ0NDE_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT02OWRiMTg4Y2U0ODA3MmE3ZjE4YmNjOTQwNTM1NmQ1Y2U3NGIwNzU1ODIwOWVmMmNlYjEyNTJlYzliNzNiZGZkNzExMGM4ZWQ5YmI3NDY0MTA0YzRhN2NlMjE5YzNlZjUzOWQxYjQwYjc0YmQ2MGUyZDI1ZWE3YTgyNmUyMDNlNTVmZDc1YjMxMDcwM2EzOTZkODczNTIxODNiMTliNGJlOTQ1ODJhZjJlZTQ4MGI1NWE1NzI4YWVhNjZlZDZmJnR6PTAmdXVpZD0zZDk3ZTVjNS1hY2Y0LTQxMmQtODJjNi04Y2E3ZGYyYWQxMjAlM0EyJTNBMQ%3D%3D&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false

173.233.137.60

1.8 kB

URL
traumatizedenied.com/api/users?token=L3dhdGNoLjE0MTQwMTU5ODQ0NDE_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT02OWRiMTg4Y2U0ODA3MmE3ZjE4YmNjOTQwNTM1NmQ1Y2U3NGIwNzU1ODIwOWVmMmNlYjEyNTJlYzliNzNiZGZkNzExMGM4ZWQ5YmI3NDY0MTA0YzRhN2NlMjE5YzNlZjUzOWQxYjQwYjc0YmQ2MGUyZDI1ZWE3YTgyNmUyMDNlNTVmZDc1YjMxMDcwM2EzOTZkODczNTIxODNiMTliNGJlOTQ1ODJhZjJlZTQ4MGI1NWE1NzI4YWVhNjZlZDZmJnR6PTAmdXVpZD0zZDk3ZTVjNS1hY2Y0LTQxMmQtODJjNi04Y2E3ZGYyYWQxMjAlM0EyJTNBMQ%3D%3D&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2531)
Size
1.8 kB (1815 bytes)
Hash
0663b1d29e03ebea75ddf8c481937522
ef077775cda05e5c3416a6178a3b8425cc22d3db
70ad56cc5add3de24ee6d1627f554a3446e21d95b64f33347c8141ac580bf554

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3dhdGNoLjE0MTQwMTU5ODQ0NDE_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT02OWRiMTg4Y2U0ODA3MmE3ZjE4YmNjOTQwNTM1NmQ1Y2U3NGIwNzU1ODIwOWVmMmNlYjEyNTJlYzliNzNiZGZkNzExMGM4ZWQ5YmI3NDY0MTA0YzRhN2NlMjE5YzNlZjUzOWQxYjQwYjc0YmQ2MGUyZDI1ZWE3YTgyNmUyMDNlNTVmZDc1YjMxMDcwM2EzOTZkODczNTIxODNiMTliNGJlOTQ1ODJhZjJlZTQ4MGI1NWE1NzI4YWVhNjZlZDZmJnR6PTAmdXVpZD0zZDk3ZTVjNS1hY2Y0LTQxMmQtODJjNi04Y2E3ZGYyYWQxMjAlM0EyJTNBMQ%3D%3D&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false HTTP/1.1
Host: traumatizedenied.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://traumatizedenied.com/watch.1414015984441?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
Cookie: u_pl=21552854; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjpmYWxzZSwiciI6Imh0dHBzOi8vd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20vIiwiYXIiOltdfX0.CtfaWzSPploclPxlieb7qYAgLZeTVQMjNkLIDkRVBp8; uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://worldcapacity.blogspot.com/
Access-Control-Allow-Origin: https://worldcapacity.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 88f12730b947b0ff966dc0f1379441a2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21552854

192.243.61.227

1.4 kB

URL
conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21552854
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (492)
Size
1.4 kB (1403 bytes)
Hash
254c12bb6cbef106f1743848bf652230
fb8017668862a37c358b788ec45f6cf101604bac
4034dbd37f738146636fc5505efecbc65b5316b5438fb033cad4d042dd1f66c0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=21552854 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://worldcapacity.blogspot.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Tue, 05 Dec 2023 11:51:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Wed, 06 Dec 2023 11:51:51 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjE1NTI4NTQiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.BgpsqlC6ofESwsrlscMo195jqbsU2DsuzcCufaYJJOA; expires=Tue, 05 Dec 2023 11:52:51 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a8c29d558bfb7036e86dd6ce2f36a6e5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

attendancereporterwren.com/api/users?token=L3dhdGNoLjE2NDkzNTM3NDQ0Mjk_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT00MGU1ZWJlODg5MjRiZjczZjVlYzZjODYyMTg1MWNkMjNiMjA4ZTBhMzQ2MmNlZWE3N2RkM2Q0MTFiZjM4YjdmOTU1ZGFiYzVmMmE3YjRjNWEyNmRiYzU2NDVjOWRiYmRhZWNhMzFjYzFlNDgxYTIwZGIyZmY3MzhjYzFlMGJhMGY3ZjhlZDMwNDVkZjM5OWM2NzBmYzM5ZTIxMmRlYWFlN2I2NGIwZGM3MWMzMjIzMTc5ZWYwODNmYTkmdHo9MCZ1dWlkPTNkOTdlNWM1LWFjZjQtNDEyZC04MmM2LThjYTdkZjJhZDEyMCUzQTIlM0Ex&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false

192.243.59.12

1.8 kB

URL
attendancereporterwren.com/api/users?token=L3dhdGNoLjE2NDkzNTM3NDQ0Mjk_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT00MGU1ZWJlODg5MjRiZjczZjVlYzZjODYyMTg1MWNkMjNiMjA4ZTBhMzQ2MmNlZWE3N2RkM2Q0MTFiZjM4YjdmOTU1ZGFiYzVmMmE3YjRjNWEyNmRiYzU2NDVjOWRiYmRhZWNhMzFjYzFlNDgxYTIwZGIyZmY3MzhjYzFlMGJhMGY3ZjhlZDMwNDVkZjM5OWM2NzBmYzM5ZTIxMmRlYWFlN2I2NGIwZGM3MWMzMjIzMTc5ZWYwODNmYTkmdHo9MCZ1dWlkPTNkOTdlNWM1LWFjZjQtNDEyZC04MmM2LThjYTdkZjJhZDEyMCUzQTIlM0Ex&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2541)
Size
1.8 kB (1822 bytes)
Hash
55e43f0b3a20df9ad3fb6a06518a9419
01b8d81e530f920f7856cd3c23afbc7d14567f18
db4ce3d9438751ba9da214bb606bc231d0a30397e6d9ed943b63bfb0b69bd604

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3dhdGNoLjE2NDkzNTM3NDQ0Mjk_ZGV2PWUma2V5PTU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczJmt3PSU1QiUyNnF1b3QlM0J3b3JsZCUyNnF1b3QlM0IlMkMlMjZxdW90JTNCY2FwYWNpdHklMjZxdW90JTNCJTVEJnBzdD0xNzAxNzc3MTcwJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcmVzPTE0LjMwOTUmcm10Yz10JnNodT00MGU1ZWJlODg5MjRiZjczZjVlYzZjODYyMTg1MWNkMjNiMjA4ZTBhMzQ2MmNlZWE3N2RkM2Q0MTFiZjM4YjdmOTU1ZGFiYzVmMmE3YjRjNWEyNmRiYzU2NDVjOWRiYmRhZWNhMzFjYzFlNDgxYTIwZGIyZmY3MzhjYzFlMGJhMGY3ZjhlZDMwNDVkZjM5OWM2NzBmYzM5ZTIxMmRlYWFlN2I2NGIwZGM3MWMzMjIzMTc5ZWYwODNmYTkmdHo9MCZ1dWlkPTNkOTdlNWM1LWFjZjQtNDEyZC04MmM2LThjYTdkZjJhZDEyMCUzQTIlM0Ex&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false HTTP/1.1
Host: attendancereporterwren.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attendancereporterwren.com/watch.1649353744429?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
Cookie: u_pl=21552854; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 11:51:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://worldcapacity.blogspot.com/
Access-Control-Allow-Origin: https://worldcapacity.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1ed2714cd3a7e5faf87669b1f861b7b1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

attendancereporterwren.com/api/users?token=L3dhdGNoLjk3MTAzMzA0MjU5OT9kZXY9ZSZrZXk9NTQ5ZTlhMzg3YTQ1Nzc4NWUzYWMxZDRlYTkzNTMwNzMma3c9JTVCJTI2cXVvdCUzQndvcmxkJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JjYXBhY2l0eSUyNnF1b3QlM0IlNUQmcHN0PTE3MDE3NzcxNzAmcmVmZXI9aHR0cHMlM0ElMkYlMkZ3b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbSUyRiZyZXM9MTQuMzA5NSZybXRjPXQmc2h1PTJjMDhmODFhNGUxZTFiMDBjMmY1YWExNWNkODlmOGYyOTZmMzc3ZmJlYzEyNjdhYjc0NGJkNzkxYWYzYjhlNWVhMTY0NzdkOTZlZWE3MjViMWIzYThjYjhkMjJlMDM2N2Q5M2ZiOGNmYTY5YzIwOGJjNGZlYzg4NjkxYjdiYjk2ZmIzOGU5NzYzNGZiMmY5NmVmNDFmNzMxMTI0ODYzMWE0MGNlMWIyZWU1MTAzZmNhMzZlYWFjZmJkMTgzOWMmdHo9MCZ1dWlkPTNkOTdlNWM1LWFjZjQtNDEyZC04MmM2LThjYTdkZjJhZDEyMCUzQTIlM0Ex&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false

192.243.59.12

1.8 kB

URL
attendancereporterwren.com/api/users?token=L3dhdGNoLjk3MTAzMzA0MjU5OT9kZXY9ZSZrZXk9NTQ5ZTlhMzg3YTQ1Nzc4NWUzYWMxZDRlYTkzNTMwNzMma3c9JTVCJTI2cXVvdCUzQndvcmxkJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JjYXBhY2l0eSUyNnF1b3QlM0IlNUQmcHN0PTE3MDE3NzcxNzAmcmVmZXI9aHR0cHMlM0ElMkYlMkZ3b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbSUyRiZyZXM9MTQuMzA5NSZybXRjPXQmc2h1PTJjMDhmODFhNGUxZTFiMDBjMmY1YWExNWNkODlmOGYyOTZmMzc3ZmJlYzEyNjdhYjc0NGJkNzkxYWYzYjhlNWVhMTY0NzdkOTZlZWE3MjViMWIzYThjYjhkMjJlMDM2N2Q5M2ZiOGNmYTY5YzIwOGJjNGZlYzg4NjkxYjdiYjk2ZmIzOGU5NzYzNGZiMmY5NmVmNDFmNzMxMTI0ODYzMWE0MGNlMWIyZWU1MTAzZmNhMzZlYWFjZmJkMTgzOWMmdHo9MCZ1dWlkPTNkOTdlNWM1LWFjZjQtNDEyZC04MmM2LThjYTdkZjJhZDEyMCUzQTIlM0Ex&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2548)
Size
1.8 kB (1831 bytes)
Hash
96b11a3863bf9170399b562149c7228e
9e2c993a68dab6c44df53250a8f29e54e77eeda9
cd960ccdf8d1c6fd1dfc1f7c3bb8439c6c412bff42e962a617eaa24a0c857a31

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3dhdGNoLjk3MTAzMzA0MjU5OT9kZXY9ZSZrZXk9NTQ5ZTlhMzg3YTQ1Nzc4NWUzYWMxZDRlYTkzNTMwNzMma3c9JTVCJTI2cXVvdCUzQndvcmxkJTI2cXVvdCUzQiUyQyUyNnF1b3QlM0JjYXBhY2l0eSUyNnF1b3QlM0IlNUQmcHN0PTE3MDE3NzcxNzAmcmVmZXI9aHR0cHMlM0ElMkYlMkZ3b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbSUyRiZyZXM9MTQuMzA5NSZybXRjPXQmc2h1PTJjMDhmODFhNGUxZTFiMDBjMmY1YWExNWNkODlmOGYyOTZmMzc3ZmJlYzEyNjdhYjc0NGJkNzkxYWYzYjhlNWVhMTY0NzdkOTZlZWE3MjViMWIzYThjYjhkMjJlMDM2N2Q5M2ZiOGNmYTY5YzIwOGJjNGZlYzg4NjkxYjdiYjk2ZmIzOGU5NzYzNGZiMmY5NmVmNDFmNzMxMTI0ODYzMWE0MGNlMWIyZWU1MTAzZmNhMzZlYWFjZmJkMTgzOWMmdHo9MCZ1dWlkPTNkOTdlNWM1LWFjZjQtNDEyZC04MmM2LThjYTdkZjJhZDEyMCUzQTIlM0Ex&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1&pii=&in=false HTTP/1.1
Host: attendancereporterwren.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://attendancereporterwren.com/watch.971033042599?key=549e9a387a457785e3ac1d4ea9353073&kw=%5B%22world%22%2C%22capacity%22%5D&refer=https%3A%2F%2Fworldcapacity.blogspot.com%2F&tz=0&dev=e&res=14.3095&uuid=3d97e5c5-acf4-412d-82c6-8ca7df2ad120%3A2%3A1
Cookie: u_pl=21552854; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoyMTU1Mjg1NCwiayI6IjU0OWU5YTM4N2E0NTc3ODVlM2FjMWQ0ZWE5MzUzMDczIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjozMjkyMDcwLCJwaWQiOjE0NjI2MDcsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MjgsImFpZCI6MjMsInB0Ijo0LCJwayI6ImpxcHVtaW5mNjYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.FIFEWq9O41XUabuseo8FARIPd-zNuIJk_ao7xLcogio; uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 11:51:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://worldcapacity.blogspot.com/
Access-Control-Allow-Origin: https://worldcapacity.blogspot.com/
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=3d97e5c5-acf4-412d-82c6-8ca7df2ad120:2:1; expires=Tue, 12 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
pdhtkv23=true; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
uncs23=1; expires=Wed, 06 Dec 2023 11:51:51 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6db3e2db23e5f5150a408640cf862706
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxNTUyODU0JnBzdD0xNzAxNzc3MTcxJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcm10Yz10JnNodT05YzRiNjA5NzFiNTFlZmIwNDE5MmM0ODQ4NGFiNmU4ZDBiYTA3MDkxYjlhNWU3MWY1MTUxZDkyMGM1YWJmZGU3ZDNhNmYyNDA2OTZjM2I0N2U1OTYyYWM1ZDI1Y2FhZDgwZjAzZDY5ZDdmODFlNWJmOTA1MjMzYjA1ZWYzNzM2NzIxYzgwZWVjMTRlOWU3MDE1OGQzOTMyNDdhNTQwNDMwMTA3YTk4YTYzZjcxN2UxMTI2YmFhOTAxYWE2Y2Fl&uuid=&pii=&in=false

192.243.59.20

302 Found

0 B

URL User Request GET HTTP/1.1
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxNTUyODU0JnBzdD0xNzAxNzc3MTcxJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcm10Yz10JnNodT05YzRiNjA5NzFiNTFlZmIwNDE5MmM0ODQ4NGFiNmU4ZDBiYTA3MDkxYjlhNWU3MWY1MTUxZDkyMGM1YWJmZGU3ZDNhNmYyNDA2OTZjM2I0N2U1OTYyYWM1ZDI1Y2FhZDgwZjAzZDY5ZDdmODFlNWJmOTA1MjMzYjA1ZWYzNzM2NzIxYzgwZWVjMTRlOWU3MDE1OGQzOTMyNDdhNTQwNDMwMTA3YTk4YTYzZjcxN2UxMTI2YmFhOTAxYWE2Y2Fl&uuid=&pii=&in=false
IP
192.243.59.20:443
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjectconqueredallrightswell.com
Fingerprint9E:C2:75:0A:08:52:CB:97:0C:C6:54:67:5E:6F:7F:C9:D8:00:28:1C
ValidityTue, 14 Nov 2023 16:14:39 GMT - Mon, 12 Feb 2024 16:14:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTIxNTUyODU0JnBzdD0xNzAxNzc3MTcxJnJlZmVyPWh0dHBzJTNBJTJGJTJGd29ybGRjYXBhY2l0eS5ibG9nc3BvdC5jb20lMkYmcm10Yz10JnNodT05YzRiNjA5NzFiNTFlZmIwNDE5MmM0ODQ4NGFiNmU4ZDBiYTA3MDkxYjlhNWU3MWY1MTUxZDkyMGM1YWJmZGU3ZDNhNmYyNDA2OTZjM2I0N2U1OTYyYWM1ZDI1Y2FhZDgwZjAzZDY5ZDdmODFlNWJmOTA1MjMzYjA1ZWYzNzM2NzIxYzgwZWVjMTRlOWU3MDE1OGQzOTMyNDdhNTQwNDMwMTA3YTk4YTYzZjcxN2UxMTI2YmFhOTAxYWE2Y2Fl&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMjE1NTI4NTQiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93b3JsZGNhcGFjaXR5LmJsb2dzcG90LmNvbS8iLCJhciI6W119fQ.BgpsqlC6ofESwsrlscMo195jqbsU2DsuzcCufaYJJOA; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Tue, 05 Dec 2023 11:51:52 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
Set-Cookie: pdhtkv=true; expires=Wed, 06 Dec 2023 11:51:52 GMT
uncs=1; expires=Wed, 06 Dec 2023 11:51:52 GMT
pdhtkv28=true; expires=Wed, 06 Dec 2023 11:51:52 GMT
uncs28=1; expires=Wed, 06 Dec 2023 11:51:52 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8f0512dcb204ea7fa90ea9e4d4a7f595
Strict-Transport-Security: max-age=0; includeSubdomains

adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660

13.107.246.53

307 Temporary Redirect

0 B

URL User Request GET HTTP/2
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
IP
13.107.246.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; domain=.unibet.com; expires=Thu, 05-Dec-3022 11:51:53 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 02Q5vZQAAAAAZ53QUExCPTp2kx2b3WEQ6U1ZHMjBFREdFMDUwOAAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Tue, 05 Dec 2023 11:51:52 GMT
content-length: 0
X-Firefox-Spdy: h2

www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Tue, 05 Dec 2023 11:51:53 GMT
content-length: 0
location: https://www.unibet.com:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
set-cookie: JSESSIONID=node0120ohjsd0t6h5pqa9cgqfl9o341782.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; Path=/; Domain=.unibet.com; Expires=Thu, 04-Dec-2025 11:51:53 GMT; Max-Age=63072000; Secure
uniattr=ST.0.T; Path=/; Domain=.unibet.com; Expires=Thu, 04-Dec-2025 11:51:53 GMT; Max-Age=63072000; Secure
uniattr_ref="https://conqueredallrightswell.com/"; Path=/; Domain=.unibet.com; Expires=Thu, 04-Dec-2025 11:51:53 GMT; Max-Age=63072000; Secure
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
affid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
netwid=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
CLAIM_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
affiliateId=1; Path=/; Domain=.unibet.com; Secure
B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; Path=/; Domain=.unibet.com; Secure
REGISTRATION_CODE=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
BID=37950; Path=/; Domain=.unibet.com; Secure
PID=68246908; Path=/; Domain=.unibet.com; Secure
CHID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; Path=/; Domain=.unibet.com; Secure
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
BOCAID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
PRODUCT_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; Path=/; Domain=.unibet.com; Secure
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
campaignId=; Path=/; Domain=.unibet.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure
clientId=polopoly_desktop; Domain=www.unibet.com; Path=/; SameSite=None; Secure
referer: https://conqueredallrightswell.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Tue, 05 Dec 2023 11:51:53 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950

85.184.96.28

301 Moved Permanently

0 B

URL User Request GET HTTP/2
www.unibet.com/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950 HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 301 Moved Permanently
date: Tue, 05 Dec 2023 11:51:53 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Tue, 05 Dec 2023 11:51:53 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png

172.64.144.152

302 Found

0 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Tue, 05 Dec 2023 11:51:53 GMT
content-length: 0
location: https://www.unibet.com/
vary: Accept-Encoding
server: cloudflare
cf-ray: 830c147268b256b5-OSL
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js

142.250.74.74

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (65451)
Size
30 kB (30399 bytes)
Hash
a09e13ee94d51c524b7e2a728c7d4039
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

HTTP Headers

GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 05 Dec 2023 11:26:55 GMT
expires: Wed, 04 Dec 2024 11:26:55 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 1498
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js

85.184.96.5

200 OK

956 B

URL GET HTTP/2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text
Size
956 B (956 bytes)
Hash
fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47

HTTP Headers

GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500

172.217.21.170

200 OK

39 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500
IP
172.217.21.170:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Unicode text, UTF-8 text, with very long lines (24756), with CRLF, LF line terminators
Size
39 kB (38908 bytes)
Hash
009109eae452115ba323978943db2c3f
615ff6c1e915aab65f0367facec07bbb6e4f0b9e
d4ce844aba111e91f026f3eec9792a8bdd0f65df79b5c879c2d6d77ff38fe5e8

HTTP Headers

GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 05 Dec 2023 11:51:54 GMT
date: Tue, 05 Dec 2023 11:51:54 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908

172.64.144.152

200 OK

115 kB

URL User Request GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text
Size
115 kB (114731 bytes)
Hash
698db77e2969bc8a7dcc14c21599b6b6
f7c29015d733283c62501bea89afd820eab643bf
168998f26593c8e933cf84a5d32762413177d1a72b1caa35a07cf721a4060e7e

HTTP Headers

GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: text/html; charset=utf-8
cf-ray: 830c14702e3756b5-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: aY23filpvIp9zBTCFZm2tg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 168849aa-301e-0047-3571-277959000000
x-ms-version: 2014-02-14
set-cookie: btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/widget/betslip/betslip.js

172.64.144.152

200 OK

71 kB

URL GET HTTP/2
welcome.unibet.com/widget/betslip/betslip.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text, with very long lines (693)
Size
71 kB (71149 bytes)
Hash
5770dc60397ffb834d1280aa7bcebbd0
f0bbf2136b83babe5a8f70eeff2308279e9a0d3a
42e08e8d4858e610d87679ab66e8a7cf4b575614c0aa1423d8a1c0245bda9a52

HTTP Headers

GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 830c1473b9ed56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 359294
cache-control: public, max-age=900, immutable
etag: W/"0x8D67ACF6D112CB5"
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
vary: Accept-Encoding
content-md5: V3DcYDl/+4NNEoCqe8670A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5135171d-601e-0075-7649-0c792e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg

172.64.144.152

200 OK

21 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
21 kB (20998 bytes)
Hash
bf06fba2ca517eddb1cc60ed26f47758
d184102516fbb91e198b99a09ac6f739d13d836d
6a91f72758fb0426e2cf9b5f36432666b620d80d825989e9dd6175a251c78475

HTTP Headers

GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: image/svg+xml
cf-ray: 830c147268b456b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 538916
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B7E8320"
last-modified: Wed, 13 Sep 2023 15:43:26 GMT
vary: Accept-Encoding
content-md5: vwb7ospRft2xzGDtJvR3WA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a95fdfb0-e01e-0019-5dda-1592b9000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2

172.64.140.13

200 OK

74 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP
172.64.140.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Size
74 kB (74320 bytes)
Hash
3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9

HTTP Headers

GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: font/woff2
content-length: 74320
access-control-allow-origin: *
cache-control: max-age=31556926
etag: "3638e62ea50e6f5859b6a15276c25c87"
last-modified: Fri, 22 Sep 2023 01:45:51 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 535415
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iFKJgvfZEkyNTcbRDxHmemJupII1u4fGhuzIxJ0wcexrLyBsHY7Jauw57DiPteImSQySGd2UbET%2F%2Fc9ikyvzOXl5Kk94FUH86CzUKJ7UkpyYX4SVDyGhh7Mdf9Rb1aot%2BSAFnxU0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830c1474abb9772c-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:43:03 GMT
expires: Tue, 03 Dec 2024 23:43:03 GMT
cache-control: public, max-age=31536000
age: 43731
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 05:05:31 GMT
expires: Fri, 29 Nov 2024 05:05:31 GMT
cache-control: public, max-age=31536000
age: 456383
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a1s.unibet.com/orval/tracking/lastclick.min.js

85.184.96.5

200 OK

17 kB

URL GET HTTP/2
a1s.unibet.com/orval/tracking/lastclick.min.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
17 kB (16734 bytes)
Hash
209c60a82cb12bde779a3843986a48ee
b700b903e5f578aa06438694fd3ba91c255c2ece
21dc7673d2d524af425d2e9552ba2e351170f61871d9548920b30071b28a1d46

HTTP Headers

GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no

104.40.147.180

200 OK

4.7 kB

URL GET HTTP/2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP
104.40.147.180:443
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerMicrosoft Corporation
Subject*.azurewebsites.net
Fingerprint0A:12:F7:66:D9:79:A1:83:48:0D:FC:30:BC:F5:BD:27:AF:F4:1A:84
ValidityTue, 01 Aug 2023 09:55:22 GMT - Thu, 27 Jun 2024 23:59:59 GMT

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (4694), with no line terminators
Size
4.7 kB (4706 bytes)
Hash
6da85e5cdf0e4437fd98fd79cb2c2843
fc49c728348c8bdb8182e4b61ffe990af8a1d935
107b420a81c845bd10c95c525f57d4395f9a1309bb604f7a0f532e62dd41afa6

HTTP Headers

GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Tue, 05 Dec 2023 11:51:54 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=3bc95a0a907b373b7281dbab7510fee65c0d02b1386194a9530165823f0e06fa;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=3bc95a0a907b373b7281dbab7510fee65c0d02b1386194a9530165823f0e06fa;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
content-length: 4706
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg

172.64.144.152

200 OK

1.5 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1513), with no line terminators
Size
1.5 kB (1481 bytes)
Hash
49bb8022b31261533a9fc360618129c2
35ab11ba839506015fe62c50a79bf3aff01d049c
559f2bd484ade1ad03ed79c5a5de1604fe9acc174164d3fd28d68eff7acbe2b3

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: image/svg+xml
cf-ray: 830c147268b056b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 360211
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702D1E3897"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Kch+tYuo05USS5JaESq1rA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 89ff6622-901e-005e-7ca4-16f9e2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg

172.64.144.152

200 OK

966 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1004), with no line terminators
Size
966 B (966 bytes)
Hash
60530a8226b6f89fbd6e188cd9bdb2fc
5ff9b1d4f00eb8dc12ecb50e0a87abadf144a17d
1c0ec6dc6f122167b6c09d4cafb6ab7312fa4908ba74693ea7105730a5a2ed93

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: image/svg+xml
cf-ray: 830c147268af56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 468847
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CE70450"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: Z4302O+bSqlX5UM92U+35A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: aee50919-501e-006e-6628-0d472d000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2

172.64.144.152

200 OK

11 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Size
11 kB (10924 bytes)
Hash
0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b

HTTP Headers

GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: font/woff2
content-length: 10924
cf-ray: 830c14748ad056b5-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 466607
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702DB224D1"
last-modified: Wed, 13 Sep 2023 15:43:29 GMT
vary: Accept-Encoding
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 079c49b7-601e-0028-537f-0c73aa000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

www.unibet.com/

85.184.96.28

200 OK

0 B

URL GET HTTP/2
www.unibet.com/
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: text/html;charset=utf-8
x-request-id: 4e12e08920079d5a1f4d31ae815b3554
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Tue, 05 Dec 2023 11:52:07 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg

104.16.48.126

200 OK

25 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP
104.16.48.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
25 kB (24901 bytes)
Hash
7857f5fa35651d9795bac512238caaf4
107c2b86078dd49ffd18c76724bd290018719037
bf1b321fe365e6fdb5429bcebb8a6b5b9ed554d84f4eced5e69cc31038455a81

HTTP Headers

GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: b31b4379-501e-0041-450f-134ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 395
vary: Accept-Encoding
server: cloudflare
cf-ray: 830c1477ec56569c-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg

172.64.144.152

200 OK

13 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (1356)
Size
13 kB (12666 bytes)
Hash
7a982245aa6326903b0e7893885e42fb
47fa69cfed4819f23a8764170e04f5744bd47cd6
18b0e4aa1e8678befe4e7db06e054447b9f96684d817b6424a6b8824042a45fb

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: image/svg+xml
cf-ray: 830c1472386356b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 460988
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DD4C2C5"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: epgiRapjJpA7DniTiF5C+w==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f0a9fb76-d01e-005f-5e18-15a63e000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC

142.250.74.168

200 OK

192 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (25136)
Size
192 kB (192188 bytes)
Hash
b0b4175cf14760a93648ab9e369691d7
d3b79412060af66ad5bd72ea25369c32b3ae660d
b9911b8bf9f2f33346cf4c46a52ca05130755b370396d5fd93a6390a4629c7f8

HTTP Headers

GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 05 Dec 2023 11:51:54 GMT
expires: Tue, 05 Dec 2023 11:51:54 GMT
cache-control: private, max-age=900
last-modified: Tue, 05 Dec 2023 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67306
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.163

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.163:443
ASN
#15169 GOOGLE

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:53:07 GMT
expires: Fri, 29 Nov 2024 04:53:07 GMT
cache-control: public, max-age=31536000
age: 457127
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css

172.64.144.152

200 OK

22 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text
Size
22 kB (22452 bytes)
Hash
cd7901ab004cbe23cf68ae6b0486a998
11c4422439ed8b081e672eceef735ed1fcad6e90
01d6d6271e9cfda8348fcde699bbb334310b6ba858f1d01fbe2b08b6ceba6c1b

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: text/css; charset=utf-8
cf-ray: 830c1472184056b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 453833
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702AA0A0C4"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: zXkBqwBMviPPaK5rBIapmA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: dda9c37d-401e-0010-5ea4-13d76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js

172.64.144.152

200 OK

5.4 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document, ASCII text, with very long lines (5609), with no line terminators
Size
5.4 kB (5424 bytes)
Hash
41e296392bf29f4381ad03c8314479cd
6fd53f13908be09218cff171d1bf6d9a9e954e19
58020e44456892a4b398728d98b53b09fc9a208593afedc66ac2636721932d9d

HTTP Headers

GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 830c1472284d56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 370502
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E25208C"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 348b4653-601e-0038-3c49-0cb6c2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg

172.64.144.152

200 OK

3.2 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3287), with no line terminators
Size
3.2 kB (3207 bytes)
Hash
910a470c87e6907732caefbe1b43f25c
709f3846db3c983a502d081a17c95404c545141c
c1912c86d189996a4995f3c142f73f88150fd922a203f914e1a17992f07a2db5

HTTP Headers

GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: image/svg+xml
cf-ray: 830c1472385856b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 545265
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B55A494"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 862f85ee-201e-005b-777e-1e2b39000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico

172.64.144.152

200 OK

421 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Size
421 B (421 bytes)
Hash
ad2d9f441c6692a806c7b427bb3e536d
4978e1ffc5b62c3e2231d22aeb8f7ac679764abe
95efe0e48a145adb6c6c385cecb0e2a7a3dd2e9a3f7a01ca0647e373602770ed

HTTP Headers

GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: image/x-icon
cf-ray: 830c14757bdc56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 538770
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702ABA666E"
last-modified: Wed, 13 Sep 2023 15:43:24 GMT
vary: Accept-Encoding
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: ac00a8bf-d01e-0002-5b3a-14acba000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/custom.js

172.64.144.152

200 OK

5.9 kB

URL GET HTTP/2
welcome.unibet.com/custom.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
ASCII text, with very long lines (6078), with no line terminators
Size
5.9 kB (5881 bytes)
Hash
f1d301b9a66fabf51fc0630bdcaf0bf8
45100e61056b88ffd1f2f4bc02f393cda328b595
9f86f4c23e72c39fe76f986ada1f7649af6abc8a1da08760e287498c84c772d5

HTTP Headers

GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: application/javascript
cf-ray: 830c1472285556b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 466701
etag: W/"0x8DA115DA300B0C1"
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
vary: Accept-Encoding
content-md5: e/Aekt1V1fopj1X7y5r9MA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b3159e82-501e-0041-530e-134ae6000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.unibet.com/

85.184.96.28

200 OK

0 B

URL GET HTTP/2
www.unibet.com/
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
DNT: 1
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: text/html;charset=utf-8
x-request-id: 4e12e08920079d5a1f4d31ae815b3554
x-ua-compatible: IE=Edge,chrome=1,requiresActiveX=true
cache-control: public, max-age=0, s-maxage=60
expires: Tue, 05 Dec 2023 11:52:07 GMT
vary: accept-encoding
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg

104.16.48.126

200 OK

4.9 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP
104.16.48.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4999), with no line terminators
Size
4.9 kB (4873 bytes)
Hash
7506851c12654bfc54bb813a52957b68
b88e0179a85912068c3480f522a8b0958a23046c
0217e3f9fd1201390e06eee878ccbf84feba0077e7cdd01754170f78e18c274d

HTTP Headers

GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 90577b5d-e01e-0026-0f98-165a1a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 327
vary: Accept-Encoding
server: cloudflare
cf-ray: 830c1477ec50569c-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg

172.64.144.152

200 OK

807 B

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document, ASCII text, with very long lines (853), with no line terminators
Size
807 B (807 bytes)
Hash
f15fae382cc1d3e2e193f9c40c15a343
d11f4a64118554c780b89adee4599c9a87ed00f4
933e872ad40b252a87a6010ca407ba9085c3859340d2075a4dca4374d084bcda

HTTP Headers

GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: image/svg+xml
cf-ray: 830c1472385b56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 538840
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702B2489E0"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: QazcDvviTF55mXL/M8kCWQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 83e30576-601e-0028-58a9-1673aa000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg

172.64.144.152

200 OK

5.7 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5942), with no line terminators
Size
5.7 kB (5740 bytes)
Hash
e78a89d4d455992dad24f8d5a66e1d25
bff521852ffdf8934c26a627aaea680d84cd08bb
cba1b2c9cc48a01ef1a542ec799e6005cedf390479ad761b3840c999b6ed8b70

HTTP Headers

GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: image/svg+xml
cf-ray: 830c1472588f56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 456685
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DDE5E49"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: 2fR27yW0b9kBp/ebW9u59A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e2bacc6f-401e-0010-6202-1cd76a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg

104.16.48.126

200 OK

1.1 kB

URL GET HTTP/2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP
104.16.48.126:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint1D:7A:63:AD:26:C4:EA:3F:E9:47:1D:1D:DE:FF:EF:66:52:E5:DD:F7
ValidityThu, 09 Mar 2023 00:00:00 GMT - Fri, 08 Mar 2024 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1065), with no line terminators
Size
1.1 kB (1053 bytes)
Hash
8994f187d31c33e41e6af6c078d8b4f3
e65a39fb2b4d56343b2af57a19ba38612eaa262f
e4f28e35c66413fc59cb5bdb97c30fd7de981c9408b0f38068c3f71661f52872

HTTP Headers

GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: 850b18b8-b01e-003b-137b-0c57a6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 524
vary: Accept-Encoding
server: cloudflare
cf-ray: 830c1477ec5a569c-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg

172.64.144.152

200 OK

16 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Size
16 kB (15888 bytes)
Hash
2e6f9dbfba55dfa91376da363e813261
b14b92d60cdf76622b9f91b3a56c7a8d98649c23
ec5264587927f5d20d839f8f7d97e98e8dd4d9cce69ffd27a0d63d13d2102498

HTTP Headers

GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: image/svg+xml
cf-ray: 830c1472385e56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 373160
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702DCB4E58"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 76cbcfd3-901e-004e-01cc-1c3c8a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg

172.64.144.152

200 OK

98 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Size
98 kB (98453 bytes)
Hash
8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: image/jpeg
content-length: 98453
cf-ray: 830c14745a6c56b5-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 367959
cache-control: public, max-age=900, immutable
etag: "0x8DBB4702B1549FF"
last-modified: Wed, 13 Sep 2023 15:43:25 GMT
vary: Accept-Encoding
content-md5: jm2a9e8brf6Slbj8lnk8KA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0ff811ce-901e-0013-7152-1c360e000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

www.unibet.com/kindred_snow/s3.7.0/kindred_s.js

85.184.96.28

200 OK

74 kB

URL GET HTTP/2
www.unibet.com/kindred_snow/s3.7.0/kindred_s.js
IP
85.184.96.28:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text, with very long lines (65378)
Size
74 kB (74304 bytes)
Hash
3fb00dbb8acb3c68fd5ddb674f22bb88
cf7bc4f71f0ff66037ac2e564963ff4c2737e766
7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246

HTTP Headers

GET /kindred_snow/s3.7.0/kindred_s.js HTTP/1.1
Host: www.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=BLP.1.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: application/javascript
last-modified: Mon, 04 Dec 2023 14:00:57 GMT
vary: Accept-Encoding
etag: W/"656ddb99-12240"
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.com/index.html
content-encoding: gzip
X-Firefox-Spdy: h2

use.fontawesome.com/releases/v5.7.1/css/all.css

172.64.140.13

200 OK

54 kB

URL GET HTTP/2
use.fontawesome.com/releases/v5.7.1/css/all.css
IP
172.64.140.13:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerCloudflare, Inc.
Subjectuse.fontawesome.com
FingerprintCB:BE:6B:C4:5F:DF:18:7A:C3:AD:BF:6C:40:36:18:9F:E2:99:7F:78
ValidityThu, 12 Oct 2023 00:00:00 GMT - Thu, 10 Oct 2024 23:59:59 GMT

File type
ASCII text, with very long lines (54456), with no line terminators
Size
54 kB (54456 bytes)
Hash
7b1d7f457d056ace7b230b587b9f3753
4e0b45eedbe0c405f1faff0d5236a9ee0ff2065b
9c099acc093abd2df85eaa34052ad36fe69b6ed16582c14aecd2928baa3b63bf

HTTP Headers

GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:54 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31556926
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
last-modified: Fri, 22 Sep 2023 01:45:49 GMT
vary: Origin, Accept-Encoding
cf-cache-status: HIT
age: 2332135
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5Ic8FDH%2BzAPlrvtDRcevV1hN0q8ustwz4nhytJVfUKRsUS5XbtKaaBsi%2FVBhrzIKIldIn1i%2F4vpgsqARz0rAj8oiG1Vy2N9OqvUQlnAHrYjWlpgFDCQOlmWnFRYYW0WPSChoLXDd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830c1472f9ea772c-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg

172.64.144.152

200 OK

1.1 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1092), with no line terminators
Size
1.1 kB (1066 bytes)
Hash
72ece8ff11191ced6c715b6dffb50c8e
f31de9cc333fe23b895c701ac6bfe4a9388f456a
e51fdf1e222c2590c5436e649fbe707d5f80e6b3888bca1509510b9504b43949

HTTP Headers

GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: image/svg+xml
cf-ray: 830c147268ac56b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 465224
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702CDF8B61"
last-modified: Wed, 13 Sep 2023 15:43:28 GMT
vary: Accept-Encoding
content-md5: 9k4H3E55HXB5I94VinrUOQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: edf675d7-401e-005d-54c3-0b1886000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js

172.64.144.152

200 OK

4.5 kB

URL GET HTTP/2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP
172.64.144.152:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Certificate
IssuerLet's Encrypt
Subjectwelcome.unibet.com
Fingerprint65:16:31:49:1A:CB:F9:ED:27:02:3C:2B:51:B5:B0:7D:DC:1A:9D:E2
ValidityMon, 30 Oct 2023 17:30:52 GMT - Sun, 28 Jan 2024 17:30:51 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (4762), with no line terminators
Size
4.5 kB (4514 bytes)
Hash
cc638d634c8efd9452a05f3ed63a2c15
d680da0e128220e8310269d900408fb3727eca2d
9d2ff7f3c0209be9a5ba2736e033c4117893aed259278008797f0bfd43dea7fb

HTTP Headers

GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701777113306)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C20231251151%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210669511386%7c1%22%7d%5d; __ucbt=node0120ohjsd0t6h5pqa9cgqfl9o3; uniattr=ST.0.T; uniattr_ref="https://conqueredallrightswell.com/"; affiliateId=1; B-TAG=127656177_8ABF6C9DF5F640D3862E92714F2E5297; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fconqueredallrightswell.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.com%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_8ABF6C9DF5F640D3862E92714F2E5297%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; btag=127656177_8ABF6C9DF5F640D3862E92714F2E5297
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Tue, 05 Dec 2023 11:51:53 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 830c1472184256b5-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 275955
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB4702E1B3700"
last-modified: Wed, 13 Sep 2023 15:43:30 GMT
vary: Accept-Encoding
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0799503c-801e-0042-7d02-19ab82000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash