Report - www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-

Report Overview

Submitted URL
www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740
IP
104.18.42.155
ASN
#13335 CLOUDFLARENET
Submitted
2023-02-01 16:10:15
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
zz.connextra.com	14652	2014-03-20T18:05:16Z	2023-03-13T06:57:52Z	1.8 kB	19 kB	104.85.191.64
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-13T08:02:41Z	608 B	596 B	173.194.73.157
pixel.mathtag.com	1199	2012-05-22T07:36:42Z	2023-03-13T05:54:10Z	1.4 kB	3.5 kB	23.38.200.207
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	516 B	578 B	142.250.74.131
in-automate.sendinblue.com	28489	2015-05-18T03:26:49Z	2023-03-13T06:49:29Z	1.4 kB	522 B	104.17.9.12
static.cloudflareinsights.com	1294	2019-09-24T16:34:56Z	2023-03-13T05:15:33Z	459 B	393 B	104.16.57.101
powerplay-content.com	unknown	2018-07-28T18:03:00Z	2023-02-14T19:18:13Z	3.3 kB	264 kB	160.153.235.136
my.rtmark.net	9054	2015-02-04T10:54:57Z	2023-03-13T05:11:40Z	2.1 kB	3.8 kB	139.45.195.8
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.7 kB	5.6 kB	142.250.74.131
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	700 B	2.0 kB	54.230.245.100
ib.adnxs.com	241	2012-05-20T21:01:49Z	2023-03-13T05:28:06Z	621 B	343 B	185.89.210.20
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
ocsp.godaddy.com	698	2012-05-20T21:28:57Z	2023-03-13T05:12:19Z	340 B	2.3 kB	192.124.249.41
sync.mathtag.com	427	2012-05-22T07:36:42Z	2023-03-13T05:36:44Z	469 B	642 B	185.29.132.245
d1l906mtvq85kd.cloudfront.net	unknown	2023-01-27T22:41:01Z	2023-02-09T14:58:18Z	5.9 kB	188 kB	54.230.245.131
unphionetor.com	54035	2022-02-11T13:53:49Z	2023-03-13T05:31:17Z	1.3 kB	2.1 kB	139.45.197.236
propeller-tracking.com	187053	2020-04-16T10:57:14Z	2023-03-13T05:11:40Z	373 B	728 B	139.45.197.240
match.prod.bidr.io	503	2015-09-24T20:51:01Z	2023-03-13T06:56:54Z	813 B	627 B	54.194.123.13
sibautomation.com	26949	2017-01-21T16:10:10Z	2023-03-13T06:49:29Z	901 B	851 B	104.18.34.145
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
secure.adnxs.com	396	2012-05-22T18:37:37Z	2023-03-13T05:28:06Z	4.7 kB	11 kB	185.89.211.12
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	2.2 kB	42 kB	34.120.237.76
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	3.4 kB	8.9 kB	23.36.76.226
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	383 B	54 kB	142.250.74.168
ocsp.sectigo.com	487	2019-11-29T12:50:24Z	2023-03-13T08:22:43Z	340 B	963 B	172.64.155.188
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.189.35.180
segment.prod.bidr.io	10225	2015-10-13T07:06:08Z	2023-03-13T08:20:45Z	941 B	875 B	54.228.37.152
wp.powerplay-content.com	unknown	2019-12-11T10:13:19Z	2023-02-09T14:58:06Z	502 B	592 B	160.153.235.136
www.powerplay.com	unknown	2015-11-11T15:06:32Z	2023-02-27T16:11:42Z	8.2 kB	7.0 kB	104.18.42.155
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.0 kB	1.9 kB	93.184.220.29
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	374 B	21 kB	142.250.74.78
acdn.adnxs.com	573	2015-11-11T14:40:40Z	2023-03-13T07:55:59Z	367 B	3.7 kB	2.18.172.187

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-01	medium	unphionetor.com	Sinkholed
2023-02-01	medium	unphionetor.com	Sinkholed
2023-02-01	medium	unphionetor.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (30)

	URL	Size	First Seen	Last Seen
	www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740	375 B	2023-03-07	2023-03-17
Pretty URL www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740 IP 104.18.42.155 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash ec869c48e0ad18027c1921e90aca48ac b1398d5e4654b1e1924b74d3c7955ec874fa8ad4 21a52f2c5ce5990f6fdb5d1f2598983263eeac5ffcfda8225230ca962a0a0b75 Loading...

	www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740	193 B	2023-03-07	2023-03-17
Pretty URL www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740 IP 104.18.42.155 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 5158a9305f12b1b70d98e51ea11cccfa da05d618408d7e1953374138eec7b58501a0864b 4990e681894f3f7efc3eba2f0bc7a8cc7989e60ac03098164bb479089f383369 Loading...

	secure.adnxs.com/seg?add=20568435&t=1	0 B	2023-03-07	2024-04-26
Pretty URL secure.adnxs.com/seg?add=20568435&t=1 IP 185.89.211.12 ASN #29990 ASN-APPNEX Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-26 23:29:16 Times Seen37104596 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740	859 B	2023-03-07	2023-03-17
Pretty URL www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740 IP 104.18.42.155 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 100268f2d5e40c7fc2779554812a1412 191daa6a958057b4a5e412082431005daa3ae78c 3916bdca8837f7da965e1874c4f8aee92d01542efd511a6af6a5b005d4dce087 Loading...

	sibautomation.com/sa.js?key=gm86guigrko4zzgucol1x	7.9 kB	2023-03-09	2023-05-22
Pretty URL sibautomation.com/sa.js?key=gm86guigrko4zzgucol1x IP 104.18.34.145 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 21:03:28 Last Seen2023-05-22 23:03:10 Times Seen75 Hash a301012739d28831fd2ab21ea13f865b 7d5274348c85701bad45d4a887c369c1a96550ae eb837b1365c8ee1fc3dbc33c46595f628e8f96a7ec963b6b8c8386aac203b2e2 Loading...

	static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993	17 kB	2023-03-08	2024-02-28
Pretty URL static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 IP 104.16.57.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:25:00 Last Seen2024-02-28 12:44:37 Times Seen1362 Hash 33100f2355611b2375f05486299abf05 0b2d1b75f6695e67b884bee2eb72165d6e881a26 0f48c5678ce459a596423b0e55344e7ad8eb3d3b1b27c54cd76a9d4cee7dd6c3 Loading...

	www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740	1.5 kB	2023-03-13	2023-03-13
Pretty URL www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740 IP 104.18.42.155 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:18:03 Last Seen2023-03-13 14:18:03 Times Seen1 Hash d24987281f7585ecb8e173505aa0529a bb36bfdc9c2bd98491c232293ad3cf8d2b8347b1 d2af0650a54dece18187a806461ecba194b28a494ffdfd07d712ee3bc3f329b4 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-NWZ5SDW	150 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-NWZ5SDW IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:18:03 Last Seen2023-03-13 14:18:03 Times Seen1 Hash 26fe971632313ab66202a06740e640bd 292f879c56dc513bdda6dc1817a74805bd54a4f4 4dfc9d15af694fdf42a16b1a37cbb6a7fb0be595c4f4afb5a938d67541598dbc Loading...

	powerplay-content.com/assets/newcss_landing/js/lp.js	20 kB	2023-03-13	2023-03-13
Pretty URL powerplay-content.com/assets/newcss_landing/js/lp.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:53:55 Last Seen2023-03-13 14:18:03 Times Seen1 Hash 47baac4118e8002b6471a49b07390279 4a8b882ea57d75979e31567384be8f2f0d6b6306 a4943f9ee881d7500a95fbbb39f5666ceadae48cee1621d754d5e39ff7ef22c9 Loading...

	http:blank	684 B	2023-03-13	2023-03-13
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:18:03 Last Seen2023-03-13 14:18:03 Times Seen1 Hash 20ddc368cf61b38441cbad7c3b27736a 169ce7960042c9a91bc7980029f695a4c993826b e58326fc48a24aed34f9c907215be4f2ecf224d348e61d7be8856009ad0c17ea Loading...

	pixel.mathtag.com/sync/iframe?mt_uuid=8fa263da-8ede-4a00-bb0c-2d12258b068c&no_iframe=1&mt_adid=243239&source=mathtag	607 B	2023-03-13	2023-04-05
Pretty URL pixel.mathtag.com/sync/iframe?mt_uuid=8fa263da-8ede-4a00-bb0c-2d12258b068c&no_iframe=1&mt_adid=243239&source=mathtag IP 23.38.200.207 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 03:30:08 Last Seen2023-04-05 02:02:50 Times Seen107 Hash 8dc3e1d8a3f3b6dd9938fc5f5c835937 a9dd2e38c2722bbb9ceaec8fbfe6dee25399d77b 64ff666c09d2b39ac2d1bbc2fd160254f1b24c20bbb43fa587c3059bf27afeab Loading...

	sibautomation.com/cm.html?key=gm86guigrko4zzgucol1x#cuid=00e6a077-d8d7-469a-8f02-64d5943d955a&cm_flag=true&allow_cookie=&i=0	2.3 kB	2023-03-07	2023-03-17
Pretty URL sibautomation.com/cm.html?key=gm86guigrko4zzgucol1x#cuid=00e6a077-d8d7-469a-8f02-64d5943d955a&cm_flag=true&allow_cookie=&i=0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 8b95ff09cf723a29be4936fba609a430 9272d7abb1046d24566bcd43904d01abdf5ef308 3afc539bb921fc0e2275bcfc46e054642b87d4b9a9976693a59047b048493bcb Loading...

	www.powerplay.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	12 kB	2023-03-07	2024-04-26
Pretty URL www.powerplay.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 172.64.145.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-26 23:26:00 Times Seen43142 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	propeller-tracking.com/fv.js?t=93873	5.2 kB	2023-03-07	2024-04-26
Pretty URL propeller-tracking.com/fv.js?t=93873 IP 139.45.197.240 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-26 22:21:47 Times Seen2357 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	powerplay-content.com/assets/js/src/pp-functions25012023.min.js	26 kB	2023-03-13	2023-03-13
Pretty URL powerplay-content.com/assets/js/src/pp-functions25012023.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:53:55 Last Seen2023-03-13 14:18:03 Times Seen1 Hash a135f6802ceec3bb9463cdf0b5f5612f 685bc0f2bbbb2b28703c7c18606e981619208048 e422a45e27ab948f26389efde0ba162f860028f6a1f6c748e4b5306094cbc109 Loading...

	my.rtmark.net/p.js?f=sync&lr=1&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8	697 B	2023-03-07	2023-03-17
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8 IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash ed7e8ad18e0f3bd2c70c7abd1695e09a 54e80479d3910d125a36866be752fc55aadf62a9 531afb8d462c60b454489c1041538a5db9767de6a24793df88a509a35a6398b5 Loading...

	zz.connextra.com/dcs/tagController/tag/770b6a2a5625/landingpage	47 kB	2023-03-07	2023-03-17
Pretty URL zz.connextra.com/dcs/tagController/tag/770b6a2a5625/landingpage IP 104.85.191.64 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash f44995b098c65b5a807fb8bb0fd6b67b d08c4a37f8748a8466784a857d7c9f7dc67ce125 92028343d45e15b8210b740d793c1fc845bb3545340fa85d861049cc167f5924 Loading...

	www.powerplay.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675267200	36 kB	2023-03-13	2023-03-13
Pretty URL www.powerplay.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675267200 IP 172.64.145.101 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:18:03 Last Seen2023-03-13 14:18:03 Times Seen1 Hash 1d268052b4098bf1a0b732df3385b121 053cab16150b800e2150588cc45b66f9f35f74d5 b650cfbe682ca8a299f01aaf8b640191bec4e48777be308b41d9b9b4063ac516 Loading...

	pixel.mathtag.com/event/js?mt_id=1518345&mt_adid=243239&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=	1.4 kB	2023-03-13	2023-03-13
Pretty URL pixel.mathtag.com/event/js?mt_id=1518345&mt_adid=243239&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3= IP 23.38.200.207 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:18:03 Last Seen2023-03-13 14:18:03 Times Seen1 Hash 56160fe4a7ca5f88615bd1bf7acd4ad2 08f9024d49b435000a65eefa0e21bb33953ce1c6 bfc787a06f9a92a011258bd5970093f1e68468edd6d01b38ac8f70bec3450010 Loading...

	acdn.adnxs.com/dmp/up/pixie.js	9.1 kB	2023-03-07	2024-01-23
Pretty URL acdn.adnxs.com/dmp/up/pixie.js IP 2.18.172.187 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2024-01-23 08:30:01 Times Seen221 Hash e286c68ac0ac089b297abd8a3d9832a7 08a5e998ea0b980201d11b0282861c4efaeea396 f033d6a9b4acc24957ac5ca92d278b9aca16ec1b264658ae3267b1efa6ef4a5e Loading...

	www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740	339 B	2023-03-07	2023-03-17
Pretty URL www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740 IP 104.18.42.155 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash aad4faa4cf8ccadc684d5be2d3cbbc40 ae9b4fafb5f28d6ff5c2be28a40f46eddc01e5db a6d5af579eb9b4b897b2b44df5b9b52f366e07032d1923dcff75d610e19ebfa9 Loading...

	www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740	417 B	2023-03-07	2023-03-17
Pretty URL www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740 IP 104.18.42.155 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash a1fa72c8498db3a618d7590954d53c1e b4ef8933c635299d189aa8549886fa83c6b81734 7680f7cbef209e1b0f2d3da2ef5b083b4ecd6204fffc8dbf5468cbe1ee873a34 Loading...

	www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740	556 B	2023-03-07	2023-03-17
Pretty URL www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740 IP 104.18.42.155 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 16c31772c4fb8ee298bc1deb98102c4b 4f19b24c9c0987d3e362ed5544ea390c38a6e7b2 cfbb9cadd830f6cb9248ac88011af641ea748086fb0eeef45938d633c0fa5544 Loading...

	my.rtmark.net/p.js?f=sync&lr=1&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc	697 B	2023-03-07	2023-03-17
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 0a83632b91c4814fb4ca5fdaeaf8feb6 e7f4f82e1c0f9228e531dfb335cd595de2785fb5 48aba20e2721ef10913638f8c60a47bf9a46772817687ae9b33ce8cb7cd3de27 Loading...

		Size	First Seen	Last Seen
	#1 Write - 605fc91cfccf4e72af0c38051ece7c72	147 B	2023-03-07	2023-05-06
Pretty Observations First Seen2023-03-07 01:28:42 Last Seen2023-05-06 00:11:34 Times Seen79 Hash 605fc91cfccf4e72af0c38051ece7c72 f001853e5f4efdaca5e86af7bb73a818f519f05c d9a659e344fc1b019f5857ebabb9f774aaf9dc6541e725593412c3a5fc9b068b Loading...

	#2 Write - fc1be604b162de892a149b40fbbeed0b	226 B	2023-03-07	2023-05-06
Pretty Observations First Seen2023-03-07 01:28:42 Last Seen2023-05-06 00:11:34 Times Seen89 Hash fc1be604b162de892a149b40fbbeed0b 73a73ccb81fb66bd2b49936e2d85cf7a49031adc 6303ed4a7c8859b4def4e26273466612559fa8a79269a5586b8471a3c27a63f5 Loading...

	#3 Write - 80b9a190f15ccfe19dd3d02d5d8d96b6	173 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 80b9a190f15ccfe19dd3d02d5d8d96b6 054606dd1c7fece8ecf27e62c139303d5415f016 f7ef05ee180541ab818938feec579b5c440b0d8744805099461be54d12c741f9 Loading...

	#4 Write - be697b6dfc757d76713a72a0aced3741	190 B	2023-03-07	2023-05-06
Pretty Observations First Seen2023-03-07 01:06:21 Last Seen2023-05-06 00:11:34 Times Seen161 Hash be697b6dfc757d76713a72a0aced3741 6ebc97158e27218a733b71e28bab1d52c30c2afb 743f6492a5beb847167322304f93922a25b48b4fda556b6039418e53930e9df1 Loading...

	#5 Write - 24c8db40553a2f1a5d46aed2b3c721bc	228 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 24c8db40553a2f1a5d46aed2b3c721bc 0f62c75c495308149e110cc8c95803cd0c6b7a02 1f9f0c9520a47a8d5a970fdb17d1fb0e0fbe89db5789e06178f04f4e89154ea7 Loading...

HTTP Transactions (107)

URL IP Response Size

www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740

104.18.42.155

301 Moved Permanently

0 B

URL HTTP/1.1
www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740
IP
104.18.42.155:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740 HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Wed, 01 Feb 2023 16:10:04 GMT
Content-Length: 0
Connection: keep-alive
Location: https://www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740
CF-Ray: 792bf480fdcefac4-OSL
CF-Cache-Status: DYNAMIC
X-Content-Type-Options: nosniff
Set-Cookie: __cf_bm=6N9JWdHomTglk_5gLy92qC8UclOKG5n3pAe9XDkhzjc-1675267804-0-AfoyLUcMiPkzb6VeZgmLNWOTErrvQNogDngFLoPrJaYd/sgmQesDcyrBUOcqq6U4bL4GGeZ20Lxd8jIeohcFgKeZ3FQG2tlnob89Ve/oGJAM; path=/; expires=Wed, 01-Feb-23 16:40:04 GMT; domain=.www.powerplay.com; HttpOnly; SameSite=None
Vary: Accept-Encoding
Server: cloudflare

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7607
Expires: Wed, 01 Feb 2023 18:16:51 GMT
Date: Wed, 01 Feb 2023 16:10:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
62de35a6c8e4efd7633fc5236b5b086f
6a92912a86dfcd0330d040cef06bef36889c76ab
ebb8ca05df5ba73b92174105d54d192a8d9e3e10fba48bf96161b0cb759220ec

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EBB8CA05DF5BA73B92174105D54D192A8D9E3E10FBA48BF96161B0CB759220EC"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9353
Expires: Wed, 01 Feb 2023 18:45:57 GMT
Date: Wed, 01 Feb 2023 16:10:04 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a8d45deaa7ebfcd996c2055dae592ab8
55befe074589fe7b39757c145968058162a8fc6b
50d7d516f446458145a304b288a0a39d391cd37ea50dabea36ae48d291c65ba7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "50D7D516F446458145A304B288A0A39D391CD37EA50DABEA36AE48D291C65BA7"
Last-Modified: Tue, 31 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5361
Expires: Wed, 01 Feb 2023 17:39:25 GMT
Date: Wed, 01 Feb 2023 16:10:04 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 15:43:25 GMT
content-type: application/json
age: 1599
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: TNqTPGX4hVhSrzfpm44TLUTGvaxz6+OS1oWyvq9frcOuzYASh8QfNAs6YWNob9FiJgi8Fm/b57A=
x-amz-request-id: GD3D84V67DXQH3JF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 15:51:37 GMT
age: 1107
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:10:04 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
d953f6b987a024c751ce57f670d3e148
7b44751d0faef3cb82a7bc6f210929523156aecf
0a7ba2e158fa00edbba9c774ed067bafd94d73ed61d3de4ea91907e2afce168e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4650
Cache-Control: max-age=143403
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:10:04 GMT
Etag: "63da09dd-117"
Expires: Fri, 03 Feb 2023 08:00:07 GMT
Last-Modified: Wed, 01 Feb 2023 06:42:37 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

ocsp.godaddy.com/

192.124.249.41

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.41:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1778 bytes)
Hash
571cf48d9d0b748d8257af0e71891289
25483a548faf28dc524c6b43d2b7e4bf7ad3c49e
9f262e2f0faf7b0e16b5a551ed18c69720cb1f32325b0304106c54ba1c43166a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 01 Feb 2023 16:10:04 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Wed, 01 Feb 2023 01:17:32 GMT
Expires: Thu, 02 Feb 2023 01:17:32 GMT
ETag: "25483a548faf28dc524c6b43d2b7e4bf7ad3c49e"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2751084b42dd111d0a7f28241a77201b
680a9ac2f4cf451c9a8449c4df3587595ed9cc4c
1c68a770afbcdb5405fe330f2eabefa576ea1d08740719956083d7f6b490ccf8

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:10:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-NWZ5SDW

142.250.74.168

200 OK

53 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-NWZ5SDW
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (15038)
Size
53 kB (52840 bytes)
Hash
d3b4730b0d1b551e92c8d96bae4908d8
1a5b06daf1cf7f59ace66892ae1621a95f1f900c
91c84757b43d1763712c7b699fa02dd545832dde0015731cf92586f9cd67ecec

HTTP Headers

GET /gtm.js?id=GTM-NWZ5SDW HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Feb 2023 16:10:05 GMT
expires: Wed, 01 Feb 2023 16:10:05 GMT
cache-control: private, max-age=900
last-modified: Wed, 01 Feb 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 52840
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c004ef398fc2138876eac9e202e6e7c9
9b695108fe043113ee8dc3369be58234f1a73323
ab71d4c6d64f3c7a0114070414615b26843c22de34b0f04c9ad932ca112031c7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:10:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 15:41:42 GMT
age: 1703
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

powerplay-content.com/assets/fonts/Montserrat-Regular.woff

160.153.235.136

200 OK

55 kB

URL HTTP/2
powerplay-content.com/assets/fonts/Montserrat-Regular.woff
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
Web Open Font Format, TrueType, length 55408, version 4.0\012- data
Size
55 kB (55408 bytes)
Hash
0e6803eeb55ea3293f82c3493d034309
c0ad0ac5b1f6c6a00b33407dd12a498d259e6ad5
9a03a8f19db50c0cd875e36578a3685a3529235f91c62cd19ecbfe6228d7f3f5

HTTP Headers

GET /assets/fonts/Montserrat-Regular.woff HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://powerplay-content.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:10:05 GMT
content-type: application/font-woff
content-length: 55408
last-modified: Mon, 21 Jun 2021 08:01:14 GMT
etag: "60d0474a-d870"
access-control-allow-origin: https://www.powerplay.com
accept-ranges: bytes
X-Firefox-Spdy: h2

powerplay-content.com/assets/fonts/montserrat-bold-webfont.woff

160.153.235.136

200 OK

35 kB

URL HTTP/2
powerplay-content.com/assets/fonts/montserrat-bold-webfont.woff
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
Web Open Font Format, TrueType, length 34732, version 1.0\012- data
Size
35 kB (34732 bytes)
Hash
78f8642eecd3bcae41d26031c5c53776
6a141dc0ac86d79da000e26e813cd8638a8ed8ca
6c3b04a323f794e1371b690efa88952b365334a6a90919f5f81cf15c45c74aa6

HTTP Headers

GET /assets/fonts/montserrat-bold-webfont.woff HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://powerplay-content.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:10:05 GMT
content-type: application/font-woff
content-length: 34732
last-modified: Mon, 21 Jun 2021 08:01:14 GMT
etag: "60d0474a-87ac"
access-control-allow-origin: https://www.powerplay.com
accept-ranges: bytes
X-Firefox-Spdy: h2

powerplay-content.com/assets/fonts/MontserratBlack.eot

160.153.235.136

200 OK

43 kB

URL HTTP/2
powerplay-content.com/assets/fonts/MontserratBlack.eot
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
Embedded OpenType (EOT), Montserrat Black family\012- data
Size
43 kB (42974 bytes)
Hash
f5ac988c95b53763763dbcdb6dcd2574
f8b6d744e3bd09d85a6cec0e8d113bc5c2f8d5c7
4a1f0f28ac0dc25b4e527a7ca870bf89d2f444dc4bd6953f24f43cb6a8f7b130

HTTP Headers

GET /assets/fonts/MontserratBlack.eot HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://powerplay-content.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:10:05 GMT
content-type: application/vnd.ms-fontobject
content-length: 42974
last-modified: Mon, 21 Jun 2021 08:01:14 GMT
etag: "60d0474a-a7de"
access-control-allow-origin: https://www.powerplay.com
accept-ranges: bytes
X-Firefox-Spdy: h2

powerplay-content.com/assets/fonts/Montserrat-ExtraBold.woff

160.153.235.136

200 OK

108 kB

URL HTTP/2
powerplay-content.com/assets/fonts/Montserrat-ExtraBold.woff
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
Web Open Font Format, TrueType, length 107912, version 0.0\012- data
Size
108 kB (107912 bytes)
Hash
fc8f6123d2478e474c5087d12b287c7c
85480535f32e9cc89e630de3a1868b157fccc6eb
ca9a0723d0aedf352078a5bbd70ca07307dfa4904d59ce079c8717650d0172d9

HTTP Headers

GET /assets/fonts/Montserrat-ExtraBold.woff HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://powerplay-content.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:10:05 GMT
content-type: application/font-woff
content-length: 107912
last-modified: Mon, 21 Jun 2021 08:01:14 GMT
etag: "60d0474a-1a588"
access-control-allow-origin: https://www.powerplay.com
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e2d2b00ed4a3970f9b7c4561eec1f2ba
5d51d00a750a05bcad6aac56b5dcd410afff7591
20f4ee50766ee62c45e9a18f9646a856c1ae9b702a055c7d9131026dce630c42

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "20F4EE50766EE62C45E9A18F9646A856C1AE9B702A055C7D9131026DCE630C42"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5122
Expires: Wed, 01 Feb 2023 17:35:27 GMT
Date: Wed, 01 Feb 2023 16:10:05 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e2d2b00ed4a3970f9b7c4561eec1f2ba
5d51d00a750a05bcad6aac56b5dcd410afff7591
20f4ee50766ee62c45e9a18f9646a856c1ae9b702a055c7d9131026dce630c42

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "20F4EE50766EE62C45E9A18F9646A856C1AE9B702A055C7D9131026DCE630C42"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5122
Expires: Wed, 01 Feb 2023 17:35:27 GMT
Date: Wed, 01 Feb 2023 16:10:05 GMT
Connection: keep-alive

powerplay-content.com/assets/fonts/MontserratBlack.woff

160.153.235.136

200 OK

21 kB

URL HTTP/2
powerplay-content.com/assets/fonts/MontserratBlack.woff
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
Web Open Font Format, TrueType, length 20964, version 0.0\012- data
Size
21 kB (20964 bytes)
Hash
49d1e4af8c8098bb9a9ace080784bdb6
8f73604a3d017092eccd929734c1bface16f4d4e
5e9cd127b94f934093fa5a258464ea145c6ad8c9c950bdf80af56367d1aed8f2

HTTP Headers

GET /assets/fonts/MontserratBlack.woff HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://powerplay-content.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:10:05 GMT
content-type: application/font-woff
content-length: 20964
last-modified: Mon, 21 Jun 2021 08:01:14 GMT
etag: "60d0474a-51e4"
access-control-allow-origin: https://www.powerplay.com
accept-ranges: bytes
X-Firefox-Spdy: h2

my.rtmark.net/p.js?f=sync&lr=1&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8

139.45.195.8

200 OK

697 B

URL HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
ASCII text
Size
697 B (697 bytes)
Hash
ed7e8ad18e0f3bd2c70c7abd1695e09a
54e80479d3910d125a36866be752fc55aadf62a9
531afb8d462c60b454489c1041538a5db9767de6a24793df88a509a35a6398b5

HTTP Headers

GET /p.js?f=sync&lr=1&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:10:05 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
163c81769cb3796185876ae84c820f48
f81ee1d4a647472c2f1d0e6c51c3339dec723908
74ee8c33a88f0c4bcb7fa66194a7969692047212483d10847395d6996ce5fed0

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 16:10:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 29 Jan 2023 08:20:01 GMT
Expires: Sun, 05 Feb 2023 08:20:00 GMT
Etag: "f81ee1d4a647472c2f1d0e6c51c3339dec723908"
Cache-Control: max-age=316794,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 792bf487bcdeb4ff-OSL

zz.connextra.com/dcs/tagController/tag/770b6a2a5625/landingpage

104.85.191.64

200 OK

17 kB

URL HTTP/2
zz.connextra.com/dcs/tagController/tag/770b6a2a5625/landingpage
IP
104.85.191.64:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- exported SGML document, ASCII text, with very long lines (2774)
Size
17 kB (16610 bytes)
Hash
f94ba887c97648eab7ce2f6dbbb142aa
2a34b09b24fa6191d1a1d510288f950c6b53fd42
7e60201af9b44fd6ccfb48c0f31e231517f9a1fa6614be08fc82e577bbbe1005

HTTP Headers

GET /dcs/tagController/tag/770b6a2a5625/landingpage HTTP/1.1
Host: zz.connextra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/javascript;charset=utf-8
content-length: 16610
server: istio-envoy
content-encoding: gzip
x-envoy-upstream-service-time: 2
cache-control: must-revalidate, max-age=300
expires: Wed, 01 Feb 2023 16:15:05 GMT
date: Wed, 01 Feb 2023 16:10:05 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2

my.rtmark.net/p.js?f=sync&lr=1&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc

139.45.195.8

200 OK

697 B

URL HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
ASCII text
Size
697 B (697 bytes)
Hash
0a83632b91c4814fb4ca5fdaeaf8feb6
e7f4f82e1c0f9228e531dfb335cd595de2785fb5
48aba20e2721ef10913638f8c60a47bf9a46772817687ae9b33ce8cb7cd3de27

HTTP Headers

GET /p.js?f=sync&lr=1&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:10:05 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

secure.adnxs.com/seg?add=20568435&t=1

185.89.211.12

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/seg?add=20568435&t=1
IP
185.89.211.12:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /seg?add=20568435&t=1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:10:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D20568435%26t%3D1
AN-X-Request-Uuid: 951fd355-b7c1-4e1b-866d-f909a98e2458
Set-Cookie: uuid2=71094499289885342; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 02-May-2023 16:10:05 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

secure.adnxs.com/px?id=1233559&t=1

185.89.211.12

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/px?id=1233559&t=1
IP
185.89.211.12:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /px?id=1233559&t=1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:10:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1233559%26t%3D1
AN-X-Request-Uuid: 17d285ef-a30e-4fb8-ad94-7ce36d115f77
Set-Cookie: uuid2=2335042651208103385; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 02-May-2023 16:10:05 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

secure.adnxs.com/bounce?%2Fseg%3Fadd%3D20568435%26t%3D1

185.89.211.12

200 OK

0 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D20568435%26t%3D1
IP
185.89.211.12:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bounce?%2Fseg%3Fadd%3D20568435%26t%3D1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:10:05 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: b02e6db9-00a4-47fb-bbac-bf42f4187df4
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2GU$uUeIW!]tbP6j2F-XstGt!@DbH$m2mW; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 02-May-2023 16:10:05 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

secure.adnxs.com/bounce?%2Fpx%3Fid%3D1233559%26t%3D1

185.89.211.12

200 OK

0 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fpx%3Fid%3D1233559%26t%3D1
IP
185.89.211.12:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bounce?%2Fpx%3Fid%3D1233559%26t%3D1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:10:05 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 0aa475c6-dded-4d88-ab78-c9b8b012b574
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4547
Expires: Wed, 01 Feb 2023 17:25:52 GMT
Date: Wed, 01 Feb 2023 16:10:05 GMT
Connection: keep-alive

d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/CA/1000depositbonus/DT_CA-EN_LP_1000CB.jpg

54.230.245.131

200 OK

146 kB

URL HTTP/2
d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/CA/1000depositbonus/DT_CA-EN_LP_1000CB.jpg
IP
54.230.245.131:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1366x526, components 3\012- data
Size
146 kB (146399 bytes)
Hash
434eecd6fc0f1f24e35ef7778c2c8d7b
1adac9fa6a6ab83200f26379d7125a7794c62002
8d405bfaaf9ecbc1ebb18881d2d77026f7e17312b64d3969c64b625c0aa47b42

HTTP Headers

GET /img/newcss_landing/img/en/CA/1000depositbonus/DT_CA-EN_LP_1000CB.jpg HTTP/1.1
Host: d1l906mtvq85kd.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/jpeg
content-length: 146399
last-modified: Mon, 23 Jan 2023 15:35:35 GMT
accept-ranges: bytes
server: AmazonS3
date: Wed, 01 Feb 2023 13:50:13 GMT
etag: "434eecd6fc0f1f24e35ef7778c2c8d7b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 2P-m746ffV3QNOcLW5BZ1Pk6hIV4m6jq_5M-b5Yag10rbhu8fehv8A==
age: 8393
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

142.250.74.78

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.78:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Wed, 01 Feb 2023 15:45:20 GMT
expires: Wed, 01 Feb 2023 17:45:20 GMT
cache-control: public, max-age=7200
age: 1485
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.powerplay.com/images/favicon-96x96.png

172.64.145.101

200 OK

1.2 kB

URL HTTP/2
www.powerplay.com/images/favicon-96x96.png
IP
172.64.145.101:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.2 kB (1222 bytes)
Hash
6856d6c8d3a2699b27ae4ab88a785a8c
357fe6c974731c0e250b16f137b7b259a20a688f
e4e75bc467daa47d8f6d66717a327e2880de4c656c51a5e7b1e822dac684794d

HTTP Headers

GET /images/favicon-96x96.png HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740
Cookie: JSESSIONID="ADubVcxgS9hd8k4lb3k7wXsxyj0PQXEPHUTEfYYU.tc-app6.rs.fsbtech.com:tc-app6.rs.fsbtech.com-wildfly"; currencyCode=USD; languageId=1; localeKey=en; siteId=222; SERVERID=tc-app6|Y9qO3|Y9qO3; __cf_bm=y.0vxo5FdMjn5yqeUFmEETRPsamZBR72Su6RpkmjjEA-1675267804-0-AdCrsl51DjHnZ03cwOKzNe0FuSmCmX+bEYvyOXEjU8+nItThaB7tE1ZJrD0lUjzBw3uUHRaLXFPhq6fi4aX0KMGphBIn2HPogf4X3k4XLV/g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:10:05 GMT
content-type: image/webp
content-length: 1222
cf-ray: 792bf488d90dfac0-OSL
accept-ranges: bytes
cache-control: public, max-age=31536000
content-disposition: inline; filename="favicon-96x96.webp"
etag: "5f3fd70e-b50"
expires: Thu, 01 Feb 2024 16:10:05 GMT
last-modified: Fri, 21 Aug 2020 14:15:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=2896
x-content-type-options: nosniff
server: cloudflare
X-Firefox-Spdy: h2

www.powerplay.com/cdn-cgi/rum?

172.64.145.101

204 No Content

0 B

URL HTTP/2
www.powerplay.com/cdn-cgi/rum?
IP
172.64.145.101:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 9678
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740
Cookie: JSESSIONID="ADubVcxgS9hd8k4lb3k7wXsxyj0PQXEPHUTEfYYU.tc-app6.rs.fsbtech.com:tc-app6.rs.fsbtech.com-wildfly"; currencyCode=USD; languageId=1; localeKey=en; siteId=222; SERVERID=tc-app6|Y9qO3|Y9qO3; __cf_bm=y.0vxo5FdMjn5yqeUFmEETRPsamZBR72Su6RpkmjjEA-1675267804-0-AdCrsl51DjHnZ03cwOKzNe0FuSmCmX+bEYvyOXEjU8+nItThaB7tE1ZJrD0lUjzBw3uUHRaLXFPhq6fi4aX0KMGphBIn2HPogf4X3k4XLV/g; _ga=GA1.2.350043815.1675267828; _gid=GA1.2.705488557.1675267828; _gat=1; fsb-powerplay-affiliates=%7B%22affiliateName%22%3A%22btag%22%2C%22affiliateValue%22%3A%22a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
date: Wed, 01 Feb 2023 16:10:05 GMT
access-control-allow-origin: https://www.powerplay.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 792bf48a29f5fac0-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.powerplay.com/images/favicon-16x16.png

172.64.145.101

200 OK

238 B

URL HTTP/2
www.powerplay.com/images/favicon-16x16.png
IP
172.64.145.101:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
238 B (238 bytes)
Hash
a5afb1bbe1556090a2f5e5c97f0f7d39
1abee720dfb10a1dfb1ce5c543e8f168b4a46444
85a950b33d4259061f19101abcf7f114147feb074dd3b8a2459eecbd12d61adb

HTTP Headers

GET /images/favicon-16x16.png HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740
Cookie: JSESSIONID="ADubVcxgS9hd8k4lb3k7wXsxyj0PQXEPHUTEfYYU.tc-app6.rs.fsbtech.com:tc-app6.rs.fsbtech.com-wildfly"; currencyCode=USD; languageId=1; localeKey=en; siteId=222; SERVERID=tc-app6|Y9qO3|Y9qO3; __cf_bm=y.0vxo5FdMjn5yqeUFmEETRPsamZBR72Su6RpkmjjEA-1675267804-0-AdCrsl51DjHnZ03cwOKzNe0FuSmCmX+bEYvyOXEjU8+nItThaB7tE1ZJrD0lUjzBw3uUHRaLXFPhq6fi4aX0KMGphBIn2HPogf4X3k4XLV/g
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:10:05 GMT
content-type: image/webp
content-length: 238
cf-ray: 792bf488d90ffac0-OSL
accept-ranges: bytes
cache-control: public, max-age=31536000
content-disposition: inline; filename="favicon-16x16.webp"
etag: "5f3fd70e-4b1"
expires: Thu, 01 Feb 2024 16:10:05 GMT
last-modified: Fri, 21 Aug 2020 14:15:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=1201
x-content-type-options: nosniff
server: cloudflare
X-Firefox-Spdy: h2

secure.adnxs.com/seg?add=25129714&t=2

185.89.211.12

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/seg?add=25129714&t=2
IP
185.89.211.12:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /seg?add=25129714&t=2 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:10:05 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D25129714%26t%3D2
AN-X-Request-Uuid: 08b6024b-1537-4f65-aa00-00c07f29a1e2
Set-Cookie: uuid2=838698701183453911; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 02-May-2023 16:10:05 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

secure.adnxs.com/getuidnb?https%3A//zz.connextra.com/sync/data/uid/3bc1d7fd2e/%24UID

185.89.211.12

200 OK

43 B

URL HTTP/1.1
secure.adnxs.com/getuidnb?https%3A//zz.connextra.com/sync/data/uid/3bc1d7fd2e/%24UID
IP
185.89.211.12:0
ASN
#29990 ASN-APPNEX

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

HTTP Headers

GET /getuidnb?https%3A//zz.connextra.com/sync/data/uid/3bc1d7fd2e/%24UID HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:10:05 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: b2cad4e9-c0dc-4817-8e3e-0755616247f6
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
a38fab9935d471e375ef640d6ac4e667
017ff26d808eff453da628e880e04ce6beee3654
7e1b3c60cd7d45623686b73da1d2f6c92b7de281691b2ae5700da4728b8967ef

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E1B3C60CD7D45623686B73DA1D2F6C92B7DE281691B2AE5700DA4728B8967EF"
Last-Modified: Tue, 31 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8772
Expires: Wed, 01 Feb 2023 18:36:17 GMT
Date: Wed, 01 Feb 2023 16:10:05 GMT
Connection: keep-alive

push.services.mozilla.com/

54.189.35.180

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.189.35.180:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9MYNNewR4RqBpFgEyD/28Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: IUa0DUO7Abpz12oorVly0h4Rxx8=

unphionetor.com/vctx?t=93873

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vctx?t=93873
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /vctx?t=93873 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx
date: Wed, 01 Feb 2023 16:10:05 GMT
access-control-allow-origin: https://www.powerplay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 6d83e95edcbcc163f0add3b36728bcad
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
68d0092a2f9f80581181ea45ea5fd98d
a7f0fe1053453a7d7172cbf05cf2abbdb62244bb
13e192f06d86ea2160d564a59dae3545cf7a2146f5659adb891cc65cbb7ac8ab

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5276
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:10:05 GMT
Last-Modified: Wed, 01 Feb 2023 14:42:09 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

sync.mathtag.com/sync/img?redir=https%3A%2F%2Fzz.connextra.com%2Fsync%2Fdata%2Fuid%2F6c883bd680%2F%5BMM_UUID%5D

185.29.132.245

302 Moved Temporarily

0 B

URL HTTP/1.1
sync.mathtag.com/sync/img?redir=https%3A%2F%2Fzz.connextra.com%2Fsync%2Fdata%2Fuid%2F6c883bd680%2F%5BMM_UUID%5D
IP
185.29.132.245:0
ASN
#30419 MEDIAMATH-INC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /sync/img?redir=https%3A%2F%2Fzz.connextra.com%2Fsync%2Fdata%2Fuid%2F6c883bd680%2F%5BMM_UUID%5D HTTP/1.1
Host: sync.mathtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Moved Temporarily
Date: Wed, 01 Feb 2023 16:10:05 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=360
Access-Control-Allow-Origin: *
Server: MT3 404 ce67235 master zrh-pixel-x12 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
set-cookie: uuid=3ca063da-8ede-4a00-aeb0-42777ba8a9ef; domain=.mathtag.com; path=/; expires=Thu, 29-Feb-2024 16:10:06 GMT; SameSite=None; Secure
location: https://zz.connextra.com/sync/data/uid/6c883bd680/3ca063da-8ede-4a00-aeb0-42777ba8a9ef
Expires: Wed, 01 Feb 2023 16:10:04 GMT

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
eea78a6a97c1d8c61774345ae605b83f
4aa2327883020d4be6eda61bef4f0948f00f9585
1bd0dd4b126c67a4f083906d86772910d0e17bddfedf6e25a6185bd222e9e907

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=109926
Date: Wed, 01 Feb 2023 16:10:06 GMT
Etag: "63d9846d-1d7"
Expires: Thu, 02 Feb 2023 22:42:12 GMT
Last-Modified: Tue, 31 Jan 2023 21:13:17 GMT
Server: ECS (nyb/1D20)
X-Cache: Miss from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UqnWHxyxhqU8pLdDjZXlukrquZyeaunizp5Kb5_67Hamc03SFBUAmw==
Age: 5335

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
d984fbc1b59b3bb6312f71ef07ffd00c
ff94c94cabcfa90b6e48170ddc907ab252f988de
c72473fc5a7adc14d951de3de715d82b39d842d6a899f471e9152f975ad49fca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=159401
Date: Wed, 01 Feb 2023 16:10:06 GMT
Etag: "63da4c0d-1d7"
Expires: Fri, 03 Feb 2023 12:26:47 GMT
Last-Modified: Wed, 01 Feb 2023 11:25:01 GMT
Server: ECS (nyb/1D2A)
X-Cache: Miss from cloudfront
Via: 1.1 8ac66e1d6983a0f44cf391b1ec3b1cce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: MxOzdLBWldP4TphucIN0ogr7NqaoNY8jVWUUmygasJ-ckYggVXg6yQ==
Age: 3706

secure.adnxs.com/px?id=1184078&t=1

185.89.211.12

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/px?id=1184078&t=1
IP
185.89.211.12:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /px?id=1184078&t=1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:10:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1184078%26t%3D1
AN-X-Request-Uuid: 0c5cdac6-a197-4b77-9cb4-015ae4d3e962
Set-Cookie: uuid2=7634869320979603390; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 02-May-2023 16:10:06 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1509&value=

54.228.37.152

303 See Other

0 B

URL HTTP/1.1
segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1509&value=
IP
54.228.37.152:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1509&value= HTTP/1.1
Host: segment.prod.bidr.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 303 See Other
Date: Wed, 01 Feb 2023 16:10:06 GMT
location: https://segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1509&value=&_bee_ppp=1
Server: gunicorn
set-cookie: checkForPermission=ok; Domain=bidr.io; expires=Wed, 01 Feb 2023 16:20:06 GMT; Path=/; SameSite=None; Secure
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

match.prod.bidr.io/cookie-sync/geniussports

54.194.123.13

303 See Other

0 B

URL HTTP/1.1
match.prod.bidr.io/cookie-sync/geniussports
IP
54.194.123.13:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cookie-sync/geniussports HTTP/1.1
Host: match.prod.bidr.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 303 See Other
Date: Wed, 01 Feb 2023 16:10:06 GMT
location: https://match.prod.bidr.io/cookie-sync/geniussports?_bee_ppp=1
Server: gunicorn
set-cookie: checkForPermission=ok; Domain=bidr.io; expires=Wed, 01 Feb 2023 16:20:06 GMT; Path=/; SameSite=None; Secure
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
46e2bec06a11406d5cdcec9c0e76911d
edc777878dca7029c70577edae741264a22ab010
21f7443ebf888a28fb0f0010d1c83ca833b42c06f7d2c755f83a4b418de96854

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:10:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

zz.connextra.com/PowerPlay/dcs/tagController/tagData/770b6a2a5625

104.85.191.64

200 OK

20 B

URL HTTP/2
zz.connextra.com/PowerPlay/dcs/tagController/tagData/770b6a2a5625
IP
104.85.191.64:0
ASN
#16625 AKAMAI-AS

File type
data
Size
20 B (20 bytes)
Hash
163be0a88c70ca629fd516dbaadad96a
c8830ccf3a863e489ca37f4da572bad0e05d077b
ac73670af3abed54ac6fb4695131f4099be9fbe39d6076c5d0264a6bbdae9d83

HTTP Headers

POST /PowerPlay/dcs/tagController/tagData/770b6a2a5625 HTTP/1.1
Host: zz.connextra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 43
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: text/plain
server: istio-envoy
access-control-allow-credentials: true
access-control-allow-origin: https://www.powerplay.com
vary: origin,accept-encoding
p3p: CP=NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR SAMa BUS IND UNI PUR COM NAV
content-encoding: gzip
x-envoy-upstream-service-time: 2
expires: Wed, 01 Feb 2023 16:10:06 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 01 Feb 2023 16:10:06 GMT
content-length: 20
set-cookie: CxtId=4bc8d04e-d1c3-4b00-b0c3-411213ba21dc; Domain=.connextra.com; Expires=Fri, 31-Jan-2025 16:10:06 GMT; Path=/; Secure
PowerPlay=P%7Clandingpage%7C1%7C202302011610; Domain=.connextra.com; Expires=Thu, 01-Feb-2024 16:10:06 GMT; Path=/; Secure; HttpOnly
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-119769874-1&cid=350043815.1675267828&jid=268326528&gjid=888115110&_gid=705488557.1675267828&_u=IEBAAEAAAAAAACAAI~&z=1541501097

173.194.73.157

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-119769874-1&cid=350043815.1675267828&jid=268326528&gjid=888115110&_gid=705488557.1675267828&_u=IEBAAEAAAAAAACAAI~&z=1541501097
IP
173.194.73.157:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-119769874-1&cid=350043815.1675267828&jid=268326528&gjid=888115110&_gid=705488557.1675267828&_u=IEBAAEAAAAAAACAAI~&z=1541501097 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://www.powerplay.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 01 Feb 2023 16:10:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

pixel.mathtag.com/event/js?mt_id=1518345&mt_adid=243239&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=

23.38.200.207

200 OK

1.4 kB

URL HTTP/1.1
pixel.mathtag.com/event/js?mt_id=1518345&mt_adid=243239&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
IP
23.38.200.207:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
1.4 kB (1439 bytes)
Hash
56160fe4a7ca5f88615bd1bf7acd4ad2
08f9024d49b435000a65eefa0e21bb33953ce1c6
bfc787a06f9a92a011258bd5970093f1e68468edd6d01b38ac8f70bec3450010

HTTP Headers

GET /event/js?mt_id=1518345&mt_adid=243239&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3= HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 1439
Access-Control-Allow-Origin: *
Server: MT3 404 ce67235 master iad-pixel-x24 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Wed, 01 Feb 2023 16:10:05 GMT
Date: Wed, 01 Feb 2023 16:10:06 GMT
Connection: keep-alive
Set-Cookie: uuid=8fa263da-8ede-4a00-bb0c-2d12258b068c; domain=.mathtag.com; path=/; expires=Thu, 29-Feb-2024 16:10:06 GMT; SameSite=None; Secure

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
2dc2e297877f6332a114de88eeeaca61
cc91e58f3dd132b078223d21cd3177f0819e40e7
94f1191402d63bc2757d7ec854bc418dd6929b5aa9efb815d9bd35f8dab98fef

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:10:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

unphionetor.com/vbl?t=93873&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=93873&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=93873&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Wed, 01 Feb 2023 16:10:06 GMT
access-control-allow-origin: https://www.powerplay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: b18e94741798dd7f8802d893cb426713
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

secure.adnxs.com/bounce?%2Fseg%3Fadd%3D25129714%26t%3D2

185.89.211.12

200 OK

43 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D25129714%26t%3D2
IP
185.89.211.12:0
ASN
#29990 ASN-APPNEX

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

HTTP Headers

GET /bounce?%2Fseg%3Fadd%3D25129714%26t%3D2 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:10:06 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: d4e3894c-35c5-40cf-8a3f-bf51cf42d68b
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2GTyuUeIW!]tbP6j2F-XstGt!@Dc6$mX.[; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 02-May-2023 16:10:06 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

my.rtmark.net/img.gif?f=sync&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8&ttl=&rurl=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%26siteid%3D42740

139.45.195.8

200 OK

43 B

URL HTTP/2
my.rtmark.net/img.gif?f=sync&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8&ttl=&rurl=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%26siteid%3D42740
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8&ttl=&rurl=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%26siteid%3D42740 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:10:06 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3def5c54d7d04557bc4d3151a255f585; expires=Thu, 01 Feb 2024 16:10:06 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=sync&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc&ttl=&rurl=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%26siteid%3D42740

139.45.195.8

200 OK

43 B

URL HTTP/2
my.rtmark.net/img.gif?f=sync&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc&ttl=&rurl=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%26siteid%3D42740
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc&ttl=&rurl=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%26siteid%3D42740 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:10:06 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=04df2a8f764d41b89e23c17bddbf5fc5; expires=Thu, 01 Feb 2024 16:10:06 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1509&value=&_bee_ppp=1

54.228.37.152

200 OK

43 B

URL HTTP/1.1
segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1509&value=&_bee_ppp=1
IP
54.228.37.152:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
f837aa60b6fe83458f790db60d529fc9
14af87ccec7f81bb28d53c84da2fd5a9d5925cda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

HTTP Headers

GET /associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1509&value=&_bee_ppp=1 HTTP/1.1
Host: segment.prod.bidr.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
cache-control: no-cache, must-revalidate
content-type: image/gif
Date: Wed, 01 Feb 2023 16:10:06 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
pragma: no-cache
Server: gunicorn
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 43
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a4253e662d539c01b8656dbb6d73aab1
08f71eead367b6fa76b99f7f590680a5f5650b62
f05b99f6b0c8fb5c38221d02c0c9ed96389fbd5105d6329cdc733d1fae411df2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:10:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

match.prod.bidr.io/cookie-sync/geniussports?_bee_ppp=1

54.194.123.13

303 See Other

0 B

URL HTTP/1.1
match.prod.bidr.io/cookie-sync/geniussports?_bee_ppp=1
IP
54.194.123.13:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cookie-sync/geniussports?_bee_ppp=1 HTTP/1.1
Host: match.prod.bidr.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 303 See Other
Date: Wed, 01 Feb 2023 16:10:06 GMT
location: https://zz.connextra.com/sync/data/uid/508a5e2dd5/
Server: gunicorn
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a327176edf538c07784f9b0da660c22d
4a56cfcac291dfe1cc177bd3eff976f106731834
aae92a95f747be0bca6982ed7e3e58af8ac74ff69c799b55046ab38474e149dd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:10:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

zz.connextra.com/sync/data/uid/6c883bd680/3ca063da-8ede-4a00-aeb0-42777ba8a9ef

104.85.191.64

200 OK

64 B

URL HTTP/2
zz.connextra.com/sync/data/uid/6c883bd680/3ca063da-8ede-4a00-aeb0-42777ba8a9ef
IP
104.85.191.64:0
ASN
#16625 AKAMAI-AS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
64 B (64 bytes)
Hash
28eef568735b80a8332521d787dd86bb
28f5f77711609381a229447f8560d374d0eadc62
09cf0142653a98e763b6a79dae28efd223810b8fb099beb9f573306fd626fc02

HTTP Headers

GET /sync/data/uid/6c883bd680/3ca063da-8ede-4a00-aeb0-42777ba8a9ef HTTP/1.1
Host: zz.connextra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/gif
p3p: CP=NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR SAMa BUS IND UNI PUR COM NAV
vary: accept-encoding
content-encoding: gzip
x-envoy-upstream-service-time: 2
server: istio-envoy
expires: Wed, 01 Feb 2023 16:10:06 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 01 Feb 2023 16:10:06 GMT
content-length: 64
set-cookie: CxtId=e3661476-ea06-4550-aa6c-a50a243ac0ac; Domain=.connextra.com; Expires=Thu, 01-Feb-2024 16:10:06 GMT; Path=/; Secure
ex_uuid=6c883bd680%2C3ca063da-8ede-4a00-aeb0-42777ba8a9ef; Domain=.connextra.com; Expires=Thu, 01-Feb-2024 16:10:06 GMT; Path=/; Secure
X-Firefox-Spdy: h2

secure.adnxs.com/bounce?%2Fpx%3Fid%3D1184078%26t%3D1

185.89.211.12

200 OK

0 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fpx%3Fid%3D1184078%26t%3D1
IP
185.89.211.12:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bounce?%2Fpx%3Fid%3D1184078%26t%3D1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:10:06 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 737e2fdf-0b06-4040-aeb2-0b48ed111058
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-119769874-1&cid=350043815.1675267828&jid=268326528&_u=IEBAAEAAAAAAACAAI~&z=354889051

142.250.74.131

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-119769874-1&cid=350043815.1675267828&jid=268326528&_u=IEBAAEAAAAAAACAAI~&z=354889051
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-119769874-1&cid=350043815.1675267828&jid=268326528&_u=IEBAAEAAAAAAACAAI~&z=354889051 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 16:10:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

wp.powerplay-content.com/wp-admin/admin-ajax.php?action=detect_ip

160.153.235.136

200 OK

157 B

URL HTTP/2
wp.powerplay-content.com/wp-admin/admin-ajax.php?action=detect_ip
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
data
Size
157 B (157 bytes)
Hash
0d6c391812233ff5bd50a475a0e5ec97
2e8069dce7a5c43c5549806edb6d50367af04ab8
07c79eac1f53a70a09704d64b6d72bef7954b729685c8d4baa9aade1eab384b0

HTTP Headers

POST /wp-admin/admin-ajax.php?action=detect_ip HTTP/1.1
Host: wp.powerplay-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Content-Type: application/x-www-form-urlencoded
Origin: https://www.powerplay.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:10:06 GMT
content-type: text/html; charset=UTF-8
x-robots-tag: noindex
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
access-control-allow-origin: https://www.powerplay.com
content-encoding: gzip
X-Firefox-Spdy: h2

pixel.mathtag.com/sync/iframe?mt_uuid=8fa263da-8ede-4a00-bb0c-2d12258b068c&no_iframe=1&mt_adid=243239&source=mathtag

23.38.200.207

200 OK

677 B

URL HTTP/1.1
pixel.mathtag.com/sync/iframe?mt_uuid=8fa263da-8ede-4a00-bb0c-2d12258b068c&no_iframe=1&mt_adid=243239&source=mathtag
IP
23.38.200.207:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document, ASCII text
Size
677 B (677 bytes)
Hash
d40dcbee218af49abbd15f61f5da0ffd
e3ec85d9073fa1cc0be1fed18344a6d4a2076e9d
3ef64e4a0001cd55211fff6bd306290f29c7482a6006d070ee21e52484b7ef22

HTTP Headers

GET /sync/iframe?mt_uuid=8fa263da-8ede-4a00-bb0c-2d12258b068c&no_iframe=1&mt_adid=243239&source=mathtag HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 677
Access-Control-Allow-Origin: *
Server: MT3 404 ce67235 master iad-pixel-x30 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Wed, 01 Feb 2023 16:10:05 GMT
Date: Wed, 01 Feb 2023 16:10:06 GMT
Connection: keep-alive

secure.adnxs.com/seg?add=19736723&t=1

185.89.211.12

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/seg?add=19736723&t=1
IP
185.89.211.12:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /seg?add=19736723&t=1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:10:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D19736723%26t%3D1
AN-X-Request-Uuid: 3abb4328-dc47-45c0-b8b1-66d8b12b679a
Set-Cookie: uuid2=7912274127721047858; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 02-May-2023 16:10:06 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a4253e662d539c01b8656dbb6d73aab1
08f71eead367b6fa76b99f7f590680a5f5650b62
f05b99f6b0c8fb5c38221d02c0c9ed96389fbd5105d6329cdc733d1fae411df2

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:10:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

zz.connextra.com/sync/data/uid/508a5e2dd5/

104.85.191.64

200 OK

64 B

URL HTTP/2
zz.connextra.com/sync/data/uid/508a5e2dd5/
IP
104.85.191.64:0
ASN
#16625 AKAMAI-AS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
64 B (64 bytes)
Hash
28eef568735b80a8332521d787dd86bb
28f5f77711609381a229447f8560d374d0eadc62
09cf0142653a98e763b6a79dae28efd223810b8fb099beb9f573306fd626fc02

HTTP Headers

GET /sync/data/uid/508a5e2dd5/ HTTP/1.1
Host: zz.connextra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/gif
p3p: CP=NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR SAMa BUS IND UNI PUR COM NAV
vary: accept-encoding
content-encoding: gzip
x-envoy-upstream-service-time: 1
server: istio-envoy
expires: Wed, 01 Feb 2023 16:10:06 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 01 Feb 2023 16:10:06 GMT
content-length: 64
set-cookie: CxtId=cdc26ee9-73fc-47ae-a0f9-1f270ff06636; Domain=.connextra.com; Expires=Thu, 01-Feb-2024 16:10:06 GMT; Path=/; Secure
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
e0bc98d03057dabba1334b62bea0975b
b358a8123908fe4b1c94a1273cac45c4e23b212e
10ef320ba825ca0e17d039b66fd2f321f4d2c687a8734d226fa25e9b45e109d9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:10:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0

23.38.200.207

200 OK

0 B

URL HTTP/1.1
pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
IP
23.38.200.207:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /comp/img?mt_id=99&ns=xx&bcdv=0 HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 0
Access-Control-Allow-Origin: *
Server: MT3 404 ce67235 master iad-pixel-x13 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Wed, 01 Feb 2023 16:10:05 GMT
Date: Wed, 01 Feb 2023 16:10:06 GMT
Connection: keep-alive
Set-Cookie: uuid=beb563da-8ede-4800-9e8c-acde0277df5e; domain=.mathtag.com; path=/; expires=Thu, 29-Feb-2024 16:10:06 GMT; SameSite=None; Secure

secure.adnxs.com/bounce?%2Fseg%3Fadd%3D19736723%26t%3D1

185.89.211.12

200 OK

0 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D19736723%26t%3D1
IP
185.89.211.12:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bounce?%2Fseg%3Fadd%3D19736723%26t%3D1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:10:06 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 6f1224a2-f34a-4bc5-ab39-673239575dd6
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2GTyuUeIW!]tbP6j2F-XstGt!@Dc6$mX.[; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 02-May-2023 16:10:06 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

secure.adnxs.com/seg?add=19996931&t=1

185.89.211.12

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/seg?add=19996931&t=1
IP
185.89.211.12:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /seg?add=19996931&t=1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:10:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D19996931%26t%3D1
AN-X-Request-Uuid: a1611114-d2e2-422f-b44c-09a656d88037
Set-Cookie: uuid2=5135593378636078812; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 02-May-2023 16:10:06 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 947.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

www.powerplay.com/cdn-cgi/challenge-platform/h/b/cv/result/792bf4830d9dfac0

172.64.145.101

200 OK

6 B

URL HTTP/2
www.powerplay.com/cdn-cgi/challenge-platform/h/b/cv/result/792bf4830d9dfac0
IP
172.64.145.101:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
6 B (6 bytes)
Hash
7d14c6d06a6075d413d43d381c992eba
49bdfc1145f7c7a7bf870f069b9d23a97966cb30
f48bd14f1f30b485d99a2904d06cbd9fa03ccaa5779105a3d3cf963edb2ac385

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/cv/result/792bf4830d9dfac0 HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12573
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740
Cookie: JSESSIONID="ADubVcxgS9hd8k4lb3k7wXsxyj0PQXEPHUTEfYYU.tc-app6.rs.fsbtech.com:tc-app6.rs.fsbtech.com-wildfly"; currencyCode=USD; languageId=1; localeKey=en; siteId=222; SERVERID=tc-app6|Y9qO3|Y9qO3; __cf_bm=y.0vxo5FdMjn5yqeUFmEETRPsamZBR72Su6RpkmjjEA-1675267804-0-AdCrsl51DjHnZ03cwOKzNe0FuSmCmX+bEYvyOXEjU8+nItThaB7tE1ZJrD0lUjzBw3uUHRaLXFPhq6fi4aX0KMGphBIn2HPogf4X3k4XLV/g; _ga=GA1.2.350043815.1675267828; _gid=GA1.2.705488557.1675267828; _gat=1; fsb-powerplay-affiliates=%7B%22affiliateName%22%3A%22btag%22%2C%22affiliateValue%22%3A%22a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:10:06 GMT
content-type: text/plain; charset=UTF-8
set-cookie: __cf_bm=8qCbYrHdiiBlSRMNOX3rWBpBY4IzNT7CUtGJc6S999c-1675267806-0-AWF1NzyYnjEfGahE0UUsD0nlGtJaE1qi5nyRx11XkTyK+D2Wn+WCYU578bZCwPt68DMJLLZuB3kUPD/JHydYwQ9FNI8UfMT156CrEkZyuWZ1md+FIyWv3rV0y1UGERX7YrgKlVQy0PUblBTsIKqBOYpNzrnCffG+r5f879RItelbIE+lZP61U3bffui2Lqc+HSrHR7UkcfgEA2nywOIDM20=; path=/; expires=Wed, 01-Feb-23 16:40:06 GMT; domain=.www.powerplay.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 792bf48e5c48fac0-OSL
content-encoding: br
X-Firefox-Spdy: h2

acdn.adnxs.com/dmp/up/pixie.js

2.18.172.187

200 OK

3.3 kB

URL HTTP/1.1
acdn.adnxs.com/dmp/up/pixie.js
IP
2.18.172.187:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (9139), with no line terminators
Size
3.3 kB (3340 bytes)
Hash
75b9af81e30e45403e6856566e888545
d013e9a47331447f32c2bdf6f35b286e711788f0
dd26e2e55783f6174ceea7c7a3b10e5af1c7fca56fc2543956a38b848f32a151

HTTP Headers

GET /dmp/up/pixie.js HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Last-Modified: Wed, 02 Jun 2021 15:04:00 GMT
ETag: "60b79de0-23b3"
Unused62: 8096267
Server: nginx/1.13.10
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Content-Encoding: gzip
Content-Length: 3340
Cache-Control: max-age=86402
Expires: Thu, 02 Feb 2023 16:10:08 GMT
Date: Wed, 01 Feb 2023 16:10:06 GMT
Connection: keep-alive
Vary: Accept-Encoding

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
fcae25f15b1fdb4ec631f5a4a875ba6d
d52ee470629ef84159b2caf955bd9cf125ec7f86
904d42e2681be2eea49c2cc6b6721a6d649b297bff1b3b7ca149fb9e4da43015

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5125
Cache-Control: max-age=115478
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 16:10:06 GMT
Etag: "63d99aef-118"
Expires: Fri, 03 Feb 2023 00:14:44 GMT
Last-Modified: Tue, 31 Jan 2023 22:49:19 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280

ib.adnxs.com/pixie?e=PageView&pi=689728d9-60b8-4e36-ba76-2bfb9a87238d&it=1675267828882&v=0.0.20&u=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%26siteid%3D42740&st=1675267828882&et=1675267828882&if=0

185.89.210.20

200 OK

42 B

URL HTTP/1.1
ib.adnxs.com/pixie?e=PageView&pi=689728d9-60b8-4e36-ba76-2bfb9a87238d&it=1675267828882&v=0.0.20&u=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%26siteid%3D42740&st=1675267828882&et=1675267828882&if=0
IP
185.89.210.20:0
ASN
#29990 ASN-APPNEX

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pixie?e=PageView&pi=689728d9-60b8-4e36-ba76-2bfb9a87238d&it=1675267828882&v=0.0.20&u=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%26siteid%3D42740&st=1675267828882&et=1675267828882&if=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Wed, 01 Feb 2023 16:10:06 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 944.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com

in-automate.sendinblue.com/cm?uuid=1098a47a-26f9-4f4b-a7a4-7a0cc8d519ed&key=gm86guigrko4zzgucol1x&cuid=00e6a077-d8d7-469a-8f02-64d5943d955a

104.17.9.12

204 No Content

0 B

URL HTTP/2
in-automate.sendinblue.com/cm?uuid=1098a47a-26f9-4f4b-a7a4-7a0cc8d519ed&key=gm86guigrko4zzgucol1x&cuid=00e6a077-d8d7-469a-8f02-64d5943d955a
IP
104.17.9.12:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cm?uuid=1098a47a-26f9-4f4b-a7a4-7a0cc8d519ed&key=gm86guigrko4zzgucol1x&cuid=00e6a077-d8d7-469a-8f02-64d5943d955a HTTP/1.1
Host: in-automate.sendinblue.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sibautomation.com
Connection: keep-alive
Referer: https://sibautomation.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Wed, 01 Feb 2023 16:10:06 GMT
cf-ray: 792bf4905dcdb4f3-OSL
access-control-allow-origin: *
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-apo-via: origin,host
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

in-automate.sendinblue.com/p?key=gm86guigrko4zzgucol1x&cuid=00e6a077-d8d7-469a-8f02-64d5943d955a&ma_url=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%26siteid%3D42740&sib_type=page&ma_title=Online%20Betting%20%7C%20Live%20Casino%20%7C%20Bet%20with%20PowerPlay%20%7C%20Free%20Bet%20Offers&sib_name=Online%20Betting%20%7C%20Live%20Casino%20%7C%20Bet%20with%20PowerPlay%20%7C%20Free%20Bet%20Offers&ma_referrer=&ma_path=%2Flp%2FCA_LP_1000CB%2F

104.17.9.12

204 No Content

0 B

URL HTTP/2
in-automate.sendinblue.com/p?key=gm86guigrko4zzgucol1x&cuid=00e6a077-d8d7-469a-8f02-64d5943d955a&ma_url=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%26siteid%3D42740&sib_type=page&ma_title=Online%20Betting%20%7C%20Live%20Casino%20%7C%20Bet%20with%20PowerPlay%20%7C%20Free%20Bet%20Offers&sib_name=Online%20Betting%20%7C%20Live%20Casino%20%7C%20Bet%20with%20PowerPlay%20%7C%20Free%20Bet%20Offers&ma_referrer=&ma_path=%2Flp%2FCA_LP_1000CB%2F
IP
104.17.9.12:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p?key=gm86guigrko4zzgucol1x&cuid=00e6a077-d8d7-469a-8f02-64d5943d955a&ma_url=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%26siteid%3D42740&sib_type=page&ma_title=Online%20Betting%20%7C%20Live%20Casino%20%7C%20Bet%20with%20PowerPlay%20%7C%20Free%20Bet%20Offers&sib_name=Online%20Betting%20%7C%20Live%20Casino%20%7C%20Bet%20with%20PowerPlay%20%7C%20Free%20Bet%20Offers&ma_referrer=&ma_path=%2Flp%2FCA_LP_1000CB%2F HTTP/1.1
Host: in-automate.sendinblue.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Wed, 01 Feb 2023 16:10:07 GMT
cf-ray: 792bf4915f2eb4f3-OSL
access-control-allow-origin: *
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-apo-via: origin,host
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13475
Expires: Wed, 01 Feb 2023 19:54:42 GMT
Date: Wed, 01 Feb 2023 16:10:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13475
Expires: Wed, 01 Feb 2023 19:54:42 GMT
Date: Wed, 01 Feb 2023 16:10:07 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13475
Expires: Wed, 01 Feb 2023 19:54:42 GMT
Date: Wed, 01 Feb 2023 16:10:07 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5736 bytes)
Hash
2998f7f50ac0eec931c348e8a0fb0c60
f5e411cda74cb7fb4a662f4787e9543b9749c8b5
0c81413a819e379212bf757b1c9469415aec2ac8fdf47f94ff23c420a1da20e1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5736
x-amzn-requestid: 895ee89b-8d2e-42f9-a392-466557f8a0d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffEtEGk_oAMFYPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e7ed-026a1b0d79dc7eb572317bd2;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:28:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 64EbarGrn6AIpXOE8TIfiBeGFQinx-P9lUIvmiQ1ivZgFrxl7_W4EQ==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:57:42 GMT
age: 65545
etag: "f5e411cda74cb7fb4a662f4787e9543b9749c8b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15857 bytes)
Hash
4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: pU_436f27nMZKPxZZWqZekERHFTvcG5NT5p_CYEXHRPtIWjDtSA-uA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:15:18 GMT
age: 32089
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9600 bytes)
Hash
3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 22:03:43 GMT
age: 65184
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F591a38fc-2daf-42e7-a48b-a02e54cb63e0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.0 kB (7049 bytes)
Hash
3c83dcdb618756ebbfeb69a8bff6d38c
5f909182ab6847690e7ebd100e3f0d2798e36192
2e29d0747fb973908228501178465ac09f6553ef8e50dd70ee617f3379eb733c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F591a38fc-2daf-42e7-a48b-a02e54cb63e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7049
x-amzn-requestid: bc6522f2-eb6b-4e59-9912-0c03d145f021
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fk31LGE2IAMF8rw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d839ba-67477ed1260c27f67e28043d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 21:42:18 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Q_aVbWJKMbX1_bjggzbdnWbgmfooGvXj76t55QGGXRr_y6ZgW2gctw==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:52:24 GMT
age: 65863
etag: "5f909182ab6847690e7ebd100e3f0d2798e36192"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/interac.svg

54.230.245.131

200 OK

13 kB

URL HTTP/2
d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/interac.svg
IP
54.230.245.131:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (636)
Size
13 kB (12975 bytes)
Hash
3647c9731631533d27f446e832664dbe
c36e2c3cec808cee737218f448b5904960265d40
cda7b51c0e4bd7a745ea29ef9c522f7990d1e02e015315c7d626964252143167

HTTP Headers

GET /img/newcss_landing/img/interac.svg HTTP/1.1
Host: d1l906mtvq85kd.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Mon, 23 Jan 2023 15:36:34 GMT
server: AmazonS3
content-encoding: br
date: Wed, 01 Feb 2023 10:40:08 GMT
etag: W/"fcb02d38486eb3d81c95c94facce9aaa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 04aHUGxmyxgXpl8oNNtOoQFojMzrTLscEUOjQWOH5t_XG_e1nwzonQ==
age: 19798
X-Firefox-Spdy: h2

d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/customer_support.svg

54.230.245.131

200 OK

22 kB

URL HTTP/2
d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/customer_support.svg
IP
54.230.245.131:0
ASN
#16509 AMAZON-02

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15729), with CRLF line terminators
Size
22 kB (22485 bytes)
Hash
037cbcf3eb349f8686735c38c8c40956
a57cbefef6c023ab804d27a4556543fec66db114
2fa57eab4cd1d222daf3279093fb9eb576c6e765449ecfca612464c0a8773e58

HTTP Headers

GET /img/newcss_landing/img/en/customer_support.svg HTTP/1.1
Host: d1l906mtvq85kd.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
date: Wed, 01 Feb 2023 04:04:31 GMT
last-modified: Mon, 23 Jan 2023 15:36:13 GMT
etag: W/"d9a751c72a8508aeb17a8b8a597cd25d"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fMAkEJx0s5RGMRZbwKTBHLm1CUfPstapFn1h3YyuoGhhcOv_JqCHrw==
age: 43535
X-Firefox-Spdy: h2

unphionetor.com/vbri?t=93873&bid=undefined&aid=undefined&tp=4271

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbri?t=93873&bid=undefined&aid=undefined&tp=4271
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbri?t=93873&bid=undefined&aid=undefined&tp=4271 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Wed, 01 Feb 2023 16:10:08 GMT
access-control-allow-origin: https://www.powerplay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 4ad0d91d6e5a12d5134ad1995b8628f0
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

www.powerplay.com/cdn-cgi/rum?

172.64.145.101

204 No Content

0 B

URL HTTP/2
www.powerplay.com/cdn-cgi/rum?
IP
172.64.145.101:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 631
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740
Cookie: JSESSIONID="ADubVcxgS9hd8k4lb3k7wXsxyj0PQXEPHUTEfYYU.tc-app6.rs.fsbtech.com:tc-app6.rs.fsbtech.com-wildfly"; currencyCode=USD; languageId=1; localeKey=en; siteId=222; SERVERID=tc-app6|Y9qO3|Y9qO3; __cf_bm=8qCbYrHdiiBlSRMNOX3rWBpBY4IzNT7CUtGJc6S999c-1675267806-0-AWF1NzyYnjEfGahE0UUsD0nlGtJaE1qi5nyRx11XkTyK+D2Wn+WCYU578bZCwPt68DMJLLZuB3kUPD/JHydYwQ9FNI8UfMT156CrEkZyuWZ1md+FIyWv3rV0y1UGERX7YrgKlVQy0PUblBTsIKqBOYpNzrnCffG+r5f879RItelbIE+lZP61U3bffui2Lqc+HSrHR7UkcfgEA2nywOIDM20=; _ga=GA1.2.350043815.1675267828; _gid=GA1.2.705488557.1675267828; _gat=1; fsb-powerplay-affiliates=%7B%22affiliateName%22%3A%22btag%22%2C%22affiliateValue%22%3A%22a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%22%7D; sib_cuid=00e6a077-d8d7-469a-8f02-64d5943d955a
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
date: Wed, 01 Feb 2023 16:10:13 GMT
access-control-allow-origin: https://www.powerplay.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 792bf4b9d84bfac0-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/fonts.min.css

160.153.235.136

200 OK

0 B

URL HTTP/2
powerplay-content.com/assets/newcss_landing/fonts.min.css
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/newcss_landing/fonts.min.css HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:10:05 GMT
content-type: text/css
last-modified: Wed, 17 Mar 2021 09:41:15 GMT
vary: Accept-Encoding
etag: W/"6051cebb-b04"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2

d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/icons/ssc.svg

54.230.245.131

200 OK

0 B

URL HTTP/2
d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/icons/ssc.svg
IP
54.230.245.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/newcss_landing/img/icons/ssc.svg HTTP/1.1
Host: d1l906mtvq85kd.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
date: Wed, 01 Feb 2023 04:04:31 GMT
last-modified: Mon, 23 Jan 2023 15:36:30 GMT
etag: W/"bc2790be32cfee9723fe312249dcdf4d"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: W-lb8P1h2XUYU0AqkwB-U40hAsA_AgGJ6OLjUvUl-g0FkU0rZSABZQ==
age: 43534
X-Firefox-Spdy: h2

d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/CA/1000depositbonus/1000deposit-bonus-underbtn.svg

54.230.245.131

200 OK

0 B

URL HTTP/2
d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/CA/1000depositbonus/1000deposit-bonus-underbtn.svg
IP
54.230.245.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/newcss_landing/img/en/CA/1000depositbonus/1000deposit-bonus-underbtn.svg HTTP/1.1
Host: d1l906mtvq85kd.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
date: Wed, 01 Feb 2023 13:50:13 GMT
last-modified: Mon, 23 Jan 2023 15:35:34 GMT
etag: W/"5a1b169ebec318df345f5d3171db5d31"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: NbUWmni2g-hS4DyUnH2SMI9DobRMO_D2a6ni8Ct19ch2gT3e06TYCw==
age: 8393
X-Firefox-Spdy: h2

d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/pp-logolock-en-onblk-pic.svg

54.230.245.131

200 OK

0 B

URL HTTP/2
d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/pp-logolock-en-onblk-pic.svg
IP
54.230.245.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/newcss_landing/img/en/pp-logolock-en-onblk-pic.svg HTTP/1.1
Host: d1l906mtvq85kd.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
date: Wed, 01 Feb 2023 11:45:08 GMT
last-modified: Mon, 23 Jan 2023 15:36:15 GMT
etag: W/"1238ea05289cec3c4e89545e95d4e658"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qFgFSe-jiE8ZFBDjsYJSvRHrV7jjEcSJTtHBLl_NN_PY8cBn6YgubQ==
age: 15898
X-Firefox-Spdy: h2

www.powerplay.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675267200

172.64.145.101

200 OK

0 B

URL HTTP/2
www.powerplay.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675267200
IP
172.64.145.101:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1675267200 HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: JSESSIONID="ADubVcxgS9hd8k4lb3k7wXsxyj0PQXEPHUTEfYYU.tc-app6.rs.fsbtech.com:tc-app6.rs.fsbtech.com-wildfly"; currencyCode=USD; languageId=1; localeKey=en; siteId=222; SERVERID=tc-app6|Y9qO3|Y9qO3; __cf_bm=y.0vxo5FdMjn5yqeUFmEETRPsamZBR72Su6RpkmjjEA-1675267804-0-AdCrsl51DjHnZ03cwOKzNe0FuSmCmX+bEYvyOXEjU8+nItThaB7tE1ZJrD0lUjzBw3uUHRaLXFPhq6fi4aX0KMGphBIn2HPogf4X3k4XLV/g; _ga=GA1.2.350043815.1675267828; _gid=GA1.2.705488557.1675267828; _gat=1; fsb-powerplay-affiliates=%7B%22affiliateName%22%3A%22btag%22%2C%22affiliateValue%22%3A%22a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:10:05 GMT
content-type: application/javascript; charset=UTF-8
x-control-type-options: nosniff
cache-control: max-age=14400, public
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 792bf489e9b9fac0-OSL
content-encoding: br
X-Firefox-Spdy: h2

sibautomation.com/sa.js?key=gm86guigrko4zzgucol1x

104.18.34.145

200 OK

0 B

URL HTTP/2
sibautomation.com/sa.js?key=gm86guigrko4zzgucol1x
IP
104.18.34.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sa.js?key=gm86guigrko4zzgucol1x HTTP/1.1
Host: sibautomation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:10:06 GMT
content-type: text/javascript; charset=utf-8
cf-bgj: minify
cf-polished: origSize=10702
access-control-allow-origin: *
etag: W/"29ce-hK8ZQE0CNmNYRH14ZmvQV2/Ei1M"
vary: Accept-Encoding
x-powered-by: Sails <sailsjs.com>
cf-cache-status: REVALIDATED
expires: Wed, 01 Feb 2023 16:11:05 GMT
cache-control: public, max-age=60
server: cloudflare
cf-ray: 792bf489ef8bb511-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

propeller-tracking.com/fv.js?t=93873

139.45.197.240

200 OK

0 B

URL HTTP/2
propeller-tracking.com/fv.js?t=93873
IP
139.45.197.240:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /fv.js?t=93873 HTTP/1.1
Host: propeller-tracking.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:10:05 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 84aeef86d8e976d67a313ee9f956801e
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/button-img.svg

54.230.245.131

200 OK

0 B

URL HTTP/2
d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/button-img.svg
IP
54.230.245.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/newcss_landing/img/en/button-img.svg HTTP/1.1
Host: d1l906mtvq85kd.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Mon, 23 Jan 2023 15:36:13 GMT
server: AmazonS3
content-encoding: gzip
date: Wed, 01 Feb 2023 10:40:08 GMT
etag: W/"df7fffc16d00640a8b764172e66600b7"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GZswNpLOKIAsbcSDY5ORvOsomqS2Yn3zjIYDG27P9VVwrswQEHzkVA==
age: 19798
X-Firefox-Spdy: h2

d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/CA/1000depositbonus/lp-timer-icon-en.svg

54.230.245.131

200 OK

0 B

URL HTTP/2
d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/CA/1000depositbonus/lp-timer-icon-en.svg
IP
54.230.245.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/newcss_landing/img/en/CA/1000depositbonus/lp-timer-icon-en.svg HTTP/1.1
Host: d1l906mtvq85kd.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Mon, 23 Jan 2023 15:35:38 GMT
server: AmazonS3
content-encoding: gzip
date: Wed, 01 Feb 2023 12:33:43 GMT
etag: W/"80d659da9111664228d9c30760bc5353"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: py1voIpy5HxkRTRPygCWy-MmvbBTabhF7fnvEbwcS0wzZgWF3qpx7Q==
age: 12983
X-Firefox-Spdy: h2

d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/icons/fbt.svg

54.230.245.131

200 OK

0 B

URL HTTP/2
d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/icons/fbt.svg
IP
54.230.245.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/newcss_landing/img/icons/fbt.svg HTTP/1.1
Host: d1l906mtvq85kd.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Mon, 23 Jan 2023 15:36:05 GMT
server: AmazonS3
content-encoding: gzip
date: Wed, 01 Feb 2023 09:36:19 GMT
etag: W/"1bbe445967b22e01c73375f73e3dca2a"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8CI1GaeG29wdcbAmNyta5fVjVIJ37kv_YYOb9K0uSA02yw8gRiDnwg==
age: 23627
X-Firefox-Spdy: h2

www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740

172.64.145.101

200 OK

0 B

URL HTTP/2
www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740
IP
172.64.145.101:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740 HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:10:04 GMT
content-type: text/html;charset=UTF-8
cf-ray: 792bf4830d9dfac0-OSL
cache-control: private
content-language: en-US
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: JSESSIONID="ADubVcxgS9hd8k4lb3k7wXsxyj0PQXEPHUTEfYYU.tc-app6.rs.fsbtech.com:tc-app6.rs.fsbtech.com-wildfly"; Version=1; Path=/; Secure; HttpOnly
currencyCode=USD; path=/; secure; Max-Age=31536000; Expires=Thu, 01-Feb-2024 16:10:04 GMT
languageId=1; path=/; secure; Max-Age=31536000; Expires=Thu, 01-Feb-2024 16:10:04 GMT
localeKey=en; path=/; secure; Max-Age=31536000; Expires=Thu, 01-Feb-2024 16:10:04 GMT
siteId=222; path=/; secure; HttpOnly; Max-Age=31536000; Expires=Thu, 01-Feb-2024 16:10:04 GMT
SERVERID=tc-app6|Y9qO3|Y9qO3; path=/; Secure; SameSite=None; HttpOnly
__cf_bm=y.0vxo5FdMjn5yqeUFmEETRPsamZBR72Su6RpkmjjEA-1675267804-0-AdCrsl51DjHnZ03cwOKzNe0FuSmCmX+bEYvyOXEjU8+nItThaB7tE1ZJrD0lUjzBw3uUHRaLXFPhq6fi4aX0KMGphBIn2HPogf4X3k4XLV/g; path=/; expires=Wed, 01-Feb-23 16:40:04 GMT; domain=.www.powerplay.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

www.powerplay.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

172.64.145.101

200 OK

0 B

URL HTTP/2
www.powerplay.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
172.64.145.101:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/lp/CA_LP_1000CB/?btag=a_42740b_17875c_cr_-_w07927hqus93ooam2ag9fid0&siteid=42740
Cookie: JSESSIONID="ADubVcxgS9hd8k4lb3k7wXsxyj0PQXEPHUTEfYYU.tc-app6.rs.fsbtech.com:tc-app6.rs.fsbtech.com-wildfly"; currencyCode=USD; languageId=1; localeKey=en; siteId=222; SERVERID=tc-app6|Y9qO3|Y9qO3; __cf_bm=y.0vxo5FdMjn5yqeUFmEETRPsamZBR72Su6RpkmjjEA-1675267804-0-AdCrsl51DjHnZ03cwOKzNe0FuSmCmX+bEYvyOXEjU8+nItThaB7tE1ZJrD0lUjzBw3uUHRaLXFPhq6fi4aX0KMGphBIn2HPogf4X3k4XLV/g
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:10:04 GMT
content-type: application/javascript
last-modified: Mon, 30 Jan 2023 14:59:41 GMT
etag: W/"63d7db5d-302c"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 792bf4849e75fac0-OSL
x-frame-options: DENY
expires: Fri, 03 Feb 2023 16:10:04 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/uil.min.css

160.153.235.136

200 OK

0 B

URL HTTP/2
powerplay-content.com/assets/newcss_landing/uil.min.css
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/newcss_landing/uil.min.css HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 16:10:05 GMT
content-type: text/css
last-modified: Mon, 18 Jul 2022 15:26:11 GMT
vary: Accept-Encoding
etag: W/"62d57b93-110a1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2

d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/icons/ast.svg

54.230.245.131

200 OK

0 B

URL HTTP/2
d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/icons/ast.svg
IP
54.230.245.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/newcss_landing/img/icons/ast.svg HTTP/1.1
Host: d1l906mtvq85kd.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Mon, 23 Jan 2023 15:36:06 GMT
server: AmazonS3
content-encoding: br
date: Wed, 01 Feb 2023 04:04:31 GMT
etag: W/"8b2b6c924753ab5a19747b7798e4a3ac"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 6Lz0NlHCU0v-KHU35TyFXrgw0M84_hhVBIyW4dJV_cZR75fvb1Cvcw==
age: 43534
X-Firefox-Spdy: h2

d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/icons/lcn.svg

54.230.245.131

200 OK

0 B

URL HTTP/2
d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/icons/lcn.svg
IP
54.230.245.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/newcss_landing/img/icons/lcn.svg HTTP/1.1
Host: d1l906mtvq85kd.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Mon, 23 Jan 2023 15:36:32 GMT
server: AmazonS3
content-encoding: br
date: Wed, 01 Feb 2023 04:04:31 GMT
etag: W/"6460f0761c4ee35d813175d001059f78"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _ss5jBPxzSBBYgv8ddcZGld1RTlrMZQ_JhhtO_MzgLG33DqiwEFi9w==
age: 43534
X-Firefox-Spdy: h2

d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/ppcom-logo-en-la-onblk-casino.svg

54.230.245.131

200 OK

0 B

URL HTTP/2
d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/ppcom-logo-en-la-onblk-casino.svg
IP
54.230.245.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/newcss_landing/img/en/ppcom-logo-en-la-onblk-casino.svg HTTP/1.1
Host: d1l906mtvq85kd.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
last-modified: Mon, 23 Jan 2023 15:36:12 GMT
server: AmazonS3
content-encoding: br
date: Wed, 01 Feb 2023 08:37:42 GMT
etag: W/"44e923ed49bceba83e898e861c753a5d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Web8op0F2uihGd_sR12E_ZcK-N0rTc8Z8gXwJ8hDTRQ0dbtVSPSeOw==
age: 27144
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993

104.16.57.101

200 OK

0 B

URL HTTP/2
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP
104.16.57.101:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:10:05 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bf485490fb51e-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/CA/1000depositbonus/1000deposit-bonus-top.svg

54.230.245.131

200 OK

0 B

URL HTTP/2
d1l906mtvq85kd.cloudfront.net/img/newcss_landing/img/en/CA/1000depositbonus/1000deposit-bonus-top.svg
IP
54.230.245.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /img/newcss_landing/img/en/CA/1000depositbonus/1000deposit-bonus-top.svg HTTP/1.1
Host: d1l906mtvq85kd.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/svg+xml
date: Wed, 01 Feb 2023 13:50:13 GMT
last-modified: Mon, 23 Jan 2023 15:35:10 GMT
etag: W/"6fef3ff7f96027a29b5e4e784874701a"
server: AmazonS3
content-encoding: br
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GrKR971JVtfeAkh1AX6JVQJcDgu5dfOGmVPw0sPdlB36biKFs4u8yQ==
age: 8393
X-Firefox-Spdy: h2

sibautomation.com/cm.html?key=gm86guigrko4zzgucol1x

104.18.34.145

200 OK

0 B

URL HTTP/2
sibautomation.com/cm.html?key=gm86guigrko4zzgucol1x
IP
104.18.34.145:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cm.html?key=gm86guigrko4zzgucol1x HTTP/1.1
Host: sibautomation.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 16:10:06 GMT
content-type: text/html; charset=utf-8
x-powered-by: Sails <sailsjs.com>
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
expires: Wed, 01 Feb 2023 18:10:06 GMT
cache-control: public, max-age=7200
server: cloudflare
cf-ray: 792bf48e9de8b511-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (30)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML