{"report_id":"2fedf428-fcb3-4706-b57c-aa18ab76493c","version":0,"status":"done","tags":[],"date":"2026-07-12T22:22:11Z","url":{"schema":"http","addr":"winxixp.top/","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"172.67.201.59","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"winxixp.top/","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"title":"Winxixp: Most Popular Online Crypto Casino \u0026 Prediction Markets","dom":{"size":381369,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with very long lines (48693)","md5":"ab78301042bce225b81b2853c9ea25e0","sha1":"67f8e90ee825e157b4e9d0ee77b720dae0967c57","sha256":"75034674b3d2aafa1f03d8fdba51cef28fba0ac2ca1162c96cc47aa59682d1aa","sha512":"37cd85fd00c409260703a261c6b452c19871672a9c5aadb60f7f708c78dbb61924dd362b43eb1e23a52c83b102e1e83a2df8fcdcaa9a338150333c4146634b00","ssdeep":"3072:He+A1FP3MATObiTKeTK/kuPwhVPkwPs23jym:He9ptkgjym","tlshash":"1f841cbc120116bdb06b87e5fa50f39ea12fd199de93cd0df3ac82862bc6c98cd54594","dom_hash":"domhashdb51b22eb75515ad38009559a59db066","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"winxixp.top/","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"172.67.201.59","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-16T22:22:11Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"op-api.gambl.bet","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"mycasinoapi.biz","ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-04","domain_rank":0,"first_seen":"2026-07-10T22:57:00.871632Z","last_seen":"2026-07-10T22:57:00.871632Z","alert_count":0,"request_count":44,"received_data":4065954,"sent_data":24123,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-07-05T22:22:24.069932Z","alert_count":0,"request_count":1,"received_data":4464,"sent_data":525,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"winxixp.top","ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2026-05-31","domain_rank":0,"first_seen":"2026-07-10T22:56:41.723562Z","last_seen":"2026-07-10T22:56:41.723562Z","alert_count":44,"request_count":44,"received_data":5911736,"sent_data":27515,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"op-api.gambl.bet","ip":{"addr":"104.21.8.217","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-07-10T22:56:41.726368Z","last_seen":"2026-07-10T22:56:41.726368Z","alert_count":2,"request_count":2,"received_data":2398,"sent_data":1142,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-07-12T22:19:35.511658Z","alert_count":0,"request_count":2,"received_data":61088,"sent_data":1134,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"winxixp.top/assets/index-Cht9A9cj.js","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"278a482bb3027275ea10bec92e0bb366","sha1":"32aab18bcd9acb27006a84024951aaa15b8eec60","sha256":"c0e656c43b6016dc47aa09b23e98cef32852f650dcb08eb335dd466920d4a90b","sha512":"04b8473eaa38ff69aa31482ff0002e0da0ad1706d6424c4cf07d3cde0b51fcde60f4415dd564d91960628c91e9aa604e85339bc94e10be2921da6e5714e0c148","ssdeep":"49152:HHrY0IoeS1FPCzn2oaXXBRHjJgCTTaBOpkL/SwxNnlgsJJG0tf07xw4RGUWe3/An:mnbBvtf0d8UWe3s6rpGpj","tlshash":"d9b5ae4cb386b6bd576b66d4749e543eb03c1a38f56ec440e0fca82a24f5850a17bf9c","size":2445112,"data":"","first_seen":"2026-07-10T22:56:48.124091Z","last_seen":"2026-07-12T22:22:18.581291Z","times_seen":23,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"1c862db5f2555377c2dc1e62ed7b3981","sha1":"c29e6dc25c08a70995127ec13ded6f80d9a36174","sha256":"27d373a6961f797edf69a80f7f24877ef85c2fc4f9f770b2540b1bf5e66823ac","sha512":"31143265b96385ef4b575b72591775139057dff85891be61591e3d55259b6d1dc95d86a0feec40c801d38e64278cfbe50c3c2a16757f986ad40f716935bf2bb2","ssdeep":"","tlshash":"2580008a208820008aa323a0002b2c8800a000b028808c808080e8a20ca2030220baac","size":26,"data":"","first_seen":"2023-04-11T21:13:06Z","last_seen":"2026-07-14T07:17:02.601422Z","times_seen":357209,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"info","text":"🌐 i18next is maintained with support from Locize — consider powering your project with managed localization (AI, CDN, integrations): https://locize.com 💙","filename":"https://winxixp.top/assets/index-Cht9A9cj.js","line_number":9,"column_number":70797}]},"http":[{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/10252.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.561Z","timestamp":1783894901561,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/10252.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"362ec-19e87eacefc\"\r\nlast-modified: Tue, 02 Jun 2026 10:39:33 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aX2dLO%2FN67iV1syva26KzCrqt6WLe%2FoY3GXdmWCfC9LfIRIfsGgEzY3ugjwj6rmTejPmBTazfsFRFvdQ%2Fwc7tM6L32o6%2BhWlvj6GdfIF4ZJpJyReShTNrZkX62upnqecmbI%3D\"}]}\r\ncf-ray: a1a3713ec8edb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 221932\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":221932,"size_decoded":223338,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"69a0fa2d703719c48caacbaf60662dc6","sha1":"cb65f90b421e047cf0914f41d83bc17f3bd225cd","sha256":"d96e9f6f16bef404f43481622dbbc4493e3817d3dcfe39bfb06acc62488235a0","sha512":"bb73ba15a4af3df1377ee2af713faba149687a1c3f8e85bcae9ef8f632e550b806ddbdcf70ca18ce4d78e1e332effcf357f02a7b4ddb722248c589ee72c8c230","ssdeep":"6144:s4FIep3dbJUj1PxoQWFgoZ134nL1qVblk5bt:sg3dbJsoQWFtZ13e1qVAbt","tlshash":"182423026336c3a8247df6b09a239b00c11ef775c3bf59c3b5ab47ed46f09a21619768","first_seen":"2026-07-10T22:56:48.034741Z","last_seen":"2026-07-12T22:22:18.493278Z","times_seen":8,"resource_available":false,"data":null}},"time_used":391,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":210,"receive":181,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Fredoka:wght@500;600;700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:39.899Z","timestamp":1783894899899,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:24 GMT","end":"Mon, 14 Sep 2026 08:37:23 GMT"},"fingerprint":{"sha1":"85:D0:EC:C2:01:33:25:23:96:FB:2B:54:90:54:84:07:0A:49:1F:03","sha256":"9D:7C:1C:9C:6A:25:1E:17:E0:DC:FD:42:95:CA:47:3D:C1:9C:20:FB:22:47:02:E3:27:EC:7C:62:03:30:83:BA"}}},"request":{"raw":"GET /css2?family=Fredoka:wght@500;600;700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 12 Jul 2026 22:21:39 GMT\r\ndate: Sun, 12 Jul 2026 22:21:39 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3780,"size_decoded":1186,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"dff37f530356962f9042a52f2e2d9e04","sha1":"4a10361ecd34c94ddaec3f82bd97736306878225","sha256":"b4bd5c6a85689354d43184dcec1d502ad4b5627d7b2b177f5ab6b11df20c3c6a","sha512":"09ec8fe6a71b99c8c4f58bcf6b04f162be9e6a0f75ee30c664e20af5e461a300daf3f90a10ec7789eec52ac8ee2afedda821dac8c5ab74eff65bebc118263aba","ssdeep":"","tlshash":"3171cd91041f5184eb835dd163da7e36ee0f60516818d4669bfd18e8bcead72831271d","first_seen":"2026-05-03T09:25:58.421196Z","last_seen":"2026-07-12T22:22:18.494177Z","times_seen":26,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":-1,"dns":0,"connect":15,"send":0,"wait":36,"receive":0,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/index-Cht9A9cj.js","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:39.901Z","timestamp":1783894899901,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/index-Cht9A9cj.js HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=EfNZJb8SUu8Owlm6; __ddg10_=1783894899; __ddg9_=172.64.209.36; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=leFniOsBhudtfgla; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=172.64.209.60; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: application/javascript\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: W/\"6a51f93e-254f38\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 18121\r\nddg-cache-status: HIT,MISS\r\nserver-timing: cfExtPri\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yo2DzlqDda%2FmMqJ%2BGr7vhZLJ9fUPrHNqd0beNzskY94DrJjgEZORIFjpvTlRbqWfrWcsP85ZjufaQudYMGqpyUsrFZQfxLodf3A8vD058F2AB9vH%2FPE3caqEh6i%2FQw%3D%3D\"}]}\r\ncf-ray: a1a371346cfd35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 683062\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2445112,"size_decoded":684218,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (42322)","md5":"01fdc1961eacde70d8484dd6424845a5","sha1":"9075ad40276bc3b5db252480032be325071fe10f","sha256":"68eb431342e5abd8e9b68b53d444ed9454eb510694fd9f699c85abaa9902c5d4","sha512":"25e57e42896cfe199cc07934d5b0ab55f342c2f04600fca0b5f0b6d8372e524a2dbcd8be0566d86c766c44cfffcce9b6352944d081840ae392ea8674337834e6","ssdeep":"24576:/fHR6OsZ0IoekZ1iIPCzpp2oaXXBRzTtq7MJFKC2:HHrY0IoeS1FPCzn2oaXXBRHjJgC2","tlshash":"73358e0c67edb2b9059b724538492d3b757c1839f6e6825198e8bb6f20f1c64c13fb68","first_seen":"2026-07-12T22:22:18.49498Z","last_seen":"2026-07-12T22:22:18.49498Z","times_seen":1,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":140,"receive":116,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/stuffs-DiuQsYY8.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.656Z","timestamp":1783894900656,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/stuffs-DiuQsYY8.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=YxeK82SngDEjksYe; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=172.64.209.30; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93e-7cd4\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QQufvozYBdNlyuxDJfy3lGB2qu5tuoBhtRhdIz38Mp3uNbNcXsLiH9%2BJjvytH1oAUruJTRtrvGQFgIiRN%2Bcp8r%2BDii5jlSVe%2BbUhX2wk2m7qPsjHOE66R%2BYmCOj0Lw%3D%3D\"}]}\r\ncf-ray: a1a371392d6b35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 31956\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31956,"size_decoded":33046,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"f28aee87221a0188368df4771f80ef49","sha1":"45ae42fae9ad8621f08cd4e5ccb4ecadf3343bf7","sha256":"96e99af8af3baa3249a28c2850442e8481b73a7fcb99aca9ef796ad6721c1569","sha512":"470bd2489a9aa993c6051841e95bc7ff88fe952fdf8cf97e8369fe3a406eece4a4ebb24186be403fa046c2f244dda766bb9382384e47c6e7ef9b3e1e0fd5ffb8","ssdeep":"768:YMyqtRHhc2ORBGSTZS/7FZDBHwyVC+lPK1SdW:byqtRi2OR+ZtHF9v8","tlshash":"8ee2e13ae81308dd65a1f88f8f9e185fb1c5b38ab6e5db8065345cb4245a454283752f","first_seen":"2026-05-03T09:25:58.572004Z","last_seen":"2026-07-12T22:22:18.49657Z","times_seen":24,"resource_available":false,"data":null}},"time_used":388,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":338,"receive":50,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/fonts/Proxima%20Nova%20Extrabold.ttf","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.717Z","timestamp":1783894900717,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /fonts/Proxima%20Nova%20Extrabold.ttf HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/assets/index-s28uPECG.css\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=OhXf0907p4PGk8lj; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.16; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\nserver-timing: cfExtPri\r\ncontent-type: application/octet-stream\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: \"6a51f93d-1f9a0\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:17 GMT\r\nage: 2\r\nddg-cache-status: MISS,MISS\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lmPu%2Bdh6gpCocovjbVZ9tEWwhx6ltLCYU3%2F644M2rZ2Q41FHNgLW41NqaOrK71BT%2Bjx3FU%2FrwyZk7YUJoJayM0tlM3bJO6vlTXRkdZDEjSzvMB9SQQIqP8UalaG4AQ%3D%3D\"}]}\r\ncf-ray: a1a371397d7d35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 129440\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":129440,"size_decoded":130524,"mime_type":"application/octet-stream","magic":"TrueType Font data, 15 tables, 1st \"FFTM\", 30 names, Macintosh","md5":"ecce738438b07e0f2700c264633fc55b","sha1":"8d0e90e6a0f9dbe299f7f07c765df1626c1fdd20","sha256":"6cd9cca7999d5953f3c596cd7b4822d1a871a2d3b8b85823243ab1368a2234de","sha512":"5441a6b93c92e27fa185349be7289859eb7701537245b89ee5fd2bc221e46305bdbaf6024e7c9d8c11ea94a27f51036f5e0a76aad96335dfee7bb2f372c3c9a5","ssdeep":"3072:gcDXjxKwoaX0gLZOVKk/PoSR0Y5CURdoM2E8H7O1j7B3+gAyR1S:gxjVQSR0YjRWgS","tlshash":"33c34b43e383cf5edba999be9d31f3753616e67d6f6a330e63402079f50b2a8a050185","first_seen":"2026-04-14T01:08:26.757884Z","last_seen":"2026-07-12T22:22:18.497434Z","times_seen":29,"resource_available":false,"data":null}},"time_used":576,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":339,"receive":237,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/tron-BZApJ2eW.svg","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.894Z","timestamp":1783894900894,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/tron-BZApJ2eW.svg HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=z5JQrmO4JbomTCEJ; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.8; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:21:42 GMT\r\netag: W/\"6a51f93e-271b\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 4\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=wU%2Bc2iD81%2F3O1yJQ2OonT9mwvGMwWSU6p6gDiFB9ZPF29u3Xo06UF6dNGsBb9jt2zmEcxAbGDbxHMQWCLyUCzDK%2BF4sFgj%2FQvpCBOPQWIqjUcmoa4ZeT6KdSRH4LkA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1a3713a9db035a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10011,"size_decoded":5266,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"6240b2bcb50d109a6e30c90d5b4c4a2b","sha1":"b9ac50ac536b859bff64ac6f811726ab0b189698","sha256":"209fa71e5bed05604e1c6aaf5e49788ac77a338aee22c651c69f0221677ef501","sha512":"8f301595be83c08f9b4462ab8d562e832ae4f7d6c7b61622a369badd44afbb3a101f26a6b4a7861b7b49c493e95b43326b8f2126c5dfe99565d99bfc5c1635f4","ssdeep":"192:71jYen8OoOMx9CQk+PMnqIRcgqxv8qqQX0:hjC0+PMZRqxHqQX0","tlshash":"5222c5ce67f5a9f0f006f7d9ca620479311b68f93a02ce5bc7e90d89a11185ed586ccb","first_seen":"2026-05-03T09:25:58.539074Z","last_seen":"2026-07-12T22:22:18.498271Z","times_seen":24,"resource_available":false,"data":null}},"time_used":1161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1161,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/chicken-road-race-mini-inout.jpg","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.520Z","timestamp":1783894901520,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/chicken-road-race-mini-inout.jpg HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/jpeg\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"2fb27-19e1889e02c\"\r\nlast-modified: Mon, 11 May 2026 19:35:49 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xwlNzvitCtcpa40wrrQRFX12gdnbavcC%2B8CHU4RV3WYUNs6z4HZnrg%2BfLJy%2Fyb3%2F2K3rwG3cXTtbjfeoB8%2BhK2NMKPDUWhqCEL8bd2wXHB2CHmH%2BtkJyGnHL39PqNPPsMiA%3D\"}]}\r\ncf-ray: a1a3713e88d3b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 195367\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":195367,"size_decoded":196777,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit/color RGBA, non-interlaced","md5":"de158b0c510417fba2d86fe9dc29d4cd","sha1":"b023587e15eaa94cac426b0a634e83b3fad3d972","sha256":"dfe048fce2f1b58c4cd56008d522b8ee3b1f0b40b6383d846441621c8d89df6f","sha512":"b035fa249696ca1923e54314cb2a96197d5878f1e11a1cd33a57ddad4694f4d92f3d70f71b21a1749a3c835b3109e5791b6b7269304aec9f12c55d5e6c01c0f0","ssdeep":"3072:NJJRhYFLeQitU00sUQecSwR3+SFYGypmMSXJ/EOYF2/0/+RsEvjO8/e9xLX5kQO0:NzRYiQ8UiUmR3ZFYJpmMSZsOjuUa8/8d","tlshash":"611422119983348d566c0beeed88d0fa00fc654e53e954b059bc9acbd6ac3f117c2e6e","first_seen":"2026-05-03T09:25:58.528271Z","last_seen":"2026-07-12T22:22:18.498976Z","times_seen":24,"resource_available":false,"data":null}},"time_used":358,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":142,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/bg-slide-lucky-wheel-Ddw8ZQMc.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.833Z","timestamp":1783894900833,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/bg-slide-lucky-wheel-Ddw8ZQMc.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=ubEjC9w7TmirzFHZ; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.72; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93e-f502\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KZW6TJjzH6dXdEm%2B2ViL01T2vJGDvgjfdBjHEja5ABx6bHV347AbAlzUebgFtp0gIRzWHvNgqLt8uduiGeIf2VtObdW0ouPTnl%2BaG3qi888wFkTHG9Nn%2BTvDURqRRw%3D%3D\"}]}\r\ncf-ray: a1a3713a3d9b35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 62722\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":62722,"size_decoded":63809,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"bc04477806c1dcf00c7fad09ef68ff6b","sha1":"a48f3c2bd9829cf44e29eee46cd0eb55cb21f8cc","sha256":"18babb47c1c193d5440fd86038f0f465e1c26a0c47ed853ccd21e925e69f0764","sha512":"4037b9a74e29e022472e446de1a26bccb5d575bfc06055aa3e3d5dd72e42a69992d7aca6411ada5a240e28e4a0fa58bfab2fb18b90e1c71e54f3ba75eab77f8e","ssdeep":"1536:vpeEBohdydYJtVmLGf4bCSq9Fu6zqh19olG+Afh4FNdPumI:vpe6udhbTf4WFvzYAlwJ2N1I","tlshash":"c75302c1518b3857f38b2176671ffb434217c2a357b092b317723ebd0d28a76272a852","first_seen":"2026-05-03T09:25:58.510307Z","last_seen":"2026-07-12T22:22:18.499644Z","times_seen":24,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":120,"receive":41,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/api/games/mainpage","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.862Z","timestamp":1783894900862,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /api/games/mainpage HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://winxixp.top\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: application/json; charset=utf-8\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"e478-/oglCwTjWJHGcz36fZn53njEElo\"\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GkqnoJkvKaSsWxaR6tbP8rzjz3CHqscG%2F6fY%2FQ4ceLvNFtOxwwgENY4pIxPeo97o%2B2hD5CPI%2FyAS7k0Gnxocgvkf%2FFqLIvf6MO%2BHNz1V9GJ8a7q%2F4qxE3Yaq7wt56UQ9EvI%3D\"}]}\r\ncf-ray: a1a3713a688db4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":58488,"size_decoded":5500,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"475f72c67a42f0f58cb3b9af7ff09d9b","sha1":"fe88250b04e35891c6733dfa7d99f9de78c4125a","sha256":"dc9b482590325672443d17f8e910a7e74d70b6ad20325f9960dbb22ff008da9a","sha512":"9c3449fce13ef4505d6e311942b9fbfc5f79994faa343372e13dfbcc5c6d030320d53354e33f22ced7dd58c78f64ac48fc9bb710aefce00ed248c6016e7973c5","ssdeep":"768:9nPw1V95vsC2QNc2jV3VT8J7QPiZRZXu4O6xL7mLKQzyqIxhNDnIPDG+Wz1aMkDt:ovONvv34bSN+","tlshash":"7243f07e4b6c7c34f230029ac54e71d6b4c9b13fcd85560cf3b84a65cad59ea2a9e01e","first_seen":"2026-07-12T22:22:18.500355Z","last_seen":"2026-07-12T22:22:18.500355Z","times_seen":1,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":163,"receive":63,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/mobile_install-B-NhXZqn.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.880Z","timestamp":1783894900880,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/mobile_install-B-NhXZqn.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=bGqj3Wx4DuPYpp3T; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.193; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: \"6a51f93e-23c92\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FEPnKFxosT5VNSWLRi%2FiUaq3Elc0uIkO1DdG15NxO2FEwFi2DP7rKDm18In2JWDyBhBCcRmkld7p0dtu2mrKle3IMLlGgP1%2FYSTqTXWI9d%2FOio1IuliNEOqajpwIiQ%3D%3D\"}]}\r\ncf-ray: a1a3713a8daa35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 146578\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":146578,"size_decoded":147668,"mime_type":"image/webp","magic":"PNG image data, 459 x 404, 8-bit/color RGBA, non-interlaced","md5":"5e7f065a53f00254f8f353e77492d523","sha1":"cc3d0bfbc1d66bbc34de5e24171f3c2400b05628","sha256":"81a0851c2d7776b76bf69fea2d6b16d3f12573a2d1cab6b5b4160401cb3abf05","sha512":"e6cb5e7b536aedf6018cf9bda85a78a98ce838cdbefcdebadf0ff7adc128df57026c3705ad090f0a84c6f4c75b10dcd1441e00f6669f8d891cccfaa9f0760c0a","ssdeep":"3072:3UUFZi23IObq7HRyhS0nfQ7YTG+adi8GU3xqKLymtWxUBvtwsuJ:EUFZdbe7HRP0fQ7Y6+aY8GEb3tWeBlwJ","tlshash":"c7e3128e9886c800a21f5d67e6b5f26d5cecc2d7c5cf53fc111562934ae2ab2042f22f","first_seen":"2026-05-03T09:25:58.511186Z","last_seen":"2026-07-12T22:22:18.502904Z","times_seen":24,"resource_available":false,"data":null}},"time_used":446,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":397,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/ripple-DG_x0ao9.svg","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.892Z","timestamp":1783894900892,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/ripple-DG_x0ao9.svg HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=iwcaj0KOUoTUnyZY; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=172.64.209.44; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"6a51f93e-1096\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 2\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2Z3BSrr94uU1NIMz%2FJ9icLjtPzoxfGUM3t2LX3EIXLfaplrN%2BA1qWfxmXmmJXclSmEe9EirvthZTBHoK6Iju1wOG2VLG5pCvTDY8NGrJd0n8m1Agqo%2FIZOREeN4mEg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1a3713a9daf35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4246,"size_decoded":3046,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"668b47cfc023c8a691e80389bb5fd455","sha1":"2f1711702c2fc16060572dea79d3ce43ade79063","sha256":"dd3cfa287ffaa2afa98ec543a129d05366bd9dc5f48f30e2464c49ded9ad0f99","sha512":"919b1dcb302d98ce735a63838a00fe067874bff76f3ba76095fc61afe5228f3a19f4ac038a0e05d5e31fdf607c3442c754e60fdf77e5a5232ce07493d7a71b2a","ssdeep":"96:o0Wo/HqlWSTKxG4HU1C+2McValTyf+i0YW2/Z80kR:o0Wo/Ktd40T2M5yf+i0YW2C0S","tlshash":"1e91c4da73b592fcf446e3e0e9331c39768bb1f11a23cd26ce955d42e1a189d0824c97","first_seen":"2026-05-03T09:25:58.44074Z","last_seen":"2026-07-12T22:22:18.504253Z","times_seen":24,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":134,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/vs20sugarrushx.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.533Z","timestamp":1783894901533,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/vs20sugarrushx.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"afe4-19e87ecb1fb\"\r\nlast-modified: Tue, 02 Jun 2026 10:41:36 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lzRlMqxGmLhlayK98EiBBhwHshjOykdykqgMrMa1ICXWH%2BlRx5zG8yrq%2BxF9RygWHgQIckqnXdNh4BfDwwpXluF5p7AkvwdJTgO803NFVbIz8swe1uwsgXeJcbVPx2su2hE%3D\"}]}\r\ncf-ray: a1a3713e98dab4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 45028\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":45028,"size_decoded":46428,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 360x472, components 3","md5":"04c6e2e5658175c43f043f5e2aa4ce6d","sha1":"c716c4f69456a416e9fb9fa2b99c579406a3ef26","sha256":"b1c7fba1d51a4a671922c91c30f4f736dd308ade68763a4208c1991d7e3f6e51","sha512":"92288f847ac811b6c3849af2bbecb3a8ea7439009ef2de0ed19fba56e342e4edd3b1bbdfc741b58aaef902b0ab95e4bfec33da20583f757fa30e293c082050d5","ssdeep":"768:hYyEJAw1+GfedYyGWNsETkDfidgcPyA+DNGZlRjAaS0Mg1UNVNF7iJNSgdU/IRwc:hDceBN+D6acPyAAYTjAatfUNzhiJV+/w","tlshash":"301302a07fdbe0f8d6b5a9348a2f662e7682c58e673657d2d045c41f805924c2ebd03f","first_seen":"2026-02-19T09:04:29.911595Z","last_seen":"2026-07-12T22:22:18.505384Z","times_seen":15,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":157,"receive":83,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/ganesha-gold.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.553Z","timestamp":1783894901553,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/ganesha-gold.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"2abd8-19e9f3743d7\"\r\nlast-modified: Sat, 06 Jun 2026 23:14:19 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zlbYhFJ%2Fmg%2FghctKE8Mqspk70A2mteOBlRg5xOaLykqay81AZlimn3wdu57prrb6Ak4C83s9xXwAITsl9U%2FtPDTDuJ1i1SBWLtLCtxnBj%2Fa4uvRQF273NSsUi%2FNBptTHK3g%3D\"}]}\r\ncf-ray: a1a3713eb8e7b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 175064\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":175064,"size_decoded":176472,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8d0c6618a183330366ba23d78072608d","sha1":"d07afb9887e89be99969f41fd7351bc867bdd2f7","sha256":"28ca43b83f439e2bd70857c577b5cc4a38458393a65312485b48b1c6f8d33cf0","sha512":"fc97f43ba13b4963108b5e792a9929b876c8a04c0a3e59c07f194043a86a5c840e8bcf1735b2d9e7aa8d20207719fcc469909c3f7386d8492cda4e0f697dc1b8","ssdeep":"3072:nemYgTpHWDWV4IrzWc4ZuNFOcNNTJaPPhZ7hfwu6biu2Eyx283YYJ4/:rYG5WaVVShuNdVaPPNoueilEyJ3Yj","tlshash":"c904136276aa15e492fe80eca4c800fde46d832c7478d19079071b371dae7396e4fb5e","first_seen":"2026-07-10T22:57:05.836449Z","last_seen":"2026-07-12T22:22:18.50638Z","times_seen":9,"resource_available":false,"data":null}},"time_used":292,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":151,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/favicon.svg","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:42.164Z","timestamp":1783894902164,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=dtuWiccMU9FsXwNw; __ddg10_=1783894900; __ddg9_=172.64.209.66; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=yfQvFmHKXuJCVaJQ; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:42 GMT\n__ddg10_=1783894902; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:42 GMT\n__ddg9_=162.158.222.89; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:42 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:21:42 GMT\r\netag: W/\"6a51f93d-6b81\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:17 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 1\r\nddg-cache-status: HIT,MISS\r\nserver-timing: cfExtPri\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rDdOtKgpopkTV71L8RHrmUPZhO0OUxM1UNFkh%2B4O4IixVlUlqLZ6XDsxbq2H8Kj68aKkqrsEmS94xBZ%2F83M3aODspgD7LfglOSRyp8rCPqTC9hxVb8mE9Pv8LdPMUA%3D%3D\"}]}\r\ncf-ray: a1a371428e2635a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 10780\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27521,"size_decoded":11865,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"57dd6243f25a6a327faee0f5d9e3a00c","sha1":"4f5bcc776bb696e35c18b9b56830d604ed200881","sha256":"d148c821c5534f0838aec73b74a3c9973bf4b32f4f34313de2edbffd5acd219f","sha512":"7a1873bf7d01341aa11a8d42da00fdef026c8d1f66143a0724613292ba736da7181b3cd927be7a9e2bf20471059aecee9738495c0f0deeaad712b71407ee59a5","ssdeep":"384:UgoG2IO0VyyrQcx9ipry1q9bU0CYKHE7zuk1PP1DnVdHupNH7TfSshpqzjNUq4ax:QHirQcKry2DKH7XfSsLujymcTiiaNn","tlshash":"91c274dd7b684df5e58ae3ebfb210099750ea4fa66c18b70c35c9e0934228acdd15c93","first_seen":"2026-05-03T09:25:58.438795Z","last_seen":"2026-07-12T22:22:18.507489Z","times_seen":24,"resource_available":false,"data":null}},"time_used":34,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":32,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/claim_reward_wheel_collapsed-DCJ6-LHa.png","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.764Z","timestamp":1783894900764,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/claim_reward_wheel_collapsed-DCJ6-LHa.png HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=Y8Pe8EFdC3Z64swt; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.197; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/png\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93e-61fe\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SEwoLQzM%2FvubXaaszsYu3MM4LdXGomSl9MGopaJ66u5ZulRMvwlMM7ImtiYr%2BXJ38M%2FAf6cAQkCIzk%2B5UHLQxMi9SFZFG3Boz%2BpMBbq1in4X2gemNThvJFT0pQXLIw%3D%3D\"}]}\r\ncf-ray: a1a37139cd8535a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 25086\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":25086,"size_decoded":26177,"mime_type":"image/png","magic":"PNG image data, 96 x 140, 8-bit/color RGBA, non-interlaced","md5":"4539bfb3316a00ac522555b8527489e5","sha1":"1757714da7a77745dacc4f718078807f91c01032","sha256":"07978d96aff53bc48fbed60e1b02cf013c1f9e016c257b2f2790adccc4c9fe8a","sha512":"30c8ee5b936bdf61ac6d1f0e89667c30c26f9bf06192da6adcc7495de43c510df15ad7471ddc970fffd36e9615e804d77817437ae6dedb0c064e8e7d84f8d7f2","ssdeep":"768:rCAhF2kP9gdDKwObqHKsJi/b2MlRCcGwQC+cdUH:m65YKjGHK0i/ednUUH","tlshash":"64b2e1ffe3ac48ea864c84575206b64bb4f617d38b0efc09dd11e83d98c934584b5ab9","first_seen":"2026-05-03T09:25:58.521087Z","last_seen":"2026-07-12T22:22:18.508579Z","times_seen":24,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":13,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/vs20olympx.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.531Z","timestamp":1783894901531,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/vs20olympx.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"7606-19e87ec8ba7\"\r\nlast-modified: Tue, 02 Jun 2026 10:41:26 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=H4jDl9aTnYQHekrh6YBmuYGkFxE%2FVv5d%2FUBVvRsHrjsQhcquide0hOog04YgyxWnmQSnuRisG0WSv3JB%2BInIVtKub7dHDdgQKkLDroPs53yamI6f2cpKpggWrQCr5oDnJcU%3D\"}]}\r\ncf-ray: a1a3713e98d9b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 30214\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30214,"size_decoded":31616,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 360x472, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9514f4cf62ac519e1be2aa9c0c76aa36","sha1":"6e303bdd882e0a4b82139db82429a5282f6e303c","sha256":"d3ff28472bdabcf09e6429242c9320e819e993cbe0119c667e11a834235ae783","sha512":"65afd430152c1f5e3aa462ffff635e36653111d1d61b0c22d5675dd7eaab99583ad3392a2b7ad63daae10f448ede601aabb7603e041c61fd1c2e459fedc4627b","ssdeep":"768:PYAFoDRfzqaU0msv6kboS2FA+2DMAsKR5FucxI0c/liV:DFq+aYsSQoSH+2D5qcaj/","tlshash":"47d2f1c1a9326d244f05ee992bab0939d8c03e25b5452ccde23bcec6735d6f6837125e","first_seen":"2026-07-10T22:57:05.857918Z","last_seen":"2026-07-12T22:22:18.509381Z","times_seen":12,"resource_available":false,"data":null}},"time_used":219,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":60,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/index-s28uPECG.css","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:39.903Z","timestamp":1783894899903,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/index-s28uPECG.css HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=EfNZJb8SUu8Owlm6; __ddg10_=1783894899; __ddg9_=172.64.209.36; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=IwMwgZLHm12s9228; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.10; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: text/css\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: W/\"6a51f93e-3b267\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3rV75o4MOSxo0pdiNglcDRUtN1Jr4jfqyNLZwX7KNxVtmz2Z3hPIPJHmEt9u%2BDchk%2BNUinZ7W5RkWyVgDiIvkaafEtKLkoR4JZxlib8mRXvG9Cue58X27ZL2ZfNJxA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: a1a371346cff35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":242279,"size_decoded":33040,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"e78be1a1b5cfccf27bb26c84e6935629","sha1":"a9fdf7e25269b194a550a57dd303c8cd86d86534","sha256":"d0c3d7f69b20d908427dc2f06fa824ed8463163db65936a463c1681f120d6450","sha512":"279754598b7857a343b591dd0dc87c36f83b09a3548c7d3e53d3ea52f14a47bf249588ffea86552c16434f03215d1c9267d4e575a621bfc2820b688c73624b63","ssdeep":"6144:cAKCY1M98tcIrhAdT2Racpl8LD2Of9xZBnCz+RXYcKhROUfgf4r5uSL0XpkppTay:EiLwPVr","tlshash":"563490a4a275e53fbc37b0fd93acf80da109b195de260addb901612663d37f21c36a14","first_seen":"2026-07-10T22:56:48.06391Z","last_seen":"2026-07-12T22:22:18.510149Z","times_seen":23,"resource_available":false,"data":null}},"time_used":426,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":200,"receive":226,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/support_field_background-BshW8QoL.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.684Z","timestamp":1783894900684,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/support_field_background-BshW8QoL.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=9QVBTu6G2jFJdpm4; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=172.64.209.60; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93e-2e6c\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tidm1oVz2PieUEmbZ%2BDYZECUd2NqiMBfwrJV81JJvtfc%2FPZaZCqWQBUssTN8q0jnJVaBqfOtLXR18Xb2rXnhoIkoZLTNfo3tAmk7HAgMn2iip%2BJcTxEP09VehVmPqA%3D%3D\"}]}\r\ncf-ray: a1a371394d7235a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 11884\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11884,"size_decoded":12970,"mime_type":"image/webp","magic":"PNG image data, 330 x 71, 8-bit/color RGBA, non-interlaced","md5":"b51aad96d902ca506e02d9ad1e1f4dcd","sha1":"198a23d1aa7246db409bc4dc06544727daa44c78","sha256":"c7cf203481ad4dc3a93b0723608f5ad80e6da3af73a858ac2ce16ce37c35af8f","sha512":"f7178d64025d3c470b88310d14650f51fe29d7b7712ec192f7a0162ca0611d9ca001f94fb3dfe37d349099b9f01dbe75650a1ad9c7c438f4509c6f910628fe56","ssdeep":"192:lS+lvkmDNjAIekomrbNoibMKExB2smII2PchoP1lOkK+dHTMB27GknU/wDf:E+lvHjAYWibmqsq2USzOkvdzH6kn77","tlshash":"0332bfdb32f4b165197e4b8065f23017cc5e89b85fd4074c762b650e0676b1727b98d3","first_seen":"2026-05-03T09:25:58.56254Z","last_seen":"2026-07-12T22:22:18.510901Z","times_seen":24,"resource_available":false,"data":null}},"time_used":204,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":202,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/bg-slide-rolls-royce-DEuKrT2h.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.831Z","timestamp":1783894900831,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/bg-slide-rolls-royce-DEuKrT2h.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=WB1ENgwV37QgN8Hm; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.56; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93e-44ac8\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZdCDIoYTdN0kxChxLJRpzhRTtLq2P1lGqEL8jTtGW2NdUT6DzmOR3aTjhQgG9Id%2BAPNNSwezz98GjVCV44tDUKBQzCdXBaRPYHPIB0X4QScY%2BZQXmReYO6A9z2J2EA%3D%3D\"}]}\r\ncf-ray: a1a3713a3d9a35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 281288\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":281288,"size_decoded":282375,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d673eb3e0c4501683a08ad34bb1a5662","sha1":"d264f72535c24d5dadb6dfa43bd7a9cd11d8baa4","sha256":"e92cb9c066e132e79635910fae8265736749a928129d26cf5bf60bb5bf09ae0d","sha512":"5a730e07953aed75d2f3e1aa9c20137bc6f968662a0c65dd6d7f896b5b838f606439e8c43036dfb78237003b1448e823ec319b11520f6ced2f9572c9e721cba0","ssdeep":"6144:Avwm9g1xMmIoXAo1O7dXK0b7+adRSJrYwpCDlp:AYV/KD7dXK0b7aRm7","tlshash":"0c542396bfe8fbdec8576510c6eda331835035f9dc22d8429c09a7e976688f25e70423","first_seen":"2026-05-03T09:25:58.422158Z","last_seen":"2026-07-12T22:22:18.511648Z","times_seen":24,"resource_available":false,"data":null}},"time_used":424,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":140,"receive":284,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/api/games/big-wins?limit=20","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.874Z","timestamp":1783894900874,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /api/games/big-wins?limit=20 HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://winxixp.top\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: application/json; charset=utf-8\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: W/\"1aac-b4Lf8OjxaFuib/pI4M4dNP/nUfs\"\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lBx%2Bh2QUHXgyWBoDt7hB4AJg0VKqM6eOfP3sBWxBHjSzLWu8xHPASL93NTuXU6mFlCpRoUs94izphi%2FiUA5ETTjZ7fxy5Tlbp8ZGK9U0kxRJ8iCB8hWbKvmwh0nolITwA20%3D\"}]}\r\ncf-ray: a1a3713a788eb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6828,"size_decoded":3274,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"5b19c1ec229da376dee55a4c70f50c40","sha1":"6f82dff0e8f1685ba26ffa48e0ce1d34ffe751fb","sha256":"ce894ac9f53326807b19b5259f679cd2fd6b49d9e9a438aa57d2a4727766b88e","sha512":"438d93014d8aef65bb4a8071433fa6256aa6fda8bd82cb22ddfa3b9d7dfec41a842e9f2b73dae713a95ee84507f3037608e342f19e52dfe5f67ab6b9d60f7391","ssdeep":"192:IfCf9NhIRCaXVRhln4aMPJbwo/HHKpdSSQge3o7Nse7mCIn85U5Rvm39sbUoVhzV:KCfdIwmDPnnMBco/Kuoe47D73Q95Bmto","tlshash":"b6e1e16f55442df9da355ae4888974ade8edb27f45d00c08809b8d3bccf46e2397c927","first_seen":"2026-07-12T22:22:18.51241Z","last_seen":"2026-07-12T22:22:18.51241Z","times_seen":1,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/ethereum-D8eyHuXQ.svg","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.885Z","timestamp":1783894900885,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/ethereum-D8eyHuXQ.svg HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=2Fdqf2YHkimVJDsZ; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=172.64.209.28; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"6a51f93e-236e\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 2\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q%2F6NvMW0SDdXG8Wf4vDiSfVrdHYZRTb5%2B%2BDof1PADsJZC9CP2kPwCeCCAwUjEX9Y%2FdI0aBZHEil%2Fd1V2P0NPK4flc6w7twpv5cSjiY90zf1ELvfDsH3s1CMx9lz%2BJw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1a3713a8dae35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9070,"size_decoded":4812,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3600c0025adc4a693fd9f69754a4290d","sha1":"68bf3099d8d50df03c01b81aed41164057af8809","sha256":"c48b1716c803c5bfbb672750b82165c8f130ad4d44812624664675ebcf69cf8a","sha512":"80af010cbbcfef04cd08a93fb2911771b19a5a20b6c48c46e27d9a30fbad65f6ce1d77a0aa881f7073eec8348ea3846a706986abf9ad88e528f2c9383b0f8be6","ssdeep":"192:ZRX+G88rKrcEShs9phbnhLCkZmNxDdtjK829vA+mCNCU1x87jFm4TGgBh2:F3KrcWaws4dCUgU4TZ2","tlshash":"9012c6ec5bf882d8f442e3eadd3684983aa39afb3791ce25c3549e05b41105c5896ed3","first_seen":"2026-05-03T09:25:58.499Z","last_seen":"2026-07-12T22:22:18.514328Z","times_seen":24,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/Rectangle_Background_Gift-ZyELKzat.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.240Z","timestamp":1783894901240,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/Rectangle_Background_Gift-ZyELKzat.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=Ed66NDC96P3LYQg6; __ddg10_=1783894900; __ddg9_=172.64.209.56; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=5G4OUxKT2yjQMCur; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg10_=1783894901; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg9_=162.158.222.32; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: \"6a51f93e-c4ee\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yxS5S8CBRX%2FNFL5qTEvL4oVz%2BvwBl1nVjAfLgj00G566XFoLMzTRcbA9jf3J5dFJLNdMfW%2B308HEmdmbRuM0oHKrOn5fzXr5TZoJO%2BKsB07ng0eKAXZy15cF2g0VwQ%3D%3D\"}]}\r\ncf-ray: a1a3713ccdd435a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 50414\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":50414,"size_decoded":51503,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"5322f2e335d72f894f2fffce2673b8c3","sha1":"5cb9ccc9824632b194695771df6048155bca5ddc","sha256":"892cab16a807c849ed6e01970b026b8d4633aca9fcbddafb881ad0212b852623","sha512":"26722876414fe2076407681721183d38d0701318aa86e50ace33b64a28c2680b8fc35ab227e46213df07a419418dbaa48071c7aa40e260aa2cc9a31619a8e4bb","ssdeep":"1536:4a3cBVQTKS09xj2KirM37v+meJBJf1j0ru+jVq:NsvnS0XyKrvA/4C6q","tlshash":"8633023e1e6697bfddd10d107d43c5c14b28e7eeac8dc8cb912217894d22b2bbd28846","first_seen":"2026-05-03T09:25:58.41672Z","last_seen":"2026-07-12T22:22:18.515104Z","times_seen":23,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":85,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/fortune-ox.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.535Z","timestamp":1783894901535,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/fortune-ox.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"2a8d2-19e9f374a77\"\r\nlast-modified: Sat, 06 Jun 2026 23:14:21 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=m0RkP0GlfuRAxU4V019HOOzW%2FkglSzY1O%2FwlcoF2KtLRLs5QgGh4OcqaaaGkWNnfaAEazHl9qS83jZMzkdTpmePyq%2BLXRAFWd41%2B5rH%2FuQY6n0MxWU%2FMKQm%2B7ISp4nVY1dE%3D\"}]}\r\ncf-ray: a1a3713e98dcb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 174290\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":174290,"size_decoded":175702,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8c66095f87278d84f1edfaff10b5b01d","sha1":"65ccef4cf03bbb81bcb642233a82bd0fff10eac9","sha256":"255aba0714080a1932810d280b72faacd3e411ae9acf4c61cdb1ab7116ebeb71","sha512":"fe17aa13520a0c32a3d60e4c5f88aca93609306be1aee3c1a4c18baf91feeb2400ee9eaa451acb3062315f449fdca5e304873b1bdc40bdc525dafd8523bf6a60","ssdeep":"3072:nkT3mJ6MzKeHOrEVQVVrPBL/10V7BiHH+46JrphRFju9Ne1Av:nHJzW0NQVvLd0V7BQ+vrphRFju9NDv","tlshash":"b10413bdb6cf7d8cdb4050c795b8c26000dac826bf2acc7d12014f593250a9a29eca7b","first_seen":"2026-07-10T22:56:48.031614Z","last_seen":"2026-07-12T22:22:18.515816Z","times_seen":5,"resource_available":false,"data":null}},"time_used":309,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":158,"receive":151,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/windows_image-D9HcJYU_.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.910Z","timestamp":1783894900910,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/windows_image-D9HcJYU_.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=TDiRcx6E2efk4YQ7; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=172.64.209.42; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: \"6a51f93e-7160\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 2\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DKGQG%2FZ6d5oKWS9Ks2w7RPk1X0%2Bc9%2FAXPf07aoin3p41BH7SQ0mQ3oBh6Imeg6LAClbNefdMeNgyF8VLKigeacd%2Fx%2ByUaTSFwvbsaaDy2n1QHqev7MRmHxNfU8TbnQ%3D%3D\"}]}\r\ncf-ray: a1a3713abdb935a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 29024\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29024,"size_decoded":30114,"mime_type":"image/webp","magic":"PNG image data, 163 x 149, 8-bit/color RGBA, non-interlaced","md5":"749266b689ad7b0c9fdc4c43f9edda9f","sha1":"c7cddfc35c93bad203b4a046961e764c1368369c","sha256":"f15cb414f6facd1e665acf00fd7c4038655381954feb698d39b28fbcb98837ee","sha512":"9f8ec6f99e532aabae086f285199cd1db67a2c82301531b9efca3ba85332c68abe3cdc0cdb7a60abaeecef04c1cb197ac218ed7dfd15b121cef8f931b12d4f19","ssdeep":"768:ua5svhEeoLABwYYJxsrf3BbHWadRubuVq:PYOe4ABwZJxyfRzW4q","tlshash":"acd2d1402bc0b619a40b0fe12557e607cf732ffa5005eac091bd96e554a91baab2bfc1","first_seen":"2026-05-03T09:25:58.530823Z","last_seen":"2026-07-12T22:22:18.517975Z","times_seen":24,"resource_available":false,"data":null}},"time_used":371,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":346,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/chicken-vs-zombies-mini-inout.jpg","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.505Z","timestamp":1783894901505,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/chicken-vs-zombies-mini-inout.jpg HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/jpeg\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"49ec-19e1889e2b0\"\r\nlast-modified: Mon, 11 May 2026 19:35:50 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=I7orSKD3fl7F3S9Jv65JwRT02mOuzyQuYO1YnS2epi7Jn7jOb0woTs%2FSN60ucynyNT3eVHqcTiR9iCAm5RMi2SGUWk4YuZZ1w5DTRLpQH%2BC00MFxKSeFCBdz4HUS8uYzW%2FM%3D\"}]}\r\ncf-ray: a1a3713e68ccb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 18924\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18924,"size_decoded":20326,"mime_type":"image/avif","magic":"ISO Media, AVIF Image","md5":"3c496079d347b741f8a61c9ff13e5f25","sha1":"d34e547f81a344f52f32078078090b0e6dd0c549","sha256":"6b61c65973ee02deb325d6cb91f24c3201e376b4fbb3bd25c7dbb14ebe1b28b7","sha512":"a1030c0c003398488e2b35d4e0777a0f7de2936831b2ab3fe0f21d64290e84db39fd293b0ea1f8a0ecc35e99e0e7c927d8699f0cec504219d226e1c13464f488","ssdeep":"384:zGjo/RN/ZF6TOfWpzF86HGv3QVv/bOwvJ9WHV82zghRHl3Kb7+q:zGcZVZZfy587vYvyw3S82u3KF","tlshash":"ee82d1e92fa5f094e296772451135350523390a01d40de8bfdf9e27f2932e509caefad","first_seen":"2026-07-10T22:56:48.11117Z","last_seen":"2026-07-12T22:22:18.521189Z","times_seen":23,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/vs20olympgate.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.530Z","timestamp":1783894901530,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/vs20olympgate.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"6cae-19e87ec872f\"\r\nlast-modified: Tue, 02 Jun 2026 10:41:25 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=i3Bi%2FmBjKXUVNIuiZGO0YsfOfqxFnUtcKGY9R%2FIE3B9btEJmwT8ueDd1xSJxC4OC464kRzFXlDuFHei8Mtmv3cZnB5TEYd6fu0RmetXjPPpnmTWvfYmmvnvZNCPksM28ILU%3D\"}]}\r\ncf-ray: a1a3713e98d8b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 27822\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27822,"size_decoded":29222,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 360x472, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"67a9f14667062ed7354e711966e13f6f","sha1":"df69b5e3720f0d72981cea8b6b242ae18a9087c8","sha256":"8fc1a0ae668b1bcfadd45af5b0c9184a82c16e186ee88db6b014cd58e893950c","sha512":"5740b95c0ddab506d7eecaf3d558766255036bbe35f15623dd226d1a6fc71e97c0103b8045436c8c50266a0ea7251f7ed92dbe9da176fdee6cda78ffd6ab5066","ssdeep":"768:rSI0kwqIQwzv8jgHqYBpvaphCvCV5wDH3bF:J/wZHTVvCVWDXb","tlshash":"fdc2e131f92236dacb45f3f584d1c7c0123f1191589e2316ae9921b5e2f87ea7c5239e","first_seen":"2026-07-10T22:56:48.1Z","last_seen":"2026-07-12T22:22:18.522075Z","times_seen":18,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":139,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/dragon-hatch.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.547Z","timestamp":1783894901547,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/dragon-hatch.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"2aa1c-19e9f3753af\"\r\nlast-modified: Sat, 06 Jun 2026 23:14:23 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EkdxTwaIgalgVoxREccqOgrm8VeB7Ll5%2FP7WOG5mnaRdRd3sFSZArcmRxbtgBnuPa4mnHPSZkqefNOxwv9yk8Dl8%2BD9df6k3GYeKYF9TM8uuVVZDRjdsZ9LcWRjWqCfVRmw%3D\"}]}\r\ncf-ray: a1a3713ea8e3b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 174620\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":174620,"size_decoded":176022,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"91f3d7faa5ba87bf71ac2897797335bf","sha1":"1c498ae53119427ad3fe124318d4dfb14763cdf1","sha256":"ba05a7c88b6a3e8177479143742c140d30ef2879ad6f2e7a35bf22b798d44119","sha512":"54cab954c87d08e78baae5f2a7ba3b23ce30fb23b2570f700e3c2cb6daac4b10cdfb01117f76d34097562f22842a3565011b449ecdac9c6059d96508633e5724","ssdeep":"3072:dYx+RSxHlCinJz+yM91IAp0+wYYhGP6WLf3sZUwgGzo1sE4TSw2Cz:ZR+lpIyM9uAp0+w/ZWLPsZxo1slTSw2E","tlshash":"c704236b0e1e4bc75a9dd7986c4e06c5b6b5b49ac0a3153fa77980b19b50f21cf2dc03","first_seen":"2026-07-10T22:57:09.704181Z","last_seen":"2026-07-12T22:22:18.522963Z","times_seen":13,"resource_available":false,"data":null}},"time_used":350,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":211,"receive":139,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/muay-thai-champion.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.556Z","timestamp":1783894901556,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/muay-thai-champion.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"27416-19e9f3720bc\"\r\nlast-modified: Sat, 06 Jun 2026 23:14:10 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SsiLFlDTskbyWBEn793ZQ8i7xJ%2FiLF7Lc1glVMG20Ng9Nyqr3QCgThH1%2BdByE07VmR34ul9nY9g3uuvG22xvjiteG3Mc1LEOiyYslzTomhYCpzCJtllhQYNgax5mDecx20o%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1a3713eb8e9b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 160790\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":160790,"size_decoded":162192,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"015527a6fd7c25fab2db458886141ec1","sha1":"08952b6ca5fa2a4ebef6baa6167149f1e7231ef0","sha256":"e419f23473cf1bfedefbabead9216691cab68c17defc17cdbc355392948c8570","sha512":"235b8e3f9e565399ccda7e3ed9407f67cab8a1c0de7bc3f21a874b9b4656472937ba094140509a7ca0321d915e4b08d8b34fafa1f988621fba904b7790e0bbc5","ssdeep":"3072:fg8JQbwX5XUspmw70HkLYwsOFN6lIMNx5DXt7Wv4ZpLHXpcVmXj9la2:I8JQbwpPpmw70HSsWElxN3DpWQbiVm5t","tlshash":"adf3224ee673ca249aaaeff96bd9c0ec461575160dcd9c02c8cd479fbe485408baf160","first_seen":"2026-07-10T22:56:48.051935Z","last_seen":"2026-07-12T22:22:18.523739Z","times_seen":11,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":134,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-12T22:21:39.020Z","timestamp":1783894899020,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=EfNZJb8SUu8Owlm6; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:39 GMT\n__ddg10_=1783894899; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:39 GMT\n__ddg9_=172.64.209.36; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:39 GMT\n__ddg1_=vDCKyeE3UOZVZCP4xFIC; Domain=.winxixp.top; HttpOnly; Path=/; Expires=Mon, 12-Jul-2027 22:21:39 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\ncontent-encoding: zstd\r\ncache-control: no-cache\r\ncontent-type: text/html\r\ndate: Sun, 12 Jul 2026 22:21:39 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\npriority: u=0,i\r\nvary: Accept-Encoding\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JnGii8SjaQ%2FQO3f0PD0kBuFpNLFpo0pRRmNmtKOHZDda7LI3xSmX9iYwCIAZR9iUIpWJ8eM8ln9i2kovXPsICvIpWcggdkkJ37a2r%2BFUgBtaicCrMpdfsgqhBZbNcw%3D%3D\"}]}\r\ncf-ray: a1a3712f4ca435a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1947,"size_decoded":1837,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"32615c4005a0110b781e3bb4d09ab52f","sha1":"d9a777425044128541c8f955198ae6702599066c","sha256":"31d8fd11140a2d5b594d2e37ba15559bfd3b44ad29a5ea2b6ea0ebdc7b7b5b22","sha512":"69903558a8e0ecb9b978f658174d6df4b34a8858c2ff16fddd09360ea7a5780b5ca80c40f65f0fdbdfaf10accf7d90f77af7b320a599be1e3da748e70dd4cbc7","ssdeep":"","tlshash":"b641065351b0942422a183341ee3f55c9e2e868793486d99b6a450ef0fc67d4cbf7bf2","first_seen":"2026-07-10T22:56:48.120785Z","last_seen":"2026-07-12T22:22:18.524448Z","times_seen":23,"resource_available":true,"data":null}},"time_used":384,"timings":{"blocked":-1,"dns":35,"connect":22,"send":0,"wait":327,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/fonts/Proxima%20Nova%20Regular.ttf","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.707Z","timestamp":1783894900707,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /fonts/Proxima%20Nova%20Regular.ttf HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/assets/index-s28uPECG.css\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=7PeakR1lYI6W1yff; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.223.10; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\nserver-timing: cfExtPri\r\ncontent-type: application/octet-stream\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93d-2d120\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:17 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4lBTXqs%2Bd69k3YlQOIw03gH6yhnr9o5LYVsO7NJdSWuMgEdkJ1enes1r2o7tULH%2FQgci7KTUgnUeMXimPVvgYnas2GC1pI5SJjwu7Xa1Pr7rDBDPmSa0DhWzlRDKcw%3D%3D\"}]}\r\ncf-ray: a1a371396d7835a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 184608\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":184608,"size_decoded":185660,"mime_type":"application/octet-stream","magic":"TrueType Font data, 17 tables, 1st \"FFTM\", 30 names, Macintosh","md5":"386c8ff06aaa9d3ea14528a5703b6ec5","sha1":"7174dee37d9851739eb6e9f24152a91e1024c9bd","sha256":"f715d9c3a8a59c2f8079955680d811dfdf069f769d8521d830c85ae3393dc6a8","sha512":"7cb4238a5f19b76ce505139f6e99de9d2e835d2049ad95bfa2ffbb352213dd6be6143bdd6659cd5e81cb7903dc253dc6fe5750330cfacadf7de5690c4a8f50cf","ssdeep":"3072:txztObnQGIaqRnDzM2bxreVW+KMY+Qc8FT69FNpp3JtGQY8E8VoLw2E8H7O1j7Bb:tZtOr/A+g1c8taZTJVoLoD","tlshash":"31049586eafb0e2fe3564af8dee6967a0765b407ef3135893d80e540d2d72602843dd4","first_seen":"2023-05-24T17:26:21Z","last_seen":"2026-07-13T23:34:10.174674Z","times_seen":310,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":197,"receive":63,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/opened-present-CEvNLioh.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.848Z","timestamp":1783894900848,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/opened-present-CEvNLioh.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=8fkGUV4wd7egtfHj; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.67; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93e-3ff94\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YyITvDfub5ejgBW1uMqvKUx9T3FZxxgKlsEfFxyHiP3bqUzTq0nWR8Je3r6LpA32x2XmgDuulvk%2FePpoFuf4jYlmWy7cHCM%2BCIA0rpVA8iHv3RgyX5H9EJqVol1B3Q%3D%3D\"}]}\r\ncf-ray: a1a3713a4da535a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 262036\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":262036,"size_decoded":263123,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"0d2baa6171c82004a7a67d102a54d218","sha1":"924dc4c0de181492fd2ba8333f0367370ec0bd9e","sha256":"a39bea34716d84ad0cbe1025dd76a63d40adec168c16e18d6d5f3ae57a00bbe4","sha512":"b7e536c3ad0a9df9ab921939a0ff28a7a8184edc08373430132151b9a436b50a876b400365144697523da6f81067295599c265ce8760912db4dda7229da1b009","ssdeep":"6144:UxE0KXqMTTrkKUHLn2w/D2M694CxdDxCddvtFGvBo:O2XqCTrzUrn2wTCxmFGvBo","tlshash":"464423d202c9c9da02833b21df18dc1a76622e96b3979840bd4ef5a3dfd93096253f65","first_seen":"2026-05-03T09:25:58.453632Z","last_seen":"2026-07-12T22:22:18.525956Z","times_seen":24,"resource_available":false,"data":null}},"time_used":603,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":130,"receive":473,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/chicken-road-two-mini-inout.jpg","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.514Z","timestamp":1783894901514,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/chicken-road-two-mini-inout.jpg HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/jpeg\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"1e8d7-19e1889e150\"\r\nlast-modified: Mon, 11 May 2026 19:35:49 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=QvaIvivNtXa%2BfH2%2FT%2FINA18cpCXO7U3iInMxBITZENTGwOqJq%2FHtTiKgTY73hYm%2BN%2BoomKTmXHtPYTp7voB4NOvddxMZxZi1x18ORpBDw21RHDKuF8dw9KWNGPFv4tdyaZ0%3D\"}]}\r\ncf-ray: a1a3713e78cfb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 125143\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":125143,"size_decoded":126553,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit/color RGBA, non-interlaced","md5":"2d07f21bc75cb17f3940a7123055df18","sha1":"c3fd481de5f7cc6fc3a4bfbce86e2bbdba460c80","sha256":"9ffc0c533072f341ae2d4e275de1a7a5bf86aa9ff2ae655d29a762af22dc6889","sha512":"28f58e9df9b691e95c7020e505dd5625a186f3841a5ded08138178f438c6cbde536e97c10faeff65caacc8a9e56e1d2794e20664bdeca81e12c2d6e98f4b5817","ssdeep":"3072:jbk1ZeasmvqGo36qLo19b9fxS81h2n1Yg:U1Zea5fdWo71xDzS1N","tlshash":"33c31253a6202d8bc25b83fe551b055cbf7d8de00d29baf78e5ffd618a38ca1e944409","first_seen":"2026-05-03T09:25:58.448805Z","last_seen":"2026-07-12T22:22:18.526623Z","times_seen":24,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":146,"receive":157,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/vs20fruitsw.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.524Z","timestamp":1783894901524,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/vs20fruitsw.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"aab5-19e87ec541b\"\r\nlast-modified: Tue, 02 Jun 2026 10:41:12 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tDccnRmeuRBjZr7qWbpaziOdfDCgN5%2BQlUjXkTUFL139EAtqmm7Haj9UDVekhfCtynzuTbagk50StfCgXrIKIgVG79dS87Rgy%2BTNgmhZhyy6%2FOg%2F%2BKqnMuiEUxPOMCb2q%2BA%3D\"}]}\r\ncf-ray: a1a3713e88d4b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 43701\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":43701,"size_decoded":45109,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 360x472, components 3","md5":"20c5f416730af16503567886dc21a735","sha1":"4e65d291c4c2481d1d0a5dc62a68b4aff59c1820","sha256":"27e9c3d08842aa527d828708a6f5c8e98752cf1ed941679ff1721bb6e1f064a0","sha512":"f5a695a9fb5b0fcd201af858ca3242bb083fb5c91361838b9c6e3d30ccd266ebbfc9a2fa165995a8f12ea67f816bbd18bd06adf63630374426bc81bd171ce4f0","ssdeep":"768:hYy74pT9jMPb2Gh4g7JP51WJxjKVOhcfPNmkXbMwN3jCjogRmu9E8p9wiARnbr:hApJjMPb278sJxjKRPNmkLMS35gpXYTZ","tlshash":"eb13f16bc67ce9d3f43bdbf01f354867b3a1567f96a26382783c5a5823d44014ac9728","first_seen":"2026-07-10T22:57:05.917845Z","last_seen":"2026-07-12T22:22:18.527732Z","times_seen":19,"resource_available":false,"data":null}},"time_used":306,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":214,"receive":92,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/loader-CXc1Xk5X.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.755Z","timestamp":1783894900755,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/loader-CXc1Xk5X.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=FTvfSn7XCRXLVdGv; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.117; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93e-4eaa\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=d70rNE4noZ4WTsGrtFv8TrszBhScUhDimwAh6ZaxkhAF2%2FyCIY4BeFhXLq3M2ntalAUjAv12%2BvlTo2IX3gIiVipdslOm%2FIWLNh5HLqqH%2FjHHv3QgeKgns6WjbmXV3A%3D%3D\"}]}\r\ncf-ray: a1a37139cd8435a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 20138\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":20138,"size_decoded":21228,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"1f0d0f88ada70f9aec52dbd193ec3c6f","sha1":"f56a77bcb7e424b2efa490a29f102a0d0bbcb14c","sha256":"6ac9fd6a4bb0d8ed08573fc939a6aac8b67d75d844e7689d4eabc200cdf145dd","sha512":"6c94f5e59498e1671c6ece4ae7c58a60b8958306381a163a5262ff0037f8e1df3499bf272dcfd5a423300000bf87b297a3ff842a45af155d5eb26395604ee8b9","ssdeep":"384:DD/7SGkMvrBoBY8bWx0SFJEqgtPMPBaPYq7kB+LTxrw36b5BrcCvwRBNTfVCddaG:/DScjBU0xxS3kQxrO69qCvwRrRCdW8","tlshash":"0692e09d4291cc617069e13b956039dfdda17d3fbca017da63817f44c480dc98a1afae","first_seen":"2026-05-03T09:25:58.503509Z","last_seen":"2026-07-12T22:22:18.528426Z","times_seen":24,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":168,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/bg-free-money-R7HNNOGD.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.842Z","timestamp":1783894900842,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/bg-free-money-R7HNNOGD.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=Ops7TSPSfVD5gfga; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=172.64.209.24; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: \"6a51f93e-1b970\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AQqDIZlQcvA%2Fp73nbMpB2drxAo5%2FK3EoYyJ1xKQwVf6i1BkGvnowhLuXHRZKaqcKljNqObe4VuUVeexMMxgYYRL7iMAg%2BzB96nUmWpQC8YhzlhyaENr%2B%2BRelkfRwqA%3D%3D\"}]}\r\ncf-ray: a1a3713a4da035a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 113008\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":113008,"size_decoded":114100,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7ca92464f796384e06d1727f8c742c90","sha1":"117d206848f00d51604884094a3efc00488c3e78","sha256":"0ca6ffa09c80486a780f44eb589385e110f9f35728ac08ab803c478da70c4f01","sha512":"916cf61962e80cca16f56de5d75b7f23c3d00eec52b4bcbd4734cd78d9748e8a066e3ba549c6c5f140275ca5326c1f594a5045aef5a45abbb0a9b2aa18206750","ssdeep":"3072:bfs4Kj7sjohw0qKAf3losUk9JnCVeALjcDXyUQCddTYo+:bk4asjohw05Aash9AvLUQCa","tlshash":"91b3120b2b15d14925b30185246719e5d2f7f3e9dabee3860e8602711fdeeeeacb1070","first_seen":"2026-05-03T09:25:58.469503Z","last_seen":"2026-07-12T22:22:18.529063Z","times_seen":24,"resource_available":false,"data":null}},"time_used":309,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":128,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/GCB-C_pqZ4Du.svg","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.903Z","timestamp":1783894900903,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/GCB-C_pqZ4Du.svg HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=YIvPAAMAuZvNtHN9; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.89; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: W/\"6a51f93e-4240\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=AhGw5CXEdR1moYb02lrcMujEkBk790LCOUg53GA90A0yv7R0QBeLzNpMVdUoVMoh%2Bbaal8iURHMMh7SfwW4W4bD9ALCv%2BVoLwtjwMdDQR0oZha7Mi4fiFB5iVq1z4w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1a3713aadb535a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16960,"size_decoded":6917,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b38adce4f70c1a371bbf8f1da27fa17c","sha1":"4c9ba68797012f18287ea8a5cea5139034f47244","sha256":"540b4b79532f284728630a532dce3264d1df8bfeca3ed67b2be10b2eb1dd17e9","sha512":"8f6cad2f48b4a474f0cb172f8d61c323ad65468d0a2ab614d342824262ff1456c6e95dc62bf12edc333f794108e532980b44d024400e562facf2dfb00a768308","ssdeep":"384:n2O6uod1fGTPRl2GarXw5snhFdnqmiVJ945:2ruodxGTPMhFdqmW90","tlshash":"3d7283c032b693ecf60af7bc5b2560317c2324edba926574c7b66e10d45719c1e9a8e3","first_seen":"2026-05-03T09:25:58.46864Z","last_seen":"2026-07-12T22:22:18.530236Z","times_seen":24,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":91,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/empty_wheel_of_fortune-BvFs0QoX.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.235Z","timestamp":1783894901235,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/empty_wheel_of_fortune-BvFs0QoX.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=Ed66NDC96P3LYQg6; __ddg10_=1783894900; __ddg9_=172.64.209.56; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=nRy0AJTNRkULtm0h; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg10_=1783894901; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg9_=162.158.222.98; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: \"6a51f93e-224a8\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Cf3RingryaG0L767K8qP9nj6hcbjZVrqPSJ6WJm7GYBPw5ShSUVeY%2FhVaEnesw0WuCqQLzYHxrWjITUr3PVBiqgZBH7dcjXkGGxq5PQAz2K%2BHClsY%2BjNSd7EcIeD4w%3D%3D\"}]}\r\ncf-ray: a1a3713cbdd235a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 140456\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":140456,"size_decoded":141545,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8bca8b0883192fe0acd03e5f1d93db7e","sha1":"9389b04455ce537ed80e128ed8425dcf18dc42ae","sha256":"886afe857a2b02c1774c0673a3efba566cc04819f7296ff500d0fbfbe390da0e","sha512":"7ede32a1b9c95e05a7390271377965482da6d53fc99e6417222270f1f279934518f80a0abd0846a99995c7a9b9aa5fc8bcbbbe2d9c65e5045737ae2045bd0a14","ssdeep":"3072:OX62yr3/9NDLA2YsrYJ3EuWHO4l+GhVbyPsrz3dshfPak6:6orPDvxBq3EuWu8+G3yPsN0fP","tlshash":"71d312801fbcde90cc6e291d983ee302d6676b4f19870918d9fcd5d6354b2e348a706e","first_seen":"2026-05-03T09:25:58.493685Z","last_seen":"2026-07-12T22:22:18.530912Z","times_seen":23,"resource_available":false,"data":null}},"time_used":316,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":215,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/vs20fruitswx.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.525Z","timestamp":1783894901525,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/vs20fruitswx.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"54ba-19e87ec55b3\"\r\nlast-modified: Tue, 02 Jun 2026 10:41:13 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=T%2FaXRL1ar9Z3EbkRsTXoQJKwVOR2RtaRPDWgt8xeXUFlQbfxijXIToK9l%2FN41y8N1zyHfnCkIl23zBvb%2BLDdWHVgQZEySosHQwPKEZMUVV7dpylJuOzg7OwwDcBHaKq3faA%3D\"}]}\r\ncf-ray: a1a3713e88d5b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 21690\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":21690,"size_decoded":23092,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 360x472, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"607b78c15a6cb099ed5685a069eec4ff","sha1":"f2222fcbbeaa10682090cb1fc0606363dbe31d8b","sha256":"c29893458d23db118fa0bf71b74e5a3ccaa48c3374776c8767be4c521b998ae4","sha512":"794fa2d28461ec95badd7a15e54e24d06c6b29529840fac24217765229f4b46bdfc24ee0b1d5b7fc9502e851ddb0a62e8905da94f922158c58335160f0b71c27","ssdeep":"384:pN9jHe138IK4vu0zR/U/nWxkr9UyTqh2taocYjlOxvDyvaI1Wuaz1hoLiNsTymxR:pDHscv0zR8Pk0K2ta7Dylk0+0x4C/","tlshash":"eda2e03f367c89877cc47f265275d9820004b082dc275a61366776e63fac5eb23ace82","first_seen":"2026-07-10T22:57:09.653891Z","last_seen":"2026-07-12T22:22:18.53157Z","times_seen":16,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":220,"receive":69,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/yakuza-honor.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.551Z","timestamp":1783894901551,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/yakuza-honor.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"28ce2-19e9f36e960\"\r\nlast-modified: Sat, 06 Jun 2026 23:13:56 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j4CdxiJSju8YLBPKFTplD91cSEidY5CfsTDP%2B8BMREvrCfcQdTmdTSNG%2BKj7dk1ztZlTbLL9Iz4C7B0O7RhVX6v80wgMc%2ByIXE5t96pPQn7v2U%2BPFH2shVe4NnxDZTGcnTw%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1a3713eb8e6b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 167138\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":167138,"size_decoded":168544,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"dc64adbe3aee7856fe50553a8fea2a25","sha1":"f3bc2088f13de5372680029541b23fea4c3c554a","sha256":"fafd1dfa6c36d17040d28ea9b506d44fac84fdb8e4a5d4728664e87a5643e184","sha512":"3d0d015f25ec79dc4634eb61505cf8996414e55e48ae8c020afd87ab8d2ff476111a2684daffcb5cbed3984d4596d27bb32db390424c2ae19657b5a7c9b715b9","ssdeep":"3072:RVT3sDAMjIgaQd40nkeB4yNoIahz5AZIyhhQxpTtLOL3JmKYYRvOqOgtEP43:RVTWL4mGI458gLu3JmKHvOjgtEA3","tlshash":"fcf323c5c84b05c797fbaf927c341a285fc27289157d8af5ca339919f9db8e81095382","first_seen":"2026-07-10T22:57:09.571411Z","last_seen":"2026-07-12T22:22:18.532337Z","times_seen":13,"resource_available":false,"data":null}},"time_used":285,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":137,"receive":148,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/api/games/live?limit=8","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winxixp.top/","date":"2026-07-12T22:22:01.178Z","timestamp":1783894921178,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /api/games/live?limit=8 HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nOrigin: https://winxixp.top\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: application/json; charset=utf-8\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:22:01 GMT\r\netag: W/\"b35-2sh2WNvMsDS9wOevNT6GgkBejIs\"\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VOxQEGd2p62GbQe3dACfNN%2BLhqNMU5434TBFAisa7R4LSNx5EHHA8E0vEgl7CfzC0%2Bni9dB5rTM3seVSGZ%2B0n5R8PLk2XZxSbb4bN%2BnR9TbiLCDFwRj3rZYRk8hBRmNjDAo%3D\"}]}\r\ncf-ray: a1a371b96dfdb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2869,"size_decoded":2350,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"f630922dfcadeb88d5cfc3aeece92f33","sha1":"dac87658dbccb034bdc0e7af353e8682405e8c8b","sha256":"07073e43c0a42916bb9bc20239c0274ffaa87582aba7170c6ff2dcf17b9b5a58","sha512":"c6383d2308eae5138700ea4b85feb886ae0edd6f2c8ddc185025f4a8624700bb9aeaf79415db45aa9f193cfac0ce80dc439ccb352a604607e785840cb6acbdc3","ssdeep":"","tlshash":"815104af55402dfcdb355e908489709ed8edb37b5ad11c08c1868d3accf56da287c963","first_seen":"2026-07-12T22:22:18.53298Z","last_seen":"2026-07-12T22:22:18.53298Z","times_seen":1,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/werder_bremen-06cJMe_2.svg","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.897Z","timestamp":1783894900897,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/werder_bremen-06cJMe_2.svg HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=z2DMD601JiWwI3ml; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.41; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:21:42 GMT\r\netag: W/\"6a51f93e-2c57\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 4\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BKs0%2BHhd9YFXc7Ke6rOMchyQOk2Lsp8T1l0FhfOkyaM68EEcuulairZdGQlGX4HOJ9N1mpyxk13afAnmrtpZ%2FQa%2Bbfo5Kwbf%2Bkd9%2Fh5zfIqoSRLe8mbp9%2BXSZoJ3yA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1a3713a9db235a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":11351,"size_decoded":5107,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"9bf3a09c5db8178ee8262acb3bb930a4","sha1":"5032a3c1f0f3f784ce17f6b8370540e5c2891d7a","sha256":"4c5c02448915860d44a50f469bee4fb82dcb088732b31453fe094e85dcc2070b","sha512":"52ce5d3074909e7460d144c21b3fb496c10ee6c09efd602e1ea52f205daea3e11752627e45c889c23a26a08f2a580729acbe0687555344b4311a861f37e991cd","ssdeep":"192:W/uehQxb9c9qniNEgj9pZh9nTd0f6WYsFL2PcxX7NBZl447mGRtejVZ:WWTeHNZ999nTezYsREcxX7fF7mGyjVZ","tlshash":"3f3240cde7ee82ecb04357f99a611cb4291b05f52740cee9c7b71a11eca246e8c31883","first_seen":"2026-05-03T09:25:58.568484Z","last_seen":"2026-07-12T22:22:18.534554Z","times_seen":24,"resource_available":false,"data":null}},"time_used":1155,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1155,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"op-api.gambl.bet/track","fqdn":"op-api.gambl.bet","domain":"gambl.bet","tld":"bet"},"ip":{"addr":"104.21.8.217","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.995Z","timestamp":1783894900995,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gambl.bet","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 05 Jul 2026 15:26:36 GMT","end":"Sat, 03 Oct 2026 15:26:35 GMT"},"fingerprint":{"sha1":"C6:89:9C:7F:59:81:87:BB:1B:D8:C8:FE:CF:81:CD:0D:A4:E4:D7:DB","sha256":"48:E2:DA:EA:3D:13:BC:5A:36:A2:07:52:61:24:2E:FB:51:32:16:AD:7A:57:1D:93:D7:96:51:0C:D4:12:39:FA"}}},"request":{"raw":"POST /track HTTP/1.1\r\nHost: op-api.gambl.bet\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nContent-Type: application/json\r\nopenpanel-client-id: 3ad6ac77-f30c-4a99-95ca-7c2a88051ecb\r\nopenpanel-sdk-name: web\r\nopenpanel-sdk-version: 1.4.1\r\nReferer: https://winxixp.top/\r\nContent-Length: 211\r\nOrigin: https://winxixp.top\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":211,"data":"{\"type\":\"track\",\"payload\":{\"name\":\"screen_view\",\"properties\":{\"__referrer\":\"\",\"domain\":\"winxixp.top\",\"__path\":\"https://winxixp.top/\",\"__title\":\"Winxixp: Most Popular Online Crypto Casino \u0026 Prediction Markets\"}}}"}},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=yIoW1wsHv27by5Kp; Domain=.gambl.bet; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg10_=1783894901; Domain=.gambl.bet; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg9_=162.158.222.96; Domain=.gambl.bet; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg1_=mzEWmOAuLSRFoNmddYwh; Domain=.gambl.bet; HttpOnly; Path=/; Expires=Mon, 12-Jul-2027 22:21:41 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccess-control-allow-origin: *\r\ncontent-type: application/json; charset=utf-8\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\nvary: Origin, Accept-Encoding\r\ncontent-encoding: gzip\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rPbNXj7vzY1LTKxLPFlPVi0iitO3LaCr7OLTpFWMKD25qi2ahY9XeI1pG4tlwmPNxfbcPaFh9zTSCriKhEiDuAOLVvugsuYYgk8SzVemSmgfE%2FeBq%2Bc%2Fh2oI0FzQ3iroFdVX\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\ncf-ray: a1a3713cdb510b59-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84,"size_decoded":1196,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"7022503a4600fc319d468101c5267107","sha1":"e5a5135e3b3cd4ba11368546f6adf00f45f8e2fb","sha256":"b9c25b8a4d9617c02ce4d557254b6098e94a95eadc5ddd21b75c5b9fd8002aaf","sha512":"fa3cfe529f5675ff67d0641253c4bb8b117f4eca3c891810ccf06402f9f32d89cc36224faccdd76af69ed3743b9cafcb8b8f4e7da081df4b00d02d56a3c481f1","ssdeep":"","tlshash":"efa024017c000c5dc1f501544c11007701f55c10d17033dd01f117013113cd440507d7","first_seen":"2026-07-12T21:26:42.062888Z","last_seen":"2026-07-12T22:22:18.535831Z","times_seen":5,"resource_available":false,"data":null}},"time_used":56,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"op-api.gambl.bet","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/gift_top-CVczyCaQ.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.246Z","timestamp":1783894901246,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/gift_top-CVczyCaQ.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=Ed66NDC96P3LYQg6; __ddg10_=1783894900; __ddg9_=172.64.209.56; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=wpR4L7JsbpgVBLxx; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg10_=1783894901; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg9_=162.158.222.114; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: \"6a51f93e-8836\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EGbwfN00dapTeKivACfsU3rsNRNeQJRGNskELY9I3ZYLpDcimP7vUUUH2yJbhFtUzl7mYllxgsY%2BlezfAEyFQmwxpB5HR0eZoCE3CFiDDrWDccY3S3eWF13tA5JKBA%3D%3D\"}]}\r\ncf-ray: a1a3713ccdd735a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 34870\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":34870,"size_decoded":35954,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"6b8733c79c48b53b6462523f9de03fcb","sha1":"14073d4601e11f5cab29674a2949b05b5e549fe9","sha256":"c648bbb0c45d11f24a8fa6931655c0cd94c14fa31b9c0326d333d2c8b36b5dba","sha512":"fb1f0a39d948404267b5486c7c6ae9474a85f0cf56ece4f291ab20b2e2d4d5195cc6b1fdf7fc34f8717a70d5fa666f88d949cbe36387e64356f8bb4186796cd8","ssdeep":"768:CacY9XQsOkKCYJDp6UAzuuEvD6fk0kfMaJKkele03PNcldFYyxfk:CFYel1DpwuNvD6cDfI36LFY9","tlshash":"acf2e18b2a267253799ff19fd48bc5621d70a6810193ded44223b41ffe8ed123935a72","first_seen":"2026-05-03T09:25:58.447757Z","last_seen":"2026-07-12T22:22:18.536507Z","times_seen":23,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":84,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/rabbit-road-mini-inout.jpg","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.510Z","timestamp":1783894901510,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/rabbit-road-mini-inout.jpg HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/jpeg\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"266bb-19e188cb63e\"\r\nlast-modified: Mon, 11 May 2026 19:38:55 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iiIxP1Seto8Bp4xIyN7814HMT%2FLjPkR79gp%2F2oKhIzZRizQsLg5SAjjZw0sRl%2B43Ev4K7URKnXwJPN%2FssfF9Chmm9TFV1IMYfxyMeWbFN5fUmxBme3RhxwllTh%2BIPMb5FXU%3D\"}]}\r\ncf-ray: a1a3713e78ceb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 157371\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":157371,"size_decoded":158779,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit/color RGBA, non-interlaced","md5":"350386f4ae53bc8b1e470dbc414eb3a6","sha1":"d1d4472c746f237c379d64794389971df62dbeb9","sha256":"974fa37657af78ae7f1695c622ad77f544cc19dd6c3bb29502ba7e6f4b5c48c1","sha512":"7ee319101357aa4bbe8e6c0eda5ca456d062d8fe15a6298e01066491c36ba25b534266b8ec19f2ba1dfbcc657df1b0c849ca65c57767743ff21269550e04144f","ssdeep":"3072:n3qGl6Cx84WbG3geXr6LfjDcjjeZa0V89C/gblDXNOVR7E:n35lkYDXQrYjC9AxblQ+","tlshash":"6ef312530d7981eb4b9bf6e3b9040aa01c026b4d37d183bbe79deec869d58bd08c5305","first_seen":"2026-05-03T09:25:58.450756Z","last_seen":"2026-07-12T22:22:18.537104Z","times_seen":24,"resource_available":false,"data":null}},"time_used":299,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":134,"receive":165,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/api/games/live?limit=8","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:51.112Z","timestamp":1783894911112,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /api/games/live?limit=8 HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nOrigin: https://winxixp.top\r\nSec-GPC: 1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: application/json; charset=utf-8\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:51 GMT\r\netag: W/\"ac6-OXmS7iYYuRyqbYLTa/LqzpGE/6g\"\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZzlODE3VlSXlG6SHJc1XcvQflGhYtXx3%2FKzCV7e%2BEBB8eOsnphkisEajJ0fFgS4%2F6gw9QKVHKq1ySTDgDDna9BtobaEUDvMFdVN%2B%2BE%2BxL6D51%2Bn5ZeXpofY88Gr%2Foh11QCk%3D\"}]}\r\ncf-ray: a1a3717a7af4b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2758,"size_decoded":2272,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"44621bde25ef019a757b96b749c98b1a","sha1":"397992ee2618b91caa6d82d36bf2eace9184ffa8","sha256":"cd151272c861bef092d8a1ff3c4fa4ad3f3c1cf974df13556f9fcbbd9ff905e4","sha512":"4741b9a12ad4c217e88c52b06d36b34e226054746459f37aeb994431fdb89720b21f62fad99562ef9cde0cade923cad820d43c91388f8b979ed045a487b27c01","ssdeep":"","tlshash":"a951de6f54482dfcda350a90884970aeededb2bb95e15c04809e8d2eccf44f63e78563","first_seen":"2026-07-12T22:22:18.537721Z","last_seen":"2026-07-12T22:22:18.537721Z","times_seen":1,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/fredoka/v17/X7n64b87HvSqjb_WIi2yDCRwoQ_k7367_DWu89U.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.712Z","timestamp":1783894900712,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/fredoka/v17/X7n64b87HvSqjb_WIi2yDCRwoQ_k7367_DWu89U.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://winxixp.top\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 29732\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 12 Jul 2026 12:47:16 GMT\r\nexpires: Mon, 12 Jul 2027 12:47:16 GMT\r\ncache-control: public, max-age=31536000\r\nage: 34464\r\nlast-modified: Wed, 10 Sep 2025 16:42:18 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":29732,"size_decoded":30544,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 29732, version 1.0","md5":"9591efe1be62434d2d107e2b19702029","sha1":"6438e7de08adb0a989e1947ff06284771f884eb6","sha256":"99d6c78e043710d4f83ed90716779798b7b04eb690f73e0ad0e8f32d1f0e98c2","sha512":"3cc3323210ab19dc07513ef4df0bc9eb7b85b0143fa39c37d79b6fdb1b8309d34b96c452f264d3ab3a409b5a75c6872d48c22f54aead05e78454004106546067","ssdeep":"384:fNPmz/ALfS8CKEhoIqMViQziPMBdrB2PasMyqhdJf00dHmgJIW+uvTVsRZBhW7AC:8zoRCKEhTkQJdrQXqJf00GpubVsRZtI","tlshash":"0bd2f104c9605335c6ec64b69b114a7bffed488265e2b9d520a8eea61761fc8e09053f","first_seen":"2025-09-12T15:30:51.751475Z","last_seen":"2026-07-14T04:10:33.754493Z","times_seen":758,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":25,"dns":0,"connect":0,"send":0,"wait":22,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/gift_bottom-DP-TDRai.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.243Z","timestamp":1783894901243,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/gift_bottom-DP-TDRai.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=Ed66NDC96P3LYQg6; __ddg10_=1783894900; __ddg9_=172.64.209.56; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=I84l3ztslh96oLGh; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg10_=1783894901; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg9_=162.158.222.58; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: \"6a51f93e-d20c\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Xcgo0N5eERqXUWnb%2BaEof2TLYDWfdNzKbvln50m7heuiKcMavd3Axem%2F2ctNbOaf9JLl5Z%2B35s65Gm6bpSUQONKa2Kuyr61tPwhbc2etuRyVvSWTGC8Z5gzuONS80A%3D%3D\"}]}\r\ncf-ray: a1a3713ccdd635a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 53772\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":53772,"size_decoded":54859,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"c65662c6b87ce8ca21e63690a9620d42","sha1":"a7b0c23ac295b45a1606686c1af683c53d863107","sha256":"262cf86dac4d7f23654ee92e9693edfe1743ad825b7f0a9ed083114a624139cb","sha512":"e08134fa8aab3f309a661d8f10917344cb939050b57c9af6aef672d379b9831be6ac5332056b114e50ab86eef0f659f4d3f8a7c33d73805768a9e3b3dc6cfb0d","ssdeep":"768:ljqwJW6lBWsL9VPSn8oOwdRsxTe8ZEaZzWTaHRSHlsjbKQsEXo:ljqwHWsnhoOwdRshTEapWhstvXo","tlshash":"b033f1346f841cf5e008b774de992101d36b836f639793d30117e4a6aa48e27f798bb9","first_seen":"2026-05-03T09:25:58.55733Z","last_seen":"2026-07-12T22:22:18.53966Z","times_seen":23,"resource_available":false,"data":null}},"time_used":51,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/chicken-road-mini-inout.jpg","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.501Z","timestamp":1783894901501,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/chicken-road-mini-inout.jpg HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/jpeg\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"13ea2-19e1889de90\"\r\nlast-modified: Mon, 11 May 2026 19:35:49 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Te5ug6f%2BT1lz4vAL6vuwVJZvJG7CZeYt3gbfy81hCNSAyV3UM%2FDqdcwWsNiA%2F6EkcGSoq7C2VYd2Vz78aHDPNnYlOQRYQOMTZs%2BcooIrE2q5lCvbdbAaWJLcggYB48dChYo%3D\"}]}\r\ncf-ray: a1a3713e68cbb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 81570\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":81570,"size_decoded":82975,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit/color RGBA, non-interlaced","md5":"bd31dc34709ab28154febf333c9d7b61","sha1":"957e8b303a3a7eac3058fbb67cc82c673569388c","sha256":"c4a2ab24afece8e542c58e54a15c9b5ba387d224aec670a881d89cfc49f63f8d","sha512":"e77dc104b82d541bfbc1dd6a5195a6a9f7bc24e32e4acb2764a0118427fba1bee9b07b4716d3f4228fff4205b447c79ca0e9ac5af12d18e6eac868af1ec8b9d5","ssdeep":"1536:XtLff+jHHoz3d9eMxKlXfg7N2OT0RyDxbH+pMEaJUIitksm:Xt0nUd9KXfg7NrmytgMhitkL","tlshash":"c28302daff75e12428a5d3a7a117770c421c9ef6e2bf2ee12c1a517a50efd84b812314","first_seen":"2026-05-03T09:25:58.558516Z","last_seen":"2026-07-12T22:22:18.540259Z","times_seen":24,"resource_available":false,"data":null}},"time_used":266,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":115,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/chicken-road-gold-mini-inout.jpg","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.517Z","timestamp":1783894901517,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/chicken-road-gold-mini-inout.jpg HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/jpeg\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"2bb1e-19e1889de1c\"\r\nlast-modified: Mon, 11 May 2026 19:35:49 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pJ%2BPyap8uu9Z6Mz%2BWjHrSRir%2FqpnmNJmgSDzRLzy4Ak8KxVcZRtTecccZXqbCwEQI78iwlyVGR9VXFg7fgmPXM2juaKyXhD%2FWEvyp2jWiiEUQddgEtU4iCtqSj2aPcwv4M4%3D\"}]}\r\ncf-ray: a1a3713e78d1b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 178974\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":178974,"size_decoded":180380,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit/color RGBA, non-interlaced","md5":"7e6786b8f04722cfa883924cf56e618a","sha1":"11834b65154c89318b09e30540170438279db363","sha256":"d15c8109068462a9bf3994fb4ef6f126253b038b1ed7e2030c23f013dc7a8857","sha512":"0e188cc4eb6bad0ec7a3eb8e6bcadbd2ad447ffc868ec327abe99924d910c8c1b38bf5607442880655d691967bb27c87abbca0ee85fd7ff4180942a96958a690","ssdeep":"3072:wbRMbtR2+Z8ik03JdOr2QjubVpGy1lYxba5gzDdmTrCgqZnC1Wtkbzi6eI3uMkRg:QiR2+Z82Cr/jubVk0I+gvjbCMtka6eIF","tlshash":"1304138e2c596af29f843e48c8d05f3e4a7245e7df80b1d60e0bbcf71e9018867b5556","first_seen":"2026-05-03T09:25:58.480792Z","last_seen":"2026-07-12T22:22:18.541012Z","times_seen":24,"resource_available":false,"data":null}},"time_used":322,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":167,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/vs20fparty2.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.527Z","timestamp":1783894901527,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/vs20fparty2.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"5de2-19e87ec4fab\"\r\nlast-modified: Tue, 02 Jun 2026 10:41:11 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NpYc7I8TBKCWVmcv7GogQPN86CaY3GYRhwv9BEPN%2FtgkSQEtMrYHyG%2B5kxG%2FPt8DN8dwSJER4IEmraMBLtoVZf6f1tzTIM7NfUsIhoagCE%2BrFh%2FEeHJ7ME8agK8g9Gbh1ZM%3D\"}]}\r\ncf-ray: a1a3713e88d6b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 24034\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":24034,"size_decoded":25440,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 360x472, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"7161f3dee408d108342e9e493f909cb5","sha1":"4b222932bfc1c35565091316edd289960b13b60d","sha256":"15238cc480c000b408607fcbfd0d3cc978ca6ed13f08a450f75f3b6de8a5eb02","sha512":"24930bfdc8ae5dab65139966a3b51428bba54ddcce47d52c9aadfcb41409030c0f9a8b1510a493fda7768cd4b56bf611c9f3a1e774cf96b14228739d142f3ca1","ssdeep":"384:yUTyQuU+GCFhCtevu528zIqnolnMB0LhogwGx4OPd1+/HrkKKsTOOpzCEj:yUTyQOjC+u+qnolxd6OPT+/HrnTOOdnj","tlshash":"16b2e1d0a815d71e990222cca66c1ee7ee6ba58b7bc00331cf3890e6dd18857a759cb5","first_seen":"2026-07-10T22:56:48.070404Z","last_seen":"2026-07-12T22:22:18.541646Z","times_seen":20,"resource_available":false,"data":null}},"time_used":286,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":218,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/vs20sugarrush.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.528Z","timestamp":1783894901528,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/vs20sugarrush.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"74da-19e87ecb05f\"\r\nlast-modified: Tue, 02 Jun 2026 10:41:36 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YDiKjvXreAXFWvoYbCPybPuIUFEyilKBpJfijgH0NAPmj%2BTTjqroZfSCrq8BKfhLxyBeDNLVVezLUnlzWdUjjBod4W6PvyizQz%2BNsH19Mq%2BE8%2FaJWGtuXq8fP3PwqacASag%3D\"}]}\r\ncf-ray: a1a3713e98d7b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 29914\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":29914,"size_decoded":31318,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 360x472, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"f5d34e92022a20b828fc43e0f5325f88","sha1":"84d7c51ff977d6dc7cdd6ccadb5524c617720840","sha256":"05f2eefbc3a7a73ef1cc83b31710ddd700b1e3f3ff4a23134de10b7b06d12a3e","sha512":"2c9637ef738349f0817dbb21371d276b68a06ece886665218e45d004fabb277af7e9b742c146cded525cd5443c243ac727041f08a0b1e5cd1552405f6323acb2","ssdeep":"768:bfrq1WWjyHPGdsVtCOsirTXlW5T7YujH5JazIUo8iVA:bzqUXHPGdsPCBOTV6TVaMR8R","tlshash":"6bd2e1b7010bb490789250d8e1129e9dc1f31bb5562757389cf889a318f6c727d26fec","first_seen":"2026-07-10T22:56:48.118862Z","last_seen":"2026-07-12T22:22:18.542254Z","times_seen":20,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":37,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/fonts/Proxima%20Nova%20Extrabold.ttf","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.703Z","timestamp":1783894900703,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /fonts/Proxima%20Nova%20Extrabold.ttf HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/assets/index-s28uPECG.css\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=ixzxBFqFFBIUofYO; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.16; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\nserver-timing: cfExtPri\r\ncontent-type: application/octet-stream\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93d-1f9a0\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:17 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VMlbMl3gbFp%2F%2FTQKuF2w3T6we8Cn14y2exSLKyHVUtFSGWhGb2A%2Ftd10Bya5F3j%2BIRyUklbqwgpG%2FM83XU4SjGL2YiaEIGRkQ0x33YeYq2L7aHz4Uj%2BiQcI%2B0AAE9Q%3D%3D\"}]}\r\ncf-ray: a1a371396d7735a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 129440\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":129440,"size_decoded":130502,"mime_type":"application/octet-stream","magic":"TrueType Font data, 15 tables, 1st \"FFTM\", 30 names, Macintosh","md5":"ecce738438b07e0f2700c264633fc55b","sha1":"8d0e90e6a0f9dbe299f7f07c765df1626c1fdd20","sha256":"6cd9cca7999d5953f3c596cd7b4822d1a871a2d3b8b85823243ab1368a2234de","sha512":"5441a6b93c92e27fa185349be7289859eb7701537245b89ee5fd2bc221e46305bdbaf6024e7c9d8c11ea94a27f51036f5e0a76aad96335dfee7bb2f372c3c9a5","ssdeep":"3072:gcDXjxKwoaX0gLZOVKk/PoSR0Y5CURdoM2E8H7O1j7B3+gAyR1S:gxjVQSR0YjRWgS","tlshash":"33c34b43e383cf5edba999be9d31f3753616e67d6f6a330e63402079f50b2a8a050185","first_seen":"2026-04-14T01:08:26.757884Z","last_seen":"2026-07-12T22:22:18.497434Z","times_seen":29,"resource_available":false,"data":null}},"time_used":477,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":257,"receive":220,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/fonts/Proxima%20Nova%20Semibold.ttf","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.714Z","timestamp":1783894900714,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /fonts/Proxima%20Nova%20Semibold.ttf HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/assets/index-s28uPECG.css\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=cTso62ox0uf3j9GY; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=172.64.209.32; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\nserver-timing: cfExtPri\r\ncontent-type: application/octet-stream\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93d-1fec8\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:17 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2B%2BPp%2F4qobZS8vyqcAyHdi%2BSWeptX%2FdsWEXvO6K09QXL8TgpwmNU%2BAvMqRbsMwUX55Ta%2FrHQx%2BajutlFMUIg5AY%2BLbFsovOEC4dHVsaaD%2B8V9LUmkaS4nkMmcaH5N8w%3D%3D\"}]}\r\ncf-ray: a1a371397d7c35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 130760\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":130760,"size_decoded":131827,"mime_type":"application/octet-stream","magic":"TrueType Font data, 15 tables, 1st \"FFTM\", 28 names, Macintosh","md5":"3510e34fcc8e060e13e69a6e9272ba82","sha1":"76dd51cd14bacf7f8a4c3be19d58de6e4c55dd03","sha256":"c6588560d54a7b904bbc04ca47495e897dd6e9bce843d37757da566e5089cd63","sha512":"72754ace481a7bb50bdeb1545f53abd9846d217ac4a3c5e8a2d40dca5293c5db67efc99225d1f454d98960473388b4b82120d51529fb237028d2994674c9b08a","ssdeep":"3072:0HYa7NyOQIyhKsNBHcdGF/XmHuXo2E8H7O1j7B3+gAyR1K:0bcHPWHOcK","tlshash":"7ed38d4ff383dbffde55257eaab0f7b5325ae53c1a5d330daa445179e0190e8088068a","first_seen":"2024-02-19T16:27:02Z","last_seen":"2026-07-12T22:22:18.542909Z","times_seen":44,"resource_available":false,"data":null}},"time_used":227,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":178,"receive":49,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/api/public/domain-info?domain=winxixp.top","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.859Z","timestamp":1783894900859,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /api/public/domain-info?domain=winxixp.top HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://winxixp.top\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: application/json; charset=utf-8\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: W/\"156-ZPb3i7c+wdzvjtt2wE3ZknFv1qw\"\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eeg7fpZCrEUg41ykMc1kbRHCn38%2BB9BfrEd8eiX2JedJaDAEv%2FNr%2BfW%2FE%2B0BSpF2KTzTldIBGis29HeCshZ3jfRv99Qm4SPTwe0cl%2BFnYl5xij7%2FJihpZR%2F01aOJYrD8NYo%3D\"}]}\r\ncf-ray: a1a3713a688cb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":342,"size_decoded":1560,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"90e3c84f6e5dc8f2f3cc605198e76c47","sha1":"64f6f78bb73ec1dcef8edb76c04dd992716fd6ac","sha256":"96e510f30dda1982f0d3c8373b43cbaf14f17a02f43c86cb9d213e691619e00e","sha512":"9dd150565659d60b6031d27f72c78aa6dad3946b7559876738f70bf1274e1f61761cafe8de8da228eda841a52b5b54eeaefb88f65b3e0ff616cb4412ac346790","ssdeep":"","tlshash":"16e04f45ae10bc7c5f4a7b8138ea3d4e43bc0527dd996892c2dd4f2443dd8261165655","first_seen":"2026-07-10T22:56:48.042972Z","last_seen":"2026-07-12T22:22:18.543597Z","times_seen":2,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/api/games/live?limit=8","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.877Z","timestamp":1783894900877,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /api/games/live?limit=8 HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://winxixp.top\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: application/json; charset=utf-8\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"af0-Hzlrpwcw+7nl1c3VigYy9rLtCeg\"\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R6nJiIlFbZ06urFVGxPl%2FSzEgtAWCwwYfd3hmd8MJ1mFIeJGIso3jxoTJk7XxEBMhxgIyQaBGbcfyUbgjJ07HW%2BuPtPI9Qgdd6eZBFpYWiF4oyCxfeYyr98BbNjN7tmOobo%3D\"}]}\r\ncf-ray: a1a3713a788fb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2800,"size_decoded":2316,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"590d79a6bb0a91527de298e33d268926","sha1":"1f396ba70730fbb9e5d5cdd58a0632f6b2ed09e8","sha256":"2d54b89bb61c806032234f412ac3698890134944eb7d2754aeba7670d014d394","sha512":"ebd2cfda1218fcb602fed1f5321560de83b85bc6e3690707a4bb02c7230b7b8c724e61befbb6cc0a9d1b2cef6028e4e98e759050b6d68f53e2c989186a469ba7","ssdeep":"","tlshash":"a85122bf50883dbcdb355590884974ade9def26b86e05804c1db4d3accf45e628bc52b","first_seen":"2026-07-12T22:22:18.545196Z","last_seen":"2026-07-12T22:22:18.545196Z","times_seen":1,"resource_available":false,"data":null}},"time_used":207,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":207,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/20FS_image-CTw73Nm_.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.906Z","timestamp":1783894900906,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/20FS_image-CTw73Nm_.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=Xsev5ygkgwE5iosD; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg10_=1783894901; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg9_=172.64.209.64; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: \"6a51f93e-9f2b\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4X54Rj6Xfc%2Fj15BgmX6AzrxGxmqacKxzT6dk%2BYKmTb5qqPHtmJxDncpA8342Pa4vjokvrccSuDVWdQgzx7wL7KV3FBLipURnEVQZimfEoIWGOozT1BY4wi5hVyTQrA%3D%3D\"}]}\r\ncf-ray: a1a3713aadb735a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 40747\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40747,"size_decoded":41831,"mime_type":"image/webp","magic":"PNG image data, 139 x 178, 8-bit/color RGBA, non-interlaced","md5":"97564493dca4d562ff94dc225815a45d","sha1":"d14dd698c42d2aab8e996cecf83924fe270c47ed","sha256":"6e7dc280727fb9557f78c8bc6accbe542ab96afe23ffa650abced9d7b433efde","sha512":"d9306172861ed71a7541d339c94e1ebd58462ee118a3e6ea68125d9b2fc44f0461851293f642f9e3868f8f13ed04774b94f562baf0cf053ab29e6d701b7fac68","ssdeep":"768:OttvaqnJ6/TQs4wWW2ycvTzibk+8ZpAC0O+I1d708WdQoJL6IqInZO039:+MAJ6ssJB2ysDP4SFDDo1Tnk039","tlshash":"3903f132856b11b3229d8e433b24674a8cffcf8337e0434866dcbf99654e9bd5e50046","first_seen":"2026-05-03T09:25:58.478441Z","last_seen":"2026-07-12T22:22:18.546774Z","times_seen":24,"resource_available":false,"data":null}},"time_used":398,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":384,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/cricket-road-mini-inout.jpg","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.494Z","timestamp":1783894901494,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/cricket-road-mini-inout.jpg HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/jpeg\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"28376-19e188a0797\"\r\nlast-modified: Mon, 11 May 2026 19:35:59 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rD2UcuWNDJB5tOK1F8kIBfev18%2FSO3G%2Bjitk4oqg6D26Xe2IwwMz0Qz1ObquoUoWDpPy4gzBoIBgOusscQr%2FXIQM5jq%2F1%2BY4CBoy11ki2%2Ftcrq5R6Zr2JPN4XGzQIZf0N3I%3D\"}]}\r\ncf-ray: a1a3713e58c8b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 164726\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":164726,"size_decoded":166136,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit/color RGBA, non-interlaced","md5":"1e1ba05a859bbbc01900d9ba08880e35","sha1":"7e9c385589952ab26f8f04deb098622c4310acb2","sha256":"aa6523b76b4bd7c120c494515236995d2583f085d9b9e73d96482b8d55064822","sha512":"394bf0f7f744e63a365f3c5e046e448924c15774bc15f4b435f27a3c4d3326a4a8cb6be51926504ef11006f0238802623e1c40b39a0c91b612cfc657bbec9914","ssdeep":"3072:yHEh/mHTKsEg0Y12Wuo0DNXO3m6IMgNiMSBTJWvRiH8wJzudjsuyoB0VFvqBZ0AJ:ykaTKsppSDN1mgc7Mp/kudjf2yfd","tlshash":"5af3129f461a6f92e6026c204b86cb7d63e4c4314c597d6738a8687c341afd2897b7f8","first_seen":"2026-05-03T09:25:58.532508Z","last_seen":"2026-07-12T22:22:18.547432Z","times_seen":24,"resource_available":false,"data":null}},"time_used":330,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":150,"receive":180,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/chicken-road-vegas-mini-inout.jpg","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.499Z","timestamp":1783894901499,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/chicken-road-vegas-mini-inout.jpg HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/jpeg\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"1d4ff-19e1889e1c4\"\r\nlast-modified: Mon, 11 May 2026 19:35:49 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CKPSF1UhHFgKPmUaeHyquvWswH8J%2FXe7z6P1a1W5z34G%2FEjsGVJCy8ehAW3tu2Ilv1tTpR37GMGOEPyxTZMIU7YInAVk%2B0ndeVKY2i4Ra%2FZyQhxgyz6TUsS0NUOwCC5sJws%3D\"}]}\r\ncf-ray: a1a3713e68c9b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 120063\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":120063,"size_decoded":121469,"mime_type":"image/png","magic":"PNG image data, 300 x 400, 8-bit/color RGBA, non-interlaced","md5":"d97c882f1efb1cb1a0602a1409eae227","sha1":"fed1caf3f89fb7c82227e37bd3159eeca20d05d8","sha256":"5a11d7cc3d0dcb1cdc5b76a698c907e6c85bee99c68ec743af24df813e67fa29","sha512":"c5cdd38a27bdf7e64929d9dc9092c4fe80b96a1bdd38f865aa1e9db9c207a34e2daf50c46aea9ada68011e8264e5da1a3ff18bc7573f1249e3b1cc0789d32080","ssdeep":"1536:w4cNnWnyYHZDR+gQngdgg768GBAqx4v6QI0ZbVZY4EamRVW63QTnwHe6mp3ZyNlO:oEJHZDR+gasY8ZYNaD6WwHHNo1","tlshash":"e8c312e970881bf8d381ea1ffa06ec26027a87c97fd32cb882486cbc4554e5dfc55161","first_seen":"2026-05-03T09:25:58.487822Z","last_seen":"2026-07-12T22:22:18.548092Z","times_seen":24,"resource_available":false,"data":null}},"time_used":313,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":164,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/chicken-road-new-year-mini-inout.jpg","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.518Z","timestamp":1783894901518,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/chicken-road-new-year-mini-inout.jpg HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/jpeg\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"1730e-19e1889dfa0\"\r\nlast-modified: Mon, 11 May 2026 19:35:49 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xbn4yR234YZFyZvAsy7%2F0r8tY3ub1i7rOx0vEa0VGmE9g6mNHQ5jQiviEiGABA3mOlljNYxj3xmCE%2FEHo7%2Fef5OX2tdrzsOyIJRDo1M%2F3CQ6HQL9%2F0WErzv%2FDTz6hzBqYGQ%3D\"}]}\r\ncf-ray: a1a3713e78d2b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 94990\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":94990,"size_decoded":96399,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"a63fdbefceb85fa12b3fbe163536ba21","sha1":"1aa6d1ce85bed8959bce57748684be24725ddfd5","sha256":"372724c2ec10fcfc1068d6b19eb189f5f55a977ea9d7c559342e40282cf1d71e","sha512":"3a710b036de4629febd15903a03c98ca13002a4368cfa5246f7bd983b6269acfe02f20408d6eca115b29027ee60175dad8d0f78ced875fbeebaccb1addd5d528","ssdeep":"1536:VdFXCx/pEG1NBLws9R9tuQcpEkCTnWZf1Qs3D+y6yRCPXB9jCbNmDOmTCSedWViU:dXGqGNLws9P4QcpdCLWZNh3DP6bB9jg4","tlshash":"95931255ef9d5db1ef56df39a494213ffaf3247a8f980149904ca9d0a0018ef304d6ba","first_seen":"2026-07-08T18:54:53.805092Z","last_seen":"2026-07-12T22:22:18.548872Z","times_seen":24,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":151,"receive":146,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/press_field_background-Cdz_S5mJ.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.689Z","timestamp":1783894900689,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/press_field_background-Cdz_S5mJ.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=KjBfg7EGkXKdxVzI; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=172.64.209.62; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93e-283f\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 119976\r\nddg-cache-status: HIT,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2u%2FRfL0dI5NWx9hjoa9Ze8vHWG1GlfGG4E7WS7SxtT%2BQEiOsegyNKtLbwW3WtigkFSTxfJ9aZjoHgUyF1HRjoAwJfhsoWnMa8lbnc3wKNzxtzU2GGpqxtOnzoUorBA%3D%3D\"}]}\r\ncf-ray: a1a371395d7435a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 10303\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10303,"size_decoded":11391,"mime_type":"image/webp","magic":"PNG image data, 330 x 71, 8-bit/color RGBA, non-interlaced","md5":"9277f5f4e0c5ec965fd895fa5230a295","sha1":"e633562ab343c2e694d98ad152e511af4ad9d465","sha256":"d4238606fd0cbd7fd2bc4f8648e888f3a48f50642773f64dd2c24d65b180bdaa","sha512":"5ab3eb52c0ed0d91c3d1c7b66f874c97dccffea2870cb627824e144f8de9b146eb61aca937d6ad48554c79093c4d657f928e115c305ef01e27b0e99b4ec37baa","ssdeep":"192:lSE3Gll86piYg5VkOYMCToZ5aGCiWDnn4rNGJYlvgPsPTQhTI73eG:EcGllgYgnkNoqGtWDnn4rNGJqPTQJpG","tlshash":"0a22cf4e3c5ae448489d67f1e6ce0350813d1be68ddac0fa26964ca229eff6c070d793","first_seen":"2026-05-03T09:25:58.436952Z","last_seen":"2026-07-12T22:22:18.549591Z","times_seen":24,"resource_available":false,"data":null}},"time_used":168,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":167,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/bg-slide-cashback-D6oBbvdR.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.837Z","timestamp":1783894900837,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/bg-slide-cashback-D6oBbvdR.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=CiFnT3RqQMLIqX95; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.58; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93e-2ffb8\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gNg%2BLzL733eLcMhjjuRfvnVRR3ip8q4RYg21N1HnT6QGXUguDI3Ax7Q8y04Hv5AfjZQp65LkbPdjneLiT9q3yYmeuFeb83YWBZ%2BenW8pn3fSo8YIwNyU5BbY2OXI5Q%3D%3D\"}]}\r\ncf-ray: a1a3713a3d9d35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 196536\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196536,"size_decoded":197623,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"283f9e0b94c289cb3a4b5bf970bb03c3","sha1":"19a8fb7333d8a7da0df1823f78aafbaca731900b","sha256":"7ea986e91377afde7d9b0248eb296d0486a32c120acd17c296ba123d7b4810be","sha512":"d5b2f36aa7de7e6a8ec420ff99a6ca59a997644253e0ed5a7344351a64f6e420e269ca5dbfa4db3ca74e8e12fce8fd891b00a84b945772e20559d83df590c81f","ssdeep":"3072:khUIb5+3KIW/qMs3ABv6OqLnLWYx1cqh3mew0bighP6IwM8Bsaq4H2KX/IHepXx6:kqUqW/HMAZ6O8nLzx1cqhA0NFTaBsaqR","tlshash":"da14122839304449592569a81af9629630ccbe3da5b7ccbb0da7f3651b3b9f08c7570f","first_seen":"2026-05-03T09:25:58.432446Z","last_seen":"2026-07-12T22:22:18.550498Z","times_seen":24,"resource_available":false,"data":null}},"time_used":602,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":138,"receive":464,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/four_footer_icons-DtogFTme.svg","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.900Z","timestamp":1783894900900,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/four_footer_icons-DtogFTme.svg HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=im9dKDoHBpnSnWTi; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg10_=1783894901; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg9_=172.64.209.64; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"6a51f93e-becf\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IOpM1r2xo4bGc2%2B70L7fBATjL7aeHTjZ%2BW6%2BszbpKz2KKKyESBHDCV0AeFkfAb5P7yijRgf8pcI%2BjIH17PReodRjgk2Wx5YhS3PjG%2Bc9gkRJbtWUwVJ7wezOHkj1%2BQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1a3713aadb435a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":48847,"size_decoded":20071,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"fb5e1c21811b02433e586468542b46fc","sha1":"b776f6a1ed3d0f7cba4865735c2aed1a54752747","sha256":"01b97b17936fb9f2e013354e9fce99a64a42ad4d714fde061698c7f9dc05ef01","sha512":"4d491365985e196b6f3849a7bb2c1e7d191dcc482a6f1f91c86531c84f4387a1cf228f1ed0f098ee8991d03af21e429ea6095b635e790b7d889b06396ed692fe","ssdeep":"768:JlxkPAA53GZV5JLphzrTboxLc6B4aScK9PIY9BIe:Ve1GH1nsymhTKJBIe","tlshash":"1f23a3ff7be421f0a046e7e5ee328475755b68fb7b92cf44c3889e947952098c889c81","first_seen":"2026-05-03T09:25:58.431523Z","last_seen":"2026-07-12T22:22:18.551512Z","times_seen":24,"resource_available":false,"data":null}},"time_used":385,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":380,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/vs10firestrike2.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.540Z","timestamp":1783894901540,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/vs10firestrike2.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"a402-19e87ebe137\"\r\nlast-modified: Tue, 02 Jun 2026 10:40:43 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aFLdjcbkdU%2FGkFs%2FwclwDZXoTbcg8xFtCB8waBHoooOmpqtjb938Ht4tN%2FIWmMvefwg0pSrVAPHIiIDaPhGwy9a9FpJtibka1aDiGrqqvt%2Fi92csjkxUAZRZzHGuRpobs00%3D\"}]}\r\ncf-ray: a1a3713ea8dfb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 41986\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":41986,"size_decoded":43390,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 360x472, components 3","md5":"7c469b9fc23267de90000976fc025224","sha1":"cfb377359ab8dedf7cf8cfb06ce96d5217de1bd4","sha256":"5d6a9d29a39c65ea5052c2bcc60be88addb070b703e4623ef4016ac258c54cdd","sha512":"583657bed6754dd78c03cb50902b859b1b0b3235ee3edede73db247d3f34a604713ce74e287c06ffa5303e0b2088caaed1fd1aa058d40e77cd2826a6b779c45a","ssdeep":"768:cyxYznxPYzs/cIZWSbpufh6YGTVOmCdu98twVD0zK2eDWKp5icd:GznGI4SbpYsYGTVOmH9gDRPKu0","tlshash":"b113016b3ea9a0f0c59ffdf031fc8d6b9a54f83a511cae6d5572081785787e0806c72a","first_seen":"2026-07-10T22:56:48.090528Z","last_seen":"2026-07-12T22:22:18.552898Z","times_seen":9,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":154,"receive":84,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/vs9aztecgemsdx.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.544Z","timestamp":1783894901544,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/vs9aztecgemsdx.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"97b8-19e87ebaf73\"\r\nlast-modified: Tue, 02 Jun 2026 10:40:30 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dbUCTuzZkPzoTjo%2BU1uPT0bDiie9TbKkDDiMxW3926In%2BGjUH7LbdXeTS2ChvW0oxE7kcmayGNNmwFLUg1%2B8KBHTHNDBeV6YiV75hIWT9QMHqfH3qWWhfgXW5Wqhxv9tmRQ%3D\"}]}\r\ncf-ray: a1a3713ea8e1b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 38840\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":38840,"size_decoded":40242,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 360x472, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"e2efe40b6c8a8c6356a637e3ec79d10d","sha1":"b25307bb558d7862ee5f4ea0aaf8ee2df8696514","sha256":"4efa3ee5491c89bab363821906765e13f8e24e6f137154962eae9f3182b00cd9","sha512":"c85544bebac885427f8c986753219aefa33ada1da43e1c9c5ce63d8fba8e866924bc3bab8bf945083c9f369fcb3120e445f19ad538b5b27709f3f9f0690def2e","ssdeep":"768:UJyTngFU6lVxygdohvq9jxofrGuabMbnEJGYkVA60:USeUMXygqq9KrGuNbnwNT","tlshash":"1503f19cb5e0d1299f829183b03acfc52154e638773e3176d5f57a2c37a5ab4893d02e","first_seen":"2026-07-10T22:56:48.089578Z","last_seen":"2026-07-12T22:22:18.553851Z","times_seen":6,"resource_available":false,"data":null}},"time_used":301,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":212,"receive":89,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/10264.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.550Z","timestamp":1783894901550,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/10264.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"328aa-19e87ead84c\"\r\nlast-modified: Tue, 02 Jun 2026 10:39:35 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j6%2F%2BuGRWdyRtkvo%2BcmIPMbQbx3RX48ATU4ZbHklzLdI%2FXWEmv4IITfE7CWO7SZWG8jYIYa20d7Q3aCQv6wcReOUqs9RsOYM7kmaDQLGsLpQ7gJhIAtb7arVk1bh1hn5VwQE%3D\"}]}\r\ncf-ray: a1a3713eb8e5b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 207018\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":207018,"size_decoded":208424,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"6b2bc3191104c2324bb1a7e618a276c8","sha1":"dcb1acc9e01024fde8a3d0dfe995243ab14eac33","sha256":"73f6fb6bf59508264dbf464fef796b883cd636897cf159a128b46d10ad715f23","sha512":"85835b1b6dbbd24d661fadb18cbef452e71fcbeec7a2041dddffd6ac22f97eebea9191c880168f8bfe168871bfbbc0dd2edba69fde6af434bf128b2f83c62e7a","ssdeep":"6144:bmMJxxFd2HpFq4B3YuaGI7gvZqbf2oFbbFQns568y:yMJxPdgpFq4BfaQ3oHG","tlshash":"ff14236ef349c08021f688317b85347d5f77853ab22c34bae55ee62e2be38559333925","first_seen":"2026-07-10T22:56:48.058813Z","last_seen":"2026-07-12T22:22:18.554847Z","times_seen":10,"resource_available":false,"data":null}},"time_used":403,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":221,"receive":182,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/fredoka/v17/X7n64b87HvSqjb_WIi2yDCRwoQ_k7367_DWu89U.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.710Z","timestamp":1783894900710,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 22 Jun 2026 08:37:23 GMT","end":"Mon, 14 Sep 2026 08:37:22 GMT"},"fingerprint":{"sha1":"CD:5B:53:23:61:72:75:37:AD:E9:F1:74:B2:D2:EE:09:81:05:55:E1","sha256":"9F:07:21:2D:14:EB:C5:C0:D4:2B:42:E4:55:80:7A:BB:AF:47:A8:BC:0C:5E:05:F3:2A:2B:1F:2A:78:4D:FF:D7"}}},"request":{"raw":"GET /s/fredoka/v17/X7n64b87HvSqjb_WIi2yDCRwoQ_k7367_DWu89U.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://winxixp.top\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 29732\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 12 Jul 2026 12:47:16 GMT\r\nexpires: Mon, 12 Jul 2027 12:47:16 GMT\r\ncache-control: public, max-age=31536000\r\nage: 34464\r\nlast-modified: Wed, 10 Sep 2025 16:42:18 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":29732,"size_decoded":30544,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 29732, version 1.0","md5":"9591efe1be62434d2d107e2b19702029","sha1":"6438e7de08adb0a989e1947ff06284771f884eb6","sha256":"99d6c78e043710d4f83ed90716779798b7b04eb690f73e0ad0e8f32d1f0e98c2","sha512":"3cc3323210ab19dc07513ef4df0bc9eb7b85b0143fa39c37d79b6fdb1b8309d34b96c452f264d3ab3a409b5a75c6872d48c22f54aead05e78454004106546067","ssdeep":"384:fNPmz/ALfS8CKEhoIqMViQziPMBdrB2PasMyqhdJf00dHmgJIW+uvTVsRZBhW7AC:8zoRCKEhTkQJdrQXqJf00GpubVsRZtI","tlshash":"0bd2f104c9605335c6ec64b69b114a7bffed488265e2b9d520a8eea61761fc8e09053f","first_seen":"2025-09-12T15:30:51.751475Z","last_seen":"2026-07-14T04:10:33.754493Z","times_seen":758,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":31,"send":0,"wait":18,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/api/fortune-wheel/items","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.852Z","timestamp":1783894900852,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /api/fortune-wheel/items HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://winxixp.top\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: application/json; charset=utf-8\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: W/\"2e4-sff25hHekvz23YgNGT+WHtH94WQ\"\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2Ax1tvUPpBb2zy7%2B0wE%2B7b3POOaGgLOgEvXS4bmPEvzGQYR1qTRKvjXmNKhQ8oUBJRWmWWr3eHrdhLeFc%2BLobWujkcNxba1Icv1VTw4pfPRhVM1CcjEih4%2Fxp8vhLPAdORk%3D\"}]}\r\ncf-ray: a1a3713a5887b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":740,"size_decoded":1477,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"1542203cde8d57fd871336cb9861c0fb","sha1":"b1f7f6e611de92fcf6dd880d193f961ed1fde164","sha256":"aeaf5e6636adf6e24900124f6a6713b8fdfe6e0fa6c17b1926b14e6311df9b5c","sha512":"99d64f0de3b76d1c2d00610682417299481a7d21a5eb84d8f0ca4c7ae1d231d6b2ce879a12f91e63de3b1b33193699f4c27b617c27b93ba19e09437c56fe0052","ssdeep":"","tlshash":"a0010a79387dc9bee011a8c9f8c289b5f1693146908d4e7415ddc43c67cd4d0b419f3a","first_seen":"2026-07-10T22:56:48.026435Z","last_seen":"2026-07-12T22:22:18.555842Z","times_seen":23,"resource_available":false,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/support-4Z33OB_R.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.882Z","timestamp":1783894900882,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/support-4Z33OB_R.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=v9GxNCQtSr1GsutJ; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=172.64.209.42; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: \"6a51f93e-b536\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 2\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b%2B43Cjo9xNA5hkjET94zDDSgY8kW9ti6lBXbCeHC42Je3J2Y6duJGdnv3PAHczumROeqWOzJIWCFrkqh23eYCxuhB6%2B1waj0JhV%2BzfmUFgpVQsgG6vsKU8IXzGzohg%3D%3D\"}]}\r\ncf-ray: a1a3713a8dab35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 46390\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":46390,"size_decoded":47476,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"9be49a67675fe3aa2c6dc15f5ff61c95","sha1":"76650d568ad89db5c0e0c0cd2a5833965e169ae4","sha256":"6349248b1e8b1735cd5ff25b389e4f5e0076229f8b7701bf13643e03768d91f8","sha512":"2c072a313c2c1eaed604454bfbfdaf2a8adc59cc23a65b99f8e6ebe5dc8623f7982560b6fbc7e6442cf59e869f10f3fe657bad6be5b4c6c5e3a2d25a3912149e","ssdeep":"768:fKyqe5a4UGSX6VOeZpmP38keRXafldax4Gvm7oZFq/ZnA6PbxioHsoSz+Fd92liJ:yyqcaS+Jqpmf8k2addq/vm7oZ0/ZA6PT","tlshash":"422301b995ea4692fccd1132652e932b80219f753954c4d6e6dec43c8987c18efabe0c","first_seen":"2026-05-03T09:25:58.462667Z","last_seen":"2026-07-12T22:22:18.556764Z","times_seen":24,"resource_available":false,"data":null}},"time_used":410,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":342,"receive":68,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/bitcoin-mljS7kJq.svg","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.884Z","timestamp":1783894900884,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/bitcoin-mljS7kJq.svg HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=Chd0tF8yPcZ4HJ9h; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.96; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"6a51f93e-2238\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 3\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ttas0Maj%2F6KzDl9ne9UBX%2Fszc2K9C41T1g1kUTgOg0LBgG%2F7z2J9kjJeGx0iZcAc10YWBMA7%2Fvpx0o1teent3Jze95uBCNfuJarg33wom4ONntpYE8ob%2B3%2F0DGNjpQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1a3713a8dad35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8760,"size_decoded":5121,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"710d57e714cad5fc98006574c6d725d7","sha1":"2bd571b41b7de877bc6d90b2dfd7fb5e6693402f","sha256":"13ec9cdc689bf43163ffb90f01fbe8f21fa52f8682df748a0a07d712a6d826cb","sha512":"65be74910f381df417e37ea166c8d7b489534e4b87cbfdc27677c26e491c23b4aa10fa1d35a611355e6d71d437e3c4f65d19cf821527e08de90943a46f5880e8","ssdeep":"192:Xw2tvul277dypCfZp6XozrP6wJ+Lc0rFvBD:Asx7ZfZp6fDLcAD","tlshash":"8202d8dd7bf456e0f842e3faca2340a6352334fa2691ca58c39ded45a6511ae4c59cc3","first_seen":"2026-05-03T09:25:58.573157Z","last_seen":"2026-07-12T22:22:18.557673Z","times_seen":24,"resource_available":false,"data":null}},"time_used":140,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":140,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/mine-slot-mini-inout.jpg","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.506Z","timestamp":1783894901506,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/mine-slot-mini-inout.jpg HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/jpeg\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"1b448-19e188c4ea6\"\r\nlast-modified: Mon, 11 May 2026 19:38:28 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IHZrqPopNGNx2SEslpLt4LklQ1ymyGpBz%2BLQv0bVPg%2Fi4OdykUZjbjj6hyJ%2BKSXwRUc7mOot7x6mQibFH2qEdbG20eAIerEZ9Ahv7R1cqvNyuJDVPbpjPPY%2Fq8FQmPHcLOo%3D\"}]}\r\ncf-ray: a1a3713e68cdb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 111688\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":111688,"size_decoded":113094,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7406dba4e1b62922d069c29462970e92","sha1":"2bb50a426fc171056758c2f1fe4da069bd317a55","sha256":"a1a7495aee2e2ec7e96d71aba77df32c181435df6daaf59f1f0dfbcbb1a89397","sha512":"f5624722848711d80f1d17db89bd6f160f8e8535f5c6e5b397925b686dea04c0239eca11ccbf753ffdc1e97d2c5006356d4ddeac83501b989309a8a3c62ed43f","ssdeep":"3072:PBZq2UAp8x3gncKwSfB6eC3QxHPq4Sh27r2neBIQWzUomhHVD:a9Ap8x3zS7CDt0PmeBIRt01D","tlshash":"04b31242f3751568dc6d93f93589eb067297838883476aa6ae233256d409470b78cbcf","first_seen":"2026-07-10T22:56:48.049907Z","last_seen":"2026-07-12T22:22:18.558552Z","times_seen":23,"resource_available":false,"data":null}},"time_used":308,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":152,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/vs10bbkir.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.541Z","timestamp":1783894901541,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/vs10bbkir.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"62e2-19e87ebc18b\"\r\nlast-modified: Tue, 02 Jun 2026 10:40:35 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jHjehjSiAVux9fWT7nPgWtxDweCdH4BcKome9yh0mwyemD%2BFE3hetPzl4t0TqIcKI%2BYFQ5rJLS5q43wODmO7%2B1OrYsQNmF2%2FFwX75iOU3pwZxjd6q21LeIdQEjjN5%2F0H%2FHU%3D\"}]}\r\ncf-ray: a1a3713ea8e0b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 25314\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":25314,"size_decoded":26722,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 360x472, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"76cc863151d8ee249a995e2e56a47131","sha1":"a1968240e5eee90208167d932fe666d0d170f4fc","sha256":"49bb42ff09fc936aebb3178d1455a9797fd99dd7ae6452cf84db83b0a0eb3f41","sha512":"18611745ed86961ffb7ff90b747879c9b7299069d7ffadf3452e7b94f9d423d4bb592f91e6b99669ed26c23ace222d417e88570ddb46b2c48b29f68f928f55b0","ssdeep":"384:0zARXsPBLHukvWj4You+JzC1KDa3tV+Ts9E0gA+wDoPl3j6Uky8FCOeD4tSXLzpF:0UtspHjvU9+JyVAs9ELwD+VRLzpACqG","tlshash":"58b2e0ebd5703432b2c6a1ae925575cef644849a345268858f6b42c8085e8fd2cac7ea","first_seen":"2026-07-10T22:56:48.100947Z","last_seen":"2026-07-12T22:22:18.559823Z","times_seen":9,"resource_available":false,"data":null}},"time_used":278,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":217,"receive":61,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/d-phone-DGLb5d2k.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.850Z","timestamp":1783894900850,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/d-phone-DGLb5d2k.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=Ed66NDC96P3LYQg6; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=172.64.209.56; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: \"6a51f93e-2dd3e\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 3\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=0OBk8TBLGCi74fVWLAXjUEc6iH6uu%2B97B0SO4S4Rui2OwunfoSWsuM8eimX85lEqumfX%2FdXriuOm5r8pO2NJzBsZoqTm6IxlhQHt6wTOE8Zxid3PSdpTpJylYFL5SA%3D%3D\"}]}\r\ncf-ray: a1a3713a5da635a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 187710\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":187710,"size_decoded":188796,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d025311454404cb7edb954d465b8c335","sha1":"67f9be9ae70f95220fab0371079bde6908ba7f17","sha256":"bce4690101bdbf5eac323bcd11b0a4f0d724bfeab82f639635b44d9ced378494","sha512":"9f870c3f00f40fdd5bba968201cb7f350cc63f2ae4ca5daf98180d3d6c6f7eb7c5f505c3948ae821223d4f1c1b7e6e7e685f430b1b3853179d9a798ffc5dbbec","ssdeep":"3072:dRXCVfXk9JGyJ/JggV5WFN+n4LG6LV/ATZAASe8TqbWiVv3CJmWx:TCVfsJfJxggV54+16LVoTuASe8+bJVvW","tlshash":"d204239e834a0eefd42fef82523686fef644b547cac1a8d689d18c0d19042a73567d54","first_seen":"2026-05-03T09:25:58.529961Z","last_seen":"2026-07-12T22:22:18.560552Z","times_seen":24,"resource_available":false,"data":null}},"time_used":685,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":374,"receive":311,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/10260.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.555Z","timestamp":1783894901555,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/10260.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"341fa-19e87ead644\"\r\nlast-modified: Tue, 02 Jun 2026 10:39:34 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6ENDaZLlH%2BFsI8JUxAkx0sDYSzlCrBXqReBo6SbE%2BNw3jrwa5zSJbiLIJ0nNJVKBeXFO9F65l6Z4FvTrZzS44IX0IqAE8%2FCQY6xUiTsmuqGJC4QEqqMV5nsjpDg9tR7MG7Q%3D\"}]}\r\ncf-ray: a1a3713eb8e8b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 213498\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":213498,"size_decoded":214902,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8abd15c7c82243f7f1bcfc01da0f9dd9","sha1":"2a7cbaf9fda3b75d09d22b9bcfcfd2ed5ead3b77","sha256":"6dbffd082137525d217970ea7459025b8e17cd4cff6f3124c737c9a181649021","sha512":"4af84cb47e5f98a5db589e57665b3206840b58e546e91c827e2704581606391ef87d65e23c32c9b82a8a899970b66a13e698c830d8992d1b36bb2642415cab06","ssdeep":"3072:lP73hNQFdhmSicyXxh75IObuYWaw64mXkjrwSzitUzuMosw2jNZW:ptNQjhmSicyhhWHar0jretU0CN8","tlshash":"da2423e1c38707d4c3ee5ae1d1e70d9b02b83b78109eb0048ded8994a9e59c1d97e1ed","first_seen":"2026-07-10T22:57:05.866145Z","last_seen":"2026-07-12T22:22:18.561268Z","times_seen":13,"resource_available":false,"data":null}},"time_used":388,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":209,"receive":179,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/10251.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.557Z","timestamp":1783894901557,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/10251.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"2d660-19e87eace84\"\r\nlast-modified: Tue, 02 Jun 2026 10:39:32 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=b9EAM9ohtTv6m76ysIyvJ2ohuzg4xrfaoy%2BV3GuBne7UH%2FebodI08V7qyl%2Fea68cxBvQnHq1QA9Bu1GAUC3aV%2BNCNv0xHBwvZ4Vxp4XwvrzBrkm4POsPIdcGMguc3K%2Fd2xA%3D\"}]}\r\ncf-ray: a1a3713eb8eab4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 185952\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":185952,"size_decoded":187360,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"33bc673a38f45cfb91b6fa8c953a3668","sha1":"792922bc5cdbe90a37eb40bdfb88325e549b3c0b","sha256":"22125e87fab1b9d54f222dbd8620fab84910f8bd32ef43347dd9e8be3c3a40a2","sha512":"2462d56ed232674a9307b9f059d0f08b63d14fcbda4e67efac58f778972fe182e70a667a6c41d03ed320e12c9bb21def10216f45531f8f9c2604106e969cdaf4","ssdeep":"3072:DkkKr0Xl3Z9NDpX6vglu1RqZOrEqeB0bdNUl78VLvt5f5N87RtCCM:DkwZLR6vgY1RqV4vt5fT873rM","tlshash":"f10412e57293f970a8d186f3f7ec1f970cea4b890bd914f82a58678655272e2d127203","first_seen":"2026-07-10T22:56:48.077535Z","last_seen":"2026-07-12T22:22:18.561883Z","times_seen":11,"resource_available":false,"data":null}},"time_used":185,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":139,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/10262.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.559Z","timestamp":1783894901559,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/10262.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"32004-19e87ead7e0\"\r\nlast-modified: Tue, 02 Jun 2026 10:39:35 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GhfjMYvX%2F6fqW8uK3mz9R%2BnVeWd5LCAzCjtC4kSTZLobnKhKV1gavOYkv1lX6FS9oou5lGubtdGC0qOxJj7RXnfzdReGnzMRWP7yUuiPSZIktCSRtBvbniQ2zV%2BhhOAGa9c%3D\"}]}\r\ncf-ray: a1a3713ec8ecb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 204804\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":204804,"size_decoded":206208,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"d9a6c2e704360080a9d155aaca41dc7b","sha1":"e7fe64b1e90775c6be56a3b367227f1e8ec4fa26","sha256":"e5edc42ae27e9c674f054306d70e9659052553faa2e1fa1f6e51f4ba447302de","sha512":"3677c41a699fbaa8b9592820fde05900206c58b92454549e38163bda47ee20d272a9ce64e51a37f1bf330de18032b611055b0ad3c38ca885165ac3f388478986","ssdeep":"3072:gsxjX/j44U6j6BE3qTEJIGhiHaKZZ80pBOj99+e4Kn+/zauEdKOhVW66h:gsVvbU6jLhIG3Ko0299Ezadlhf6h","tlshash":"e81413c1f238063995809da8fe4464648a75fe4778887760829c0ddf94a0eddfdbbbc6","first_seen":"2026-07-10T22:56:48.11985Z","last_seen":"2026-07-12T22:22:18.563392Z","times_seen":12,"resource_available":false,"data":null}},"time_used":289,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":140,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/api/public/pwa-config?domain=winxixp.top\u0026platform=web","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.477Z","timestamp":1783894900477,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /api/public/pwa-config?domain=winxixp.top\u0026platform=web HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nOrigin: https://winxixp.top\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 400 \r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: application/json; charset=utf-8\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: W/\"62-jIniE1qGtkwZxc6p3KDdgJWY1ts\"\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eBpoPwrwMWFq7lope9aBnZGJR%2FdQvyxPSijE6PEjVaBE0Zv5l4ctuFaR5aqH6ylDlVncOebj%2FatvU6vi0JdiXO1NiGs4o0ppsZkYL4APFGZqzOPaawPJNoY4xLtOZn748nY%3D\"}]}\r\ncf-ray: a1a371383879b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 98\r\n\r\n","headers":null,"cookies":null,"status_code":"400","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":98,"size_decoded":1427,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"30335302470ddc7b0e774d1d88b9fb12","sha1":"8c89e2135a86b64c19c5cea9dca0dd809598d6db","sha256":"4199e5189bfafe7a12018f9a1404a6e39f8c40513f6385935d91fa2760f72964","sha512":"e47d8212ecaf38357792c10df0ab78e45f42d0b500aa4007970822a7c1c4f1258c385e71f13f82ccaa77e7388a38987351e35b9f52f073effe370bb14c2ebdc3","ssdeep":"","tlshash":"09b012629b130d6607750442b88028001fdc02d31ef6b649008cd5f86ac39a0d017e3d","first_seen":"2026-05-03T09:25:58.474517Z","last_seen":"2026-07-12T22:22:18.564421Z","times_seen":24,"resource_available":false,"data":null}},"time_used":177,"timings":{"blocked":0,"dns":14,"connect":19,"send":0,"wait":144,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/lights-C9uxKB0w.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.845Z","timestamp":1783894900845,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/lights-C9uxKB0w.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=1I1Z53q6rjlJpgvO; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.55; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93e-75ac\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=854ZKPr7E7JlTvrRBxwD8DsnC8OvpE9jV8M0oysypEa4%2B0MdWbFVhshJb73yAarxeyMoKmO9LgsVKQ7mPWBFWcBccN9mHYG0vPolmQgYMyaKxPj1StWsnXPNvigLZQ%3D%3D\"}]}\r\ncf-ray: a1a3713a4da235a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 30124\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30124,"size_decoded":31207,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"6dbbd736960c85aabcaab78addf1373a","sha1":"e1c8d638a5364520a04dbd8ab4cc9b7418cca633","sha256":"972f5988facc7d4afd4ca98f4e3667f8b80b0b0aca35a922dff754e4b50daae8","sha512":"4e75ab46d7f999a3fc4a742f4674707b6616b088557ef48ada62567ab723412c82c3395ca62d9e2748e5aff7c0146fba300225be3d2a467766704884c0227889","ssdeep":"768:Ylx4t1XGy37+jzkEcBSA8Qa1uYBKrj43dD961V5LscS:Gyt1XGY7+jzkEcBSVQjTrjeh6Vhk","tlshash":"02d2f1b122f3dc210c3ced43c1901d8968f96a2d628bc5790985abb247529a4e3277fd","first_seen":"2026-05-03T09:25:58.52188Z","last_seen":"2026-07-12T22:22:18.56527Z","times_seen":24,"resource_available":false,"data":null}},"time_used":121,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/cryptocom-CL7Ghwue.svg","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.895Z","timestamp":1783894900895,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/cryptocom-CL7Ghwue.svg HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=642Ol94gkPWS8kaJ; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.126; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"6a51f93e-145c\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 2\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ain%2FzeplmzPZMkEsO%2FCEdc4UR%2FpWwk9%2BHS4j1nzoxsAQbvC0v4d0qV7VZyZqY6juL2aKENOw%2BqWXJ0L7ZKF70vkTW8HocqaIv9EB7KE1xAZyQ61KJBEJH6MTgvecUA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1a3713a9db135a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5212,"size_decoded":2925,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1d1d09fd759918c16c030d9ad3ab8311","sha1":"17a6f1877ff138cf956339c93992f62663d5d207","sha256":"932a9f99e97842571bf490bacbd702458458bd3855e2fe1881b57903b1dd2ca6","sha512":"118907e69bf418432854f04fafb3e17b6bb8a8d90fc4c8fb2d1c404c9837eb538c8fcdc5ee730a685fd13e064dc99be61dca02b1b7752b43737a204e1745f496","ssdeep":"96:wlgiEHU5ZkKmDhVpQino3ZyKxD7pJrtHw0oxeq4iKh:wTAfDPCimEK17ph1a4Xh","tlshash":"aeb113eaa76488e1d84693fedf3d16ea337228bd3932c45963d16e22685117e884ddc0","first_seen":"2026-05-03T09:25:58.435924Z","last_seen":"2026-07-12T22:22:18.566034Z","times_seen":24,"resource_available":false,"data":null}},"time_used":353,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":351,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/vs10txbigbass.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.537Z","timestamp":1783894901537,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/vs10txbigbass.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"9fe8-19e87ec0197\"\r\nlast-modified: Tue, 02 Jun 2026 10:40:51 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q3DCvNTcwDXxFPV6aiz6zvCTIxRl6AJp3%2FkowY3Md5Jarx9N9PPH7rLKi0yWehqFHRVs%2FXfCbMBL6gfZ4JcnbEmyvyL2ZLLSa894uvurXvy9zZMqs0xg%2FQPeoFL1hlprtZo%3D\"}]}\r\ncf-ray: a1a3713e98ddb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 40936\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":40936,"size_decoded":42338,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 360x472, components 3","md5":"46e5c64ee5f47133847efa0e29e91a95","sha1":"4a3f73b71e5e95c4b69f593027effa6285305190","sha256":"10c32076a837fc6ea356eb4d8fbb695e132ddd4a2b458b318e371a953b4c7701","sha512":"61f1fa630014cfb5032ae6a86ce1310a86f018e29368bcbbe0e460f5aeb621548364ddfd2cf74cd4eddd52b253ff85280381664f94d09ad0d54f31b0271282b0","ssdeep":"768:N/GALN5fNwrRiz067G5lYdKToKFMYAHb05jyDz+CWKGFcf0KejN:gALYiz067GvFdAAjyDz+C2B","tlshash":"e503f116339aae31d35b33f2ade05bd57b1a8590ead1a34c1cb30f7019bc48b29b4761","first_seen":"2026-07-10T22:56:48.098937Z","last_seen":"2026-07-12T22:22:18.566644Z","times_seen":20,"resource_available":false,"data":null}},"time_used":238,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":97,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/bg-welcome-bonus-DO3wRMYx.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.839Z","timestamp":1783894900839,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/bg-welcome-bonus-DO3wRMYx.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=XXh8S4DAo8giAv3l; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.31; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93e-19b12\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=p69aO4FxJ%2F1ftrcDGA1JI%2BS%2FXy9rqRIB980URHGHT6KOaCSDfT%2FsqNEauxAW%2Bat7%2FuXXJo6t5q37TZm9umFdekz21YXuhB8xqgLBkEdXJD9cXOU%2FZYifGuCjaR%2FH6A%3D%3D\"}]}\r\ncf-ray: a1a3713a4d9e35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 105234\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":105234,"size_decoded":106333,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"e048450d38fd6aeb684e5e2ee45e0f58","sha1":"c7ab06791f125e5e2cde21fc2485711d69711a79","sha256":"9970dbc6e89f35d639c6315256e602c83cf8fca69d5947ac5a08af22ff44677a","sha512":"afaf8f8b950665d05b856f9569eef9704d446638cc843e0d1daa699791341cd18cdf7c5a6f3967be74b688c90436cf5d9c55946822062673876c44265ea3564b","ssdeep":"1536:FX3619GT3TK5L7S0HqZEwK4FtYvW/kwHPj3FIefGWG2C663P1yLcNp/VDja/5tzm:FCqunqZgzvWF73yeuWG2CP7rNDjIta","tlshash":"38a31294c945ec14f0a7f8644236ec007b913bbe92818c24b7f09b121b9559bed2af8f","first_seen":"2026-05-03T09:25:58.492722Z","last_seen":"2026-07-12T22:22:18.56737Z","times_seen":24,"resource_available":false,"data":null}},"time_used":402,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":142,"receive":260,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/d-rocket-CwVijRid.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.847Z","timestamp":1783894900847,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/d-rocket-CwVijRid.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=dtuWiccMU9FsXwNw; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=172.64.209.66; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:42 GMT\r\netag: \"6a51f93e-2a84e\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 4\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=inlufl%2BRTiWVIjp5stWKAS3PhOSys%2F2PpgmGWcFjsFGekukqLVqyoUp%2BJowL0pCk%2FetUOZL6%2FyqcBxGCHrZ6otwRu%2BWTfxnwNKpbDWlV8OlrZ%2BPotp1JjDNqCH%2F4qw%3D%3D\"}]}\r\ncf-ray: a1a3713a4da435a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 174158\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":174158,"size_decoded":175256,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"8c927ce999d40abaafc51fb02a321a3c","sha1":"fe5b860fccb15b759c8d81556f525c64ea30780c","sha256":"5763965cfa076dd8724c9e18c72ee4fd3ab93a9575a569b4531e1824f55c5362","sha512":"fb2b012d4e84f302700458c582f79dbfc097140fc5d47b53ac805b3f0ab62ac50c3a2aeb5a89d10b3edc6fee590d7996f932c9adbeaa6f1a0931836d9a6b3eb0","ssdeep":"3072:WGyzqM0MhVkJ69+b1oBjitPI+1fm5pJ6c4tHWFsPVWUoYKTxnwjilTlgeX:uA69+Ryom5DH4HusPVgYKTKj8ljX","tlshash":"f404237a6e6f66470f6e9239c192f558ba08018f2d6e1ec8507f8cba71313f40a590f7","first_seen":"2026-05-03T09:25:58.570621Z","last_seen":"2026-07-12T22:22:18.568002Z","times_seen":24,"resource_available":false,"data":null}},"time_used":1388,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":1251,"receive":137,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/api/games/types","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.854Z","timestamp":1783894900854,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /api/games/types HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nOrigin: https://winxixp.top\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccess-control-allow-origin: *\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: application/json; charset=utf-8\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"113-MZFQhLGi8NSK/m7hlroK5N6TEqY\"\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\ncontent-encoding: zstd\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JIIi9owXd8FkZYcuehAfDtT6CYu2%2B6yDugFy5IWMF2dxXGGjTerBgoMnUvWkSWZAod1b4Fkf60Md3udrYRpHsnb0UBH4NVkkISedzmXYZDUSwlb0ZATTLjpN4GAAV7cAqr4%3D\"}]}\r\ncf-ray: a1a3713a5889b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":275,"size_decoded":1485,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"a750afa2fa37a9718f3fb46ee312cf00","sha1":"31915084b1a2f0d48afe6ee196ba0ae4de9312a6","sha256":"552fa3fa38aecc162047ea3f893bd1eaa1419ecfdaf02bb7f6fe6becc7b16a0e","sha512":"5da81d7c09edff8071157ec7759715193f83334987ed01863b176842d5a3540dd4da60f8156fa8f1a3ef4294873de3bd4b12f5ddd2fd05576757bdc977896137","ssdeep":"","tlshash":"b2d017220001ddbaea947fc420c6f803f99420a182845408f22ccb3ac28c345b87ab6f","first_seen":"2026-05-03T09:25:58.437926Z","last_seen":"2026-07-12T22:22:18.568578Z","times_seen":24,"resource_available":false,"data":null}},"time_used":149,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":149,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/crypto_gambling_foundation-BbxkjRu0.svg","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.898Z","timestamp":1783894900898,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/crypto_gambling_foundation-BbxkjRu0.svg HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=0q07vL0qthLNgm9v; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.83; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\ncontent-type: image/svg+xml\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"6a51f93e-89fc\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=psEIRFtM8q41OXT3xOeCBykeNy3pUQo5mlQincjbXoOoNS1IxD7CzIoJ0K27ojn7xs8UVCnzHweTk1qVhv4S1ZXvKpjqQIGM%2BXxyPUrwigG%2B6koefdAWhTWCJ19WTg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1a3713a9db335a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35324,"size_decoded":15447,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4ff6e9ffc2b4de36bea9c02f407fe588","sha1":"73f4d8b48155cd22dd74bff2100d178f73062451","sha256":"7b94606480b18209752427b8347bee08f39aabfc57c8ac3dc1fee4edb94761af","sha512":"362eeff5f4bd054e1c6770bb4902689d8a4c943c1060abe2eba5817376864df31eafce85042c66fc57c7a17b30e5627a93e0771aa7edd5bb4ce238a5dc8edb99","ssdeep":"768:Jq2EK4povVWRgXI4NRoiiD7h+MiyF36A9n9NXCm5f9nWFJq:I/Jz2VzoNDsOFKIn3Xjf95","tlshash":"bff2b4d837f6a3f8f000f7f5572650747e4624f67b62c978c3b65e98e54a44d8ca8890","first_seen":"2026-05-03T09:25:58.490776Z","last_seen":"2026-07-12T22:22:18.569281Z","times_seen":24,"resource_available":false,"data":null}},"time_used":117,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":111,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/windows_background-CyRveNgh.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.908Z","timestamp":1783894900908,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/windows_background-CyRveNgh.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=2WfjRZnQWqM1XvM1; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=172.64.209.32; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93e-11611\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 119976\r\nddg-cache-status: HIT,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Dry%2F9QC%2B5NjdCyYfb%2F8dFLBlfipqMA1CdeI9sojDkFK4WJOnG%2Fsr3B7cbUsP2iG%2F8CUiAtcZYliusR%2F4PgRIO5cVgHhbU6DOZK0xNjbHPW%2BpCZd3wvimThakfxD02A%3D%3D\"}]}\r\ncf-ray: a1a3713aadb835a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 71185\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":71185,"size_decoded":72284,"mime_type":"image/webp","magic":"PNG image data, 326 x 160, 8-bit/color RGBA, non-interlaced","md5":"82bb540992a750317b3f811fe5f8a761","sha1":"724bd5f3d37c959ad5bb5235c1f143d2af0b8b10","sha256":"93c89ce498d0655b3ec3546b01a0b3e59976446d12f3939d0bd55a23245e1ac3","sha512":"7162a533b60c87697170d7c1dfc22f26753017c2f699eb70b3e1b16cd282f744aea860a3663961388ab8ab98d7350b31bed6a3acc3c0e194982053a04f5824e8","ssdeep":"1536:M6nr21FPjz4vX3ieDxu+yCmiKFcNnz/2S+Nf5W7CyhfoNA42rO2sDZI:D2PQxb8FcNz/INfIGSf14gO2+e","tlshash":"896302ea4927e19edd8b96665fc408d5bc88221869f8a82031a419cf39b37f54bd04df","first_seen":"2026-05-03T09:25:58.441812Z","last_seen":"2026-07-12T22:22:18.570057Z","times_seen":24,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":34,"receive":11,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/pointer_fortune-CJvMtp0k.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.237Z","timestamp":1783894901237,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/pointer_fortune-CJvMtp0k.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=Ed66NDC96P3LYQg6; __ddg10_=1783894900; __ddg9_=172.64.209.56; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=LCW2oHRxCHBxmWRF; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg10_=1783894901; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg9_=172.64.209.26; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: \"6a51f93e-7c1e\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qHFnNxEE6AvyGz1KsB444aPXaMu%2BYMZPPGohJtHdctGnSPP%2B8nlan9ItMm8Uar1vludqsl3YImH75P0J%2BUcLVzcz0Do8Y20U4qYgLVI7eIWNfW04Ay257iK1ACab%2Fw%3D%3D\"}]}\r\ncf-ray: a1a3713cbdd335a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 31774\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31774,"size_decoded":32862,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"5302d2103c23bfc66c9cefd300756894","sha1":"cce84d556eb0b50dd1e46532aeba8aa439315124","sha256":"91d3c91514f1f30318b480c97859d30901f65c68177ece573f03b43af95dfb7f","sha512":"dfb93be69e6013bb6bfab81126097c326d6eb99b98c1ac39608e8731196e1a1d69540b3d2f20ac36fac17cd98821a1a22242afdb90282ac204ac4746268caf28","ssdeep":"768:8o4SzAzcgr7Os5a2TB4i/KqNZ1dvRQqPk7r60mVJ5JZUO:81aAYYy2afiNZtQqPkHmVJ","tlshash":"70e2f2c62782d68a269fd625e902f777b0f427b4940421875db1c89cb3bed2d6e5c888","first_seen":"2026-05-03T09:25:58.45599Z","last_seen":"2026-07-12T22:22:18.570763Z","times_seen":23,"resource_available":false,"data":null}},"time_used":220,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":53,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/vs20starlightx.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.534Z","timestamp":1783894901534,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/vs20starlightx.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"89b2-19e87eca9ab\"\r\nlast-modified: Tue, 02 Jun 2026 10:41:34 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Xq%2Fo7OLDd6qxL5%2BYKtzGf8MVG3CZ7DmBYDHwlyk%2F%2FMUeoqB3oA8PFEY0RyXrGZvhI%2FxA69Fv1tC8GDmELHcIqVRLRxz2ZOopZw7oj5KBu3uxs63fxUIRV%2FJTajO8jotxvIs%3D\"}]}\r\ncf-ray: a1a3713e98dbb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 35250\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35250,"size_decoded":36658,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 360x472, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"3ae3ec5a75801b381094718d06dcab2e","sha1":"7eb10ebde706bbcab68295ee9fb2af204c97886b","sha256":"3cdaf2affbb77d8a1e05ecd3bf913ab2029f2067674709c4564fdb7fb2e25aa6","sha512":"f61ee24ee3d37c2fdc9d4ad7e5e6fbc1125475dbb11ec79f4ea977fd95a80ac407c720096081e2cc3defdd8819c41a35a2eadc2b5d326b9d4b65a9ab4b00639c","ssdeep":"768:nEnkhDG+JBWk2KiU3xY08SwZhfNqhz6uMkncw3ucL655YSG:nEnkhfWk2KiUBY08LZlNqhaktL25YSG","tlshash":"3ef2f15b3746bcd6a6cfb94b28bc5b0a7e1e1811d5f12f56c148c6aa2d3f47c3a63012","first_seen":"2026-07-10T22:56:48.050838Z","last_seen":"2026-07-12T22:22:18.571386Z","times_seen":16,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":155,"receive":73,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/lucky-neko.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.538Z","timestamp":1783894901538,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/lucky-neko.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"2348c-19e9f372cf0\"\r\nlast-modified: Sat, 06 Jun 2026 23:14:13 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=McalDF4kC7eFOogBTiuMsEGiTL4CNOwXj7YY5nQq0gOq59cyBO09GdH0H0MvIB92CsPxXgzy7X7TooHRzC0L2z%2BzYxBQK8%2B8n2Vi%2BA2Hw4DQSw0KZgOgsumbRycU75uSXtk%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\ncf-ray: a1a3713ea8deb4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 144524\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":144524,"size_decoded":145928,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"7a66f6a2a45ffeb6365a9888fea9d071","sha1":"9d21d8cebcced6c6d06aacc78b5ce284b40abba5","sha256":"8d6a20e89555c6993d5b364f1a223d2b535dc6dda62a2029e109480e4e50d0a1","sha512":"dfb60fe490e76647ea3e84eb22782ffcbb18f31e164864b848e68f5aebfdbef0290a8b18c1aa28ebdf17b824b9fff27b6b5163bc79d50c8100bc2833c965be75","ssdeep":"3072:x/hzMOC0dko1b7E05ml+65J3Q/TLlQrsFLwHFEPLqgu9:x/hzM1qn1b7E2d65ZQ/T6hHFPp","tlshash":"b2e312eadf784b19488cffb17063d168cdb07f0bdf7a8be66613160ac2285455b5c285","first_seen":"2026-07-10T22:56:48.039027Z","last_seen":"2026-07-12T22:22:18.572024Z","times_seen":7,"resource_available":false,"data":null}},"time_used":354,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":213,"receive":141,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/partners_field_background-Cy5LkgBv.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.686Z","timestamp":1783894900686,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/partners_field_background-Cy5LkgBv.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=UVWdxKsSGUUEixQ9; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.72; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:40 GMT\r\netag: \"6a51f93e-2154\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 0\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Je82QsahTvwFLbat34c27oX5CnHdUHDlUSjP5st%2FwkxhXYmq%2BCwo%2FnKS%2Bgy26%2B3zbdEx%2FLTP%2FZSwpofW0Vm8msLvMrxq%2B5OUABssFBn9DrbXn3pHaTBmJ5mAZbAHdw%3D%3D\"}]}\r\ncf-ray: a1a371394d7335a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 8532\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":8532,"size_decoded":9628,"mime_type":"image/webp","magic":"PNG image data, 330 x 71, 8-bit/color RGBA, non-interlaced","md5":"462316c3b762e8320948d6c6d0cb1a8f","sha1":"4ba530927953610916ca35750ce1978180dfb104","sha256":"7c97483cc522c290425b2bb7a80e43f423a007795a5a9f63c755e0ac86695a07","sha512":"9207bab46fcb01051d83a4734086b1999ae395b947e52aa156d47a4182bbec744ec1d20f9e0e76209399c641327db538ca543f8f213222199abf847c1f475e8e","ssdeep":"192:lSwMaZhvjZyn22byC9YkLLELv9LtqdE4jFqmLgePXlA2D:Estz78Y/ptX4jFqmLg0D","tlshash":"7702bff09f6148bb1d722bbdd01eb429d0e20911b9a9b1f85b2f2a9f007c647355c6f0","first_seen":"2026-05-03T09:25:58.454531Z","last_seen":"2026-07-12T22:22:18.572633Z","times_seen":24,"resource_available":false,"data":null}},"time_used":294,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":292,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/banner-3-v1-ipNYXXfR.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.840Z","timestamp":1783894900840,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/banner-3-v1-ipNYXXfR.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=TPHQ6yXEwJGOJCxI; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=172.64.209.54; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: \"6a51f93e-16e98\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 2\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MB5C%2FZJ%2B4xoz0uGC%2FkkMQNHfuN1EmDqx%2FhzmDAenKtS5D3lHJnVINFHKBT6WxEgLpHS56jqbf4FfLoDCmg1Wfe7qa7gRl%2FOdR%2BnAeDGBrJegAg0OHqPe7ImFQ7ppPQ%3D%3D\"}]}\r\ncf-ray: a1a3713a4d9f35a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 93848\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":93848,"size_decoded":94941,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"b2bf969e3989b7a2f23632e486451c61","sha1":"be34f407e94c18e0e12f7da621f733d55fdc7d33","sha256":"3b2ab6d2d740b53452afb1f058afdec5dd78f57c119d5459226da07719c46f95","sha512":"c57c4fa8553ef3e9cef26774796023fded5120f7b001a637426b4a70a5cf3d502a89b8c1ee84c4a23846b70b5c4a57111fb61dabe778dfcab8d7963301a1750f","ssdeep":"1536:QBdqZZjPsttKG1QHTPPA7fjEO5XACYJFPyOjx3xp4KOrypj+r+1qM9hniJESk4sP:udhz1aTPPA7fjEO5wJ/6Ol3xROOpjY2T","tlshash":"019312f5e754c6749e89749ca56c3bae1a070737399613adf4a0fe8612e0776403f0ac","first_seen":"2026-05-03T09:25:58.446433Z","last_seen":"2026-07-12T22:22:18.57415Z","times_seen":24,"resource_available":false,"data":null}},"time_used":403,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":361,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"winxixp.top/assets/d-zues-Brs_uoRm.webp","fqdn":"winxixp.top","domain":"winxixp.top","tld":"top"},"ip":{"addr":"104.21.85.29","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:40.844Z","timestamp":1783894900844,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"winxixp.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 31 May 2026 11:24:24 GMT","end":"Sat, 29 Aug 2026 12:09:59 GMT"},"fingerprint":{"sha1":"0E:D9:E1:36:10:7F:66:D4:8F:4F:40:A9:23:87:74:DA:6D:4F:5F:B8","sha256":"EA:79:AE:62:2A:F6:C1:D9:4F:6A:C4:95:AB:2B:3F:F3:7E:D4:62:7D:67:D9:9A:C5:F9:FC:19:25:F5:48:E1:F0"}}},"request":{"raw":"GET /assets/d-zues-Brs_uoRm.webp HTTP/1.1\r\nHost: winxixp.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://winxixp.top/\r\nCookie: __ddg8_=IwMwgZLHm12s9228; __ddg10_=1783894900; __ddg9_=162.158.222.10; __ddg1_=vDCKyeE3UOZVZCP4xFIC\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=N30vNcr7veZ2C3Ki; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg10_=1783894900; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\n__ddg9_=162.158.222.85; Domain=.winxixp.top; Path=/; Expires=Sun, 12-Jul-2026 22:41:40 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, immutable\r\nserver-timing: cfExtPri\r\ncontent-type: image/webp\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: \"6a51f93e-27c46\"\r\nlast-modified: Sat, 11 Jul 2026 08:05:18 GMT\r\nage: 3\r\nddg-cache-status: MISS,MISS\r\ncf-cache-status: BYPASS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3Fw7UOdKwLlE6Due4ziRMdUnYElrAkoDvd7O7dQw1Z%2FKhvF2n6BZj7b7fjBYHYY3QBgOwFFssMq88vZp8bMB3VDHk36QA9Dx%2FeGO0%2BvZZQdzJVEEP1%2FM8zsdFVafcg%3D%3D\"}]}\r\ncf-ray: a1a3713a4da135a6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 162886\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":162886,"size_decoded":163977,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"962bf5d8512b7941a01d57d32c49a3d2","sha1":"a52ed0616ff5073be1ccb5e63f56370aa0fd41ef","sha256":"2f69cb9f94d8c95c0ee6b9d33e6eeef64dc9ae4886ed4e8156506beb08475772","sha512":"35bfb0970c65146fc012369afdf61ee8aa33921d93fe97b880eb5a69beb592a0b4179fc6364397bb49ae0d7607ab4a9b5155954476abf45de47e512a43f545ef","ssdeep":"3072:ehuoS+qVEXcaY++mTvYE97Mfi59mbSF2wYHfhDLfR5TlaaGKlNllOurZNW1rGeT3:cuoYHP+JvYQ7RQFXfRh3lNfrZNW16eT3","tlshash":"4bf32239226af794b0f59ff6569826c411444c0f0fc1da9079b6f383627cb6eca86762","first_seen":"2026-05-03T09:25:58.529097Z","last_seen":"2026-07-12T22:22:18.574872Z","times_seen":24,"resource_available":false,"data":null}},"time_used":637,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":355,"receive":282,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"winxixp.top","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"op-api.gambl.bet/track","fqdn":"op-api.gambl.bet","domain":"gambl.bet","tld":"bet"},"ip":{"addr":"104.21.8.217","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.022Z","timestamp":1783894901022,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"gambl.bet","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Sun, 05 Jul 2026 15:26:36 GMT","end":"Sat, 03 Oct 2026 15:26:35 GMT"},"fingerprint":{"sha1":"C6:89:9C:7F:59:81:87:BB:1B:D8:C8:FE:CF:81:CD:0D:A4:E4:D7:DB","sha256":"48:E2:DA:EA:3D:13:BC:5A:36:A2:07:52:61:24:2E:FB:51:32:16:AD:7A:57:1D:93:D7:96:51:0C:D4:12:39:FA"}}},"request":{"raw":"OPTIONS /track HTTP/1.1\r\nHost: op-api.gambl.bet\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,openpanel-client-id,openpanel-sdk-name,openpanel-sdk-version\r\nReferer: https://winxixp.top/\r\nOrigin: https://winxixp.top\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=4\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/3 204 \r\nserver: cloudflare\r\nset-cookie: __ddg8_=eBFmkhP4M1yY9GMS; Domain=.gambl.bet; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg10_=1783894901; Domain=.gambl.bet; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg9_=162.158.222.96; Domain=.gambl.bet; Path=/; Expires=Sun, 12-Jul-2026 22:41:41 GMT\n__ddg1_=3LmmeottUhFUiLSu8W5I; Domain=.gambl.bet; HttpOnly; Path=/; Expires=Mon, 12-Jul-2027 22:21:41 GMT\r\ncontent-security-policy: upgrade-insecure-requests;\r\naccess-control-allow-headers: content-type,openpanel-client-id,openpanel-sdk-name,openpanel-sdk-version\r\naccess-control-allow-methods: GET,HEAD,POST\r\naccess-control-allow-origin: *\r\naccess-control-max-age: 604800\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\nvary: Origin, Access-Control-Request-Headers\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Q6HFQJDffk3BaWyW4aQPeVxuet%2BPXCvp8PUJ6pk1OVxJsS1%2FUEaenwq3aB5uLmPqEvo8WY63GU0RBwkPKyFGgRnJWQCZTNr5ghCPrGXJ9CReqpiLH2HidKTlIdacfntTjmjm\"}]}\r\ncf-ray: a1a3713b8b4a0b59-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":1219,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-14T07:18:36.234385Z","times_seen":17231251,"resource_available":true,"data":null}},"time_used":225,"timings":{"blocked":-1,"dns":0,"connect":20,"send":0,"wait":205,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-12","alert":"Sinkholed","trigger":"op-api.gambl.bet","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/vs20starlight.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.545Z","timestamp":1783894901545,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/vs20starlight.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"8a02-19e87eca807\"\r\nlast-modified: Tue, 02 Jun 2026 10:41:34 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BpYpZ2Ut1aYQmmlN6rfvUpJwe4EjgH7IMpvY9ahx3UCCofGJIx%2Fj4ZOQbHSB9cK3cfm0aHbeRlyz3I3m436AjM%2BE9mCtmw0RHlwp18P71%2BRp6xN2OzXZ4qMwuGhidoT5nMM%3D\"}]}\r\ncf-ray: a1a3713ea8e2b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 35330\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":35330,"size_decoded":36732,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 360x472, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"fb70ba24f84087137f07fd3cf86867e2","sha1":"6386b0c6ba2cb19855f820832bd93519e0681bd0","sha256":"779f8d03af2585cdd3584a77c86785ffbe20b691ee740d604aa92bf33abc2c89","sha512":"22cf4a6685a034663d99dc36632d8b1013cebcaa19ea5f6cfa3ff3a3b4851bf3ef6bea86a8768af559b15fcf6456cb630f39258d5042639ccd814affd0d6d0f0","ssdeep":"768:YW2SZkHXcFP2HKuzbO3poGubgpsP08oOFSGIw2rMO/7F/fceme:LZiXcFeJY1u8AoNGIw21DF/f7","tlshash":"51f2f1d48b4ca3d1ac94212e5e1f943232cbd78646ae4e90412b63907f2cb67673b9c7","first_seen":"2026-07-10T22:56:48.046937Z","last_seen":"2026-07-12T22:22:18.576254Z","times_seen":18,"resource_available":false,"data":null}},"time_used":241,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":162,"receive":79,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mycasinoapi.biz/static/thumbnails/10257.webp","fqdn":"mycasinoapi.biz","domain":"mycasinoapi.biz","tld":"biz"},"ip":{"addr":"104.21.39.137","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://winxixp.top/","date":"2026-07-12T22:21:41.549Z","timestamp":1783894901549,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"mycasinoapi.biz","organization":""},"issuer":{"commonName":"YE2","organization":"Let's Encrypt"},"validity":{"start":"Thu, 02 Jul 2026 18:55:55 GMT","end":"Wed, 30 Sep 2026 18:55:54 GMT"},"fingerprint":{"sha1":"62:0D:59:AF:DE:89:1F:E0:C3:0C:C9:01:93:64:F4:D0:38:76:02:CA","sha256":"04:40:03:91:66:74:DF:81:4E:28:5A:03:2C:B6:C5:11:02:02:CD:68:AF:6B:17:7F:6A:EC:CC:74:A7:0F:32:50"}}},"request":{"raw":"GET /static/thumbnails/10257.webp HTTP/1.1\r\nHost: mycasinoapi.biz\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://winxixp.top/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nConnection: keep-alive\r\nPriority: u=5, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=14400\r\ncontent-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests\r\ncontent-type: image/webp\r\ncross-origin-opener-policy: same-origin\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sun, 12 Jul 2026 22:21:41 GMT\r\netag: W/\"3384c-19e87ead47c\"\r\nlast-modified: Tue, 02 Jun 2026 10:39:34 GMT\r\norigin-agent-cluster: ?1\r\nreferrer-policy: no-referrer\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nx-content-type-options: nosniff\r\nx-dns-prefetch-control: off\r\nx-download-options: noopen\r\nx-frame-options: SAMEORIGIN\r\nx-permitted-cross-domain-policies: none\r\nx-xss-protection: 0\r\nserver-timing: cfExtPri\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=5,i\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Bs8taMH5w50%2FRkD0Gs5O%2BrkaJbUV2O%2BQXDDE6pLN6WugxaMMotbxaTbQXFtGR1JLdocFGLagw91Qo1na7txZQvlFAFQ2qOPRbZ9ngwF%2FcJ6pXTvERPPT3yYAuJBKtFZmpIc%3D\"}]}\r\ncf-ray: a1a3713eb8e4b4f9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\ncontent-length: 211020\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":211020,"size_decoded":212426,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"189552713832c0ceec6cee1e5334b2d9","sha1":"c938ba54ed851fa652dc0dd22d4cca4046b096d9","sha256":"d5183248c268074f36938090436607fca8efe9860e3d1b185072b25ef306d22f","sha512":"06613edc5823f87b2dc1a1c584dfd81ebaf8bd68362ad3faede64f694874d47a4319d101ff270c12321622b24260522c8314766c78a77264c0cca8bbd8a316c1","ssdeep":"3072:Q7lHfxLOVWU5lzISF1sO9wYiiiLTGU4z7+4rmzAvLRzErb0Qruhx0zMuMYjwl:ItU5lkSLsO9biiinIKsdGoQy4gx","tlshash":"db2422779141e20752db1f5b6c0dacb710d1f2a8e0abd473ed314be6c6029a6c990eb7","first_seen":"2026-07-10T22:58:17.960702Z","last_seen":"2026-07-12T22:22:18.5792Z","times_seen":9,"resource_available":false,"data":null}},"time_used":302,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":159,"receive":143,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}
