Report - www.affiliatebtq.biz/aff_c?offer_id=883&aff_id=1503&aff_sub=5310&aff_sub2=7cf2d1c36fab5ef5cddfdf75a92854b2f9299c4705c480833f21289f8ca4819a

Report Overview

Submitted URL
www.affiliatebtq.biz/aff_c?offer_id=883&aff_id=1503&aff_sub=5310&aff_sub2=7cf2d1c36fab5ef5cddfdf75a92854b2f9299c4705c480833f21289f8ca4819a
IP
18.202.12.61
ASN
#16509 AMAZON-02
Submitted
2022-09-10 09:45:46
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
www.affiliatebtq.biz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	3.1 kB	52.210.174.128
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.3 kB	8.9 kB	23.36.77.32
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	401 B	5.8 kB	143.204.55.49
www.powerplay.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.6 kB	83 kB	104.18.5.148
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	371 B	52 kB	142.250.74.72
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	503 B	694 B	142.250.74.3
ocsp.godaddy.com	698	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	328 B	2.3 kB	192.124.249.36
powerplay-content.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	8.3 kB	647 kB	160.153.235.136
ib.adnxs.com	241	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	626 B	343 B	37.252.173.215
in-automate.sendinblue.com	28489	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	522 B	104.17.9.12
propeller-tracking.com	187053	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	361 B	728 B	139.45.197.240
secure.adnxs.com	396	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.9 kB	11 kB	37.252.172.37
sibautomation.com	26949	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	1.6 kB	172.64.153.111
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	656 B	1.9 kB	172.64.155.188
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	504 B	694 B	142.250.74.164
static.cloudflareinsights.com	1294	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	447 B	393 B	172.64.156.26
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	658 B	1.5 kB	93.184.220.29
unphionetor.com	54035	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.1 kB	139.45.197.236
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	1.9 kB	143.204.42.158
segment.prod.bidr.io	10225	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	917 B	869 B	52.51.145.228
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.7 kB	52 kB	34.120.237.76
acdn.adnxs.com	573	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	355 B	3.7 kB	23.38.200.189
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	321 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	594 B	127 B	52.43.58.150
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.6 kB	5.6 kB	142.250.74.3
match.prod.bidr.io	503	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	789 B	621 B	52.50.89.178
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	593 B	712 B	142.251.1.154
pixel.mathtag.com	1199	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	3.6 kB	23.38.200.207
www.powerplaybet.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	2.1 kB	40.127.232.184
zz.connextra.com	14652	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	19 kB	104.85.191.64
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.1 kB	3.8 kB	139.45.195.8
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	362 B	21 kB	142.250.74.174
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	758 B	2.7 kB	143.204.55.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-09-10	medium	unphionetor.com	Sinkholed
2022-09-10	medium	unphionetor.com	Sinkholed
2022-09-10	medium	unphionetor.com	Sinkholed

JavaScript (29)

	URL	Size	First Seen	Last Seen
	static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194	14 kB	2023-03-07	2024-04-26
Pretty URL static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 IP 172.64.156.26 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-26 05:43:44 Times Seen1638 Hash 19514b1be5ee33b45d32c1fcd4c67ec2 bdeab77b43cafcc638df9d7c26f1aa7f46bf1fd5 fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505 Loading...

	unknown	0 B	2023-03-07	2024-04-27
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-27 07:14:27 Times Seen37113930 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341	556 B	2023-03-07	2023-03-17
Pretty URL www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 16c31772c4fb8ee298bc1deb98102c4b 4f19b24c9c0987d3e362ed5544ea390c38a6e7b2 cfbb9cadd830f6cb9248ac88011af641ea748086fb0eeef45938d633c0fa5544 Loading...

	powerplay-content.com/assets/js/src/pp-functions15062022.min.js	25 kB	2023-03-07	2023-03-17
Pretty URL powerplay-content.com/assets/js/src/pp-functions15062022.min.js IP 160.153.235.136 ASN #21501 Host Europe GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 91b9a7b48dd7ec130bacdd8447ca7e0b bf40e45e0ce56316f1b61f731062faa85519e9e1 518052bb83dca77171c9c810d4a129fb76cbe9197a4d51b94779bdebed155956 Loading...

	powerplay-content.com/assets/newcss_landing/js/lp.js	20 kB	2023-03-07	2023-03-17
Pretty URL powerplay-content.com/assets/newcss_landing/js/lp.js IP 160.153.235.136 ASN #21501 Host Europe GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 25c00ea3a73107e951284d82ccb4e3eb b068e89e52e391e9a52a89867f641f0a1d030e2c 06ad73c2c1e649f457bf851b9a4cb693bcb5e22947e1f54a7cf895d10c956f92 Loading...

	www.powerplay.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1662796800	38 kB	2023-03-07	2023-03-07
Pretty URL www.powerplay.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1662796800 IP 104.18.5.148 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:14:33 Last Seen2023-03-07 14:14:33 Times Seen1 Hash 2f24ae88e6a2449f9a8b34d2fc9c8da2 a0d6fc743971eaf4919b0aabf9531324eb8612f1 96d909858f4c8667fd54597bf5766c5bd5c278ce24fe67e1c44c9c88314555e7 Loading...

	www.powerplay.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	12 kB	2023-03-07	2024-04-27
Pretty URL www.powerplay.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 104.18.5.148 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-27 06:26:44 Times Seen43148 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341	417 B	2023-03-07	2023-03-17
Pretty URL www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash a1fa72c8498db3a618d7590954d53c1e b4ef8933c635299d189aa8549886fa83c6b81734 7680f7cbef209e1b0f2d3da2ef5b083b4ecd6204fffc8dbf5468cbe1ee873a34 Loading...

	propeller-tracking.com/fv.js?t=93873	5.2 kB	2023-03-07	2024-04-26
Pretty URL propeller-tracking.com/fv.js?t=93873 IP 139.45.197.240 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:56 Last Seen2024-04-26 22:21:47 Times Seen2357 Hash 563d777535ce88943a94a6be86f378c8 8753745424d367275e3fe55a5661fe51b1e1fb72 0f467a48a494f7f63968707dc43785b728d0c17f93c12937c1e5b12798f3a98a Loading...

	my.rtmark.net/p.js?f=sync&lr=1&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc	697 B	2023-03-07	2023-03-17
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 0a83632b91c4814fb4ca5fdaeaf8feb6 e7f4f82e1c0f9228e531dfb335cd595de2785fb5 48aba20e2721ef10913638f8c60a47bf9a46772817687ae9b33ce8cb7cd3de27 Loading...

	sibautomation.com/sa.js?key=gm86guigrko4zzgucol1x	7.9 kB	2023-03-07	2023-03-17
Pretty URL sibautomation.com/sa.js?key=gm86guigrko4zzgucol1x IP 172.64.153.111 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:58 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 4807b7ce7dde2f574f0c4f91d4811f19 f5713bc8c282bae744965d05b5133439debf2ccf 34bfb1c53f424622eaeb0088d84f3b25fbc4ecc69ed4c4f56cee6c686a1f1c61 Loading...

	www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341	375 B	2023-03-07	2023-03-17
Pretty URL www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash ec869c48e0ad18027c1921e90aca48ac b1398d5e4654b1e1924b74d3c7955ec874fa8ad4 21a52f2c5ce5990f6fdb5d1f2598983263eeac5ffcfda8225230ca962a0a0b75 Loading...

	www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341	193 B	2023-03-07	2023-03-17
Pretty URL www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 5158a9305f12b1b70d98e51ea11cccfa da05d618408d7e1953374138eec7b58501a0864b 4990e681894f3f7efc3eba2f0bc7a8cc7989e60ac03098164bb479089f383369 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-07	2024-04-25
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.174 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:01 Last Seen2024-04-25 19:24:16 Times Seen842 Hash d40531c5e99a6f84e42535859476fe35 a901817d77b2fe5259c298c91bc65c54d7f8a1a9 a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Loading...

	zz.connextra.com/dcs/tagController/tag/770b6a2a5625/landingpage	47 kB	2023-03-07	2023-03-17
Pretty URL zz.connextra.com/dcs/tagController/tag/770b6a2a5625/landingpage IP 104.85.191.64 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash f44995b098c65b5a807fb8bb0fd6b67b d08c4a37f8748a8466784a857d7c9f7dc67ce125 92028343d45e15b8210b740d793c1fc845bb3545340fa85d861049cc167f5924 Loading...

	pixel.mathtag.com/event/js?mt_id=1518345&mt_adid=243239&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=	1.5 kB	2023-03-07	2023-03-07
Pretty URL pixel.mathtag.com/event/js?mt_id=1518345&mt_adid=243239&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3= IP 23.38.200.207 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:14:33 Last Seen2023-03-07 14:14:33 Times Seen1 Hash 7cdb7a7c5f3e85248ce8cc9f099bb278 7561fcc2d8e1c1a34d74099f1767fd7d637910c0 29f33163548ed58cc9b9eb8277f40c3d397a379b65c5081b534cb833b4ec2795 Loading...

	pixel.mathtag.com/sync/iframe?mt_uuid=74c0631c-5cc1-4a00-9fd7-d9f67d93fc07&no_iframe=1&mt_adid=243239&source=mathtag	643 B	2023-03-07	2023-03-17
Pretty URL pixel.mathtag.com/sync/iframe?mt_uuid=74c0631c-5cc1-4a00-9fd7-d9f67d93fc07&no_iframe=1&mt_adid=243239&source=mathtag IP 23.38.200.207 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash dc6f1789f9271ac721dd1a4c46029089 5321f3beb6309a3a8d1cffc3314638418891f78c 4c0963c4a64be36b64d44218fc19d45763a6e8b122ce4085d07e020424e458ef Loading...

	www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341	1.6 kB	2023-03-07	2023-03-07
Pretty URL www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:14:33 Last Seen2023-03-07 14:14:33 Times Seen1 Hash 9e01b59b8a448f88e02abef1efb4f5c5 02121f1410533ac4888a8acaaa8ad5e59e1e05e2 9f1e11328df557f50605312c997453548a4cc42969dfb5942f2c5f48568c283f Loading...

	http:blank	708 B	2023-03-07	2023-03-07
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:14:33 Last Seen2023-03-07 14:14:33 Times Seen1 Hash 806d6ce5f17a2946ce3c408317e07019 4f68ac6788064506f64fd84b1603216825fc5734 beb1bd51aa83ee3ce2f8992b1d7962500cd950a3b36179c49d08d9628175fab2 Loading...

	my.rtmark.net/p.js?f=sync&lr=1&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8	697 B	2023-03-07	2023-03-17
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8 IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash ed7e8ad18e0f3bd2c70c7abd1695e09a 54e80479d3910d125a36866be752fc55aadf62a9 531afb8d462c60b454489c1041538a5db9767de6a24793df88a509a35a6398b5 Loading...

	acdn.adnxs.com/dmp/up/pixie.js	9.1 kB	2023-03-07	2024-01-23
Pretty URL acdn.adnxs.com/dmp/up/pixie.js IP 23.38.200.189 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2024-01-23 08:30:01 Times Seen221 Hash e286c68ac0ac089b297abd8a3d9832a7 08a5e998ea0b980201d11b0282861c4efaeea396 f033d6a9b4acc24957ac5ca92d278b9aca16ec1b264658ae3267b1efa6ef4a5e Loading...

	sibautomation.com/cm.html?key=gm86guigrko4zzgucol1x#cuid=6c597c7c-4645-4cee-8814-044751463e9b&cm_flag=true&allow_cookie=&i=0	2.3 kB	2023-03-07	2023-03-17
Pretty URL sibautomation.com/cm.html?key=gm86guigrko4zzgucol1x#cuid=6c597c7c-4645-4cee-8814-044751463e9b&cm_flag=true&allow_cookie=&i=0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 8b95ff09cf723a29be4936fba609a430 9272d7abb1046d24566bcd43904d01abdf5ef308 3afc539bb921fc0e2275bcfc46e054642b87d4b9a9976693a59047b048493bcb Loading...

	www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341	339 B	2023-03-07	2023-03-17
Pretty URL www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash aad4faa4cf8ccadc684d5be2d3cbbc40 ae9b4fafb5f28d6ff5c2be28a40f46eddc01e5db a6d5af579eb9b4b897b2b44df5b9b52f366e07032d1923dcff75d610e19ebfa9 Loading...

	www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341	859 B	2023-03-07	2023-03-17
Pretty URL www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 100268f2d5e40c7fc2779554812a1412 191daa6a958057b4a5e412082431005daa3ae78c 3916bdca8837f7da965e1874c4f8aee92d01542efd511a6af6a5b005d4dce087 Loading...

		Size	First Seen	Last Seen
	#1 Write - be697b6dfc757d76713a72a0aced3741	190 B	2023-03-07	2023-05-06
Pretty Observations First Seen2023-03-07 01:06:21 Last Seen2023-05-06 00:11:34 Times Seen161 Hash be697b6dfc757d76713a72a0aced3741 6ebc97158e27218a733b71e28bab1d52c30c2afb 743f6492a5beb847167322304f93922a25b48b4fda556b6039418e53930e9df1 Loading...

	#2 Write - 24c8db40553a2f1a5d46aed2b3c721bc	228 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 24c8db40553a2f1a5d46aed2b3c721bc 0f62c75c495308149e110cc8c95803cd0c6b7a02 1f9f0c9520a47a8d5a970fdb17d1fb0e0fbe89db5789e06178f04f4e89154ea7 Loading...

	#3 Write - 605fc91cfccf4e72af0c38051ece7c72	147 B	2023-03-07	2023-05-06
Pretty Observations First Seen2023-03-07 01:28:42 Last Seen2023-05-06 00:11:34 Times Seen79 Hash 605fc91cfccf4e72af0c38051ece7c72 f001853e5f4efdaca5e86af7bb73a818f519f05c d9a659e344fc1b019f5857ebabb9f774aaf9dc6541e725593412c3a5fc9b068b Loading...

	#4 Write - fc1be604b162de892a149b40fbbeed0b	226 B	2023-03-07	2023-05-06
Pretty Observations First Seen2023-03-07 01:28:42 Last Seen2023-05-06 00:11:34 Times Seen89 Hash fc1be604b162de892a149b40fbbeed0b 73a73ccb81fb66bd2b49936e2d85cf7a49031adc 6303ed4a7c8859b4def4e26273466612559fa8a79269a5586b8471a3c27a63f5 Loading...

	#5 Write - 80b9a190f15ccfe19dd3d02d5d8d96b6	173 B	2023-03-07	2023-03-17
Pretty Observations First Seen2023-03-07 01:28:42 Last Seen2023-03-17 12:46:46 Times Seen1 Hash 80b9a190f15ccfe19dd3d02d5d8d96b6 054606dd1c7fece8ecf27e62c139303d5415f016 f7ef05ee180541ab818938feec579b5c440b0d8744805099461be54d12c741f9 Loading...

HTTP Transactions (115)

URL IP Response Size

www.affiliatebtq.biz/aff_c?offer_id=883&aff_id=1503&aff_sub=5310&aff_sub2=7cf2d1c36fab5ef5cddfdf75a92854b2f9299c4705c480833f21289f8ca4819a

52.210.174.128

302 Found

443 B

URL HTTP/1.1
www.affiliatebtq.biz/aff_c?offer_id=883&aff_id=1503&aff_sub=5310&aff_sub2=7cf2d1c36fab5ef5cddfdf75a92854b2f9299c4705c480833f21289f8ca4819a
IP
52.210.174.128:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (309)
Size
443 B (443 bytes)
Hash
f865eb5c21950ffe803bbad37674da80
4523854e674d516abd468488b323fe8a52ee22f9
a4f8de3dd88e1ce7a68b0a34c6daf131e1beec1438666146bf331ea82eebec3e

HTTP Headers

GET /aff_c?offer_id=883&aff_id=1503&aff_sub=5310&aff_sub2=7cf2d1c36fab5ef5cddfdf75a92854b2f9299c4705c480833f21289f8ca4819a HTTP/1.1
Host: www.affiliatebtq.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 10 Sep 2022 09:45:34 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 443
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: /aff_r?offer_id=883&aff_id=1503&url=https%3A%2F%2Fwww.powerplaybet.com%2FC.ashx%3Fbtag%3Da_36341b_17875c_%26affid%3D7005378%26siteid%3D36341%26adid%3D17875%26c%3Daffbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&urlauth=521623778783695617929640035821
P3p: CP="NOI CUR OUR NOR INT"
Pragma: no-cache
Set-Cookie: enc_aff_session_883=ENC036cfd1b1f7866402f810c88f5ff1a015165e284cb71b2a466eddedfd8d0045598d031da6e6703fda078b6ff2867e66808c7c7244d4376c60277ffb92455ed18323a70bcfae7d724f723a8468992c90f7acf67b003a2558ca0ef6e87d5433516eabeca02d05fec68b0fd1181c00b70b0386ee665ef736223e17617d542f9dddf4212c4ad9fe95a3d9585219ab4ec781a02bc137ee9102889d6534e93aa85b91d05c5024948ee341f37996eafa07aaab5c64d4ef4c1c80bbc5b9fdd1306e0475a5a0c09f7c9; expires=Mon, 10 Oct 2022 09:45:34 GMT; path=/; SameSite=None; Secure
ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiI5Ni4wIiwibW9iaWxlX2NhcnJpZXIiOiI/IiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChYMTE7IExpbnV4IFg4Nl82NDsgUnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wIiwiYWNjZXB0X2xhbmd1YWdlIjoiZW4tVVMsZW47cT0wLjUiLCJjb25uZWN0aW9uX3NwZWVkIjoiYnJvYWRiYW5kIn0=; expires=Mon, 04 Aug 2025 20:25:34 GMT; path=/; SameSite=None; Secure
Tracking_id: 102b9415cc9c66aa20f82fbc6be8f6
X-Robots-Tag: noindex, nofollow
Access-Control-Allow-Origin: *
X-Request-Id: 16e335263e6cc697c5339328e2073934
Access-Control-Allow-Headers: Tune-SDK-Version

firefox.settings.services.mozilla.com/v1/

143.204.55.35

200 OK

939 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Sat, 10 Sep 2022 09:06:31 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WqgqxPo3i7O-pjujti2J9Xrv_rcJ6TpqK7xKyofcuEGSaQrbLQSTPw==
Age: 2343

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f55e483f32b3fd50b1a2414aaada9b61
9d6b22edb98866e002e3b1ace44dfb0f8d00935f
4b09e1d2b887ded061e4ec5f82ec70ce699eeed428acc6b4fd3ef10ed9233c89

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4B09E1D2B887DED061E4EC5F82EC70CE699EEED428ACC6B4FD3EF10ED9233C89"
Last-Modified: Thu, 08 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13716
Expires: Sat, 10 Sep 2022 13:34:10 GMT
Date: Sat, 10 Sep 2022 09:45:34 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain

143.204.55.49

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP
143.204.55.49:0
ASN
#16509 AMAZON-02

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Sat, 10 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ROS721beIGMCVXZTgSGaYSIldWvuHXpollDFkMLU2u6mTCBLWNuhZg==
age: 8902
X-Firefox-Spdy: h2

www.affiliatebtq.biz/aff_r?offer_id=883&aff_id=1503&url=https%3A%2F%2Fwww.powerplaybet.com%2FC.ashx%3Fbtag%3Da_36341b_17875c_%26affid%3D7005378%26siteid%3D36341%26adid%3D17875%26c%3Daffbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&urlauth=521623778783695617929640035821

52.210.174.128

302 Found

344 B

URL HTTP/1.1
www.affiliatebtq.biz/aff_r?offer_id=883&aff_id=1503&url=https%3A%2F%2Fwww.powerplaybet.com%2FC.ashx%3Fbtag%3Da_36341b_17875c_%26affid%3D7005378%26siteid%3D36341%26adid%3D17875%26c%3Daffbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&urlauth=521623778783695617929640035821
IP
52.210.174.128:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
344 B (344 bytes)
Hash
5c951cf852ee0348ba4ba81932173e48
998f657ecebfc611fc518740d6333ee12c4d3cb3
36c1e1635c320fcb9cdc5a036b4fff67c49a84442b5aefc1fcd5e095b000a9ea

HTTP Headers

GET /aff_r?offer_id=883&aff_id=1503&url=https%3A%2F%2Fwww.powerplaybet.com%2FC.ashx%3Fbtag%3Da_36341b_17875c_%26affid%3D7005378%26siteid%3D36341%26adid%3D17875%26c%3Daffbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&urlauth=521623778783695617929640035821 HTTP/1.1
Host: www.affiliatebtq.biz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 10 Sep 2022 09:45:34 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 344
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://www.powerplaybet.com/C.ashx?btag=a_36341b_17875c_&affid=7005378&siteid=36341&adid=17875&c=affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503
Pragma: no-cache
Access-Control-Allow-Origin: *
X-Request-Id: e42d7e21646b9a66cf4f62e5d22033ac
Access-Control-Allow-Headers: Tune-SDK-Version

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:34 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.godaddy.com/

192.124.249.36

200 OK

1.8 kB

URL HTTP/1.1
ocsp.godaddy.com/
IP
192.124.249.36:0
ASN
#30148 SUCURI-SEC

File type
data
Size
1.8 kB (1777 bytes)
Hash
9b854f57d99562fce39b634d6ff242c0
c43b48a51c12552406cd51d4704d86ef00bcfe06
30b7cbae9b65bb059286042ec9a329d3a084bd3398d3eafe3439fa9a5c83eb9f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 10 Sep 2022 09:45:35 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 09 Sep 2022 22:54:20 GMT
Expires: Sat, 10 Sep 2022 22:54:20 GMT
ETag: "c43b48a51c12552406cd51d4704d86ef00bcfe06"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

www.powerplaybet.com/C.ashx?btag=a_36341b_17875c_&affid=7005378&siteid=36341&adid=17875&c=affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503

40.127.232.184

302 Found

283 B

URL HTTP/1.1
www.powerplaybet.com/C.ashx?btag=a_36341b_17875c_&affid=7005378&siteid=36341&adid=17875&c=affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503
IP
40.127.232.184:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
283 B (283 bytes)
Hash
426698fabab4fd13dab65bd1370e9aca
821f7305f3b03cc66b652b4a49d0e65af9da93d6
5327f00520344bfb4986fbecf81e041e89f9d1cdf206cf8df693a773827c8ac4

HTTP Headers

GET /C.ashx?btag=a_36341b_17875c_&affid=7005378&siteid=36341&adid=17875&c=affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503 HTTP/1.1
Host: www.powerplaybet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: //www.powerplaybet.com/C.ashx?btag=a_36341b_17875c_&affid=7005378&siteid=36341&adid=17875&c=affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&AutoR=1
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
Set-Cookie: CEK=a; expires=Fri, 09-Dec-2022 09:45:35 GMT; path=/; SameSite=None; Secure
X-Powered-By: ASP.NET
Date: Sat, 10 Sep 2022 09:45:35 GMT
X-Cnection: close
Content-Length: 283
Vary: Accept-Encoding

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

143.204.55.35

200 OK

329 B

URL HTTP/1.1
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
143.204.55.35:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Sat, 10 Sep 2022 08:56:07 GMT
Cache-Control: max-age=3600
Expires: Sat, 10 Sep 2022 09:53:37 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: m4lT3pCT329A882iK03_1cQWSb9HksetLrYHUvbjov4f9OCpwDn4GQ==
Age: 2968

www.powerplaybet.com/C.ashx?btag=a_36341b_17875c_&affid=7005378&siteid=36341&adid=17875&c=affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&AutoR=1

40.127.232.184

302 Found

243 B

URL HTTP/1.1
www.powerplaybet.com/C.ashx?btag=a_36341b_17875c_&affid=7005378&siteid=36341&adid=17875&c=affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&AutoR=1
IP
40.127.232.184:0
ASN
#8075 MICROSOFT-CORP-MSN-AS-BLOCK

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
243 B (243 bytes)
Hash
076eef8c0718d809e2368b07901c8166
67a09ec18253620c068ff1775b6e0d77779b61e3
51d29af12f96e896dde258e4af38799eb31083617ca22909be2719a856a20dc0

HTTP Headers

GET /C.ashx?btag=a_36341b_17875c_&affid=7005378&siteid=36341&adid=17875&c=affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&AutoR=1 HTTP/1.1
Host: www.powerplaybet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: CEK=a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://www.powerplay.com/lp/CA_LP_1000CB?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341
Server: Microsoft-IIS/10.0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
X-AspNet-Version: 4.0.30319
Set-Cookie: XYZ=3&1&19&&&&0&1&&b9bd1c19-e28b-426e-8958-26753fd03878&&a_36341b_17875&; expires=Fri, 09-Dec-2022 09:45:35 GMT; path=/; SameSite=None; Secure
A_17875=a=17875&r=0&fv=0&lv=0&vc=0&fc=20220910&lc=20220910094535&cc=1; expires=Fri, 09-Dec-2022 09:45:35 GMT; path=/; SameSite=None; Secure
PM_196=c=affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&s=36341&ad=17875&md=0&pm=196&d=20220910094535&ip=1532635802&r=0&ref=; expires=Fri, 09-Dec-2022 09:45:35 GMT; path=/; SameSite=None; Secure
CEK=a; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; SameSite=None; Secure
X-Powered-By: ASP.NET
Date: Sat, 10 Sep 2022 09:45:35 GMT
X-Cnection: close
Content-Length: 243
Vary: Accept-Encoding

www.powerplay.com/lp/CA_LP_1000CB?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341

104.18.5.148

302 Found

0 B

URL HTTP/2
www.powerplay.com/lp/CA_LP_1000CB?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341
IP
104.18.5.148:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /lp/CA_LP_1000CB?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341 HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/2 302 Found
date: Sat, 10 Sep 2022 09:45:35 GMT
content-length: 0
location: https://www.powerplay.com/lp/CA_LP_1000CB/index.html?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341
cf-ray: 74873b4c5b861c0e-OSL
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
set-cookie: SERVERID=tc-app7|Yxxcw|Yxxcw; path=/; Secure; SameSite=None; HttpOnly
__cf_bm=uX2mhECvgRdVXVyvf4o.5RSpaERnfySxSTpjLy0usc8-1662803135-0-AfezhvETsJUO1ZmDWmeUkVSCMCAeCHYATbpBwzGG9UcMXmbUZl6v6BOuirvDqIwIXb4WZodJpX4t0OSckPxkaHSoyBcaBLokh+/M/txmIvzj; path=/; expires=Sat, 10-Sep-22 10:15:35 GMT; domain=.www.powerplay.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d0c56e0b2955a5dd7f37ba4bbf5727b4
f435bd1f6fb8ec931f1817fe4b91e6b86a7cb14b
99f7da9dca677db8e9cec5491c0d6d8a86b9c5e907907c2fdd30973c747f4282

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5900
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 09:45:35 GMT
Last-Modified: Sat, 10 Sep 2022 08:07:15 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.43.58.150

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.43.58.150:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8/C4/puzi7CKvIRnLTJocw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /wA+rICebAnlqIwaFGMUuLv2QHY=

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8f9040c8bd40fbd7fa4c3856b076d67
d13d254fc5f536c4684ff6223c7387711dd56c7e
657f4e02dbb725954416fda2cff313130615faccd9059af411aab39055897e2b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "657F4E02DBB725954416FDA2CFF313130615FACCD9059AF411AAB39055897E2B"
Last-Modified: Fri, 09 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21576
Expires: Sat, 10 Sep 2022 15:45:11 GMT
Date: Sat, 10 Sep 2022 09:45:35 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8f9040c8bd40fbd7fa4c3856b076d67
d13d254fc5f536c4684ff6223c7387711dd56c7e
657f4e02dbb725954416fda2cff313130615faccd9059af411aab39055897e2b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "657F4E02DBB725954416FDA2CFF313130615FACCD9059AF411AAB39055897E2B"
Last-Modified: Fri, 09 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 10 Sep 2022 15:45:36 GMT
Date: Sat, 10 Sep 2022 09:45:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8f9040c8bd40fbd7fa4c3856b076d67
d13d254fc5f536c4684ff6223c7387711dd56c7e
657f4e02dbb725954416fda2cff313130615faccd9059af411aab39055897e2b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "657F4E02DBB725954416FDA2CFF313130615FACCD9059AF411AAB39055897E2B"
Last-Modified: Fri, 09 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21528
Expires: Sat, 10 Sep 2022 15:44:24 GMT
Date: Sat, 10 Sep 2022 09:45:36 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8f9040c8bd40fbd7fa4c3856b076d67
d13d254fc5f536c4684ff6223c7387711dd56c7e
657f4e02dbb725954416fda2cff313130615faccd9059af411aab39055897e2b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "657F4E02DBB725954416FDA2CFF313130615FACCD9059AF411AAB39055897E2B"
Last-Modified: Fri, 09 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21528
Expires: Sat, 10 Sep 2022 15:44:24 GMT
Date: Sat, 10 Sep 2022 09:45:36 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a4ae55dbf8e22a357ee36e37fafa37af
18d33f606a8bc692802cfaa3a22ceb4a5eedca8c
8343a46c0a87b15be71cab0ae84912ed07d3104d4b621c55e3cd69367f58ebb6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 09:45:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

powerplay-content.com/assets/newcss_landing/img/icons/fbt.svg

160.153.235.136

200 OK

4.1 kB

URL HTTP/2
powerplay-content.com/assets/newcss_landing/img/icons/fbt.svg
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
4.1 kB (4080 bytes)
Hash
1bbe445967b22e01c73375f73e3dca2a
5061a5782233f638f9b94af2a64347b289f3b252
22c9ff27c6f9d3018605569294c3a88bfbf6ea3089c5698095bb825a17c72a88

HTTP Headers

GET /assets/newcss_landing/img/icons/fbt.svg HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: image/svg+xml
content-length: 4080
last-modified: Thu, 26 Nov 2020 10:18:00 GMT
etag: "5fbf80d8-ff0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/img/icons/ast.svg

160.153.235.136

200 OK

3.8 kB

URL HTTP/2
powerplay-content.com/assets/newcss_landing/img/icons/ast.svg
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
3.8 kB (3751 bytes)
Hash
8b2b6c924753ab5a19747b7798e4a3ac
2122b312b8a2b9825ae7401ee8ec66c8f5350ac5
58c8767fe38bd84781d76e34bdf350333dcb00b21bf8ed5de83ef61fb11b5cdb

HTTP Headers

GET /assets/newcss_landing/img/icons/ast.svg HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: image/svg+xml
content-length: 3751
last-modified: Thu, 26 Nov 2020 10:17:59 GMT
etag: "5fbf80d7-ea7"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8f9040c8bd40fbd7fa4c3856b076d67
d13d254fc5f536c4684ff6223c7387711dd56c7e
657f4e02dbb725954416fda2cff313130615faccd9059af411aab39055897e2b

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "657F4E02DBB725954416FDA2CFF313130615FACCD9059AF411AAB39055897E2B"
Last-Modified: Fri, 09 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21521
Expires: Sat, 10 Sep 2022 15:44:17 GMT
Date: Sat, 10 Sep 2022 09:45:36 GMT
Connection: keep-alive

powerplay-content.com/assets/newcss_landing/img/icons/lcn.svg

160.153.235.136

200 OK

36 kB

URL HTTP/2
powerplay-content.com/assets/newcss_landing/img/icons/lcn.svg
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (16566), with CRLF line terminators
Size
36 kB (35947 bytes)
Hash
6460f0761c4ee35d813175d001059f78
501c22714f79c4bfd2eb79f0598645f7e5623597
28f32ff48596a7d3d9a55cdd8a9c5ca44865e1b6f90503da91c8c120f0365019

HTTP Headers

GET /assets/newcss_landing/img/icons/lcn.svg HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: image/svg+xml
content-length: 35947
last-modified: Mon, 22 Feb 2021 10:45:02 GMT
etag: "60338b2e-8c6b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-NWZ5SDW

142.250.74.72

200 OK

51 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-NWZ5SDW
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (15038)
Size
51 kB (50918 bytes)
Hash
3602f7d2d11972faf4e69f71a3b977ae
c44d7eab14148718f8cfbcfa97a86c8f541c9cc6
e571a98d7e1faa3b47a2fdf982e3670c6b91a272009bec4bed951dd291288297

HTTP Headers

GET /gtm.js?id=GTM-NWZ5SDW HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 10 Sep 2022 09:45:36 GMT
expires: Sat, 10 Sep 2022 09:45:36 GMT
cache-control: private, max-age=900
last-modified: Sat, 10 Sep 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 50918
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/img/en/ppcom-logo-en-la-onblk-casino.svg

160.153.235.136

200 OK

9.2 kB

URL HTTP/2
powerplay-content.com/assets/newcss_landing/img/en/ppcom-logo-en-la-onblk-casino.svg
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1266), with CRLF line terminators
Size
9.2 kB (9215 bytes)
Hash
44e923ed49bceba83e898e861c753a5d
ac3a56232b3e4a3db3940cc2a9498ce995dee964
0fe6c6fec041767dd85a64af016040f60e47c2816b5a639e70f8d71aade2643a

HTTP Headers

GET /assets/newcss_landing/img/en/ppcom-logo-en-la-onblk-casino.svg HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: image/svg+xml
content-length: 9215
last-modified: Mon, 15 Feb 2021 11:30:38 GMT
etag: "602a5b5e-23ff"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/img/interac.svg

160.153.235.136

200 OK

5.8 kB

URL HTTP/2
powerplay-content.com/assets/newcss_landing/img/interac.svg
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (636)
Size
5.8 kB (5820 bytes)
Hash
fcb02d38486eb3d81c95c94facce9aaa
341dce05465c76142c5f8a686402955aac119f9a
c95f099ecb805ad29638c1bb38b780d6314f23cfb3195444d6bb36a3d7318568

HTTP Headers

GET /assets/newcss_landing/img/interac.svg HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: image/svg+xml
content-length: 5820
last-modified: Mon, 02 Nov 2020 16:37:28 GMT
etag: "5fa035c8-16bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/img/en/customer_support.svg

160.153.235.136

200 OK

21 kB

URL HTTP/2
powerplay-content.com/assets/newcss_landing/img/en/customer_support.svg
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (15729), with CRLF line terminators
Size
21 kB (21006 bytes)
Hash
d9a751c72a8508aeb17a8b8a597cd25d
7448c58f8dfdf8832c27bf4b34b9b54d2481a2d7
ece4d6cacb29963ac3fba692ed637c5c600d31c09d1f7b66c1a61e271e97650c

HTTP Headers

GET /assets/newcss_landing/img/en/customer_support.svg HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: image/svg+xml
content-length: 21006
last-modified: Tue, 13 Apr 2021 13:19:27 GMT
etag: "60759a5f-520e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/img/en/CA/1000depositbonus/1000deposit-bonus-top.svg

160.153.235.136

200 OK

13 kB

URL HTTP/2
powerplay-content.com/assets/newcss_landing/img/en/CA/1000depositbonus/1000deposit-bonus-top.svg
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (3399), with CRLF line terminators
Size
13 kB (13264 bytes)
Hash
6fef3ff7f96027a29b5e4e784874701a
f603a38a7f7c171db1b32f11e2fc107472c41cf2
55adf6fde42191b1d2d5c806cea6fc026a828e46d5cfe953ff5ff4e9ed826f84

HTTP Headers

GET /assets/newcss_landing/img/en/CA/1000depositbonus/1000deposit-bonus-top.svg HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: image/svg+xml
content-length: 13264
last-modified: Wed, 14 Apr 2021 12:28:50 GMT
etag: "6076e002-33d0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/img/en/button-img.svg

160.153.235.136

200 OK

2.7 kB

URL HTTP/2
powerplay-content.com/assets/newcss_landing/img/en/button-img.svg
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (708), with CRLF line terminators
Size
2.7 kB (2671 bytes)
Hash
df7fffc16d00640a8b764172e66600b7
23fcdede7481fd2f336fbbb7863e7f7e854eb682
90f9220502915bc044b81ade2c5ed034adcb2f66423a495269ae93c47c3dfd7d

HTTP Headers

GET /assets/newcss_landing/img/en/button-img.svg HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: image/svg+xml
content-length: 2671
last-modified: Thu, 04 Feb 2021 11:00:27 GMT
etag: "601bd3cb-a6f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/img/en/CA/1000depositbonus/lp-timer-icon-en.svg

160.153.235.136

200 OK

2.8 kB

URL HTTP/2
powerplay-content.com/assets/newcss_landing/img/en/CA/1000depositbonus/lp-timer-icon-en.svg
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (772)
Size
2.8 kB (2819 bytes)
Hash
80d659da9111664228d9c30760bc5353
cff642afa5f48876281a7d5be471a88d10c5a359
8dfbc11122a6bafd19ccef84204578b4359d2307b6d11ee9d8f8b059a06f0807

HTTP Headers

GET /assets/newcss_landing/img/en/CA/1000depositbonus/lp-timer-icon-en.svg HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: image/svg+xml
content-length: 2819
last-modified: Mon, 10 May 2021 09:52:59 GMT
etag: "6099027b-b03"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/img/icons/ssc.svg

160.153.235.136

200 OK

3.9 kB

URL HTTP/2
powerplay-content.com/assets/newcss_landing/img/icons/ssc.svg
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
3.9 kB (3872 bytes)
Hash
bc2790be32cfee9723fe312249dcdf4d
95450a077bd3ca06b31a5340ba8ad80bcb7a1e87
c64e81f9cca2166fc53ef0f3fbbf181302f222e644b48968095189644935ec4f

HTTP Headers

GET /assets/newcss_landing/img/icons/ssc.svg HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: image/svg+xml
content-length: 3872
last-modified: Thu, 26 Nov 2020 10:17:59 GMT
etag: "5fbf80d7-f20"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/img/en/CA/1000depositbonus/DT_CA-EN_LP_1000CB.jpg

160.153.235.136

200 OK

146 kB

URL HTTP/2
powerplay-content.com/assets/newcss_landing/img/en/CA/1000depositbonus/DT_CA-EN_LP_1000CB.jpg
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 1366x526, components 3\012- data
Size
146 kB (146399 bytes)
Hash
434eecd6fc0f1f24e35ef7778c2c8d7b
1adac9fa6a6ab83200f26379d7125a7794c62002
8d405bfaaf9ecbc1ebb18881d2d77026f7e17312b64d3969c64b625c0aa47b42

HTTP Headers

GET /assets/newcss_landing/img/en/CA/1000depositbonus/DT_CA-EN_LP_1000CB.jpg HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: image/jpeg
content-length: 146399
last-modified: Tue, 18 May 2021 16:14:59 GMT
etag: "60a3e803-23bdf"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/img/en/pp-logolock-en-onblk-pic.svg

160.153.235.136

200 OK

173 kB

URL HTTP/2
powerplay-content.com/assets/newcss_landing/img/en/pp-logolock-en-onblk-pic.svg
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (65286), with CRLF line terminators
Size
173 kB (172732 bytes)
Hash
1238ea05289cec3c4e89545e95d4e658
7a0bc701771a0360816fdb5affb25a2222c67b21
e98e1263a2c8419adcee6394551012ab06027d7ef20b712a3c27fe084789f52e

HTTP Headers

GET /assets/newcss_landing/img/en/pp-logolock-en-onblk-pic.svg HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: image/svg+xml
content-length: 172732
last-modified: Tue, 02 Mar 2021 13:56:46 GMT
etag: "603e441e-2a2bc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
a4ae55dbf8e22a357ee36e37fafa37af
18d33f606a8bc692802cfaa3a22ceb4a5eedca8c
8343a46c0a87b15be71cab0ae84912ed07d3104d4b621c55e3cd69367f58ebb6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 09:45:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.powerplay.com/lp/CA_LP_1000CB/index.html?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341

104.18.5.148

301 Moved Permanently

62 kB

URL HTTP/2
www.powerplay.com/lp/CA_LP_1000CB/index.html?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341
IP
104.18.5.148:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
62 kB (61505 bytes)
Hash
a94250a7510cfdf334582b98e5b6c631
bf32908f3af1e5eb3701e6a7608a0a2a95e1710e
e9852df2aa2610b3725055a4220f18951c479014351bc8a95c08ff09841a2def

HTTP Headers

GET /lp/CA_LP_1000CB/index.html?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341 HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: SERVERID=tc-app7|Yxxcw|Yxxcw; __cf_bm=uX2mhECvgRdVXVyvf4o.5RSpaERnfySxSTpjLy0usc8-1662803135-0-AfezhvETsJUO1ZmDWmeUkVSCMCAeCHYATbpBwzGG9UcMXmbUZl6v6BOuirvDqIwIXb4WZodJpX4t0OSckPxkaHSoyBcaBLokh+/M/txmIvzj
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
TE: trailers

HTTP/2 301 Moved Permanently
date: Sat, 10 Sep 2022 09:45:35 GMT
content-type: text/html
location: https://www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341
cf-ray: 74873b4d1c3d1c0e-OSL
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

powerplay-content.com/assets/fonts/montserrat-bold-webfont.woff

160.153.235.136

200 OK

35 kB

URL HTTP/2
powerplay-content.com/assets/fonts/montserrat-bold-webfont.woff
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
Web Open Font Format, TrueType, length 34732, version 1.0\012- data
Size
35 kB (34732 bytes)
Hash
78f8642eecd3bcae41d26031c5c53776
6a141dc0ac86d79da000e26e813cd8638a8ed8ca
6c3b04a323f794e1371b690efa88952b365334a6a90919f5f81cf15c45c74aa6

HTTP Headers

GET /assets/fonts/montserrat-bold-webfont.woff HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://powerplay-content.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: application/font-woff
content-length: 34732
last-modified: Mon, 21 Jun 2021 08:01:14 GMT
etag: "60d0474a-87ac"
access-control-allow-origin: https://www.powerplay.com
accept-ranges: bytes
X-Firefox-Spdy: h2

powerplay-content.com/assets/fonts/MontserratBlack.eot

160.153.235.136

200 OK

43 kB

URL HTTP/2
powerplay-content.com/assets/fonts/MontserratBlack.eot
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
Embedded OpenType (EOT), Montserrat Black family\012- data
Size
43 kB (42974 bytes)
Hash
f5ac988c95b53763763dbcdb6dcd2574
f8b6d744e3bd09d85a6cec0e8d113bc5c2f8d5c7
4a1f0f28ac0dc25b4e527a7ca870bf89d2f444dc4bd6953f24f43cb6a8f7b130

HTTP Headers

GET /assets/fonts/MontserratBlack.eot HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://powerplay-content.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: application/vnd.ms-fontobject
content-length: 42974
last-modified: Mon, 21 Jun 2021 08:01:14 GMT
etag: "60d0474a-a7de"
access-control-allow-origin: https://www.powerplay.com
accept-ranges: bytes
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/js/lp.js

160.153.235.136

200 OK

112 kB

URL HTTP/2
powerplay-content.com/assets/newcss_landing/js/lp.js
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
data
Size
112 kB (112519 bytes)
Hash
a2ff705a8c23714de87fbf0d4fc9c4f2
dd6379e51a63318fa536e8916cb04712c4f51291
c1d74623f2f74c9305a63e7cff07e7ba0c343979ebefa8c2e5ecd5415a5b621b

HTTP Headers

GET /assets/newcss_landing/js/lp.js HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: application/javascript
last-modified: Thu, 07 Jul 2022 12:32:53 GMT
vary: Accept-Encoding
etag: W/"62c6d275-4ca6"
content-encoding: gzip
X-Firefox-Spdy: h2

powerplay-content.com/assets/js/src/pp-functions15062022.min.js

160.153.235.136

200 OK

8.2 kB

URL HTTP/2
powerplay-content.com/assets/js/src/pp-functions15062022.min.js
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
data
Size
8.2 kB (8236 bytes)
Hash
01129ff569d6eada53308453ba15af20
8181c26c28dc0c256ae41e5f3cf46854b5186234
24efa9816a11215ff68aa1216decf3b4372146177e9b9889cd61fdae647a1fba

HTTP Headers

GET /assets/js/src/pp-functions15062022.min.js HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: application/javascript
last-modified: Wed, 15 Jun 2022 15:56:09 GMT
vary: Accept-Encoding
etag: W/"62aa0119-602c"
content-encoding: gzip
X-Firefox-Spdy: h2

powerplay-content.com/assets/fonts/MontserratBlack.woff

160.153.235.136

200 OK

21 kB

URL HTTP/2
powerplay-content.com/assets/fonts/MontserratBlack.woff
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type
Web Open Font Format, TrueType, length 20964, version 0.0\012- data
Size
21 kB (20964 bytes)
Hash
49d1e4af8c8098bb9a9ace080784bdb6
8f73604a3d017092eccd929734c1bface16f4d4e
5e9cd127b94f934093fa5a258464ea145c6ad8c9c950bdf80af56367d1aed8f2

HTTP Headers

GET /assets/fonts/MontserratBlack.woff HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://powerplay-content.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: application/font-woff
content-length: 20964
last-modified: Mon, 21 Jun 2021 08:01:14 GMT
etag: "60d0474a-51e4"
access-control-allow-origin: https://www.powerplay.com
accept-ranges: bytes
X-Firefox-Spdy: h2

zz.connextra.com/dcs/tagController/tag/770b6a2a5625/landingpage

104.85.191.64

200 OK

17 kB

URL HTTP/2
zz.connextra.com/dcs/tagController/tag/770b6a2a5625/landingpage
IP
104.85.191.64:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- exported SGML document, ASCII text, with very long lines (2774)
Size
17 kB (16610 bytes)
Hash
4d7a8fd6eecbeb179ad266ca6f051b85
a9930be83a19ca526a8143b919e134d55d3ef101
7e43c13b9deb13585ae695bab73ea273cb99567ce0bd702b77fb725b51b021a3

HTTP Headers

GET /dcs/tagController/tag/770b6a2a5625/landingpage HTTP/1.1
Host: zz.connextra.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: gzip
content-type: text/javascript;charset=utf-8
content-length: 16610
cache-control: must-revalidate, max-age=300
expires: Sat, 10 Sep 2022 09:50:36 GMT
date: Sat, 10 Sep 2022 09:45:36 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5b36f6508bf779a395d4b559b41d267d
a653f55ef7e337bd259cd76d14fe2adc91c11603
91e3696c53649e8d76b738dca29ed03b8b935f9fc230c735d2fd729428742605

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 09:45:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=462583,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74873b515c24fac8-OSL

my.rtmark.net/p.js?f=sync&lr=1&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8

139.45.195.8

200 OK

697 B

URL HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
ASCII text
Size
697 B (697 bytes)
Hash
ed7e8ad18e0f3bd2c70c7abd1695e09a
54e80479d3910d125a36866be752fc55aadf62a9
531afb8d462c60b454489c1041538a5db9767de6a24793df88a509a35a6398b5

HTTP Headers

GET /p.js?f=sync&lr=1&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

secure.adnxs.com/seg?add=20568435&t=1

37.252.172.37

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/seg?add=20568435&t=1
IP
37.252.172.37:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /seg?add=20568435&t=1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 10 Sep 2022 09:45:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D20568435%26t%3D1
AN-X-Request-Uuid: f6c9a6b8-e6a7-478b-bf5c-4cb94268efc6
Set-Cookie: uuid2=4853690826076758363; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 09-Dec-2022 09:45:36 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

secure.adnxs.com/px?id=1233559&t=1

37.252.172.37

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/px?id=1233559&t=1
IP
37.252.172.37:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /px?id=1233559&t=1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 10 Sep 2022 09:45:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1233559%26t%3D1
AN-X-Request-Uuid: 6bd253c4-ffa9-408c-b2a8-0f60ad9f1bc4
Set-Cookie: uuid2=3766334341245428899; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 09-Dec-2022 09:45:36 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

ocsp.sectigo.com/

172.64.155.188

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
172.64.155.188:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
5b36f6508bf779a395d4b559b41d267d
a653f55ef7e337bd259cd76d14fe2adc91c11603
91e3696c53649e8d76b738dca29ed03b8b935f9fc230c735d2fd729428742605

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 10 Sep 2022 09:45:36 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 08 Sep 2022 18:25:21 GMT
Expires: Thu, 15 Sep 2022 18:25:20 GMT
Etag: "a653f55ef7e337bd259cd76d14fe2adc91c11603"
Cache-Control: max-age=462583,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 74873b51beefb4f7-OSL

secure.adnxs.com/bounce?%2Fseg%3Fadd%3D20568435%26t%3D1

37.252.172.37

200 OK

0 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D20568435%26t%3D1
IP
37.252.172.37:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bounce?%2Fseg%3Fadd%3D20568435%26t%3D1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 10 Sep 2022 09:45:36 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: a3277c78-7035-4e64-a4cd-89b868d4efbf
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2Hbxv=d^U!@wnf-Te9(>wL5L!!'W<$m2mW; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 09-Dec-2022 09:45:36 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

secure.adnxs.com/bounce?%2Fpx%3Fid%3D1233559%26t%3D1

37.252.172.37

200 OK

0 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fpx%3Fid%3D1233559%26t%3D1
IP
37.252.172.37:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bounce?%2Fpx%3Fid%3D1233559%26t%3D1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 10 Sep 2022 09:45:36 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 110221ff-81a3-422c-8b5c-56ee6e86764d
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

my.rtmark.net/p.js?f=sync&lr=1&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc

139.45.195.8

200 OK

697 B

URL HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
ASCII text
Size
697 B (697 bytes)
Hash
0a83632b91c4814fb4ca5fdaeaf8feb6
e7f4f82e1c0f9228e531dfb335cd595de2785fb5
48aba20e2721ef10913638f8c60a47bf9a46772817687ae9b33ce8cb7cd3de27

HTTP Headers

GET /p.js?f=sync&lr=1&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

www.powerplay.com/images/favicon-96x96.png

104.18.5.148

200 OK

1.2 kB

URL HTTP/2
www.powerplay.com/images/favicon-96x96.png
IP
104.18.5.148:0
ASN
#13335 CLOUDFLARENET

File type
RIFF (little-endian) data, Web/P image\012- data
Size
1.2 kB (1222 bytes)
Hash
6856d6c8d3a2699b27ae4ab88a785a8c
357fe6c974731c0e250b16f137b7b259a20a688f
e4e75bc467daa47d8f6d66717a327e2880de4c656c51a5e7b1e822dac684794d

HTTP Headers

GET /images/favicon-96x96.png HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341
Cookie: SERVERID=tc-app7|Yxxcw|Yxxcw; __cf_bm=uX2mhECvgRdVXVyvf4o.5RSpaERnfySxSTpjLy0usc8-1662803135-0-AfezhvETsJUO1ZmDWmeUkVSCMCAeCHYATbpBwzGG9UcMXmbUZl6v6BOuirvDqIwIXb4WZodJpX4t0OSckPxkaHSoyBcaBLokh+/M/txmIvzj; JSESSIONID="5SJ21l2sIMos9Uq_BRdfkSJsLtKzguEkJVxIG04y.tc-app7.rs.fsbtech.com:tc-app7.rs.fsbtech.com-wildfly"; currencyCode=USD; languageId=1; localeKey=en; siteId=222
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: image/webp
content-length: 1222
cf-ray: 74873b53395c1c0e-OSL
accept-ranges: bytes
age: 38449
cache-control: public, max-age=31536000
content-disposition: inline; filename="favicon-96x96.webp"
etag: "5f3fd70e-b50"
expires: Sun, 10 Sep 2023 09:45:36 GMT
last-modified: Fri, 21 Aug 2020 14:15:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept, Accept-Encoding
cf-cache-status: HIT
cf-bgj: imgq:100,h2pri
cf-polished: origFmt=png, origSize=2896
x-content-type-options: nosniff
server: cloudflare
X-Firefox-Spdy: h2

www.google-analytics.com/analytics.js

142.250.74.174

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20006 bytes)
Hash
56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Sat, 10 Sep 2022 08:41:12 GMT
expires: Sat, 10 Sep 2022 10:41:12 GMT
cache-control: public, max-age=7200
age: 3864
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.powerplay.com/images/favicon-16x16.png

104.18.5.148

200 OK

1.2 kB

URL HTTP/2
www.powerplay.com/images/favicon-16x16.png
IP
104.18.5.148:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Size
1.2 kB (1201 bytes)
Hash
701968833e9c077cb63d057bbd3389ee
7a07b3c1e2ec4e37f08b4b2c7bc0d4dda73a9427
f336eadbe0ce5b00969f8b248263c8b4a8ac80f38bb1cba29e0887962ef64c08

HTTP Headers

GET /images/favicon-16x16.png HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341
Cookie: SERVERID=tc-app7|Yxxcw|Yxxcw; __cf_bm=uX2mhECvgRdVXVyvf4o.5RSpaERnfySxSTpjLy0usc8-1662803135-0-AfezhvETsJUO1ZmDWmeUkVSCMCAeCHYATbpBwzGG9UcMXmbUZl6v6BOuirvDqIwIXb4WZodJpX4t0OSckPxkaHSoyBcaBLokh+/M/txmIvzj; JSESSIONID="5SJ21l2sIMos9Uq_BRdfkSJsLtKzguEkJVxIG04y.tc-app7.rs.fsbtech.com:tc-app7.rs.fsbtech.com-wildfly"; currencyCode=USD; languageId=1; localeKey=en; siteId=222
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: image/png
content-length: 1201
cf-ray: 74873b53395f1c0e-OSL
accept-ranges: bytes
cache-control: public, max-age=31536000
etag: "5f3fd70e-4b1"
expires: Sun, 10 Sep 2023 09:45:36 GMT
last-modified: Fri, 21 Aug 2020 14:15:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
cf-cache-status: MISS
x-content-type-options: nosniff
server: cloudflare
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6196248d34769fa746f3ce857cca25e3
7056a0fdc2a1f06e809165462c11e90cce742e3b
f0a10f2f7961a948de7f64b7530139b1a8abf691fd981f1b5a7c1afff2229c75

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F0A10F2F7961A948DE7F64B7530139B1A8ABF691FD981F1B5A7C1AFFF2229C75"
Last-Modified: Thu, 08 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5220
Expires: Sat, 10 Sep 2022 11:12:36 GMT
Date: Sat, 10 Sep 2022 09:45:36 GMT
Connection: keep-alive

secure.adnxs.com/seg?add=25129714&t=2

37.252.172.37

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/seg?add=25129714&t=2
IP
37.252.172.37:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /seg?add=25129714&t=2 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 10 Sep 2022 09:45:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D25129714%26t%3D2
AN-X-Request-Uuid: 82acc97f-cd5e-45c4-b035-602afb3d3628
Set-Cookie: uuid2=4463552824729030432; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 09-Dec-2022 09:45:36 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

secure.adnxs.com/getuidnb?https%3A//zz.connextra.com/sync/data/uid/3bc1d7fd2e/%24UID

37.252.172.37

200 OK

43 B

URL HTTP/1.1
secure.adnxs.com/getuidnb?https%3A//zz.connextra.com/sync/data/uid/3bc1d7fd2e/%24UID
IP
37.252.172.37:0
ASN
#29990 ASN-APPNEX

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

HTTP Headers

GET /getuidnb?https%3A//zz.connextra.com/sync/data/uid/3bc1d7fd2e/%24UID HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 10 Sep 2022 09:45:36 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: c60f5072-c3c7-49e9-869b-cc5ccee944f4
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1bad01c158d92fcd63486d8e0c19be72
c0fa8579196afe2054809567a6cd6170706fc21f
6e5100d3b1322de7d10e177d36f4fc11fcbd8f9437ca18a4b3a782ac41df40a4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4342
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 09:45:36 GMT
Last-Modified: Sat, 10 Sep 2022 08:33:14 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

unphionetor.com/vctx?t=93873

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vctx?t=93873
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /vctx?t=93873 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
access-control-allow-origin: https://www.powerplay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: f0825cc1b7470fc7997b1de1d4697861
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

www.powerplay.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1662796800

104.18.5.148

200 OK

13 kB

URL HTTP/2
www.powerplay.com/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1662796800
IP
104.18.5.148:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (37858), with no line terminators
Size
13 kB (13317 bytes)
Hash
7a623fb7f09d75fca6245d9fa6d2de92
910e410d5555281603a761c092c62856afb0e7f3
0f27abbfac7926b2a803a6def98825cf8b0f47b2bc46adedf547f2b8daefe11a

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1662796800 HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: SERVERID=tc-app7|Yxxcw|Yxxcw; __cf_bm=uX2mhECvgRdVXVyvf4o.5RSpaERnfySxSTpjLy0usc8-1662803135-0-AfezhvETsJUO1ZmDWmeUkVSCMCAeCHYATbpBwzGG9UcMXmbUZl6v6BOuirvDqIwIXb4WZodJpX4t0OSckPxkaHSoyBcaBLokh+/M/txmIvzj; JSESSIONID="5SJ21l2sIMos9Uq_BRdfkSJsLtKzguEkJVxIG04y.tc-app7.rs.fsbtech.com:tc-app7.rs.fsbtech.com-wildfly"; currencyCode=USD; languageId=1; localeKey=en; siteId=222; _ga=GA1.2.609698399.1662803127; _gid=GA1.2.470694657.1662803127; _gat=1; fsb-powerplay-affiliates=%7B%22affiliateName%22%3A%22btag%22%2C%22affiliateValue%22%3A%22a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%22%7D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: application/javascript; charset=UTF-8
x-control-type-options: nosniff
cache-control: max-age=14400, public
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74873b53e9eb1c0e-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
c4817d5bd6e9217486b6902cbfeb77de
dd78b2316b51baa1cdae4ee1f0039d4596a04df5
16758a5ac0d04f09e5560c574a44033b0694236233249c4779b20726bd4b0aeb

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 10 Sep 2022 09:45:36 GMT
Last-Modified: Sat, 10 Sep 2022 08:18:55 GMT
Server: ECS (nyb/1D1C)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: oEp0oVMhLnz2uWxNim8-d-1TvTTUsnwVV-xh_EPsuHroXm4sVUDj6Q==
Age: 5201

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
79d3701113e0492894faf047ea0f1d6f
f635cec8700bd73ea3c5622e58309279022f34f7
09c23c0b1c64dddc39926dcdc768789a196808dca2c2d2024ca181392588d21c

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sat, 10 Sep 2022 09:45:36 GMT
Last-Modified: Sat, 10 Sep 2022 09:08:12 GMT
Server: ECS (nyb/1D20)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: _c8UCzOICsxG9mlYAjQoLvdk-j2omCzPbLlz_6chfc-EnSbhFch2mg==
Age: 2244

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
5fec0d0be3fc4f43bd2805194e0684f5
b87965936d5ba68584c93e05dcab689d91180771
fcfdc5b688da2814381dd9f38e56db42d5c1b01d5ab31a87babf779e4cb1f388

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FCFDC5B688DA2814381DD9F38E56DB42D5C1B01D5AB31A87BABF779E4CB1F388"
Last-Modified: Fri, 09 Sep 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Sat, 10 Sep 2022 15:45:36 GMT
Date: Sat, 10 Sep 2022 09:45:36 GMT
Connection: keep-alive

segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1509&value=

52.51.145.228

303 See Other

0 B

URL HTTP/1.1
segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1509&value=
IP
52.51.145.228:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1509&value= HTTP/1.1
Host: segment.prod.bidr.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 303 See Other
Date: Sat, 10 Sep 2022 09:45:36 GMT
location: https://segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1509&value=&_bee_ppp=1
Server: nginx
set-cookie: checkForPermission=ok; Domain=bidr.io; expires=Sat, 10 Sep 2022 09:55:36 GMT; Path=/; SameSite=None; Secure
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

match.prod.bidr.io/cookie-sync/geniussports

52.50.89.178

303 See Other

0 B

URL HTTP/1.1
match.prod.bidr.io/cookie-sync/geniussports
IP
52.50.89.178:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cookie-sync/geniussports HTTP/1.1
Host: match.prod.bidr.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 303 See Other
Date: Sat, 10 Sep 2022 09:45:36 GMT
location: https://match.prod.bidr.io/cookie-sync/geniussports?_bee_ppp=1
Server: nginx
set-cookie: checkForPermission=ok; Domain=bidr.io; expires=Sat, 10 Sep 2022 09:55:36 GMT; Path=/; SameSite=None; Secure
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

secure.adnxs.com/px?id=1184078&t=1

37.252.172.37

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/px?id=1184078&t=1
IP
37.252.172.37:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /px?id=1184078&t=1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 10 Sep 2022 09:45:36 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1184078%26t%3D1
AN-X-Request-Uuid: 09a24d19-f95c-4efe-af34-c9c38e55e3a4
Set-Cookie: uuid2=1873454699362097680; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 09-Dec-2022 09:45:36 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

zz.connextra.com/PowerPlay/dcs/tagController/tagData/770b6a2a5625

104.85.191.64

200 OK

0 B

URL HTTP/2
zz.connextra.com/PowerPlay/dcs/tagController/tagData/770b6a2a5625
IP
104.85.191.64:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /PowerPlay/dcs/tagController/tagData/770b6a2a5625 HTTP/1.1
Host: zz.connextra.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 44
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://www.powerplay.com
vary: Origin
p3p: CP=NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR SAMa BUS IND UNI PUR COM NAV
content-type: text/plain
content-length: 0
date: Sat, 10 Sep 2022 09:45:36 GMT
set-cookie: CxtId=29684b43-d061-4672-b6d1-bc5055801ddb; Domain=.connextra.com; Expires=Mon, 09-Sep-2024 09:45:36 GMT; Path=/; Secure; SameSite=None
PowerPlay=P%7Clandingpage%7C1%7C202209101045; Domain=.connextra.com; Expires=Sun, 10-Sep-2023 09:45:36 GMT; Path=/; Secure; HttpOnly; SameSite=None
X-Firefox-Spdy: h2

secure.adnxs.com/bounce?%2Fseg%3Fadd%3D25129714%26t%3D2

37.252.172.37

200 OK

43 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D25129714%26t%3D2
IP
37.252.172.37:0
ASN
#29990 ASN-APPNEX

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

HTTP Headers

GET /bounce?%2Fseg%3Fadd%3D25129714%26t%3D2 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 10 Sep 2022 09:45:36 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: deb0bb39-5285-4084-9b31-aaf950439327
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2Hbxv=d^U!@wnf-Te9(>wL5L!!'W<$m2mW; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 09-Dec-2022 09:45:36 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8060
Expires: Sat, 10 Sep 2022 11:59:56 GMT
Date: Sat, 10 Sep 2022 09:45:36 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
97e5566c275b9fe27464690811145846
fa8973c8004db59d9a8fd46e9743fb6c9a8d3efd
e77cd1a4510c736e628aa10719f7694d7c7fef15adf1a449d800f90cde76fb88

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 09:45:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1509&value=&_bee_ppp=1

52.51.145.228

200 OK

43 B

URL HTTP/1.1
segment.prod.bidr.io/associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1509&value=&_bee_ppp=1
IP
52.51.145.228:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
f837aa60b6fe83458f790db60d529fc9
14af87ccec7f81bb28d53c84da2fd5a9d5925cda
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

HTTP Headers

GET /associate-segment?buzz_key=geniussportsmedia&segment_key=geniussportsmedia-1509&value=&_bee_ppp=1 HTTP/1.1
Host: segment.prod.bidr.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
cache-control: no-cache, must-revalidate
content-type: image/gif
Date: Sat, 10 Sep 2022 09:45:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: CP="This is not a P3P policy! See https://beeswax.com/privacy for more info."
pragma: no-cache
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 43
Connection: keep-alive

www.powerplay.com/cdn-cgi/rum?

104.18.5.148

200 OK

523 B

URL HTTP/2
www.powerplay.com/cdn-cgi/rum?
IP
104.18.5.148:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
523 B (523 bytes)
Hash
7f717217ca95d6f1ae19f94f8893cb7f
a47a78576231744689b05433e82c74c6d445c91d
4ab80851780e7836b6a5bb42a7695b0055fd3343481f924996af17a6d9afcf4e

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 9936
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341
Cookie: SERVERID=tc-app7|Yxxcw|Yxxcw; __cf_bm=uX2mhECvgRdVXVyvf4o.5RSpaERnfySxSTpjLy0usc8-1662803135-0-AfezhvETsJUO1ZmDWmeUkVSCMCAeCHYATbpBwzGG9UcMXmbUZl6v6BOuirvDqIwIXb4WZodJpX4t0OSckPxkaHSoyBcaBLokh+/M/txmIvzj; JSESSIONID="5SJ21l2sIMos9Uq_BRdfkSJsLtKzguEkJVxIG04y.tc-app7.rs.fsbtech.com:tc-app7.rs.fsbtech.com-wildfly"; currencyCode=USD; languageId=1; localeKey=en; siteId=222; _ga=GA1.2.609698399.1662803127; _gid=GA1.2.470694657.1662803127; _gat=1; fsb-powerplay-affiliates=%7B%22affiliateName%22%3A%22btag%22%2C%22affiliateValue%22%3A%22a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: text/plain
access-control-allow-origin: https://www.powerplay.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 74873b542a341c0e-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

secure.adnxs.com/bounce?%2Fpx%3Fid%3D1184078%26t%3D1

37.252.172.37

200 OK

0 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fpx%3Fid%3D1184078%26t%3D1
IP
37.252.172.37:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bounce?%2Fpx%3Fid%3D1184078%26t%3D1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 10 Sep 2022 09:45:36 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 94b73cbd-3fa2-4add-a19b-1a61717f083c
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

unphionetor.com/vbl?t=93873&bid=undefined&aid=undefined

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbl?t=93873&bid=undefined&aid=undefined
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbl?t=93873&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
access-control-allow-origin: https://www.powerplay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 219b02a85eeb5ad6ffce9e81be4b49c5
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e0fbe5627b19e9ad7ad4d40c96514ae9
d9d361271987c5947d96ddacc67efb3f3a32bbd3
48b4321f3bda8fd67c5bc75f98b0dfe6df2bfda8dcf5e708aecd47270ae03217

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "48B4321F3BDA8FD67C5BC75F98B0DFE6DF2BFDA8DCF5E708AECD47270AE03217"
Last-Modified: Wed, 07 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8060
Expires: Sat, 10 Sep 2022 11:59:56 GMT
Date: Sat, 10 Sep 2022 09:45:36 GMT
Connection: keep-alive

match.prod.bidr.io/cookie-sync/geniussports?_bee_ppp=1

52.50.89.178

303 See Other

0 B

URL HTTP/1.1
match.prod.bidr.io/cookie-sync/geniussports?_bee_ppp=1
IP
52.50.89.178:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cookie-sync/geniussports?_bee_ppp=1 HTTP/1.1
Host: match.prod.bidr.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 303 See Other
Date: Sat, 10 Sep 2022 09:45:36 GMT
location: https://zz.connextra.com/sync/data/uid/508a5e2dd5/
Server: nginx
strict-transport-security: max-age=2592000; includeSubDomains
Content-Length: 0
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9766 bytes)
Hash
7ade70e6dbcfb3ca1765f95112671e69
3768753be084c0e0fc268be5b192d02d769114b6
9670a3bf2476ba193cfeb3153c1254bdcfc980a28503dda0d9b398a3a59f53f4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F0bedecf7-d9af-4aa7-88b0-94b2a33f9e1a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9766
x-amzn-requestid: 720a4111-91de-4672-88c8-f40db517c07d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YHsjRE13oAMFbCA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63195ae1-288f1f5456bf4d146dcf774c;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 03:00:49 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: CjZw9xgHd4_7KvhiiZEIBivRgoQeh1BYxEc_bOBbTvWoqHgTPq0sSA==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 d2575afea3774df33dcf5e5ff475025e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 10 Sep 2022 05:37:01 GMT
age: 14915
etag: "3768753be084c0e0fc268be5b192d02d769114b6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2870416f-af1f-4974-b2d6-6b422a759e47.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.7 kB (2710 bytes)
Hash
c2549cb0e74144549e3da7447e72ea08
c73bee4e6aa14a00d91ca04bfcdd6cdc0f9aa34d
f90977f626b8daf1571a7004b9db78a2267f8a889572a1f5a41960732f85e574

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2870416f-af1f-4974-b2d6-6b422a759e47.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2710
x-amzn-requestid: 413a3afc-fc8a-4758-87dd-75ef70d07060
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNjs3FO7IAMF1Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb31e-43b304f11c99f28e5b0b36a4;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xL15naFm_sW6PT7iYJLoThwfPyoVPTjPcPuqWw5zJf57Rk9oYrnmlw==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 22:17:14 GMT
age: 41302
etag: "c73bee4e6aa14a00d91ca04bfcdd6cdc0f9aa34d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5def240-4ed3-41d4-8b6e-a1fa4a410f93.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6667 bytes)
Hash
d89faac48bf00a6c9f164a274a13ed2f
7e7e2d0ed77a8392ee6f5c939f3ade9f62a0c606
afcf733c808403b8608d92f1117cc66e34aa9fa6266aadb973449150fbfb57f2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa5def240-4ed3-41d4-8b6e-a1fa4a410f93.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6667
x-amzn-requestid: 4fcb8697-073d-4664-8efe-db88e6de9d0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNjs3GIyoAMFQ_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb31e-4ef7c76671cea89d0f6e43c8;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: EMsT7bGLgFiFUf1-iLOqeS8Q6j_U4vO771766CxZG2TQqGbwO7YBBQ==
via: 1.1 56c69262ecfa7873b40572ba8a323242.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 22:13:18 GMT
age: 41538
etag: "7e7e2d0ed77a8392ee6f5c939f3ade9f62a0c606"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a40490a-216d-49e4-bfae-20c0ba1e9616.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4434 bytes)
Hash
0fd70eea0aa5e563509d9e2c0ae25050
75438d4566755201604bebadec4b699ba585b62b
584534a66a490a6a5f217b484edc5aebbb3076f70280984fecd724138420331c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1a40490a-216d-49e4-bfae-20c0ba1e9616.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4434
x-amzn-requestid: d2239717-afaf-485c-b238-e421f3f2750f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNjs3GsCoAMFTYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb31e-4d779e9e395f30db784955e7;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:41:50 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: hW6DClTvHw4WjHttC_4SBQBO0E8cAi1GnufETnH2OzaUP0EAj0S14g==
via: 1.1 1ec2938341958d70d56193d709c89dee.cloudfront.net (CloudFront), 1.1 a8e5d5aeee6eacca5c379e5059b1f68c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:53:49 GMT
age: 42707
etag: "75438d4566755201604bebadec4b699ba585b62b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-119769874-1&cid=609698399.1662803127&jid=1184507161&gjid=443011946&_gid=470694657.1662803127&_u=IEBAAEAAAAAAAC~&z=525417053

142.251.1.154

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-119769874-1&cid=609698399.1662803127&jid=1184507161&gjid=443011946&_gid=470694657.1662803127&_u=IEBAAEAAAAAAAC~&z=525417053
IP
142.251.1.154:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j96&tid=UA-119769874-1&cid=609698399.1662803127&jid=1184507161&gjid=443011946&_gid=470694657.1662803127&_u=IEBAAEAAAAAAAC~&z=525417053 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://www.powerplay.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 10 Sep 2022 09:45:36 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb150ddb5-18a6-405d-8041-cdea0c0e6a85.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8266 bytes)
Hash
d21a3e07583d9fad4104b6457f7915e7
fdc9453562f993e2545ca99731a7741e748b6082
8ea38264c82c6b544447079cc92eae70d0968a070ba39022af0e18c498916338

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb150ddb5-18a6-405d-8041-cdea0c0e6a85.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8266
x-amzn-requestid: 3411ec4b-ac18-4b4e-8876-c99b94d3a4a3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNitWEjhIAMFWpw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb188-4d9e496e7ff141b46748d850;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:35:04 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Hit from cloudfront
x-amz-cf-id: vyV1_onImxuLNGp4UI1W5grcuVW3LHJFJjvmO0VXU-OYorF6RVcoDw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 7d01bcfcfe27ce0b8979cf621dd081de.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:51:58 GMT
age: 42818
etag: "fdc9453562f993e2545ca99731a7741e748b6082"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9009587-828b-4a7a-8b84-f28d4b93cdef.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.5 kB (7515 bytes)
Hash
60fa03262bb3728f24a4c7a8177ec788
09dcbdc6043f01dd56920cca3ce3920d0d07b795
e7448f186933f9848f1d55f0e8dba593918846d02fb9cc3a7cd86d69b96a7fde

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9009587-828b-4a7a-8b84-f28d4b93cdef.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7515
x-amzn-requestid: bb6a7928-9bdc-44e7-8478-b415bc504343
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YJu0bGYdoAMF5jQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631a2b4f-208339fd72e62dff4a2ba339;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 17:50:07 GMT
x-amz-cf-pop: SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: UaU9GK4lcCuAN2WghBDa7f-21dRTA4Fh1tlAmGFMKh4wQOGZlKdmOw==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 21:46:20 GMT
age: 43156
etag: "09dcbdc6043f01dd56920cca3ce3920d0d07b795"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

zz.connextra.com/sync/data/uid/6c883bd680/0254631c-5cc0-4f00-aafb-30f252f39201

104.85.191.64

200 OK

64 B

URL HTTP/2
zz.connextra.com/sync/data/uid/6c883bd680/0254631c-5cc0-4f00-aafb-30f252f39201
IP
104.85.191.64:0
ASN
#16625 AKAMAI-AS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
64 B (64 bytes)
Hash
28eef568735b80a8332521d787dd86bb
28f5f77711609381a229447f8560d374d0eadc62
09cf0142653a98e763b6a79dae28efd223810b8fb099beb9f573306fd626fc02

HTTP Headers

GET /sync/data/uid/6c883bd680/0254631c-5cc0-4f00-aafb-30f252f39201 HTTP/1.1
Host: zz.connextra.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/gif
p3p: CP=NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR SAMa BUS IND UNI PUR COM NAV
vary: accept-encoding
content-encoding: gzip
x-envoy-upstream-service-time: 1
server: istio-envoy
expires: Sat, 10 Sep 2022 09:45:37 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 10 Sep 2022 09:45:37 GMT
content-length: 64
set-cookie: CxtId=8a100303-edab-4c83-aa0c-ff47a934a656; Domain=.connextra.com; Expires=Sun, 10-Sep-2023 09:45:36 GMT; Path=/; Secure
ex_uuid=6c883bd680%2C0254631c-5cc0-4f00-aafb-30f252f39201; Domain=.connextra.com; Expires=Sun, 10-Sep-2023 09:45:36 GMT; Path=/; Secure
X-Firefox-Spdy: h2

secure.adnxs.com/seg?add=19736723&t=1

37.252.172.37

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/seg?add=19736723&t=1
IP
37.252.172.37:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /seg?add=19736723&t=1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 10 Sep 2022 09:45:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D19736723%26t%3D1
AN-X-Request-Uuid: a9782e7c-90d5-4838-8097-0a870a1d9137
Set-Cookie: uuid2=2026985454116788883; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 09-Dec-2022 09:45:37 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

pixel.mathtag.com/event/js?mt_id=1518345&mt_adid=243239&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=

23.38.200.207

200 OK

1.5 kB

URL HTTP/1.1
pixel.mathtag.com/event/js?mt_id=1518345&mt_adid=243239&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3=
IP
23.38.200.207:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
1.5 kB (1493 bytes)
Hash
7cdb7a7c5f3e85248ce8cc9f099bb278
7561fcc2d8e1c1a34d74099f1767fd7d637910c0
29f33163548ed58cc9b9eb8277f40c3d397a379b65c5081b534cb833b4ec2795

HTTP Headers

GET /event/js?mt_id=1518345&mt_adid=243239&mt_exem=&mt_excl=&v1=&v2=&v3=&s1=&s2=&s3= HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 1493
Access-Control-Allow-Origin: *
Server: MT3 4505 5b23575 master ord-pixel-x10 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Sat, 10 Sep 2022 09:45:35 GMT
Date: Sat, 10 Sep 2022 09:45:37 GMT
Connection: keep-alive
Set-Cookie: uuid=74c0631c-5cc1-4a00-9fd7-d9f67d93fc07; domain=.mathtag.com; path=/; expires=Sun, 08-Oct-2023 09:45:37 GMT; SameSite=None; Secure

secure.adnxs.com/bounce?%2Fseg%3Fadd%3D19736723%26t%3D1

37.252.172.37

200 OK

0 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D19736723%26t%3D1
IP
37.252.172.37:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bounce?%2Fseg%3Fadd%3D19736723%26t%3D1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 10 Sep 2022 09:45:37 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 08689fde-72c4-439d-b011-d55996dcdb70
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2Hc#v=d^U!@wnf-Te9(>wL5L!!'X)$mX.[; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 09-Dec-2022 09:45:37 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

zz.connextra.com/sync/data/uid/508a5e2dd5/

104.85.191.64

200 OK

64 B

URL HTTP/2
zz.connextra.com/sync/data/uid/508a5e2dd5/
IP
104.85.191.64:0
ASN
#16625 AKAMAI-AS

File type
GIF image data, version 89a, 1 x 1\012- data
Size
64 B (64 bytes)
Hash
28eef568735b80a8332521d787dd86bb
28f5f77711609381a229447f8560d374d0eadc62
09cf0142653a98e763b6a79dae28efd223810b8fb099beb9f573306fd626fc02

HTTP Headers

GET /sync/data/uid/508a5e2dd5/ HTTP/1.1
Host: zz.connextra.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
content-type: image/gif
p3p: CP=NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR SAMa BUS IND UNI PUR COM NAV
vary: accept-encoding
content-encoding: gzip
x-envoy-upstream-service-time: 0
server: istio-envoy
expires: Sat, 10 Sep 2022 09:45:37 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sat, 10 Sep 2022 09:45:37 GMT
content-length: 64
set-cookie: CxtId=a5b8733c-aa84-443e-a575-6d52153cb8d8; Domain=.connextra.com; Expires=Sun, 10-Sep-2023 09:45:37 GMT; Path=/; Secure
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
97e5566c275b9fe27464690811145846
fa8973c8004db59d9a8fd46e9743fb6c9a8d3efd
e77cd1a4510c736e628aa10719f7694d7c7fef15adf1a449d800f90cde76fb88

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 09:45:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
18d9c80e93810b52880aab445613e4b7
ca08ea7190fac815eae23eb6022d7f524694a518
6ed2db33b116fbb84b14f8509886515c5b9d8277437c8ac00b5735712f7f662f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 09:45:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

secure.adnxs.com/seg?add=19996931&t=1

37.252.172.37

307 Redirection

0 B

URL HTTP/1.1
secure.adnxs.com/seg?add=19996931&t=1
IP
37.252.172.37:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /seg?add=19996931&t=1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sat, 10 Sep 2022 09:45:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D19996931%26t%3D1
AN-X-Request-Uuid: 3b78afcd-fc4d-44b3-9f80-7b6b58418c6a
Set-Cookie: uuid2=1818064171289763399; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 09-Dec-2022 09:45:37 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
e66743a6c60c1181d7f47c7f748ddfa3
97e333fac41fce213aeda4a42c79b0c5077e26c0
498cbdcbc5fed75df7e4974b21f3be66580dd169b8c82e76c69a823567e27ab6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 09:45:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-119769874-1&cid=609698399.1662803127&jid=1184507161&_u=IEBAAEAAAAAAAC~&z=1326396833

142.250.74.3

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-119769874-1&cid=609698399.1662803127&jid=1184507161&_u=IEBAAEAAAAAAAC~&z=1326396833
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-119769874-1&cid=609698399.1662803127&jid=1184507161&_u=IEBAAEAAAAAAAC~&z=1326396833 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 Sep 2022 09:45:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-119769874-1&cid=609698399.1662803127&jid=1184507161&_u=IEBAAEAAAAAAAC~&z=1326396833

142.250.74.164

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-119769874-1&cid=609698399.1662803127&jid=1184507161&_u=IEBAAEAAAAAAAC~&z=1326396833
IP
142.250.74.164:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j96&tid=UA-119769874-1&cid=609698399.1662803127&jid=1184507161&_u=IEBAAEAAAAAAAC~&z=1326396833 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 10 Sep 2022 09:45:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

secure.adnxs.com/bounce?%2Fseg%3Fadd%3D19996931%26t%3D1

37.252.172.37

200 OK

0 B

URL HTTP/1.1
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D19996931%26t%3D1
IP
37.252.172.37:0
ASN
#29990 ASN-APPNEX

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /bounce?%2Fseg%3Fadd%3D19996931%26t%3D1 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.powerplay.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 10 Sep 2022 09:45:37 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
AN-X-Request-Uuid: 31041bcf-4da1-4bd9-ba99-be94c0163c00
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2Hc#v=d^U!@wnf-Te9(>wL5L!!'X)$mX.[; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 09-Dec-2022 09:45:37 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 691.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

my.rtmark.net/img.gif?f=sync&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8&ttl=&rurl=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%26siteid%3D36341

139.45.195.8

200 OK

43 B

URL HTTP/2
my.rtmark.net/img.gif?f=sync&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8&ttl=&rurl=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%26siteid%3D36341
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&partner=52864f820dd3c23ced7f97ddf958a3c34eb6ec6729f377638d8ff5ebbf8d4ce8&ttl=&rurl=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%26siteid%3D36341 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:37 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3be7d90fad24477e878a9f396f4edf85; expires=Sun, 10 Sep 2023 09:45:37 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=sync&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc&ttl=&rurl=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%26siteid%3D36341

139.45.195.8

200 OK

43 B

URL HTTP/2
my.rtmark.net/img.gif?f=sync&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc&ttl=&rurl=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%26siteid%3D36341
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&partner=9403e23e5c2aba337796ba9cfd81756032c1ed5a3c8bbb94a820b4f32396f4dc&ttl=&rurl=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%26siteid%3D36341 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:37 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3a00c12fda834f178ea25bb176548486; expires=Sun, 10 Sep 2023 09:45:37 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
18d9c80e93810b52880aab445613e4b7
ca08ea7190fac815eae23eb6022d7f524694a518
6ed2db33b116fbb84b14f8509886515c5b9d8277437c8ac00b5735712f7f662f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 09:45:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

pixel.mathtag.com/sync/iframe?mt_uuid=74c0631c-5cc1-4a00-9fd7-d9f67d93fc07&no_iframe=1&mt_adid=243239&source=mathtag

23.38.200.207

200 OK

713 B

URL HTTP/1.1
pixel.mathtag.com/sync/iframe?mt_uuid=74c0631c-5cc1-4a00-9fd7-d9f67d93fc07&no_iframe=1&mt_adid=243239&source=mathtag
IP
23.38.200.207:0
ASN
#16625 AKAMAI-AS

File type
HTML document text\012- HTML document, ASCII text
Size
713 B (713 bytes)
Hash
f853f2ecf3f2d763c4057f4ff5c3e4e8
0f9ca6de16aa4261f1202443311462a81717dd85
8040be8c28a19b0f78481f2da17e7220e75adde27eb9713ff626652a066f92da

HTTP Headers

GET /sync/iframe?mt_uuid=74c0631c-5cc1-4a00-9fd7-d9f67d93fc07&no_iframe=1&mt_adid=243239&source=mathtag HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 713
Access-Control-Allow-Origin: *
Server: MT3 4505 5b23575 master ord-pixel-x2 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Sat, 10 Sep 2022 09:45:36 GMT
Date: Sat, 10 Sep 2022 09:45:37 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.3

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.3:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
90af7f9fc306540e02535db3d00dca64
9e05b003b35ed57277b6b295adde93add7c41b0b
64abd990305ef3f25ffb3fb2ccae04b76e178375752ecb2020411df8f7974fcf

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 10 Sep 2022 09:45:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0

23.38.200.207

200 OK

0 B

URL HTTP/1.1
pixel.mathtag.com/comp/img?mt_id=99&ns=xx&bcdv=0
IP
23.38.200.207:0
ASN
#16625 AKAMAI-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /comp/img?mt_id=99&ns=xx&bcdv=0 HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 0
Access-Control-Allow-Origin: *
Server: MT3 4505 5b23575 master ord-pixel-x49 config:1.0.0
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Expires: Sat, 10 Sep 2022 09:45:36 GMT
Date: Sat, 10 Sep 2022 09:45:37 GMT
Connection: keep-alive
Set-Cookie: uuid=566f631c-5cc1-4400-b7aa-8e5ff8d0a817; domain=.mathtag.com; path=/; expires=Sun, 08-Oct-2023 09:45:37 GMT; SameSite=None; Secure

acdn.adnxs.com/dmp/up/pixie.js

23.38.200.189

200 OK

3.3 kB

URL HTTP/1.1
acdn.adnxs.com/dmp/up/pixie.js
IP
23.38.200.189:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (9139), with no line terminators
Size
3.3 kB (3340 bytes)
Hash
75b9af81e30e45403e6856566e888545
d013e9a47331447f32c2bdf6f35b286e711788f0
dd26e2e55783f6174ceea7c7a3b10e5af1c7fca56fc2543956a38b848f32a151

HTTP Headers

GET /dmp/up/pixie.js HTTP/1.1
Host: acdn.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Last-Modified: Wed, 02 Jun 2021 15:04:00 GMT
ETag: "60b79de0-23b3"
Server: nginx/1.18.0 (Ubuntu)
Access-Control-Allow-Origin: *
Content-Type: application/javascript
Content-Encoding: gzip
Content-Length: 3340
Cache-Control: max-age=86402
Expires: Sun, 11 Sep 2022 09:45:39 GMT
Date: Sat, 10 Sep 2022 09:45:37 GMT
Connection: keep-alive
Vary: Accept-Encoding

ib.adnxs.com/pixie?e=PageView&pi=689728d9-60b8-4e36-ba76-2bfb9a87238d&it=1662803127702&v=0.0.20&u=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%26siteid%3D36341&st=1662803127702&et=1662803127703&if=0

37.252.173.215

200 OK

42 B

URL HTTP/1.1
ib.adnxs.com/pixie?e=PageView&pi=689728d9-60b8-4e36-ba76-2bfb9a87238d&it=1662803127702&v=0.0.20&u=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%26siteid%3D36341&st=1662803127702&et=1662803127703&if=0
IP
37.252.173.215:0
ASN
#29990 ASN-APPNEX

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /pixie?e=PageView&pi=689728d9-60b8-4e36-ba76-2bfb9a87238d&it=1662803127702&v=0.0.20&u=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%26siteid%3D36341&st=1662803127702&et=1662803127703&if=0 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sat, 10 Sep 2022 09:45:37 GMT
Content-Type: image/gif
Content-Length: 42
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 867.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com

in-automate.sendinblue.com/cm?uuid=1c1e40cf-9801-4720-abeb-a85a6480e575&key=gm86guigrko4zzgucol1x&cuid=6c597c7c-4645-4cee-8814-044751463e9b

104.17.9.12

204 No Content

0 B

URL HTTP/2
in-automate.sendinblue.com/cm?uuid=1c1e40cf-9801-4720-abeb-a85a6480e575&key=gm86guigrko4zzgucol1x&cuid=6c597c7c-4645-4cee-8814-044751463e9b
IP
104.17.9.12:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cm?uuid=1c1e40cf-9801-4720-abeb-a85a6480e575&key=gm86guigrko4zzgucol1x&cuid=6c597c7c-4645-4cee-8814-044751463e9b HTTP/1.1
Host: in-automate.sendinblue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://sibautomation.com
Connection: keep-alive
Referer: https://sibautomation.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sat, 10 Sep 2022 09:45:37 GMT
cf-ray: 74873b58b8c3b511-OSL
access-control-allow-origin: *
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-apo-via: origin,host
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

in-automate.sendinblue.com/p?key=gm86guigrko4zzgucol1x&cuid=6c597c7c-4645-4cee-8814-044751463e9b&ma_url=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%26siteid%3D36341&sib_type=page&ma_title=Online%20Betting%20%7C%20Live%20Casino%20%7C%20Bet%20with%20PowerPlay%20%7C%20Free%20Bet%20Offers&sib_name=Online%20Betting%20%7C%20Live%20Casino%20%7C%20Bet%20with%20PowerPlay%20%7C%20Free%20Bet%20Offers&ma_referrer=&ma_path=%2Flp%2FCA_LP_1000CB%2F

104.17.9.12

204 No Content

0 B

URL HTTP/2
in-automate.sendinblue.com/p?key=gm86guigrko4zzgucol1x&cuid=6c597c7c-4645-4cee-8814-044751463e9b&ma_url=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%26siteid%3D36341&sib_type=page&ma_title=Online%20Betting%20%7C%20Live%20Casino%20%7C%20Bet%20with%20PowerPlay%20%7C%20Free%20Bet%20Offers&sib_name=Online%20Betting%20%7C%20Live%20Casino%20%7C%20Bet%20with%20PowerPlay%20%7C%20Free%20Bet%20Offers&ma_referrer=&ma_path=%2Flp%2FCA_LP_1000CB%2F
IP
104.17.9.12:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p?key=gm86guigrko4zzgucol1x&cuid=6c597c7c-4645-4cee-8814-044751463e9b&ma_url=https%3A%2F%2Fwww.powerplay.com%2Flp%2FCA_LP_1000CB%2F%3Fbtag%3Da_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%26siteid%3D36341&sib_type=page&ma_title=Online%20Betting%20%7C%20Live%20Casino%20%7C%20Bet%20with%20PowerPlay%20%7C%20Free%20Bet%20Offers&sib_name=Online%20Betting%20%7C%20Live%20Casino%20%7C%20Bet%20with%20PowerPlay%20%7C%20Free%20Bet%20Offers&ma_referrer=&ma_path=%2Flp%2FCA_LP_1000CB%2F HTTP/1.1
Host: in-automate.sendinblue.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 204 No Content
date: Sat, 10 Sep 2022 09:45:37 GMT
cf-ray: 74873b59e9fbb511-OSL
access-control-allow-origin: *
cache-control: no-cache
cf-cache-status: DYNAMIC
cf-apo-via: origin,host
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

unphionetor.com/vbri?t=93873&bid=undefined&aid=undefined&tp=4353

139.45.197.236

204 No Content

0 B

URL HTTP/2
unphionetor.com/vbri?t=93873&bid=undefined&aid=undefined&tp=4353
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /vbri?t=93873&bid=undefined&aid=undefined&tp=4353 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Sat, 10 Sep 2022 09:45:38 GMT
access-control-allow-origin: https://www.powerplay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: fb81757b233dc93670552b5eee074efc
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8924b46b-4731-4526-b3b6-de366eb0e889.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.3 kB (5284 bytes)
Hash
aebe3c28455bc6c3da231ec6d873fb37
daf3fe4b0f004bc1bbd3b1acbc4f61d70ffcf2ff
efc51c27b859193ad35b279946c482784fff7429539c4b8bc35f09170fc0a904

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8924b46b-4731-4526-b3b6-de366eb0e889.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 5284
x-amzn-requestid: c7255083-dd50-40ae-82c8-fef8617930b7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YNkC0EF4IAMFe8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631bb3ab-28a11c9e09716207223f3eef;Sampled=0
x-amzn-remapped-date: Fri, 09 Sep 2022 21:44:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P2
x-cache: Miss from cloudfront
x-amz-cf-id: h8CF2LpA5oD8Q0__8Co4YygY44o5oYFprZ_LFyUFElJPc1U8Nyk2vg==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 79880188a81becf1687ba18c0e064230.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Sep 2022 22:13:11 GMT
age: 41552
etag: "daf3fe4b0f004bc1bbd3b1acbc4f61d70ffcf2ff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/uil.min.css

160.153.235.136

200 OK

0 B

URL HTTP/2
powerplay-content.com/assets/newcss_landing/uil.min.css
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/newcss_landing/uil.min.css HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: text/css
last-modified: Mon, 18 Jul 2022 15:26:11 GMT
vary: Accept-Encoding
etag: W/"62d57b93-110a1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2

powerplay-content.com/assets/newcss_landing/fonts.min.css

160.153.235.136

200 OK

0 B

URL HTTP/2
powerplay-content.com/assets/newcss_landing/fonts.min.css
IP
160.153.235.136:0
ASN
#21501 Host Europe GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /assets/newcss_landing/fonts.min.css HTTP/1.1
Host: powerplay-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: text/css
last-modified: Wed, 17 Mar 2021 09:41:15 GMT
vary: Accept-Encoding
etag: W/"6051cebb-b04"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
content-encoding: gzip
X-Firefox-Spdy: h2

sibautomation.com/sa.js?key=gm86guigrko4zzgucol1x

172.64.153.111

200 OK

0 B

URL HTTP/2
sibautomation.com/sa.js?key=gm86guigrko4zzgucol1x
IP
172.64.153.111:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /sa.js?key=gm86guigrko4zzgucol1x HTTP/1.1
Host: sibautomation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: text/javascript; charset=utf-8
cf-bgj: minify
cf-polished: origSize=10658
etag: W/"29a2-gRmwV3XPXh5L7NMphJcvqKdlvX8"
vary: Accept-Encoding
x-powered-by: Sails <sailsjs.com>
expires: Sat, 10 Sep 2022 09:46:36 GMT
cache-control: public, max-age=60
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-encoding: gzip
access-control-allow-origin: *
x-sib-server: SENDINBLUE-web1-2
x-content-type-options: nosniff
x-xss-protection: 1
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 74873b53ca111c12-OSL
X-Firefox-Spdy: h2

sibautomation.com/cm.html?key=gm86guigrko4zzgucol1x

172.64.153.111

200 OK

0 B

URL HTTP/2
sibautomation.com/cm.html?key=gm86guigrko4zzgucol1x
IP
172.64.153.111:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cm.html?key=gm86guigrko4zzgucol1x HTTP/1.1
Host: sibautomation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 09:45:37 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
cf-apo-via: origin,host
x-powered-by: Sails <sailsjs.com>
access-control-allow-origin: *
x-sib-server: SENDINBLUE-web1-2
x-content-type-options: nosniff
x-xss-protection: 1
last-modified: Fri, 09 Sep 2022 21:14:18 GMT
cf-cache-status: EXPIRED
expires: Sat, 10 Sep 2022 11:45:37 GMT
cache-control: public, max-age=7200
server: cloudflare
cf-ray: 74873b55ec091c12-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.powerplay.com/cdn-cgi/rum?

104.18.5.148

200 OK

0 B

URL HTTP/2
www.powerplay.com/cdn-cgi/rum?
IP
104.18.5.148:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 423
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341
Cookie: SERVERID=tc-app7|Yxxcw|Yxxcw; __cf_bm=wsSkGEeo5wQ1N5P9Vh._qHyIHTZjQOmThJfBlca7a7w-1662803136-0-AQ4UobQ+UQOtjwMiA6Xm9jLrr95vuWI3ON4Al3zBubVPSI6or1ewQuJe/atLO7zDT+Y6qdYjEMn3NoAfQTG6l16Tw1nId7HBSQ4/1aT0lmStq9Gl2G2AvnMybxhg3BifGUDRmHuQABfaFeJN++wX3HtWt4Ml9/pZB3q92WsUepcH7e2dDGaNQkw6CeI8K6X+0Q==; JSESSIONID="5SJ21l2sIMos9Uq_BRdfkSJsLtKzguEkJVxIG04y.tc-app7.rs.fsbtech.com:tc-app7.rs.fsbtech.com-wildfly"; currencyCode=USD; languageId=1; localeKey=en; siteId=222; _ga=GA1.2.609698399.1662803127; _gid=GA1.2.470694657.1662803127; _gat=1; fsb-powerplay-affiliates=%7B%22affiliateName%22%3A%22btag%22%2C%22affiliateValue%22%3A%22a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%22%7D; sib_cuid=6c597c7c-4645-4cee-8814-044751463e9b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 09:45:44 GMT
content-type: text/plain
access-control-allow-origin: https://www.powerplay.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 74873b82abd51c0e-OSL
x-frame-options: DENY
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

www.powerplay.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js

104.18.5.148

200 OK

0 B

URL HTTP/2
www.powerplay.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
104.18.5.148:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341
Cookie: SERVERID=tc-app7|Yxxcw|Yxxcw; __cf_bm=uX2mhECvgRdVXVyvf4o.5RSpaERnfySxSTpjLy0usc8-1662803135-0-AfezhvETsJUO1ZmDWmeUkVSCMCAeCHYATbpBwzGG9UcMXmbUZl6v6BOuirvDqIwIXb4WZodJpX4t0OSckPxkaHSoyBcaBLokh+/M/txmIvzj; JSESSIONID="5SJ21l2sIMos9Uq_BRdfkSJsLtKzguEkJVxIG04y.tc-app7.rs.fsbtech.com:tc-app7.rs.fsbtech.com-wildfly"; currencyCode=USD; languageId=1; localeKey=en; siteId=222
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 09:45:35 GMT
content-type: application/javascript
last-modified: Tue, 06 Sep 2022 17:30:56 GMT
etag: W/"631783d0-302c"
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74873b4e8d571c0e-OSL
x-frame-options: DENY
expires: Mon, 12 Sep 2022 09:45:35 GMT
cache-control: max-age=172800, public
content-encoding: gzip
X-Firefox-Spdy: h2

static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

172.64.156.26

200 OK

0 B

URL HTTP/2
static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
IP
172.64.156.26:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 10 Sep 2022 09:45:35 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2021.12.0
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 74873b4ecbe1b521-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

sibautomation.com/cdn-cgi/rum?

172.64.153.111

200 OK

0 B

URL HTTP/2
sibautomation.com/cdn-cgi/rum?
IP
172.64.153.111:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: sibautomation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1424
Origin: https://sibautomation.com
Connection: keep-alive
Referer: https://sibautomation.com/cm.html?key=gm86guigrko4zzgucol1x
Cookie: uuid=1c1e40cf-9801-4720-abeb-a85a6480e575
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 09:45:37 GMT
server: cloudflare
cf-ray: 74873b58ae681c12-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.powerplay.com/cdn-cgi/challenge-platform/h/g/cv/result/74873b4d9ca61c0e

104.18.5.148

200 OK

0 B

URL HTTP/2
www.powerplay.com/cdn-cgi/challenge-platform/h/g/cv/result/74873b4d9ca61c0e
IP
104.18.5.148:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/cv/result/74873b4d9ca61c0e HTTP/1.1
Host: www.powerplay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12614
Origin: https://www.powerplay.com
Connection: keep-alive
Referer: https://www.powerplay.com/lp/CA_LP_1000CB/?btag=a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503&siteid=36341
Cookie: SERVERID=tc-app7|Yxxcw|Yxxcw; __cf_bm=uX2mhECvgRdVXVyvf4o.5RSpaERnfySxSTpjLy0usc8-1662803135-0-AfezhvETsJUO1ZmDWmeUkVSCMCAeCHYATbpBwzGG9UcMXmbUZl6v6BOuirvDqIwIXb4WZodJpX4t0OSckPxkaHSoyBcaBLokh+/M/txmIvzj; JSESSIONID="5SJ21l2sIMos9Uq_BRdfkSJsLtKzguEkJVxIG04y.tc-app7.rs.fsbtech.com:tc-app7.rs.fsbtech.com-wildfly"; currencyCode=USD; languageId=1; localeKey=en; siteId=222; _ga=GA1.2.609698399.1662803127; _gid=GA1.2.470694657.1662803127; _gat=1; fsb-powerplay-affiliates=%7B%22affiliateName%22%3A%22btag%22%2C%22affiliateValue%22%3A%22a_36341b_17875c_affbtq_-_102b9415cc9c66aa20f82fbc6be8f6_-_1503%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: text/plain; charset=UTF-8
set-cookie: __cf_bm=wsSkGEeo5wQ1N5P9Vh._qHyIHTZjQOmThJfBlca7a7w-1662803136-0-AQ4UobQ+UQOtjwMiA6Xm9jLrr95vuWI3ON4Al3zBubVPSI6or1ewQuJe/atLO7zDT+Y6qdYjEMn3NoAfQTG6l16Tw1nId7HBSQ4/1aT0lmStq9Gl2G2AvnMybxhg3BifGUDRmHuQABfaFeJN++wX3HtWt4Ml9/pZB3q92WsUepcH7e2dDGaNQkw6CeI8K6X+0Q==; path=/; expires=Sat, 10-Sep-22 10:15:36 GMT; domain=.www.powerplay.com; HttpOnly; Secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 74873b55bb6e1c0e-OSL
content-encoding: br
X-Firefox-Spdy: h2

sibautomation.com/cdn-cgi/rum?

172.64.153.111

200 OK

0 B

URL HTTP/2
sibautomation.com/cdn-cgi/rum?
IP
172.64.153.111:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST /cdn-cgi/rum? HTTP/1.1
Host: sibautomation.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 371
Origin: https://sibautomation.com
Connection: keep-alive
Referer: https://sibautomation.com/cm.html?key=gm86guigrko4zzgucol1x
Cookie: uuid=1c1e40cf-9801-4720-abeb-a85a6480e575
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sat, 10 Sep 2022 09:45:44 GMT
server: cloudflare
cf-ray: 74873b82af3a1c12-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2

propeller-tracking.com/fv.js?t=93873

139.45.197.240

200 OK

0 B

URL HTTP/2
propeller-tracking.com/fv.js?t=93873
IP
139.45.197.240:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /fv.js?t=93873 HTTP/1.1
Host: propeller-tracking.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.powerplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 10 Sep 2022 09:45:36 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 8cae3c5b20dd57941a87b569a98fbbe4
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (29)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP