r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c8d3b63b0ab9c679c7a50df2ba42b497
7133ccb414f7d8040d0f4a1b1df359485a76c377
4652b9b479b50208073dbff5a0b434fe6e8a1a2c5caa6365a8c5de2ff7fd9865
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4652B9B479B50208073DBFF5A0B434FE6E8A1A2C5CAA6365A8C5DE2FF7FD9865"
Last-Modified: Sat, 04 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9071
Expires: Mon, 06 Mar 2023 00:00:38 GMT
Date: Sun, 05 Mar 2023 21:29:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cf14baed0842431a08367ed54f2346ca
d943be8835b7e4470e3d6fbe09ac39c5464be434
a45fbc8cdddc9f43c0c3c7d73cbb2cdf3cf4c4cd2df20802925b795da5048aa4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A45FBC8CDDDC9F43C0C3C7D73CBB2CDF3CF4C4CD2DF20802925B795DA5048AA4"
Last-Modified: Sun, 05 Mar 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4127
Expires: Sun, 05 Mar 2023 22:38:14 GMT
Date: Sun, 05 Mar 2023 21:29:27 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6681493f94022a7df736f92e03badd12
31bc327734b19fbf70290dcc2d19222564a3a396
f9fe24479b86404d7884409068517cc6f57b988b35be92e4f58cb4634fcb2218
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F9FE24479B86404D7884409068517CC6F57B988B35BE92E4F58CB4634FCB2218"
Last-Modified: Sat, 04 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9236
Expires: Mon, 06 Mar 2023 00:03:23 GMT
Date: Sun, 05 Mar 2023 21:29:27 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 7f03faaba3392caae6dae54467bfdf6d
57ea1f14e8bfbcca8190c706d708c9fda12442c1
02ac551ba61fcbc6b04f244df065948b181a8a258db5c2e197aae66fdfcea8ee
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Retry-After, Backoff, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 05 Mar 2023 21:13:17 GMT
content-type: application/json
age: 970
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash b5ba6334e73496995e3e3a9ecd0eb323
ad80d3b7718c28364e8c2004fb38a13a1747e462
aa5abb52515c6383c014aadb63a86c9f798ad64de53c0218616c1fc6d424d2e2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-09-20-28-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WBFYDRn/5jh2mS/YeV+Y1IgadzYmQ1oIHhFOPcKx3zZL+aDom5f78zqdsOGbvBXvJLIZF/5ArVw=
x-amz-request-id: Z3K9MYEB67F32RMV
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 05 Mar 2023 21:16:52 GMT
age: 755
last-modified: Sat, 18 Feb 2023 20:28:27 GMT
etag: "b5ba6334e73496995e3e3a9ecd0eb323"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
xcigamesdd.com/super-mario-party-x4/
107.6.168.100200 OK 65 kB URL HTTP/1.1 xcigamesdd.com/super-mario-party-x4/
IP 107.6.168.100:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (34923), with CRLF, LF line terminators
Hash e3024706dc1e6c39bd514160cec41ca5
738c3074431ec142331e858fa2520fd0e3073919
73905edbeea56b661bbd53209be24e4edf399fbc2bf8957940de8c8602f6c90b
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
GET /super-mario-party-x4/ HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
x-pingback: http://xcigamesdd.com/xmlrpc.php
link: <https://xcigamesdd.com/wp-json/>; rel="https://api.w.org/", <https://xcigamesdd.com/wp-json/wp/v2/posts/4190>; rel="alternate"; type="application/json", <https://xcigamesdd.com/?p=4190>; rel=shortlink
cache-control: public, max-age=0
expires: Sun, 05 Mar 2023 21:29:26 GMT
x-litespeed-cache: miss
content-length: 64873
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
date: Sun, 05 Mar 2023 21:29:26 GMT
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Mar 2023 21:29:27 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
xcigamesdd.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=2.5.0.1
107.6.168.100200 OK 12 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=2.5.0.1
IP 107.6.168.100:0
File type ASCII text, with very long lines (65371)
Hash be7f4c7d5b01eeb9658f928317e6d6b4
8f7d25b03481d045dc2f87119959459630265351
ba0ad71c3596a80cc6dc24f6c8c4ae90693cdcda8c02c314cec234860f785b04
GET /wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=2.5.0.1 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: text/css; charset=UTF-8
last-modified: Wed, 23 Nov 2022 15:58:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 11759
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=3.3.0
107.6.168.100200 OK 463 B URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=3.3.0
IP 107.6.168.100:0
File type ASCII text, with very long lines (1451), with no line terminators
Hash 245e525ddd673a0a9a7ebe8a1a32eb00
68410696a60f51dcb5df8fa9d0c0ef96879197e8
94db2ea5cd36e9dd7e7758bd12e65e7b19d96e87488b5aadafccde60884f917a
GET /wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=3.3.0 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: text/css; charset=UTF-8
last-modified: Thu, 08 Dec 2022 06:42:28 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 463
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/css/fa.min.css?ver=7.5.1
107.6.168.100200 OK 2.5 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/css/fa.min.css?ver=7.5.1
IP 107.6.168.100:0
File type ASCII text, with very long lines (7867), with CRLF line terminators
Hash 479be9c9eaae52e708427b9a10f93c74
cf1ce06e44128a534ad055df459203f9327792bb
9cde3a5c42776209eeeb96d0ebbd67a391d507cc1b784f85a41750726b886535
GET /wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/css/fa.min.css?ver=7.5.1 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: text/css; charset=UTF-8
last-modified: Thu, 08 Dec 2022 06:42:56 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 2502
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-content/plugins/if-menu/assets/if-menu-site.css?ver=6.0.3
107.6.168.100200 OK 491 B URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/if-menu/assets/if-menu-site.css?ver=6.0.3
IP 107.6.168.100:0
Hash 9dc75495a901b0f89baf50f2fb963f4e
948f3e9c570f041c440a58cccd2485a1b09b203e
b5d3cd652f4d5c2a8d565ed3cb3b9fec781ddaa0d296ce4fc07a628e97a6513d
GET /wp-content/plugins/if-menu/assets/if-menu-site.css?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: text/css; charset=UTF-8
last-modified: Mon, 27 Jun 2022 03:09:31 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 491
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/css/font-awesome/css/font-awesome.min.css?ver=6.0.3
107.6.168.100200 OK 4.7 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/css/font-awesome/css/font-awesome.min.css?ver=6.0.3
IP 107.6.168.100:0
File type ASCII text, with very long lines (20604)
Hash 2cb90fac97922f17341da79b40c6fd8b
d5b9b24bff8cba81e5c345483e7a107414325b43
dc1a9cc5dbad4697419ba2abcf7a4789657a718177f1974b6e36838dfac517e0
GET /wp-content/plugins/responsive-accordion-and-collapse/css/font-awesome/css/font-awesome.min.css?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: text/css; charset=UTF-8
last-modified: Tue, 10 Jan 2023 12:36:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 4653
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-content/plugins/wpdiscuz/assets/css/wpdiscuz-combo.min.css?ver=6.0.3
107.6.168.100200 OK 6.4 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/wpdiscuz/assets/css/wpdiscuz-combo.min.css?ver=6.0.3
IP 107.6.168.100:0
File type ASCII text, with very long lines (22067), with CRLF line terminators
Hash c56b52ad8d5d281d27b289c653412011
b058212077e22f09e45762ead45ea412c3944ab8
a8136d873a059090634b4b01cf7a958551522efd5508d933986bd59243642687
GET /wp-content/plugins/wpdiscuz/assets/css/wpdiscuz-combo.min.css?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: text/css; charset=UTF-8
last-modified: Thu, 08 Dec 2022 06:42:56 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 6408
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
107.6.168.100200 OK 31 kB URL HTTP/1.1 xcigamesdd.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP 107.6.168.100:0
File type ASCII text, with very long lines (65447)
Hash 554969c8ed0e4b5eece1261c4e1e9cd0
3b514b21c2e26b2caa15054e43ed00184a8ebc38
4a10709ca76c5112fbaf69e065b4ef93dd37bcffd4ae39b351e56d40c9322123
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Sat, 10 Sep 2022 21:42:19 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 30969
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-content/plugins/pt-content-views-pro/public/assets/css/cvpro.min.css?ver=5.8.0
107.6.168.100200 OK 20 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/pt-content-views-pro/public/assets/css/cvpro.min.css?ver=5.8.0
IP 107.6.168.100:0
File type ASCII text, with very long lines (42471), with CRLF line terminators
Hash e1a90e1a59f0501563ad5915ad7d3861
bb806e4914f278c7e77ce186a5d73fff6b9aff88
0d878b4af92bf67eaaf8fb1d52d4ae908d31d3cd8a6660328acb15dac84b39b3
GET /wp-content/plugins/pt-content-views-pro/public/assets/css/cvpro.min.css?ver=5.8.0 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: text/css; charset=UTF-8
last-modified: Tue, 28 Jul 2020 23:30:03 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 20413
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-content/themes/orbital/assets/css/main.css?ver=6.0.3
107.6.168.100200 OK 11 kB URL HTTP/1.1 xcigamesdd.com/wp-content/themes/orbital/assets/css/main.css?ver=6.0.3
IP 107.6.168.100:0
File type ASCII text, with very long lines (55626)
Hash 8b0b80e1670e19e21b21518fc248ecdd
5d9eff9ea9ae4875fff2e8d9f5a005dc6e926be5
ad4698f12c9b9c535bd1d7077065806bf3a9690c1a1a02f5dc66afd9b1dc1bb3
GET /wp-content/themes/orbital/assets/css/main.css?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: text/css; charset=UTF-8
last-modified: Sat, 29 Jan 2022 15:58:54 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 11233
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
107.6.168.100200 OK 4.2 kB URL HTTP/1.1 xcigamesdd.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 107.6.168.100:0
File type ASCII text, with very long lines (11126)
Hash c41f3a82e911de81a1817131069bc7d2
1e883290a0b794916cead41e5f0705716fd77b89
e9791f24770f098ea30bb4d25e2e10bdedb97132d0bbf7d2bd79eedac22efa27
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Sat, 10 Sep 2022 21:42:19 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 4168
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4.1
107.6.168.100200 OK 1.8 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4.1
IP 107.6.168.100:0
File type ASCII text, with very long lines (8319)
Hash 0689a6c3f80a5459a071f1011cdf3960
f7422ba0692c1615df809d59cda5d66b992d8061
cb30e5065929317605de07d6d5b68dddf00674132ffd71e153f844d469fe5ae5
GET /wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4.1 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: text/css; charset=UTF-8
last-modified: Tue, 01 Nov 2022 12:28:04 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 1786
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-content/plugins/allow-webp-image/public/js/allow-webp-image-public.js?ver=1.0.1
107.6.168.100200 OK 475 B URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/allow-webp-image/public/js/allow-webp-image-public.js?ver=1.0.1
IP 107.6.168.100:0
Hash f18f244bed87a1ae2819af17fb2766cb
07add1b1b35612815df2f7a491dff60ab34507f5
8b772d78e109484da06c428e7c6f3de1ab9f9128313cad7be43088c2a70d7755
GET /wp-content/plugins/allow-webp-image/public/js/allow-webp-image-public.js?ver=1.0.1 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 22 Mar 2022 02:01:23 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 475
date: Sun, 05 Mar 2023 21:29:26 GMT
arsnivyr.com/1?z=5382937
139.45.197.242200 OK 14 kB IP 139.45.197.242:0
File type ASCII text, with very long lines (38694)
Hash 09dcfe576db0e256000d7bba18bf832a
40d594752df46c5b9821e6e7b279a3b6cbe31f12
1ea4c0adba19dfb3e7a659d269e45e5cca57a2930d3eb4a9493c9e73a93dd55b
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5382937 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Mar 2023 21:29:27 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin:
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
X-Trace-Id: 44d399b032da7c66be90899abd4d2389
Access-Control-Expose-Headers: X-Sc
X-Sc: 7d_cwiKt1-bYNBT1nNwXS6rp4kCkRWCHCQvyMF91POE6esqDxU2L61GuMhv7YOlmxB4vRipNJyUE8hh94_NQ3BpVdgo=
Set-Cookie: scm=1; expires=Mon, 04 Mar 2024 21:29:27 GMT; secure; SameSite=None
OAID=c2a40abee86d44e598e33fbd2268e4b9; expires=Mon, 04 Mar 2024 21:29:27 GMT; secure; SameSite=None
oaidts=1678051767; expires=Mon, 04 Mar 2024 21:29:27 GMT; secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
xcigamesdd.com/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4.1
107.6.168.100200 OK 4.6 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4.1
IP 107.6.168.100:0
File type ASCII text, with very long lines (1003)
Hash 93d7cb00bbc250edd78c272982b90307
4328c70a78dc96b27b643861d2ba762444a14aa4
d49120a793bef2442eb9d233a1e1fc6f6ecb2851e2a8ecc5c6f79985f858a1a3
GET /wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4.1 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 01 Nov 2022 12:28:05 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 4588
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-content/plugins/koko-analytics/assets/dist/js/script.js?ver=1.0.37
107.6.168.100200 OK 697 B URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/koko-analytics/assets/dist/js/script.js?ver=1.0.37
IP 107.6.168.100:0
File type ASCII text, with very long lines (1015)
Hash 3c5122e0e4f76e86a686abb0b1aa9a30
83ce09efe372d3523b4ba0e479939596c3714586
ee375a8cf76fa1b6729f25dfef9756e96c47317aee4fc1282cdfef9f3b9374df
GET /wp-content/plugins/koko-analytics/assets/dist/js/script.js?ver=1.0.37 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 08 Dec 2022 06:42:09 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 697
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=2.5.0.1
107.6.168.100200 OK 6.7 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=2.5.0.1
IP 107.6.168.100:0
File type ASCII text, with very long lines (12198), with CRLF line terminators
Hash 2e22c8149399e73ff0da65402d803699
129f97cae31d3d3dca417341ec415d2303dce30b
114ee3bb4212ea8f6d7d9d10c786a684674a4973b9b938c21b0f7e8aaa5b5971
GET /wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=2.5.0.1 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 23 Nov 2022 15:58:36 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 6730
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-content/plugins/easy-affiliate-links/dist/public.js?ver=3.7.1
107.6.168.100200 OK 7.2 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/easy-affiliate-links/dist/public.js?ver=3.7.1
IP 107.6.168.100:0
File type ASCII text, with very long lines (1004)
Hash 6d6bc1b948a9e8016ed5733b65f0f8d2
9dde6af420a147c905f5b2aaf35753c97f8e322d
f92fbcbd02da631a978569076d1f2c6987b797322747d876ba8e3f9486b56737
GET /wp-content/plugins/easy-affiliate-links/dist/public.js?ver=3.7.1 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 24 Jan 2023 13:02:52 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 7150
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/js/accordion-custom.js?ver=6.0.3
107.6.168.100200 OK 14 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/js/accordion-custom.js?ver=6.0.3
IP 107.6.168.100:0
File type ASCII text, with CRLF line terminators
Hash 66128ed473376811d98162f76cfbfb73
981e2a4e931ba3e552ed76d1570cbcca3ec165aa
494c49d9fae9e3e951e7d84a5e2274b3d804a8e5dc6fd8b69ffeb02d0b36d8ed
GET /wp-content/plugins/responsive-accordion-and-collapse/js/accordion-custom.js?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 10 Jan 2023 12:36:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 13543
date: Sun, 05 Mar 2023 21:29:26 GMT
use.fontawesome.com/releases/v5.7.2/js/all.js?ver=6.0.3
172.64.133.15200 OK 402 kB URL HTTP/1.1 use.fontawesome.com/releases/v5.7.2/js/all.js?ver=6.0.3
IP 172.64.133.15:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 402 kB (402168 bytes)
Hash 2e77c777e56da87903605efc63a17a2e
1609e549e4bda4d6c0d185ddc8f0b302e8597c32
076bf0a40668e22b3cc9070631537f2d7812408717a40f2f2cee22a21342020d
GET /releases/v5.7.2/js/all.js?ver=6.0.3 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Date: Sun, 05 Mar 2023 21:29:27 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: NY+woFw+Z9U/vaGif3Bntl22UD0IBY2prHLa7W8F6Xye96RAAsthu8K7sm2WpU0nTPQxtOgcP5E=
x-amz-request-id: 9NZRX8ETF72G11PX
Last-Modified: Wed, 30 Jun 2021 15:45:57 GMT
ETag: W/"3321acfaaf879848a1f6773e691e2dd0"
Cache-Control: max-age=31556926
CF-Cache-Status: HIT
Age: 1289471
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8eKSdEiIaMtshQcFROoDJ7prc8C%2B7QsDb%2BaEC8tqj2rcm2r0I6%2FAmbyQ6ogxp3qjxHTaFnhp5LQIi8N6JzTDsYarlkng%2FH4IZ%2FBZ6i67JOsWugGIOCuVvFQQflmuNE%2FFZgwZzleF"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7a35745c2ed388b3-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/js/accordion.js?ver=6.0.3
107.6.168.100200 OK 206 B URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/js/accordion.js?ver=6.0.3
IP 107.6.168.100:0
File type ASCII text, with very long lines (409), with CRLF line terminators
Hash c9fc246cc82759202472df0d2b598db4
1e7c1dac85ee36c0becb07515ad602946efb2e21
7ffd4a4d3620f7b6e868fdb809fd5aa47330241f03b3b991bde3ad5c03317ca2
GET /wp-content/plugins/responsive-accordion-and-collapse/js/accordion.js?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 10 Jan 2023 12:36:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 206
date: Sun, 05 Mar 2023 21:29:27 GMT
xcigamesdd.com/wp-content/themes/orbital/assets/js/navigation.js?ver=20190101
107.6.168.100200 OK 0 B URL HTTP/1.1 xcigamesdd.com/wp-content/themes/orbital/assets/js/navigation.js?ver=20190101
IP 107.6.168.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/themes/orbital/assets/js/navigation.js?ver=20190101 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Sat, 29 Jan 2022 15:58:54 GMT
accept-ranges: bytes
content-length: 0
date: Sun, 05 Mar 2023 21:29:27 GMT
vary: Accept-Encoding
xcigamesdd.com/wp-content/themes/orbital/assets/js/social.min.js?ver=20190101
107.6.168.100200 OK 2.6 kB URL HTTP/1.1 xcigamesdd.com/wp-content/themes/orbital/assets/js/social.min.js?ver=20190101
IP 107.6.168.100:0
File type ASCII text, with very long lines (6521), with no line terminators
Hash e4cd24c4790b9aa939d63faf551e7cea
356cccc76e8254e79ca93e547a1b278c02c14c8f
b388508e87fecdb8b25850685793e09ca2608db1990ad31ced923795e24d16ca
GET /wp-content/themes/orbital/assets/js/social.min.js?ver=20190101 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Sat, 29 Jan 2022 15:58:54 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 2622
date: Sun, 05 Mar 2023 21:29:27 GMT
xcigamesdd.com/wp-content/themes/orbital/assets/js/main.js?ver=20190101
107.6.168.100200 OK 1.4 kB URL HTTP/1.1 xcigamesdd.com/wp-content/themes/orbital/assets/js/main.js?ver=20190101
IP 107.6.168.100:0
Hash 2f0b0bb5aa7056365134163018b2c575
3ae8af3913ac9842c2b10fe1b7492a36849dbf33
db0f85bf0e90832fe96638d57f3cfae9b3904a0076366324d97c6b454b4f3d83
GET /wp-content/themes/orbital/assets/js/main.js?ver=20190101 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Sat, 29 Jan 2022 15:58:54 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 1448
date: Sun, 05 Mar 2023 21:29:27 GMT
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash fed02b60cdde629ed9682f466ed27c05
ca8a522c9deb45527119e5d243ddb316a0e22a44
0d653eca33ea40a8bcaf632dd27528d1ff4f3dfeb6497952edd530241f1cf69e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Mar 2023 21:29:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xcigamesdd.com/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.4.1
1.1 kB URL xcigamesdd.com/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.4.1
IP :0
File type gzip compressed data, from Unix\012- data
Hash bef20d56c920050759600f6a69638e38
d29ad33842c8879355e9f3fb8a53a5f7570e9375
ff2622bcaf53c73f4598e54038b16dd1f3e8c0605d5c7f41c33f9c2ddab9adfb
GET /wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.4.1 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
xcigamesdd.com/wp-content/plugins/pt-content-views-pro/public/assets/js/cvpro.min.js?ver=5.8.0
107.6.168.100200 OK 46 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/pt-content-views-pro/public/assets/js/cvpro.min.js?ver=5.8.0
IP 107.6.168.100:0
File type Unicode text, UTF-8 text, with very long lines (32126)
Hash 0aec5f99695007286dc53e9e8a1c2c70
80eeeb6ee67b570ee83e254e566ab5ae40191e13
d612d876e075d3811706cc42f6ec102c9ead6cacc80e574f6f8c5f17c6bd43e8
GET /wp-content/plugins/pt-content-views-pro/public/assets/js/cvpro.min.js?ver=5.8.0 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:26 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 28 Jul 2020 23:30:03 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 46186
date: Sun, 05 Mar 2023 21:29:26 GMT
xcigamesdd.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1669984039
107.6.168.100200 OK 3.1 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1669984039
IP 107.6.168.100:0
Hash 72f944fa9f4713400b38da041103611c
5e1c657423fe27ca5e638551c11df1d6e4e35233
97eeb7122cbbb40ed38aeed85a237aefb63db40d7e33b548b33e885fa24fbb17
GET /wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1669984039 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Fri, 02 Dec 2022 12:27:19 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 3067
date: Sun, 05 Mar 2023 21:29:27 GMT
xcigamesdd.com/wp-content/plugins/allow-webp-image/public/css/allow-webp-image-public.css?ver=1.0.1
107.6.168.100200 OK 98 B URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/allow-webp-image/public/css/allow-webp-image-public.css?ver=1.0.1
IP 107.6.168.100:0
Hash e6094661d8923e95b233019ebff7c8f0
cfd836d385d475baffee45d85cfeb9bb36e70d9e
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a
GET /wp-content/plugins/allow-webp-image/public/css/allow-webp-image-public.css?ver=1.0.1 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:27 GMT
content-type: text/css; charset=UTF-8
last-modified: Tue, 22 Mar 2022 02:01:23 GMT
accept-ranges: bytes
content-length: 98
date: Sun, 05 Mar 2023 21:29:27 GMT
vary: Accept-Encoding
www.googletagmanager.com/gtag/js?id=UA-12043064-122
142.250.74.168200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-12043064-122
IP 142.250.74.168:0
File type ASCII text, with very long lines (2206)
Hash 63755fcbda19f9779d66e80ecdb154c8
d34625e822d627a530c155f274e829eba62e5b38
b1740638fd9b6afc40780f28d791e8b11164b0b72a92ad7ddb577c911d35c32b
GET /gtag/js?id=UA-12043064-122 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 Mar 2023 21:29:27 GMT
expires: Sun, 05 Mar 2023 21:29:27 GMT
cache-control: private, max-age=900
last-modified: Sun, 05 Mar 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44814
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/css/bootstrap-front.css?ver=6.0.3
107.6.168.100200 OK 1.6 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/css/bootstrap-front.css?ver=6.0.3
IP 107.6.168.100:0
Hash 80bced94327e5768680e9eaa99458c7a
a7a4a0b80521d015572c968a73bf4f666ecd3300
02a566fe43f6cebf0d491eb007147939c867a42af384bc5d276477aca528cfc5
GET /wp-content/plugins/responsive-accordion-and-collapse/css/bootstrap-front.css?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:27 GMT
content-type: text/css; charset=UTF-8
last-modified: Tue, 10 Jan 2023 12:36:46 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 1572
date: Sun, 05 Mar 2023 21:29:27 GMT
xcigamesdd.com/wp-content/plugins/wpdiscuz/themes/default/style.css?ver=7.5.1
107.6.168.100200 OK 20 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/wpdiscuz/themes/default/style.css?ver=7.5.1
IP 107.6.168.100:0
File type ASCII text, with very long lines (1959), with CRLF line terminators
Hash 97608c1aec6c4dade4b43610748f060a
c1216cb0eb34dfbc9564db3cd3e50ea73ef41609
081191c3e4082a4a6b5f6688436300eac533d2899ab72fd68f7ea04435e8c323
GET /wp-content/plugins/wpdiscuz/themes/default/style.css?ver=7.5.1 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:27 GMT
content-type: text/css; charset=UTF-8
last-modified: Thu, 08 Dec 2022 06:42:53 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 19473
date: Sun, 05 Mar 2023 21:29:27 GMT
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash fed02b60cdde629ed9682f466ed27c05
ca8a522c9deb45527119e5d243ddb316a0e22a44
0d653eca33ea40a8bcaf632dd27528d1ff4f3dfeb6497952edd530241f1cf69e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Mar 2023 21:29:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
linkmoe.org/js/full-page-script.js
50.31.177.118200 OK 759 B URL HTTP/1.1 linkmoe.org/js/full-page-script.js
IP 50.31.177.118:0
File type C source, ASCII text, with very long lines (2161)
Hash 54c907e14e23f8ce889d1c1f08c5a08c
d62dc80f03342ba9f129b9ebae6d3a71a4d32812
fe51e89770bbad259e95e979095088225f031c6c2047c7abaa45a05fd70afc18
GET /js/full-page-script.js HTTP/1.1
Host: linkmoe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=2592000
expires: Tue, 04 Apr 2023 21:29:27 GMT
content-type: application/javascript
last-modified: Tue, 30 Nov 2021 01:45:16 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 759
date: Sun, 05 Mar 2023 21:29:27 GMT
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: ETag, Cache-Control, Expires, Alert, Content-Type, Pragma, Retry-After, Last-Modified, Backoff, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 05 Mar 2023 21:03:39 GMT
age: 1549
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
xcigamesdd.com/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-combo.min.js?ver=7.5.1
107.6.168.100200 OK 1.3 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-combo.min.js?ver=7.5.1
IP 107.6.168.100:0
File type JSON data\012- , ASCII text, with very long lines (2775), with no line terminators
Hash 0c8879611a477ef6fdc4541488d827d5
5dfdfe08aaa36cf3c18ab06c977a249753ed65c2
359053ade309a8b4a86032c1f31f0fc4568fd71d5269b131e611f86ffd1f5216
GET /wp-content/plugins/wpdiscuz/assets/js/wpdiscuz-combo.min.js?ver=7.5.1 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Mon, 04 Mar 2024 21:29:27 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 08 Dec 2022 06:42:56 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 71302
date: Sun, 05 Mar 2023 21:29:27 GMT
xcigamesdd.com/wp-content/uploads/2020/07/mega.png
107.6.168.100200 OK 18 kB URL HTTP/2 xcigamesdd.com/wp-content/uploads/2020/07/mega.png
IP 107.6.168.100:0
File type PNG image data, 368 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash 83e8f8608d41ab78b1576cbfd4b88ecb
39024b7093764cc1bbbd964a70da3aabf1db7bf3
52f170c9a428acc1b5c7873dd2ec43bc9e6705c7fd29980581d09af8c472ee29
GET /wp-content/uploads/2020/07/mega.png HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=10368000,public
expires: Mon, 03 Jul 2023 21:29:27 GMT
content-type: image/png
last-modified: Wed, 29 Jul 2020 00:05:11 GMT
accept-ranges: bytes
content-length: 18354
date: Sun, 05 Mar 2023 21:29:27 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
ardslediana.com/tag.min.js
139.45.197.236200 OK 25 kB URL HTTP/1.1 ardslediana.com/tag.min.js
IP 139.45.197.236:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash d67dcf50170727e6acad39b9d667ab4a
122e8b72dc2a39a00f29f5f1deccd66d6b29bd94
c1d97a4cb887eedd5f1b8db0bf9466e2590800d01062f777b5fc481320890e54
Analyzer Verdict Alert quad9 Sinkholed
GET /tag.min.js HTTP/1.1
Host: ardslediana.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Mar 2023 21:29:28 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 25399
Connection: keep-alive
Content-Encoding: gzip
X-Trace-Id: de25ee4365a44d2e2c5fb16bc9437886
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Accept-Ranges: bytes
Last-Modified: Thu, 02 Mar 2023 16:21:18 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
xcigamesdd.com/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/webfonts/fa-solid-900.woff2
107.6.168.100200 OK 79 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/webfonts/fa-solid-900.woff2
IP 107.6.168.100:0
File type Web Open Font Format (Version 2), TrueType, length 79444, version 331.524\012- data
Hash b15db15f746f29ffa02638cb455b8ec0
75a88815c47a249eadb5f0edc1675957f860cca7
7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7
GET /wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://xcigamesdd.com/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/css/fa.min.css?ver=7.5.1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=10368000
expires: Mon, 03 Jul 2023 21:29:27 GMT
content-type: font/woff2
last-modified: Thu, 08 Dec 2022 06:42:55 GMT
accept-ranges: bytes
content-length: 79444
date: Sun, 05 Mar 2023 21:29:27 GMT
vary: Accept-Encoding
xcigamesdd.com/wp-content/uploads/2020/09/Super-Mario-Party.jpg
107.6.168.100200 OK 55 kB URL HTTP/2 xcigamesdd.com/wp-content/uploads/2020/09/Super-Mario-Party.jpg
IP 107.6.168.100:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 293x489, components 3\012- data
Hash b7ae8905555abbfae7c4f367617460de
08dd08a3eb6f746fa63cfc0e6eae4411b1c978aa
c0b80bca97c036024b87bc34033fa204c04b44f71dcfe6d82fe84386349dda31
GET /wp-content/uploads/2020/09/Super-Mario-Party.jpg HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=10368000,public
expires: Mon, 03 Jul 2023 21:29:27 GMT
content-type: image/jpeg
last-modified: Wed, 30 Sep 2020 09:42:25 GMT
accept-ranges: bytes
content-length: 54817
date: Sun, 05 Mar 2023 21:29:27 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
xcigamesdd.com/wp-content/uploads/2022/01/logoxci.png
107.6.168.100200 OK 10 kB URL HTTP/2 xcigamesdd.com/wp-content/uploads/2022/01/logoxci.png
IP 107.6.168.100:0
File type PNG image data, 334 x 58, 8-bit/color RGBA, non-interlaced\012- data
Hash 4b646576d6afbe79ad073d2ff3f945b4
a98a2981b600bc08a7e3381696ef999f5ce4c651
82f3f21007e3ae451a7b0183f02388891d264e2da939050aad86a3a08464e37d
GET /wp-content/uploads/2022/01/logoxci.png HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=10368000,public
expires: Mon, 03 Jul 2023 21:29:27 GMT
content-type: image/png
last-modified: Sat, 29 Jan 2022 20:52:16 GMT
accept-ranges: bytes
content-length: 10423
date: Sun, 05 Mar 2023 21:29:27 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
xcigamesdd.com/super-mario-party-x4/
107.6.168.100200 OK 0 B URL HTTP/1.1 xcigamesdd.com/super-mario-party-x4/
IP 107.6.168.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata low ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
HEAD /super-mario-party-x4/ HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/super-mario-party-x4/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
x-pingback: http://xcigamesdd.com/xmlrpc.php
x-litespeed-tag: 229_HTTP.200
link: <https://xcigamesdd.com/wp-json/>; rel="https://api.w.org/", <https://xcigamesdd.com/wp-json/wp/v2/posts/4190>; rel="alternate"; type="application/json", <https://xcigamesdd.com/?p=4190>; rel=shortlink
x-litespeed-cache-control: no-cache
cache-control: public, max-age=0
expires: Sun, 05 Mar 2023 21:29:27 GMT
date: Sun, 05 Mar 2023 21:29:27 GMT
vary: Accept-Encoding
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1dfdbbe528416d7653788c31a945540d
ce7e4b0cc913dcf90dcb43ca51706e2ff0677eaf
872f2081ef126a0358e196338a21f095c376652feaa7cb9b2bfd6f3149838f60
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "872F2081EF126A0358E196338A21F095C376652FEAA7CB9B2BFD6F3149838F60"
Last-Modified: Sat, 04 Mar 2023 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6217
Expires: Sun, 05 Mar 2023 23:13:05 GMT
Date: Sun, 05 Mar 2023 21:29:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6206c6e6653e484d1ba2b81cf29d84eb
8b6f7c8d9ea62766e74121769bdc1540adfbd18b
54cb13d8eafdb4da45ca9518ec8d61a67c64e899b4245c816cf3e8d566ccd570
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54CB13D8EAFDB4DA45CA9518EC8D61A67C64E899B4245C816CF3E8D566CCD570"
Last-Modified: Sat, 04 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21315
Expires: Mon, 06 Mar 2023 03:24:43 GMT
Date: Sun, 05 Mar 2023 21:29:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8c0d7160f00afc1ac308b80a5bcbead6
396a3d11c656c6a0936cf9d47b8473c164c2c2c8
c7c81e4055c158983b8d8a3c76bde51dff13b1871b9fe050a0a6eb7cf330c182
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C7C81E4055C158983B8D8A3C76BDE51DFF13B1871B9FE050A0A6EB7CF330C182"
Last-Modified: Sat, 04 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12276
Expires: Mon, 06 Mar 2023 00:54:04 GMT
Date: Sun, 05 Mar 2023 21:29:28 GMT
Connection: keep-alive
my.rtmark.net/gid.js?userId=c5e8161dd3704223824d5687c67b855e
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=c5e8161dd3704223824d5687c67b855e
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 5779446c769e2ebd3263f47dc2bd720d
5d33f81130421884f4b06133f98385b4dea7c173
b4fe3b45242c63112541b15e2c7a3140f585d9b3c6aa622ca789ce406457a849
GET /gid.js?userId=c5e8161dd3704223824d5687c67b855e HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Mar 2023 21:29:28 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=c5e8161dd3704223824d5687c67b855e; expires=Mon, 04 Mar 2024 21:29:28 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.26.112.186101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.26.112.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: J10NWxEapLvrUd/xDsrbcA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: Vi3hIFhvgNAattgTEq+EiFj/CGw=
wishesobtrusivefastest.com/e0545ea4e9fad86bbc397bc0cf40db8c/invoke.js
173.233.137.44200 OK 9.8 kB URL HTTP/1.1 wishesobtrusivefastest.com/e0545ea4e9fad86bbc397bc0cf40db8c/invoke.js
IP 173.233.137.44:0
File type exported SGML document, ASCII text, with very long lines (26951), with no line terminators
Hash 9d033589f5298b25de30f00afaa7a400
13bbbabeba5a0b6dc72050de82f25e22975e4b3b
df1f565edb32f28611478bc321dd61cd32564e24cce208c4ba32e03927bc4dd5
GET /e0545ea4e9fad86bbc397bc0cf40db8c/invoke.js HTTP/1.1
Host: wishesobtrusivefastest.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Mar 2023 21:29:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 277301688a2abae4d708efe62bd6b44b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ardslediana.com/?rb=ouA0u6GImEFz-H_fp7-TXv2jE3AKKaO2uevgwWtAzkn7m86fKNshoQEK3zFTWWk0Xmow5XxU1ctgyCGK-yIsNt3vTRUfVuvX04bBZmQZmoXE2rHW2jClm7MwF4Z6V32OKz25W2hRH2z_oZp-2zPT8dka96xVu2Z1wpCpE-OTO2o3lXe7hwevRmVfeaB6uxAbnHHXJUQvV56wl91XGUNR2qRLn06G2x_-ktCy7QyeuNI%3D&request_ab2=0&zoneid=5260642&js_build=iclick-v1.497.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=1&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.497.0&bs=fd8b22d6-93a4-4d0c-bc04-423bd1dd1987&userId=c5e8161dd3704223824d5687c67b855e&m=link
139.45.197.236200 OK 1.7 kB URL HTTP/1.1 ardslediana.com/?rb=ouA0u6GImEFz-H_fp7-TXv2jE3AKKaO2uevgwWtAzkn7m86fKNshoQEK3zFTWWk0Xmow5XxU1ctgyCGK-yIsNt3vTRUfVuvX04bBZmQZmoXE2rHW2jClm7MwF4Z6V32OKz25W2hRH2z_oZp-2zPT8dka96xVu2Z1wpCpE-OTO2o3lXe7hwevRmVfeaB6uxAbnHHXJUQvV56wl91XGUNR2qRLn06G2x_-ktCy7QyeuNI%3D&request_ab2=0&zoneid=5260642&js_build=iclick-v1.497.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=1&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.497.0&bs=fd8b22d6-93a4-4d0c-bc04-423bd1dd1987&userId=c5e8161dd3704223824d5687c67b855e&m=link
IP 139.45.197.236:0
File type JSON data\012- , ASCII text, with very long lines (2193), with no line terminators
Hash 269a0d2f792da22139201aa683606fe8
c807969444c94629bf439ad9028d41de8aea916a
9ec653703a2578c0688e4d323a0d07b83bd3d4ed087639cb0641b5bf79f08703
Analyzer Verdict Alert quad9 Sinkholed
GET /?rb=ouA0u6GImEFz-H_fp7-TXv2jE3AKKaO2uevgwWtAzkn7m86fKNshoQEK3zFTWWk0Xmow5XxU1ctgyCGK-yIsNt3vTRUfVuvX04bBZmQZmoXE2rHW2jClm7MwF4Z6V32OKz25W2hRH2z_oZp-2zPT8dka96xVu2Z1wpCpE-OTO2o3lXe7hwevRmVfeaB6uxAbnHHXJUQvV56wl91XGUNR2qRLn06G2x_-ktCy7QyeuNI%3D&request_ab2=0&zoneid=5260642&js_build=iclick-v1.497.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wih=939&wiw=1280&wfc=1&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.497.0&bs=fd8b22d6-93a4-4d0c-bc04-423bd1dd1987&userId=c5e8161dd3704223824d5687c67b855e&m=link HTTP/1.1
Host: ardslediana.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://xcigamesdd.com/
Origin: http://xcigamesdd.com
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Mar 2023 21:29:28 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 15a41431d8b0868b3e447e2f6049005d
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=c5e8161dd3704223824d5687c67b855e; expires=Mon, 04 Mar 2024 21:29:28 GMT; path=/
oaidts=1678051768; expires=Mon, 04 Mar 2024 21:29:28 GMT; path=/
syncedCookie=true; expires=Sun, 12 Mar 2023 21:29:28 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 53280d5eedd896f168ca2a4ab5196bfd
bc7b50dccbef5d2b87d4cb57a3890cdde9df06e2
9ef5482eb0e34b61ca02ed85e61f628573940b0646c803e97ef0cee5cd1f4937
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 05 Mar 2023 21:29:28 GMT
Last-Modified: Sun, 05 Mar 2023 06:15:57 GMT
Server: ECAcc (nya/78BE)
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: V3yRBC_h77wCs_LYNiPAgRaMcVeQnzoQfMX9QPewZFT3k2eU7Vnu2A==
Age: 54812
arsnivyr.com/9?z=5382937&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=c5e8161dd3704223824d5687c67b855e
139.45.197.242204 No Content 0 B URL HTTP/2 arsnivyr.com/9?z=5382937&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=c5e8161dd3704223824d5687c67b855e
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=5382937&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=c5e8161dd3704223824d5687c67b855e HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://xcigamesdd.com/
Origin: http://xcigamesdd.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sun, 05 Mar 2023 21:29:28 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
3.124.100.190200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.124.100.190:0
File type ASCII text, with no line terminators
Hash eacba990fb760ad87f56fedd6c21947d
25c994166da1676210fbe0a68b97f4c4f44ac7b3
df5a30c06ae208102762f30016bf3d1036c39e4675c0f5f07a94e5f1ee9084a7
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:28 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-credentials: true
set-cookie: uid_id2=e28f81e1-417d-427d-b6d5-e1e50d7d1fae:2:1; expires=Wed, 02 Mar 2033 21:29:28 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
www.effectivecreativeformat.com/a91295b86ab6fe2c5666ef59da3743bf/invoke.js
173.233.137.44200 OK 9.8 kB URL HTTP/1.1 www.effectivecreativeformat.com/a91295b86ab6fe2c5666ef59da3743bf/invoke.js
IP 173.233.137.44:0
File type exported SGML document, ASCII text, with very long lines (26951), with no line terminators
Hash 9d033589f5298b25de30f00afaa7a400
13bbbabeba5a0b6dc72050de82f25e22975e4b3b
df1f565edb32f28611478bc321dd61cd32564e24cce208c4ba32e03927bc4dd5
Analyzer Verdict Alert quad9 Sinkholed
GET /a91295b86ab6fe2c5666ef59da3743bf/invoke.js HTTP/1.1
Host: www.effectivecreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Mar 2023 21:29:28 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e9fe42a9618b8aef1e5dacb1564b5d73
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
region1.google-analytics.com/g/collect?v=2&tid=G-LTBNRSB0H2>m=45je3310&_p=1250403497&gdid=dZTNiMT&cid=234557293.1678051768&ul=en-us&sr=1280x1024&_s=1&sid=1678051768&sct=1&seg=0&dl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&dt=Super%20Mario%20Party%20XCI%20NSP%20NSZ%20Download%20%7C%20SwitchXCI&en=page_view&_fv=1&_nsi=1&_ss=2&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-LTBNRSB0H2>m=45je3310&_p=1250403497&gdid=dZTNiMT&cid=234557293.1678051768&ul=en-us&sr=1280x1024&_s=1&sid=1678051768&sct=1&seg=0&dl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&dt=Super%20Mario%20Party%20XCI%20NSP%20NSZ%20Download%20%7C%20SwitchXCI&en=page_view&_fv=1&_nsi=1&_ss=2&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-LTBNRSB0H2>m=45je3310&_p=1250403497&gdid=dZTNiMT&cid=234557293.1678051768&ul=en-us&sr=1280x1024&_s=1&sid=1678051768&sct=1&seg=0&dl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&dt=Super%20Mario%20Party%20XCI%20NSP%20NSZ%20Download%20%7C%20SwitchXCI&en=page_view&_fv=1&_nsi=1&_ss=2&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://xcigamesdd.com
date: Sun, 05 Mar 2023 21:29:29 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
arsnivyr.com/11?rnd=1428086233&z=5382937&b=15763363&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=246
139.45.197.242204 No Content 0 B URL HTTP/2 arsnivyr.com/11?rnd=1428086233&z=5382937&b=15763363&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=246
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /11?rnd=1428086233&z=5382937&b=15763363&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=246 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-sc
Referer: http://xcigamesdd.com/
Origin: http://xcigamesdd.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 05 Mar 2023 21:29:29 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
arsnivyr.com/121?rnd=419660690&z=5382937&b=15763363&c=6332999&var=&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D656359297153769472&cln={CELL_NUMBER}&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&bag=gPI6BNyTck18mKG3iakUlQh2uGWEMf9h&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472
139.45.197.242302 Found 0 B URL HTTP/2 arsnivyr.com/121?rnd=419660690&z=5382937&b=15763363&c=6332999&var=&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D656359297153769472&cln={CELL_NUMBER}&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&bag=gPI6BNyTck18mKG3iakUlQh2uGWEMf9h&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /121?rnd=419660690&z=5382937&b=15763363&c=6332999&var=&d=https%3A%2F%2Fwww.nbfcs.org%2F%23signUp%3D656359297153769472&cln={CELL_NUMBER}&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&bag=gPI6BNyTck18mKG3iakUlQh2uGWEMf9h&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: scm=1; OAID=c5e8161dd3704223824d5687c67b855e; oaidts=1678051769
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx
date: Sun, 05 Mar 2023 21:29:29 GMT
content-length: 0
location: https://www.nbfcs.org/#signUp=656359297153769472
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 1bf579a34939d61e6c90c9054c48929f
access-control-expose-headers: X-Sc
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
arsnivyr.com/11?rnd=1428086233&z=5382937&b=15763363&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=246
139.45.197.242200 OK 0 B URL HTTP/2 arsnivyr.com/11?rnd=1428086233&z=5382937&b=15763363&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=246
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=1428086233&z=5382937&b=15763363&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=246 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Sc: fEsDc7zr8dkHmR3mtVifqB6GALRMBilFSaanxLPZTELQfy3v-9y9ecDwkOm5RF_MYs3NeMu5My1TcQJrpSmSpCGmk38=
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Cookie: scm=1; OAID=c5e8161dd3704223824d5687c67b855e; oaidts=1678051769
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 Mar 2023 21:29:29 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: d482c7f1c190127ddd3126b7b9cf0d64
access-control-expose-headers: X-Sc
x-sc:
set-cookie: OAID=c5e8161dd3704223824d5687c67b855e; expires=Mon, 04 Mar 2024 21:29:29 GMT; secure; SameSite=None
oaidts=1678051769; expires=Mon, 04 Mar 2024 21:29:29 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
arsnivyr.com/11?rnd=1428086233&z=5382937&b=15763363&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
139.45.197.242204 No Content 0 B URL HTTP/2 arsnivyr.com/11?rnd=1428086233&z=5382937&b=15763363&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /11?rnd=1428086233&z=5382937&b=15763363&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-sc
Referer: http://xcigamesdd.com/
Origin: http://xcigamesdd.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Sun, 05 Mar 2023 21:29:29 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
arsnivyr.com/11?rnd=1428086233&z=5382937&b=15763363&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
139.45.197.242200 OK 0 B URL HTTP/2 arsnivyr.com/11?rnd=1428086233&z=5382937&b=15763363&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=1428086233&z=5382937&b=15763363&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=TsJgVfj3WAPnUFnYMACu2bjB0FEkLcfd9F_r_qq2_RfGB09WWBSUnTYslwSG_D3wT6oCzIZWRWyue_iHmSn1Qk9xae8UHbFNL8GjMurn2GbbfEQwFLsBA3Nzd6CCeZnD3CrC_78CASU7BknqS-dtiGFh3Zmjb1GLBuhVLEa4D3cf8qGNk4VOvsee5673gAew7ooGVmGeX5qpp_4IBrSiJfbC18bPxmH4QkniDFyAogCz3IEGoRRmSL_VDR4ZrU4TAPZEuyYVl7h9bd3FJ6raEnLmaucN2hW0zbMNRIJnGLjkAOqFvjYsLkwIWQpKjothuqERC4W9lbPoW64XVGHjIaui_5YRYc75NeUjLwXq75mr2J67np5kYs0tUQHzt8zePye_Om0D5cCI3bShqjypQumIXDBgu6_N9z--Uy-UeUgiW7I8Yg_pDgFXVst8Aac-RpivAcktQo3sZLkquoFHxYvQWOAn2Qr7k6vz10St8yb5fjfGLCOEsY2pHyFoXCh6Y1YVZSAULmfHUXebmfL0CLSa-8r9NRO1uBFC9vtKDcUdy138Phypbwxexw9NBn9KM7V3y6ctZ6IqP3TkUJ-H9O9sNqhOpGMfBFQW7enNZURe7kFo6pC20BvluWJEVTRGPgOmTrpTH1BqhbJRe1AYN0WlHn3bsfrJsr1CkQ==&ruid=6eb2451c-5660-4632-9c6e-ed43acfa9384&subid=656359297153769472&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Sc: fEsDc7zr8dkHmR3mtVifqB6GALRMBilFSaanxLPZTELQfy3v-9y9ecDwkOm5RF_MYs3NeMu5My1TcQJrpSmSpCGmk38=
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Cookie: scm=1; OAID=c5e8161dd3704223824d5687c67b855e; oaidts=1678051769
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 Mar 2023 21:29:29 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: db9ea95b5f0cc846d651d59aae6d5a75
access-control-expose-headers: X-Sc
x-sc:
set-cookie: OAID=c5e8161dd3704223824d5687c67b855e; expires=Mon, 04 Mar 2024 21:29:29 GMT; secure; SameSite=None
oaidts=1678051769; expires=Mon, 04 Mar 2024 21:29:29 GMT; secure; SameSite=None
oaidvc=1; expires=Mon, 04 Mar 2024 21:29:29 GMT; secure; SameSite=None
CNT=1_v1_o4fwAAEAAADdSwAA; expires=Sun, 05 Mar 2023 22:29:29 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2a2394fa03e4f5b4baca9c2fab9f82f8
e31016bb7040f104c22768a4e8e7792638214099
5499720d2ccf96786308968ea3321375de38881ef57c5f61eaaad7d8d629ac20
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5499720D2CCF96786308968EA3321375DE38881EF57C5F61EAAAD7D8D629AC20"
Last-Modified: Sun, 05 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13417
Expires: Mon, 06 Mar 2023 01:13:06 GMT
Date: Sun, 05 Mar 2023 21:29:29 GMT
Connection: keep-alive
variedslimecloset.com/watch.1189927489160.js?key=e0545ea4e9fad86bbc397bc0cf40db8c&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1
192.243.61.225307 Temporary Redirect 0 B URL HTTP/1.1 variedslimecloset.com/watch.1189927489160.js?key=e0545ea4e9fad86bbc397bc0cf40db8c&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1189927489160.js?key=e0545ea4e9fad86bbc397bc0cf40db8c&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1 HTTP/1.1
Host: variedslimecloset.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 05 Mar 2023 21:29:29 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://xcigamesdd.com
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Location: https://variedslimecloset.com/watch.1189927489160.js?key=e0545ea4e9fad86bbc397bc0cf40db8c&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1&shu=42afa4b4c26d999bc61d22acc939c841954f85b9b80f15463d291b1223007e016e199976ab66c0ccaa4a4bce010dc936d5e3353c400b93fffd278babbb71248abcf50458adca6b090dfdcb214c12b019b325caee&pst=1678051829&rmtc=t
Set-Cookie: u_pl=17596898; expires=Mon, 06 Mar 2023 21:29:29 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzU5Njg5OCwiayI6ImUwNTQ1ZWE0ZTlmYWQ4NmJiYzM5N2JjMGNmNDBkYjhjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ3MjUzLCJwaWQiOjE1ODEwNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNywicHQiOjQsInBrIjoidDh0aW5hZngiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3hjaWdhbWVzZGQuY29tL3N1cGVyLW1hcmlvLXBhcnR5LXg0LyJ9fQ.uoU6BfDVTaMoMP8J34WoSNzSh94G9Z5GVwnhHciLI9E; expires=Sun, 05 Mar 2023 21:30:29 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c64ae120eccbd70c05f74657ac7f05e3
Strict-Transport-Security: max-age=0; includeSubdomains
variedslimecloset.com/watch.549592762459.js?key=a91295b86ab6fe2c5666ef59da3743bf&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1
192.243.61.225307 Temporary Redirect 0 B URL HTTP/1.1 variedslimecloset.com/watch.549592762459.js?key=a91295b86ab6fe2c5666ef59da3743bf&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.549592762459.js?key=a91295b86ab6fe2c5666ef59da3743bf&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1 HTTP/1.1
Host: variedslimecloset.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 05 Mar 2023 21:29:29 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://xcigamesdd.com
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Location: https://variedslimecloset.com/watch.549592762459.js?key=a91295b86ab6fe2c5666ef59da3743bf&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1&shu=1a13dc35b591e2486143c69777f13304f87e134285ed2008151fad7e7812ba4e4a1ec3327ef2447f7daa142db76223add87045ad1b2ab4be4aad0afdeaf678aeebf0d39f08838c20c10a660fd3a44da4a0212eb5&pst=1678051829&rmtc=t
Set-Cookie: u_pl=17632624; expires=Mon, 06 Mar 2023 21:29:29 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzYzMjYyNCwiayI6ImE5MTI5NWI4NmFiNmZlMmM1NjY2ZWY1OWRhMzc0M2JmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ3MjUzLCJwaWQiOjE1ODEwNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3d3VnZnNneTYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3hjaWdhbWVzZGQuY29tL3N1cGVyLW1hcmlvLXBhcnR5LXg0LyJ9fQ.HoiDA0i9idusGnPMpmMdN_BHobvQ5kCsT2jXyiSQCwY; expires=Sun, 05 Mar 2023 21:30:29 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 20ad30e875109a6c449e02eb0dad9690
Strict-Transport-Security: max-age=0; includeSubdomains
www.profitabledisplayformat.com/31224abe9de8da03816b59f2882025e3/invoke.js
192.243.61.225200 OK 9.8 kB URL HTTP/1.1 www.profitabledisplayformat.com/31224abe9de8da03816b59f2882025e3/invoke.js
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26947), with no line terminators
Hash 963959e5569542f19628002f26a6b063
4f211458f1795092cc6cb664dd030d6f198f8b43
2592d991cdd224c8bc7f61b24e74ed4638bebffec9cac64ead9c393cda599fc2
GET /31224abe9de8da03816b59f2882025e3/invoke.js HTTP/1.1
Host: www.profitabledisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Mar 2023 21:29:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 71f11ec5aaa8d6284f47c81b47bf0545
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
variedslimecloset.com/watch.1189927489160.js?key=e0545ea4e9fad86bbc397bc0cf40db8c&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1&shu=42afa4b4c26d999bc61d22acc939c841954f85b9b80f15463d291b1223007e016e199976ab66c0ccaa4a4bce010dc936d5e3353c400b93fffd278babbb71248abcf50458adca6b090dfdcb214c12b019b325caee&pst=1678051829&rmtc=t
192.243.61.225200 OK 2.0 kB URL HTTP/1.1 variedslimecloset.com/watch.1189927489160.js?key=e0545ea4e9fad86bbc397bc0cf40db8c&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1&shu=42afa4b4c26d999bc61d22acc939c841954f85b9b80f15463d291b1223007e016e199976ab66c0ccaa4a4bce010dc936d5e3353c400b93fffd278babbb71248abcf50458adca6b090dfdcb214c12b019b325caee&pst=1678051829&rmtc=t
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2539)
Hash 1dd6341a0c8d51fe6f97f2b1fd77fa1a
cdd2ca1786713f5f0465b05b907f4ac8f786c26c
e597fb1290f571e643329a37b3c7fe6c865b1e96be6dd9a4eae7513d98857867
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1189927489160.js?key=e0545ea4e9fad86bbc397bc0cf40db8c&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1&shu=42afa4b4c26d999bc61d22acc939c841954f85b9b80f15463d291b1223007e016e199976ab66c0ccaa4a4bce010dc936d5e3353c400b93fffd278babbb71248abcf50458adca6b090dfdcb214c12b019b325caee&pst=1678051829&rmtc=t HTTP/1.1
Host: variedslimecloset.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Referer: http://xcigamesdd.com/
Connection: keep-alive
Cookie: u_pl=17596898; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzU5Njg5OCwiayI6ImUwNTQ1ZWE0ZTlmYWQ4NmJiYzM5N2JjMGNmNDBkYjhjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ3MjUzLCJwaWQiOjE1ODEwNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNywicHQiOjQsInBrIjoidDh0aW5hZngiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3hjaWdhbWVzZGQuY29tL3N1cGVyLW1hcmlvLXBhcnR5LXg0LyJ9fQ.uoU6BfDVTaMoMP8J34WoSNzSh94G9Z5GVwnhHciLI9E
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Mar 2023 21:29:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://xcigamesdd.com
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=e28f81e1-417d-427d-b6d5-e1e50d7d1fae:2:1; expires=Sun, 12 Mar 2023 21:29:29 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 06 Mar 2023 21:29:29 GMT; secure; SameSite=None
uncs=1; expires=Mon, 06 Mar 2023 21:29:29 GMT; secure; SameSite=None
pdhtkv27=true; expires=Mon, 06 Mar 2023 21:29:29 GMT; secure; SameSite=None
uncs27=1; expires=Mon, 06 Mar 2023 21:29:29 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2a0ed45ce1b4cbf58b2301dc247252bc
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
variedslimecloset.com/watch.549592762459.js?key=a91295b86ab6fe2c5666ef59da3743bf&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1&shu=1a13dc35b591e2486143c69777f13304f87e134285ed2008151fad7e7812ba4e4a1ec3327ef2447f7daa142db76223add87045ad1b2ab4be4aad0afdeaf678aeebf0d39f08838c20c10a660fd3a44da4a0212eb5&pst=1678051829&rmtc=t
192.243.61.225200 OK 636 B URL HTTP/1.1 variedslimecloset.com/watch.549592762459.js?key=a91295b86ab6fe2c5666ef59da3743bf&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1&shu=1a13dc35b591e2486143c69777f13304f87e134285ed2008151fad7e7812ba4e4a1ec3327ef2447f7daa142db76223add87045ad1b2ab4be4aad0afdeaf678aeebf0d39f08838c20c10a660fd3a44da4a0212eb5&pst=1678051829&rmtc=t
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (582)
Hash 9d6b9d51afe88175653d048ae24d4e77
eb8ea341b511f6560fa2f54569360e993339316c
ee59f2cafa7a05d748012737cd62cf472bb76795d98fdc2bd917d8cbd7c60dc7
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.549592762459.js?key=a91295b86ab6fe2c5666ef59da3743bf&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1&shu=1a13dc35b591e2486143c69777f13304f87e134285ed2008151fad7e7812ba4e4a1ec3327ef2447f7daa142db76223add87045ad1b2ab4be4aad0afdeaf678aeebf0d39f08838c20c10a660fd3a44da4a0212eb5&pst=1678051829&rmtc=t HTTP/1.1
Host: variedslimecloset.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Referer: http://xcigamesdd.com/
Connection: keep-alive
Cookie: u_pl=17632624; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzYzMjYyNCwiayI6ImE5MTI5NWI4NmFiNmZlMmM1NjY2ZWY1OWRhMzc0M2JmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ3MjUzLCJwaWQiOjE1ODEwNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3d3VnZnNneTYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3hjaWdhbWVzZGQuY29tL3N1cGVyLW1hcmlvLXBhcnR5LXg0LyJ9fQ.HoiDA0i9idusGnPMpmMdN_BHobvQ5kCsT2jXyiSQCwY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Mar 2023 21:29:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://xcigamesdd.com
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=e28f81e1-417d-427d-b6d5-e1e50d7d1fae:2:1; expires=Sun, 12 Mar 2023 21:29:29 GMT; secure; SameSite=None
iprc5f72036d7caa9ff15853390033d93e40=2717340; expires=Mon, 06 Mar 2023 23:29:29 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 06 Mar 2023 21:29:29 GMT; secure; SameSite=None
uncs=1; expires=Mon, 06 Mar 2023 21:29:29 GMT; secure; SameSite=None
pdhtkv5=true; expires=Mon, 06 Mar 2023 21:29:29 GMT; secure; SameSite=None
uncs5=1; expires=Mon, 06 Mar 2023 21:29:29 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 621b077d0a368673c4c5df892f95e44f
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
xcigamesdd.com/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/webfonts/fa-regular-400.woff2
107.6.168.100200 OK 14 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/webfonts/fa-regular-400.woff2
IP 107.6.168.100:0
File type Web Open Font Format (Version 2), TrueType, length 13584, version 331.524\012- data
Hash c20b5b7362d8d7bb7eddf94344ace33e
260bb01acd44d88dcb7f501a238ab968f86bef9e
6a8c8e9e1e7f692c21af1956de163f3d026778e6449fe93a09a671847ca1ae65
GET /wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://xcigamesdd.com/wp-content/plugins/wpdiscuz/assets/third-party/font-awesome-5.13.0/css/fa.min.css?ver=7.5.1
Cookie: _ga_LTBNRSB0H2=GS1.1.1678051768.1.0.1678051768.0.0.0; _ga=GA1.1.234557293.1678051768; prefetchAd_5260642=true; dom3ic8zudi28v8lr6fgphwffqoz0j6c=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=10368000
expires: Mon, 03 Jul 2023 21:29:28 GMT
content-type: font/woff2
last-modified: Thu, 08 Dec 2022 06:42:56 GMT
accept-ranges: bytes
content-length: 13584
date: Sun, 05 Mar 2023 21:29:28 GMT
vary: Accept-Encoding
xcigamesdd.com/wp-content/plugins/wpdiscuz/themes/default/css/fonts/sqr721c-webfont.woff2
107.6.168.100200 OK 19 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/wpdiscuz/themes/default/css/fonts/sqr721c-webfont.woff2
IP 107.6.168.100:0
File type Web Open Font Format (Version 2), TrueType, length 18596, version 1.0\012- data
Hash 6281c357f724016771a0b0a021cf4e6e
848b5b5316586483876226b2cb66a897327b1029
14c1fd3f6d83b4d10f23f1d68304ffbcc1399ac0ced69763bd1d8c9691b431a4
GET /wp-content/plugins/wpdiscuz/themes/default/css/fonts/sqr721c-webfont.woff2 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://xcigamesdd.com/wp-content/plugins/wpdiscuz/themes/default/style.css?ver=7.5.1
Cookie: _ga_LTBNRSB0H2=GS1.1.1678051768.1.0.1678051768.0.0.0; _ga=GA1.1.234557293.1678051768; prefetchAd_5260642=true; dom3ic8zudi28v8lr6fgphwffqoz0j6c=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=10368000
expires: Mon, 03 Jul 2023 21:29:28 GMT
content-type: font/woff2
last-modified: Thu, 08 Dec 2022 06:42:53 GMT
accept-ranges: bytes
content-length: 18596
date: Sun, 05 Mar 2023 21:29:28 GMT
vary: Accept-Encoding
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a5ffd15937290b01c6440b1c62e0521
cfc46cb33cd50e11dedfbfe641713413bc0b6749
1f4515613d7a23a0f6572298f97291e7220f99e4f83fd9f22a7654d4a228caa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F4515613D7A23A0F6572298F97291E7220F99E4F83FD9F22A7654D4A228CAA2"
Last-Modified: Sun, 05 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9865
Expires: Mon, 06 Mar 2023 00:13:54 GMT
Date: Sun, 05 Mar 2023 21:29:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5a5ffd15937290b01c6440b1c62e0521
cfc46cb33cd50e11dedfbfe641713413bc0b6749
1f4515613d7a23a0f6572298f97291e7220f99e4f83fd9f22a7654d4a228caa2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F4515613D7A23A0F6572298F97291E7220F99E4F83FD9F22A7654D4A228CAA2"
Last-Modified: Sun, 05 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9865
Expires: Mon, 06 Mar 2023 00:13:54 GMT
Date: Sun, 05 Mar 2023 21:29:29 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8abcdf8b-d542-4d16-a8f7-0cb74a2f41a3.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8abcdf8b-d542-4d16-a8f7-0cb74a2f41a3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6c3d50cd0866b97ec301332844b8c5c3
ae5e32bdad4dfa161630dd927eb24505c9a07366
485b39a2e310ddd9ccc2796cfd306d0cfacd6d66e8ae7e42a6b84c5272d442e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8abcdf8b-d542-4d16-a8f7-0cb74a2f41a3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10884
x-amzn-requestid: 9f3a9fa7-35df-4743-9932-2f57116edb55
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BRoWvH7hIAMFapA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6403ba91-444105817b05fe4029bd5e5f;Sampled=0
x-amzn-remapped-date: Sat, 04 Mar 2023 21:39:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: Pha1vlbPSFqLlbvcz9gnKqZSWCSmxBBhT0VB6vTqow90htzFLxhLcQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5c35539543902c678280929df206948c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Mar 2023 10:54:12 GMT
age: 38117
etag: "ae5e32bdad4dfa161630dd927eb24505c9a07366"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe20ff76d-e949-4360-bacb-a5aa866991c2.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe20ff76d-e949-4360-bacb-a5aa866991c2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce712849bedfd2e64ad065f809119622
3b581618a0a7152ead0245f3818905a3fbac55be
823d6c1a0eabcf57301d0a228fad56459e874b288b52d31ea2cc8fca1a51a30a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe20ff76d-e949-4360-bacb-a5aa866991c2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9301
x-amzn-requestid: 245fb031-c71c-48c8-b775-9b9bc0aca8eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BFvhfG44IAMFb-A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fef93c-5bbf00015ab2e70e79bbab75;Sampled=0
x-amzn-remapped-date: Wed, 01 Mar 2023 07:05:32 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: dlEywB7YIa1M1ccOXQ9TJUhWaS9hFLLVwKuaf8zhZY9uVN40LxJVvg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 f3ac324bf05099849ebda59e8136db0e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Mar 2023 09:24:19 GMT
age: 43510
etag: "3b581618a0a7152ead0245f3818905a3fbac55be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73553b60-b79c-4793-8a85-88c69a1c5b56.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73553b60-b79c-4793-8a85-88c69a1c5b56.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 98ed59dcca70bb236c44c2dcfca12a0e
5680f11fdd1e9c760fbaedb4709444e032a7a863
1b2ef2809795b0a23fac7fca6714296fb54b24edc893994f6284389811c4fda9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F73553b60-b79c-4793-8a85-88c69a1c5b56.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9162
x-amzn-requestid: 61acefc8-fac0-4462-abae-71dfb90b05d8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A_KGqG5wIAMFS0w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fc56f7-3f2a324979162e2159c0dc49;Sampled=0
x-amzn-remapped-date: Mon, 27 Feb 2023 07:08:39 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: si0j8ch-78G1nHsJ1TS9vrlxd_kA8tZB1Mc3WR603P81CLJtY_l8HQ==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 9adef5b1c5fc9ca80d6f4f8d19e103a2.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Mar 2023 23:16:01 GMT
age: 80008
etag: "5680f11fdd1e9c760fbaedb4709444e032a7a863"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef57950c-a2fd-4f4e-ab9e-ed094ff81aa5.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef57950c-a2fd-4f4e-ab9e-ed094ff81aa5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 826ca6a8dadb358e528b079b8cad6cc5
1f8ea42b7f18c9756d5566880307950f5861de01
57c21443e08c9779febf17304e325351dd1fff47f37d70da49f413eb5a9c6c19
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fef57950c-a2fd-4f4e-ab9e-ed094ff81aa5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6563
x-amzn-requestid: 541e4daa-3e99-4d19-aad1-5a997cd1fa05
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BPBzBESxIAMFb2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6402b013-6d49af177e89fe551d65e93b;Sampled=0
x-amzn-remapped-date: Sat, 04 Mar 2023 02:42:27 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: M2WlQzBLjcP7AcuHPWKm4-zMqhj5py2_niVmme3Gdy2yVvVNFlViGA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 58b8655e3ea662bad02cac6b9d4c88ba.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Mar 2023 14:40:20 GMT
age: 24549
etag: "1f8ea42b7f18c9756d5566880307950f5861de01"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9efde266-ca49-41eb-9487-44e134916b4f.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9efde266-ca49-41eb-9487-44e134916b4f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 724fa48ccca0d3c13ff4b7d6f37b9d83
464c721a0b21748887983c18b374919fded7a9ec
2f9c5afbf0cf73ef947f3a1befe80aab80c1ba62a0b1c4d4484ad1508b8c0e62
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9efde266-ca49-41eb-9487-44e134916b4f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10330
x-amzn-requestid: 8260d57d-a18a-47c2-b1ab-e3446828fb72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: BRnFOFpIIAMFQ5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6403b887-6aad3a6721a923a2785af45e;Sampled=0
x-amzn-remapped-date: Sat, 04 Mar 2023 21:30:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: AgSjPLDX3q6HTwtAmDzATddl8ZVrjex8_knBealJq5Il1vUC16nMhA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 1d000d0dfe9d69b4983f619fdc5499d6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 04 Mar 2023 21:54:33 GMT
age: 84896
etag: "464c721a0b21748887983c18b374919fded7a9ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0c3b178-ee57-465b-aa8c-fb6f93e35cab.jpeg
34.120.237.76200 OK 3.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0c3b178-ee57-465b-aa8c-fb6f93e35cab.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4726917eabc29a977873ad26e264e70d
4619a0418ee08d6618ead537f31823c98f355b5a
d3c6b43d46ccff30f0003a063b6c4c78d4a782262bfdeb138e6c015555ce2dcb
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0c3b178-ee57-465b-aa8c-fb6f93e35cab.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3381
x-amzn-requestid: 8b89e7ab-b8b3-45cd-af3a-cc419e61f1fc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: A-PNPFynoAMFn8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63fbf8ba-616bedc230d1c2b13a09beae;Sampled=0
x-amzn-remapped-date: Mon, 27 Feb 2023 00:26:34 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: Qd5FIKUZwnnKiIzEnrA7ZcC_yWa9_iP1r7xUaCP4f6I7m_z3ChB-2A==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 85ee490c179dc0af42b771f11421073e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Mar 2023 09:32:00 GMT
age: 43049
etag: "4619a0418ee08d6618ead537f31823c98f355b5a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f416fae715b94255c97a724d822f247d
e4b012bd257e6e5157fb6514ac0d429124ed303f
660848fef76c231deb05397ad3a1443717332ed26fc38da5fdd63190e14684b8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "660848FEF76C231DEB05397AD3A1443717332ED26FC38DA5FDD63190E14684B8"
Last-Modified: Sat, 04 Mar 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10708
Expires: Mon, 06 Mar 2023 00:27:57 GMT
Date: Sun, 05 Mar 2023 21:29:29 GMT
Connection: keep-alive
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sun, 05 Mar 2023 19:53:25 GMT
expires: Sun, 05 Mar 2023 21:53:25 GMT
cache-control: public, max-age=7200
age: 5765
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
puddingdefeated.com/watch.839233884893.js?key=31224abe9de8da03816b59f2882025e3&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1
192.243.61.225307 Temporary Redirect 0 B URL HTTP/1.1 puddingdefeated.com/watch.839233884893.js?key=31224abe9de8da03816b59f2882025e3&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.839233884893.js?key=31224abe9de8da03816b59f2882025e3&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1 HTTP/1.1
Host: puddingdefeated.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 05 Mar 2023 21:29:30 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://xcigamesdd.com
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Location: https://puddingdefeated.com/watch.839233884893.js?key=31224abe9de8da03816b59f2882025e3&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1&shu=491ddb6af5a167110b36eb068279edeb835759177c5ea56f078b28fc0c90a455babc58daf8ca27be333d641e8ae8a03bda3d5e1157a54e59389819a2dc156b1d62e21f4e8af53faaa61bfac1e039f79aa4b909c0&pst=1678051830&rmtc=t
Set-Cookie: u_pl=17632612; expires=Mon, 06 Mar 2023 21:29:30 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzYzMjYxMiwiayI6IjMxMjI0YWJlOWRlOGRhMDM4MTZiNTlmMjg4MjAyNWUzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ3MjUzLCJwaWQiOjE1ODEwNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoieTExNXQwMTN3IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly94Y2lnYW1lc2RkLmNvbS9zdXBlci1tYXJpby1wYXJ0eS14NC8ifX0.qmhFB4ZphQjd9315wOYnRoNVRD987N7Kmoks8UMzlHM; expires=Sun, 05 Mar 2023 21:30:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7bff2d599fca999641605f94e1ce7a84
Strict-Transport-Security: max-age=0; includeSubdomains
analytics.linkmoe.org/matomo.js
50.31.177.118200 OK 22 kB URL HTTP/1.1 analytics.linkmoe.org/matomo.js
IP 50.31.177.118:0
File type ASCII text, with very long lines (1601)
Hash 48e67f21b901e3584c7a34f1a2f96894
00fa75a956ddcfff2690c27f62d3ede53e88a745
d76669dac74f5ba885b6f95aafc76395a923f7eb2e303ff49dc1ca305fa89737
GET /matomo.js HTTP/1.1
Host: analytics.linkmoe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=604800
expires: Sun, 12 Mar 2023 21:29:29 GMT
content-type: application/javascript
last-modified: Fri, 03 Feb 2023 21:10:07 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 21519
date: Sun, 05 Mar 2023 21:29:29 GMT
puddingdefeated.com/watch.839233884893.js?key=31224abe9de8da03816b59f2882025e3&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1&shu=491ddb6af5a167110b36eb068279edeb835759177c5ea56f078b28fc0c90a455babc58daf8ca27be333d641e8ae8a03bda3d5e1157a54e59389819a2dc156b1d62e21f4e8af53faaa61bfac1e039f79aa4b909c0&pst=1678051830&rmtc=t
192.243.61.225200 OK 2.0 kB URL HTTP/1.1 puddingdefeated.com/watch.839233884893.js?key=31224abe9de8da03816b59f2882025e3&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1&shu=491ddb6af5a167110b36eb068279edeb835759177c5ea56f078b28fc0c90a455babc58daf8ca27be333d641e8ae8a03bda3d5e1157a54e59389819a2dc156b1d62e21f4e8af53faaa61bfac1e039f79aa4b909c0&pst=1678051830&rmtc=t
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2549)
Hash da7bf024aa53f807e86d59c8da88fc23
d230364d0e3f6ffcb9bf2c871e4c9976edce58e4
c2ac4ce796bf0edd4e65879284bc725f4f9e838883921092f9da433f67a8b11e
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.839233884893.js?key=31224abe9de8da03816b59f2882025e3&kw=%5B%22super%22%2C%22mario%22%2C%22party%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&tz=0&dev=e&res=12.1053&uuid=e28f81e1-417d-427d-b6d5-e1e50d7d1fae%3A2%3A1&shu=491ddb6af5a167110b36eb068279edeb835759177c5ea56f078b28fc0c90a455babc58daf8ca27be333d641e8ae8a03bda3d5e1157a54e59389819a2dc156b1d62e21f4e8af53faaa61bfac1e039f79aa4b909c0&pst=1678051830&rmtc=t HTTP/1.1
Host: puddingdefeated.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Referer: http://xcigamesdd.com/
Connection: keep-alive
Cookie: u_pl=17632612; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzYzMjYxMiwiayI6IjMxMjI0YWJlOWRlOGRhMDM4MTZiNTlmMjg4MjAyNWUzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ3MjUzLCJwaWQiOjE1ODEwNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoieTExNXQwMTN3IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly94Y2lnYW1lc2RkLmNvbS9zdXBlci1tYXJpby1wYXJ0eS14NC8ifX0.qmhFB4ZphQjd9315wOYnRoNVRD987N7Kmoks8UMzlHM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Mar 2023 21:29:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://xcigamesdd.com
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=e28f81e1-417d-427d-b6d5-e1e50d7d1fae:2:1; expires=Sun, 12 Mar 2023 21:29:30 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 06 Mar 2023 21:29:30 GMT; secure; SameSite=None
uncs=1; expires=Mon, 06 Mar 2023 21:29:30 GMT; secure; SameSite=None
pdhtkv32=true; expires=Mon, 06 Mar 2023 21:29:30 GMT; secure; SameSite=None
uncs32=1; expires=Mon, 06 Mar 2023 21:29:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 86763bc9e2de80a4638da162787c5fa5
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3f98445e23de2cae08d0e9a50edad9f9
504c05b3b5f43f5149f896d1e8e4ebfeac57a795
0348a5b42456670d220f14a1dd8114ee761848b0f1368852d788308b7c9a70e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0348A5B42456670D220F14A1DD8114EE761848B0F1368852D788308B7C9A70E7"
Last-Modified: Sun, 05 Mar 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10054
Expires: Mon, 06 Mar 2023 00:17:04 GMT
Date: Sun, 05 Mar 2023 21:29:30 GMT
Connection: keep-alive
analytics.linkmoe.org/matomo.php?action_name=Super%20Mario%20Party%20XCI%20NSP%20NSZ%20Download%20%7C%20SwitchXCI&idsite=3&rec=1&r=312104&h=21&m=29&s=30&url=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&_id=6d3712329ebd10b2&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=8Wdozv&pf_net=36&pf_srv=348&pf_tfr=72&pf_dm1=2222&uadata=%7B%7D
50.31.177.118204 No Content 0 B URL HTTP/1.1 analytics.linkmoe.org/matomo.php?action_name=Super%20Mario%20Party%20XCI%20NSP%20NSZ%20Download%20%7C%20SwitchXCI&idsite=3&rec=1&r=312104&h=21&m=29&s=30&url=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&_id=6d3712329ebd10b2&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=8Wdozv&pf_net=36&pf_srv=348&pf_tfr=72&pf_dm1=2222&uadata=%7B%7D
IP 50.31.177.118:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /matomo.php?action_name=Super%20Mario%20Party%20XCI%20NSP%20NSZ%20Download%20%7C%20SwitchXCI&idsite=3&rec=1&r=312104&h=21&m=29&s=30&url=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&_id=6d3712329ebd10b2&_idn=1&send_image=0&_refts=0&cookie=1&res=1280x1024&pv_id=8Wdozv&pf_net=36&pf_srv=348&pf_tfr=72&pf_dm1=2222&uadata=%7B%7D HTTP/1.1
Host: analytics.linkmoe.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Content-Length: 0
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 204 No Content
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-credentials: true
content-type: text/html; charset=UTF-8
date: Sun, 05 Mar 2023 21:29:29 GMT
cdn.cloudimagesb.com/bi/35/0e/4a/350e4a81f85891ea9bb8b92985b2ac90/1671548946.jpg
45.133.44.10200 OK 11 kB URL HTTP/2 cdn.cloudimagesb.com/bi/35/0e/4a/350e4a81f85891ea9bb8b92985b2ac90/1671548946.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 320x50, components 3\012- data
Hash f53a1038b52e6618b7be1e30be5c5332
bcf274cdae7a586b41b5fd1387c089c8f0948723
e79d4a0f1c0cd3d26436dc471a90c485f1295d67adbbd4a885a0eb7984ca7cce
GET /bi/35/0e/4a/350e4a81f85891ea9bb8b92985b2ac90/1671548946.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:30 GMT
content-type: image/jpeg
content-length: 10923
server: nginx/1.17.6
last-modified: Tue, 20 Dec 2022 15:09:14 GMT
etag: "63a1d01a-2aab"
expires: Tue, 07 Mar 2023 21:29:30 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 56623c4122e8ed2fb7c347f08deecc6f
47b5f380f24d187ad150c0b29a999df372632c8d
83850330d96210afbf2495e53428065932655240e7ef2eca7bcaa95c7c30a2b2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "83850330D96210AFBF2495E53428065932655240E7EF2ECA7BCAA95C7C30A2B2"
Last-Modified: Sun, 05 Mar 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1850
Expires: Sun, 05 Mar 2023 22:00:20 GMT
Date: Sun, 05 Mar 2023 21:29:30 GMT
Connection: keep-alive
jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17632624
173.233.137.52200 OK 1.3 kB URL HTTP/1.1 jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17632624
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 194fedf50d870672cf74fcbd373a0a52
361961c90bdc753c91a8e5ce37b8720ad85ebadb
392d7125f2416751f30cad657ad4041ad3605e5e0cb6c863113cb13a10378605
GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17632624 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 05 Mar 2023 21:29:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Mon, 06 Mar 2023 21:29:30 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTc2MzI2MjQiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3hjaWdhbWVzZGQuY29tLyJ9fQ.jIozudj1lvDC9zsEa_lRIc7EU11vIS5A9x-CGf1aHM8; expires=Sun, 05 Mar 2023 21:30:30 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a1b6f24a858bf507dbd8191d6667e1dd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
arsnivyr.com/9?z=5382937&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=c5e8161dd3704223824d5687c67b855e
139.45.197.242200 OK 3.1 kB URL HTTP/2 arsnivyr.com/9?z=5382937&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=c5e8161dd3704223824d5687c67b855e
IP 139.45.197.242:0
Hash 23be1741938cae815e8657349b2e32bf
d7e84b8499520d9cc0f3c95eea0a90013fa72b20
a06159bedcc1a566851ba0bd45440ea3d6951e21010a5e485f0fed25a32c3f8b
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5382937&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fsuper-mario-party-x4%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=c5e8161dd3704223824d5687c67b855e HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 484
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 Mar 2023 21:29:29 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
x-trace-id: 788365ad3266711da8d1dc341a299d37
access-control-expose-headers: X-Sc
x-sc: fEsDc7zr8dkHmR3mtVifqB6GALRMBilFSaanxLPZTELQfy3v-9y9ecDwkOm5RF_MYs3NeMu5My1TcQJrpSmSpCGmk38=
set-cookie: scm=1; expires=Mon, 04 Mar 2024 21:29:29 GMT; secure; SameSite=None
OAID=c5e8161dd3704223824d5687c67b855e; expires=Mon, 04 Mar 2024 21:29:29 GMT; secure; SameSite=None
oaidts=1678051769; expires=Mon, 04 Mar 2024 21:29:29 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
e2ertt.com/bucket
139.45.197.233204 No Content 0 B IP 139.45.197.233:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /bucket HTTP/1.1
Host: e2ertt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://xcigamesdd.com/
Origin: http://xcigamesdd.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Sun, 05 Mar 2023 21:29:31 GMT
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
e2ertt.com/bucket
139.45.197.233200 OK 0 B IP 139.45.197.233:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /bucket HTTP/1.1
Host: e2ertt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/json
Content-Length: 515
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 05 Mar 2023 21:29:31 GMT
content-length: 0
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
jennyvisits.com/dyfc1k09?shu=8b078b1b1f06edfdbc3cac15b9539dfb0d786168d8b0e7f90f41ca125ca1debeb9f1fa68d82e39a4f2d2ea615e76ea541d4ec5154e0d4e36d243e9e7137d7258e1908c86b86f57ef5a5fb8e39c6c69fd800db87f41db200f4d578b330cfa72db520bff&pst=1678051830&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fxcigamesdd.com%2F&psid=17632624
173.233.137.52302 Found 0 B URL HTTP/1.1 jennyvisits.com/dyfc1k09?shu=8b078b1b1f06edfdbc3cac15b9539dfb0d786168d8b0e7f90f41ca125ca1debeb9f1fa68d82e39a4f2d2ea615e76ea541d4ec5154e0d4e36d243e9e7137d7258e1908c86b86f57ef5a5fb8e39c6c69fd800db87f41db200f4d578b330cfa72db520bff&pst=1678051830&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fxcigamesdd.com%2F&psid=17632624
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /dyfc1k09?shu=8b078b1b1f06edfdbc3cac15b9539dfb0d786168d8b0e7f90f41ca125ca1debeb9f1fa68d82e39a4f2d2ea615e76ea541d4ec5154e0d4e36d243e9e7137d7258e1908c86b86f57ef5a5fb8e39c6c69fd800db87f41db200f4d578b330cfa72db520bff&pst=1678051830&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fxcigamesdd.com%2F&psid=17632624 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jennyvisits.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTc2MzI2MjQiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3hjaWdhbWVzZGQuY29tLyJ9fQ.jIozudj1lvDC9zsEa_lRIc7EU11vIS5A9x-CGf1aHM8; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Sun, 05 Mar 2023 21:29:31 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
Set-Cookie: pdhtkv=true; expires=Mon, 06 Mar 2023 21:29:31 GMT
uncs=1; expires=Mon, 06 Mar 2023 21:29:31 GMT
pdhtkv28=true; expires=Mon, 06 Mar 2023 21:29:31 GMT
uncs28=1; expires=Mon, 06 Mar 2023 21:29:31 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b9867627bed9d3899a14bcadabd7ca79
Strict-Transport-Security: max-age=0; includeSubdomains
adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
23.36.79.11307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=15135578&sref=ADST&ADST=16122660 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jennyvisits.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sun, 05 Mar 2023 21:29:31 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 05 Mar 2023 21:29:31 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; domain=.unibet.com; expires=Tue, 05-Mar-3022 21:29:31 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=22, origin; dur=41, ak_p; desc="466125_388255495_2609317459_6642_4398_1_0";dur=1
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jennyvisits.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 05 Mar 2023 21:29:31 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
set-cookie: JSESSIONID=node0hgri2zzdosw8rtgbzajedl8s4964457.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0hgri2zzdosw8rtgbzajedl8s4; Path=/; Domain=.unibet.nu; Expires=Tue, 04-Mar-2025 21:29:31 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Tue, 04-Mar-2025 21:29:31 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://jennyvisits.com/"; Path=/; Domain=.unibet.nu; Expires=Tue, 04-Mar-2025 21:29:31 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=127656177_836CA6498D74481783FE2A4C906A4CD4; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=68246908; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fjennyvisits.com%2F; Path=/; Domain=.unibet.nu; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_836CA6498D74481783FE2A4C906A4CD4%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
referer: https://jennyvisits.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Sun, 05 Mar 2023 21:29:31 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jennyvisits.com/
Connection: keep-alive
Cookie: __ucbt=node0hgri2zzdosw8rtgbzajedl8s4; uniattr=ST.0.T; uniattr_ref="https://jennyvisits.com/"; affiliateId=1; B-TAG=127656177_836CA6498D74481783FE2A4C906A4CD4; BID=37950; PID=68246908; REFERER=https%3A%2F%2Fjennyvisits.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D127656177_836CA6498D74481783FE2A4C906A4CD4%26sref%3DADST%26ADST%3D16122660%26affiliateId%3D1%26pid%3D68246908%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sun, 05 Mar 2023 21:29:31 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Sun, 05 Mar 2023 21:29:31 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 84d051b9b496a68a90e6c7d29f1d6471
9ad60a66c7f46ccd1f5934f5ae7c42605b462b6b
4123964999000b53defab78730e6f1d8d0959373e77c41052afac272601a0f17
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4123964999000B53DEFAB78730E6F1D8D0959373E77C41052AFAC272601A0F17"
Last-Modified: Sat, 04 Mar 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15012
Expires: Mon, 06 Mar 2023 01:39:43 GMT
Date: Sun, 05 Mar 2023 21:29:31 GMT
Connection: keep-alive
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
104.18.35.90200 OK 2.0 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP 104.18.35.90:0
File type HTML document, Unicode text, UTF-8 text
Hash 6b4f4e1c7b78ff4cb63c05fd60afdfac
a4aab3ec22f139e9c5107efcf5d7ba6f73b72a35
c9f8493f206a99d471177d36e1694b73e1deb1800d6cb829bae586c5d2682b98
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Thu, 26 Jan 2023 12:30:23 GMT
etag: W/"0x8DAFF99188E686E"
x-ms-request-id: fae4441f-101e-0040-4d81-31153a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 291540
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574765c02b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
104.18.35.90200 OK 997 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP 104.18.35.90:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (966), with no line terminators
Hash 0de7a0bcb2f85cf7a01f2822a0380526
206dc57ebd9f88ebc147228934b1936c97645522
36f02eba1304462f5d16d4435596f284f9ff1eca0c347dedf1ce502b7947b7b2
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Thu, 26 Jan 2023 12:30:21 GMT
etag: W/"0x8DAFF99174612EA"
x-ms-request-id: 82c2bcc2-201e-0029-1081-312c76000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 291535
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574766c21b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
142.250.74.42200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 142.250.74.42:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Mar 2023 17:53:24 GMT
expires: Fri, 01 Mar 2024 17:53:24 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 272167
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
104.18.35.90200 OK 5.6 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP 104.18.35.90:0
Hash 619e283aebd2a3ae35a1b31ad8eebbe5
1616f43672f77aa743717a1146eeaf014b83b791
9219d5ac8e6d832150997087d16fa5adf22f547ce605c112bffabcbce8ce5cd1
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Thu, 26 Jan 2023 12:30:17 GMT
etag: W/"0x8DAFF9914DE94BB"
x-ms-request-id: 580bcb77-701e-0034-8081-3121ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 291535
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574765bfab4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
104.18.35.90200 OK 10 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP 104.18.35.90:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (15888), with no line terminators
Hash 9dd86d4138158ec4ed8618c2445bf366
09e68ec7c585a39947b0e28be10ead3746bb807b
b53c2856de1cc3a165b9ae56d41e9440579bc0954e66d35d6661aaa7887feedc
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Thu, 26 Jan 2023 12:30:22 GMT
etag: W/"0x8DAFF991835F51F"
x-ms-request-id: 1328b90b-701e-0024-5c81-31e4a2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 291537
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574766c13b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 280 B IP 192.229.221.95:0
Hash 2b1de329a948e44ff5bd1def54b1c5af
3381e6af1bda96533326826ca2553c478ab3171f
4adffeb99c74ef1965b2fb6a42ec68e1915386928ae7af45106c0612d908f6e1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 49269
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Mar 2023 21:29:32 GMT
Last-Modified: Sun, 05 Mar 2023 07:48:23 GMT
Server: ECAcc (ska/F775)
X-Cache: HIT
Content-Length: 280
welcome.unibet.com/custom.js
104.18.35.90200 OK 100 kB URL HTTP/2 welcome.unibet.com/custom.js
IP 104.18.35.90:0
Size 100 kB (100508 bytes)
Hash 1d3f254e79d43f3d2b0b71919ab70f98
48203453125e86075f6f76bcd6502a7961e13bd3
dcc1a6ba3fdbb42740209fac79e93cd9b06c254a4db9e7e1a7bf7af32c4be2b1
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: d013a120-f01e-003a-7703-03087a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 565009
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574765c08b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
104.18.35.90200 OK 12 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP 104.18.35.90:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1066), with no line terminators
Hash 6bbc5ee5bda90dd4d7e79ac0cb91bc47
ad32e750a95baeabdc9ae5cfaf29e70f10bfff7a
1491ec5fd68937e7184c9fa27a1fd3407c2f76800dedbbcc00f6ab3334f77058
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Thu, 26 Jan 2023 12:30:21 GMT
etag: W/"0x8DAFF99173FAB3F"
x-ms-request-id: af16bb2e-701e-0046-1c81-312685000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437017
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574766c20b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash fed02b60cdde629ed9682f466ed27c05
ca8a522c9deb45527119e5d243ddb316a0e22a44
0d653eca33ea40a8bcaf632dd27528d1ff4f3dfeb6497952edd530241f1cf69e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Mar 2023 21:29:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0b2a6c80075ac612fdd0c0db8ecc7508
816bcd2a7acf9dbf93e52adbe3549a2945d4cbfb
f5b916b912ad2c776304ec956a0d8c6e383551ae5f4c9c15bdf82b2db499d02b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Mar 2023 21:29:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Mar 2023 07:51:59 GMT
expires: Thu, 29 Feb 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 394653
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0b2a6c80075ac612fdd0c0db8ecc7508
816bcd2a7acf9dbf93e52adbe3549a2945d4cbfb
f5b916b912ad2c776304ec956a0d8c6e383551ae5f4c9c15bdf82b2db499d02b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Mar 2023 21:29:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 0b2a6c80075ac612fdd0c0db8ecc7508
816bcd2a7acf9dbf93e52adbe3549a2945d4cbfb
f5b916b912ad2c776304ec956a0d8c6e383551ae5f4c9c15bdf82b2db499d02b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 05 Mar 2023 21:29:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Roboto:300,400,500
142.250.74.106200 OK 16 kB URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 142.250.74.106:0
Hash 60740a92c949f8634a99ec994438814f
a55515f18496856738422cc5f310a36930e8ffb9
fc9b045cb7cc6e5be67ddd36fd9b9b3b60d7818f1554baba142751c1f94b0598
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 05 Mar 2023 21:29:31 GMT
date: Sun, 05 Mar 2023 21:29:31 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.35.90404 Not Found 74 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.35.90:0
File type XML 1.0 document text\012- XML document, Unicode text, UTF-8 (with BOM) text
Hash 02789cb2d4a3ac7392f6a09544107cff
c160085a1ade379fd5f676b542b59220d35124e8
b37831fd3272a5094c86813606a7c44701fdca646fa50b60f561372b25cae2eb
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: application/xml
x-ms-request-id: 51e086ea-401e-0000-42a9-4f1202000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 102
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574766c26b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
142.250.74.168200 OK 82 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP 142.250.74.168:0
File type ASCII text, with very long lines (62112)
Hash 9ee0da7a46c0ad61bbd9633eedf4708f
28c523cf008df35c46d5f333785917366d9de86f
73bb980f282f84e53185e6c425af83a087c45796de60391c2dae29f8bf278cf7
GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 05 Mar 2023 21:29:32 GMT
expires: Sun, 05 Mar 2023 21:29:32 GMT
cache-control: private, max-age=900
last-modified: Sun, 05 Mar 2023 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81977
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.133.15200 OK 28 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.133.15:0
File type ASCII text, with very long lines (54456), with no line terminators
Hash 8ee530cbe4d46e65a02d73163280d528
74d441715307ddb60478e914632ca6cd59b1c3c5
cd64486223bf1bf7db45a174fc4ee471fe881fc4e68abd14134472b06bd674b2
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:32 GMT
content-type: text/css
x-amz-id-2: kIWUcp4/gRprxrhG4Bo7YL49QfCfoJzgcb+lBni7kDeALpU6YcOHbXZK3Ce3+VKgInDBPr7yuoA=
x-amz-request-id: GQJ6HHGYZ6JW9X6Q
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 519416
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B5eOXIdTQXprnAGWDOMdMOxfzj8vsL%2FCKrXgdmIArQleC2dZn6S48uDi6QHkk6Xx6cdnhV%2B4%2F39JyqWx2MlLG9ukXeyc2WBws0mfflGPzn%2B7nyjodyDiKAr2ggsa8GgZOOS73yb1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7a3574773fc988a4-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 280 B IP 192.229.221.95:0
Hash 6380e66bf2451e5ee3dff2be6cfd7e08
e7e62a87a8d43f373c5fdcf10186171001beeee0
a687c1c7dc21981e083c0cf7ab425d0335b97e83a2fc852e5acd312f624e3f18
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 40980
Cache-Control: max-age=86399
Content-Type: application/ocsp-response
Date: Sun, 05 Mar 2023 21:29:32 GMT
Etag: "64031827-117"
Expires: Mon, 06 Mar 2023 21:29:31 GMT
Last-Modified: Sat, 04 Mar 2023 10:06:31 GMT
Server: ECAcc (ska/F6D2)
X-Cache: HIT
Content-Length: 280
script.crazyegg.com/pages/scripts/0012/9242.js
104.19.147.8410 Gone 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP 104.19.147.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 410 Gone
date: Sun, 05 Mar 2023 21:29:32 GMT
content-type: application/javascript
content-length: 0
last-modified: Sun, 05 Mar 2023 11:54:06 GMT
cache-control: public, max-age=86400, s-maxage=86400
access-control-allow-origin: *
cf-cache-status: HIT
age: 34526
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a357478bf87b509-OSL
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js?466125
104.19.147.8410 Gone 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?466125
IP 104.19.147.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pages/scripts/0012/9242.js?466125 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 410 Gone
date: Sun, 05 Mar 2023 21:29:32 GMT
content-type: application/javascript
content-length: 0
last-modified: Sun, 05 Mar 2023 11:54:06 GMT
cache-control: public, max-age=86400, s-maxage=86400
access-control-allow-origin: *
cf-cache-status: HIT
age: 34526
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a357478fff5b509-OSL
X-Firefox-Spdy: h2
secure.adnxs.com/seg?add=9755599
185.89.210.90307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=9755599
IP 185.89.210.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sun, 05 Mar 2023 21:29:32 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: a571e464-48c0-4805-8a80-0689f94a8699
Set-Cookie: uuid2=5022210330239543913; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 03-Jun-2023 21:29:32 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 0c4ac26705cc052fd363dc8eb812abe1
4bedf4ddbece5e3e1fd7e205c6715048dfbd7fbb
17d7b2ca05bf69c3d66976f6ba3ac2384911492a1b9702ec0bd5760795ff897d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 55349
Cache-Control: max-age=86396
Content-Type: application/ocsp-response
Date: Sun, 05 Mar 2023 21:29:32 GMT
Etag: "6402e003-1d7"
Expires: Mon, 06 Mar 2023 21:29:28 GMT
Last-Modified: Sat, 04 Mar 2023 06:06:59 GMT
Server: ECAcc (ska/F756)
X-Cache: HIT
Content-Length: 471
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
185.89.210.90200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
IP 185.89.210.90:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sun, 05 Mar 2023 21:29:32 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: a141b8a8-cd90-4475-8119-484057ad30a5
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2Il`kstpt!]tbP6j2F-XstGt!@Ddg$m2mW; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 03-Jun-2023 21:29:32 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1678051772334
34.251.47.116200 OK 497 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1678051772334
IP 34.251.47.116:0
File type JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Hash c7684914aba3d7f7359fe65c70232804
c5cf7f439c55e6a2e0588795bd53e016f3b66016
e26860312d0a2ea99540987bd14bdf0e0a0be59c906b5470348e300cc07d5e6e
GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1678051772334 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.unibet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v046-0d6696b06.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=61938128359879011493446239609045711545; Max-Age=15552000; Expires=Fri, 01 Sep 2023 21:29:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: ziEv2xRXSt4=
Content-Length: 497
Connection: keep-alive
ocsp.digicert.com/
192.229.221.95200 OK 279 B IP 192.229.221.95:0
Hash 38963ad69206cf77cd305109c0de5698
2f5d30a75a66998b15c908b64997385807642c2f
36204688cf6deb4edee8501f7e6fac04a97c33ea045b665d6749b9a51146368c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 29433
Cache-Control: max-age=86391
Content-Type: application/ocsp-response
Date: Sun, 05 Mar 2023 21:29:32 GMT
Etag: "6403453a-117"
Expires: Mon, 06 Mar 2023 21:29:23 GMT
Last-Modified: Sat, 04 Mar 2023 13:18:50 GMT
Server: ECAcc (ska/F6AF)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
192.229.221.95200 OK 279 B IP 192.229.221.95:0
Hash 38963ad69206cf77cd305109c0de5698
2f5d30a75a66998b15c908b64997385807642c2f
36204688cf6deb4edee8501f7e6fac04a97c33ea045b665d6749b9a51146368c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 29434
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 05 Mar 2023 21:29:32 GMT
Etag: "6401f3c2-117"
Last-Modified: Sun, 05 Mar 2023 13:18:58 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 279
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
104.18.35.90200 OK 1.0 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP 104.18.35.90:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1481), with no line terminators
Hash 40a840f6dfdc1fd280c4676fb0ca8292
60815ef75313ae7e0c6508d8b89d23e4fe062999
69081a889d8e42355d361225b777dc7910c37378452c337ba1e8f330a84a2a93
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Thu, 26 Jan 2023 12:30:21 GMT
etag: W/"0x8DAFF9917716257"
x-ms-request-id: 78c0b78e-401e-0000-7881-311202000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 291535
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574766c24b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 068a4b1d7032a3d07638d76e254a6257
a6102dcfe6cd250fa3acb2f2dc7fe8dc5a9fb852
756b46940989d077fa1256c51e04631524d2a7bb86464af7bd9c6272be4ae8db
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 53309
Cache-Control: max-age=96237
Content-Type: application/ocsp-response
Date: Sun, 05 Mar 2023 21:29:32 GMT
Etag: "64030e6c-1d7"
Expires: Tue, 07 Mar 2023 00:13:29 GMT
Last-Modified: Sat, 04 Mar 2023 09:25:00 GMT
Server: ECAcc (ska/F776)
X-Cache: HIT
Content-Length: 471
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=61952928382915193023448997948036187938&ts=1678051772514
15.236.117.205200 OK 2 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=61952928382915193023448997948036187938&ts=1678051772514
IP 15.236.117.205:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=61952928382915193023448997948036187938&ts=1678051772514 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://welcome.unibet.com
access-control-allow-credentials: true
date: Sun, 05 Mar 2023 21:29:32 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
104.40.147.180200 OK 4.3 kB URL HTTP/2 bannerflow-feed-builder.azurewebsites.net/api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no
IP 104.40.147.180:0
ASN #8075 MICROSOFT-CORP-MSN-AS-BLOCK
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (4633)
Hash 2345951d8a5025793ee9ad75ee2f6198
ec90fdaae3ce584d3a33303fef8f6b070cbf6cb8
c8e415b8c198357ab1988361ec6e1302f475d221779559f8e23de990fbb4b84f
GET /api/googlesheet/?user=2&spreadsheetId=1Fgsan389gf5LVYi3gt6FMNEgM3LnRdQN1kZ3lP9JwiQ&sheetname=nb_no HTTP/1.1
Host: bannerflow-feed-builder.azurewebsites.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json; charset=utf-8
date: Sun, 05 Mar 2023 21:29:31 GMT
server: Microsoft-IIS/10.0
access-control-allow-origin: *
access-control-expose-headers: Request-Context
cache-control: no-cache
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: ARRAffinity=918a28837d469cda54fea86f65a3d5a5f06872944f26694d3e52a68732d0d39c;Path=/;HttpOnly;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
ARRAffinitySameSite=918a28837d469cda54fea86f65a3d5a5f06872944f26694d3e52a68732d0d39c;Path=/;HttpOnly;SameSite=None;Secure;Domain=bannerflow-feed-builder.azurewebsites.net
vary: Accept-Encoding
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:f631c08e-9610-47b7-82c9-c925628cdde1
x-powered-by: ASP.NET
X-Firefox-Spdy: h2
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s59289952227341?AQB=1&ndh=1&pf=1&t=5%2F2%2F2023%2021%3A29%3A32%200%200&mid=61952928382915193023448997948036187938&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950%26btag%3D127656177_836CA6498D74481783FE2A4C906A4CD4%26bid%3D37950%26campaignId%3D2799402%26pid%3D68246908&r=https%3A%2F%2Fjennyvisits.com%2F&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950%26btag%3D127656177_836CA6498D74481783FE2A4C906A4CD4%26bid%3D37950%26campaignId%3D2799402%26pid%3D68246908&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=9%3A29%20PM%7CSunday&v6=9%3A29%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1678051772&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A127656177%3A68246908-37950&v122=NONE&v124=2799402&v125=127656177_836CA6498D74481783FE2A4C906A4CD4&v126=68246908&v127=37950&v134=1678051772&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
15.236.117.205200 OK 43 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s59289952227341?AQB=1&ndh=1&pf=1&t=5%2F2%2F2023%2021%3A29%3A32%200%200&mid=61952928382915193023448997948036187938&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950%26btag%3D127656177_836CA6498D74481783FE2A4C906A4CD4%26bid%3D37950%26campaignId%3D2799402%26pid%3D68246908&r=https%3A%2F%2Fjennyvisits.com%2F&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950%26btag%3D127656177_836CA6498D74481783FE2A4C906A4CD4%26bid%3D37950%26campaignId%3D2799402%26pid%3D68246908&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=9%3A29%20PM%7CSunday&v6=9%3A29%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1678051772&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A127656177%3A68246908-37950&v122=NONE&v124=2799402&v125=127656177_836CA6498D74481783FE2A4C906A4CD4&v126=68246908&v127=37950&v134=1678051772&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP 15.236.117.205:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s59289952227341?AQB=1&ndh=1&pf=1&t=5%2F2%2F2023%2021%3A29%3A32%200%200&mid=61952928382915193023448997948036187938&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950%26btag%3D127656177_836CA6498D74481783FE2A4C906A4CD4%26bid%3D37950%26campaignId%3D2799402%26pid%3D68246908&r=https%3A%2F%2Fjennyvisits.com%2F&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A127656177%3A68246908-37950%26btag%3D127656177_836CA6498D74481783FE2A4C906A4CD4%26bid%3D37950%26campaignId%3D2799402%26pid%3D68246908&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=9%3A29%20PM%7CSunday&v6=9%3A29%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1678051772&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A127656177%3A68246908-37950&v122=NONE&v124=2799402&v125=127656177_836CA6498D74481783FE2A4C906A4CD4&v126=68246908&v127=37950&v134=1678051772&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Sun, 05 Mar 2023 21:29:32 GMT
expires: Sat, 04 Mar 2023 21:29:32 GMT
last-modified: Mon, 06 Mar 2023 21:29:32 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3603588742876823552-4619624226218085141
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash af0dfc83014a6322ec74036bb17bffb3
e4601b2a6b1ae35b6d0a1e1b339efd4eaf05041f
ecb854f9c094c660fd95181f31849fb2b516d53b9f70a23846dba122833733a9
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=86397
Date: Sun, 05 Mar 2023 21:29:32 GMT
Etag: "64029563-1d7"
Expires: Mon, 06 Mar 2023 21:29:29 GMT
Last-Modified: Sat, 04 Mar 2023 00:48:35 GMT
Server: ECAcc (bsa/EB2E)
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BCoURUv4wGUs1mBzV2QAx0eHxNoCvhd7UHshEcxCtqljbIlPkD1Frg==
Age: 74454
cm.everesttech.net/cm/dd?d_uuid=61938128359879011493446239609045711545
54.229.62.148302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=61938128359879011493446239609045711545
IP 54.229.62.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=61938128359879011493446239609045711545 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Sun, 05 Mar 2023 21:29:32 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~ZAUJvAAAAJzangNe; Domain=.everesttech.net; Expires=Mon, 04-Mar-2024 21:29:32 GMT; Path=/
everest_session_v2=ZAUJvAAAAJzanwNe; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZAUJvAAAAJzangNe
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=ZAUJvAAAAJzangNe
34.251.47.116302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=ZAUJvAAAAJzangNe
IP 34.251.47.116:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=ZAUJvAAAAJzangNe HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v046-0040bba41.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=ZAUJvAAAAJzangNe
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=22227283644512521664596296468739838705; Max-Age=15552000; Expires=Fri, 01 Sep 2023 21:29:32 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: /NYLL1ydTCE=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=ZAUJvAAAAJzangNe
34.251.47.116200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=ZAUJvAAAAJzangNe
IP 34.251.47.116:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=ZAUJvAAAAJzangNe HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v046-0d6a26255.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: XFpyXfBcQcw=
Content-Length: 59
Connection: keep-alive
arsnivyr.com/27/6b029177bcae17827fbaf1637c536e88
139.45.197.242200 OK 0 B URL HTTP/2 arsnivyr.com/27/6b029177bcae17827fbaf1637c536e88
IP 139.45.197.242:0
Analyzer Verdict Alert quad9 Sinkholed
GET /27/6b029177bcae17827fbaf1637c536e88 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 05 Mar 2023 21:29:28 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID
cache-control: max-age:290304000, public
last-modified: Wed, 01 Mar 2023 10:09:40 GMT
expires: Wed, 31 Mar 2083 10:09:40 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
104.18.35.90200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP 104.18.35.90:0
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Thu, 26 Jan 2023 12:30:22 GMT
etag: W/"0x8DAFF99183CF8FA"
x-ms-request-id: d4160c8c-201e-0016-7481-31e4d5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 291537
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574766c14b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
104.18.35.90200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP 104.18.35.90:0
GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:32 GMT
content-type: image/x-icon
cache-control: public, max-age=900, immutable
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
last-modified: Thu, 26 Jan 2023 12:30:17 GMT
etag: W/"0x8DAFF9914F4D898"
x-ms-request-id: e6735b96-c01e-0021-0381-313679000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 291516
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574787efeb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
104.17.109.160200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP 104.17.109.160:0
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:32 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: f9c36029-201e-0105-665e-a57399000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 353
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a35747afc04b527-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
104.18.35.90200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP 104.18.35.90:0
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Thu, 26 Jan 2023 12:30:22 GMT
etag: W/"0x8DAFF99184AD9A4"
x-ms-request-id: fa9ed380-a01e-0027-7f81-3105c6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 435229
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574766c1fb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
104.18.35.90200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP 104.18.35.90:0
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Thu, 26 Jan 2023 12:30:23 GMT
etag: W/"0x8DAFF991898A021"
x-ms-request-id: e9253db8-601e-0075-8081-31792e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 291535
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574765c04b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
104.18.35.90200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP 104.18.35.90:0
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF9915D02464"
x-ms-request-id: 9ee27f41-c01e-000e-3881-313bb2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 291535
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574767c2fb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
104.18.35.90200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
IP 104.18.35.90:0
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jennyvisits.com/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: djoKeCzytkLU3NSdQsOPbQ==
last-modified: Thu, 26 Jan 2023 12:30:17 GMT
x-ms-request-id: 9a3a622b-d01e-0060-3ba9-4f6e9d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
set-cookie: btag=127656177_836CA6498D74481783FE2A4C906A4CD4;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
cf-ray: 7a3574758ac9b4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
104.18.35.90200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP 104.18.35.90:0
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF99157C1D3C"
x-ms-request-id: ec6073d8-501e-0051-6881-318f8e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 256408
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574765c0fb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
104.18.35.90200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP 104.18.35.90:0
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:127656177:68246908-37950&btag=127656177_836CA6498D74481783FE2A4C906A4CD4&bid=37950&campaignId=2799402&pid=68246908
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1678051771479)%5c%2f%22%2c%22CookieTag%22%3a%223795068246908451240919C2023352129%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228929188513%7c1%22%7d%5d; btag=127656177_836CA6498D74481783FE2A4C906A4CD4
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:31 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Thu, 26 Jan 2023 12:30:18 GMT
etag: W/"0x8DAFF9915A7459F"
x-ms-request-id: e677fb13-901e-0061-5581-313141000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 436565
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a3574765c0cb4ff-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
104.17.109.160200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP 104.17.109.160:0
GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 05 Mar 2023 21:29:32 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 0c05a17a-201e-0074-2dff-f626f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 353
vary: Accept-Encoding
server: cloudflare
cf-ray: 7a35747aebd7b527-OSL
content-encoding: br
X-Firefox-Spdy: h2