{"report_id":"9cc00a25-ed2a-4583-85c9-406bbf5fd53f","version":6,"status":"done","tags":[],"date":"2025-09-20T06:52:25Z","url":{"schema":"http","addr":"239797.win/","fqdn":"239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":0,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"final":{"url":{"schema":"https","addr":"www.239797.win/en-us/","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"title":"Online Casino \u0026 Sportsbook | Quick \u0026 Easy Sports Bets at LEON"},"submit":{"url":{"schema":"http","addr":"239797.win/","fqdn":"239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":0,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-25T06:52:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":2}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"widget.intercom.io","ip":{"addr":"3.164.206.53","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":19213,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":7496,"sent_data":421,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]},{"fqdn":"239797.win","ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":38348,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"track.liftdsp.com","ip":{"addr":"54.240.174.124","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":2,"received_data":8888,"sent_data":2284,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}]},{"fqdn":"nexus-websocket-a.intercom.io","ip":{"addr":"18.97.36.46","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":9252,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":283,"sent_data":741,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"mrspeedtime-21a8b.kxcdn.com","ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":66,"received_data":5085121,"sent_data":31879,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.239797.win","ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":29,"request_count":29,"received_data":3027099,"sent_data":37894,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"o237537.ingest.us.sentry.io","ip":{"addr":"34.120.195.249","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":6,"received_data":3557,"sent_data":3864,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":313,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":74195,"sent_data":879,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.google.no","ip":{"addr":"142.250.74.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":92680,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":580,"sent_data":890,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":7,"received_data":254031,"sent_data":3794,"comment":"","tags":null,"fingerprints":null},{"fqdn":"pixel-us.r2drtb.com","ip":{"addr":"88.214.195.101","port":443,"asn":46636,"as":"NATCOWEB","country":"United Kingdom","country_code":"GB"},"domain_registered":"unknown","domain_rank":5001008,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":2,"received_data":1027,"sent_data":1043,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"js.intercomcdn.com","ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":23692,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":10,"received_data":4548325,"sent_data":4410,"comment":"","tags":null,"fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"region1.analytics.google.com","ip":{"addr":"216.239.34.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":22257,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":848,"sent_data":1650,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ps.l.liftdsp.com","ip":{"addr":"54.240.174.68","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":602474,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":702,"sent_data":473,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}]},{"fqdn":"downloads.intercomcdn.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":72330,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":0,"sent_data":506,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdnimages2-21a8b.kxcdn.com","ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":4,"received_data":165103,"sent_data":2044,"comment":"","tags":null,"fingerprints":null},{"fqdn":"api-iam.intercom.io","ip":{"addr":"3.225.121.170","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":17818,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":3,"received_data":15448,"sent_data":1585,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pool.liftdsp.com","ip":{"addr":"35.206.140.87","port":443,"asn":15169,"as":"GOOGLE","country":"Belgium","country_code":"BE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":2,"received_data":920,"sent_data":1134,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]},{"fqdn":"cdnimages3-21a8b.kxcdn.com","ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"domain_registered":"unknown","domain_rank":6794489,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":72,"received_data":2402780,"sent_data":35179,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":283,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":3,"received_data":884833,"sent_data":2085,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/5f62684a.d.m.DdEDGjW8.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"08773c648ec0315086c9436b158eb9b6","sha1":"e6fa45cccdc9be227c38acfd80070bebcb569112","sha256":"37430d24b458859ea19c51d7062889e34cd2f9c215065a75897c7e5213d2be47","sha512":"d8e859821574fce2bd73b3e8e594f04cc89315cf7cce2849e0b1b4eab5948358baac93659f1d133d13ff58f9873b2959311019ed25c18bbf2099db8a1b5c5aa9","ssdeep":"384:0HWZLZBGjosH+g7qTfOjwJ9cCXIwCItGby1GcIn8QpKLQ1uRoRjBy4e86DyMFXnr:0HWIjosp7qTfOEZXI9IGW1GcU8QpKLQk","tlshash":"fcb20981329272a1838694f2e6334212e33a75543805a4bd7dbdb9db7981d877b72bf0","size":23854,"data":"","first_seen":"2025-09-20T06:53:38.35406Z","last_seen":"2025-09-20T06:53:38.35406Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/94ae4756.d.m.DH-3UKsJ.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"3f0b4325c6e3a35c8f9e3b004a21c8b3","sha1":"8b1574260e9310d9ba8195938c94811e84e4736c","sha256":"89785515513dc76d7c741a0af304c89e18454b8f6e93da8140c95ace8b037c13","sha512":"4eca04a3247a0e3786c7876e12966fc32d06209334507dca4d2e4be88fa20b3401ad32df12217eadf71793e0630ef416d9bb714a83736584038480184d560e19","ssdeep":"768:I/gq4MTeIckmO4Vi4equcad4Q2OajU0zCXspLS0IRQVrenuRcfG2OOPf4qtFWMO0:IYMTeIQS2bZpu0+62FivZWV5","tlshash":"c45360c971c2f0a683e76034003f8405f37a5d65a4acd1a4daeac4f97dfa8199237f29","size":65847,"data":"","first_seen":"2025-09-19T02:19:58.439295Z","last_seen":"2025-09-20T06:53:38.234112Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/f06cd424.d.m.DNxjDgC4.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"bfbbc0b9733b9a06ac04d2f42c0e6f8d","sha1":"25ff6039bcb72584376df8321341fa8ab788f53c","sha256":"b4d4a5b50d22502899af7a7d4684c2b44d40444e3ff9acd2537c0c3a5b241b56","sha512":"a3dbd0bb893fea9a8cc088f0e75f83e694b1c43ec98aad2445c06f73378211d925b9a8413a2d4f315c685978c0d65df7761193438176ccaf9398754e75e5f8ea","ssdeep":"384:BBxVYwMgUryABLDpK9CCQxe6INs37rMQWwsydsC3+5r/wJ106qlwACpGlJvhRbn5:BlM9rysLDpKwmNs3fMmc2+5cJ106qlwq","tlshash":"cfa22cb7236292b246ab018990770543d31407d5f14884f179feadae35b9ca2f366f3e","size":22548,"data":"","first_seen":"2025-09-20T06:53:38.268376Z","last_seen":"2025-09-20T06:53:38.268376Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/fd2fd3f8.d.m.B86WmI9J.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"38f52a4f73918c4498469647bc400a18","sha1":"b1d553b4b41e486afbdadd4fc6a044b1a0e08c7a","sha256":"0cbdd4b0c2175e39ce37245633773809d2041e1c27bcde12b1cf5505414f3440","sha512":"d877b938f869bb7479f94ed40e76a4e919c1df0770e1bc64bbc219a0e7c1ad6eb514135f3cd35a3455bd0f13121e304946da92178d2fc59c83092acfaef02ee4","ssdeep":"96:c3oAy/zelIVlxdLSU0pd31Fixk2l9eC97Ae0E0hbDO92pli56+p0kYAfvcxaydo5:cCzelg1SFr0k2l9eC97Ar3O92pli56+t","tlshash":"7dc1fd5dde4a82b883c358f6a0f60e4a505de947f13c0a00f8a2ed6f9550fe4932bb5d","size":5963,"data":"","first_seen":"2025-09-20T06:53:38.137796Z","last_seen":"2025-09-20T06:53:38.137796Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/en-us/","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"f0ffd3b7c2574ac324603ed00488c850","sha1":"623e76c36aa2a886542011e28412cc761d7ceb01","sha256":"c4d0cf241a1bfa1c8bf4cf24e8f89d2ab786a284a39adb2fc8df7ea14e73c154","sha512":"436f9fb4816f6975fec0d965dfc0db4c3c38c53632dd4dc99a6c1a2dd9562fbd67176d0118549ff573c97e3394bad4d601c425cf670acab249ebc8d260591fa2","ssdeep":"","tlshash":"1540000003c00000300000c0000000000003c00000000000c000000000c00000300030","size":7,"data":"","first_seen":"2023-03-07T01:03:35Z","last_seen":"2026-04-04T16:37:52.354262Z","times_seen":64257,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/vite-plugin-import-retry.179bbf.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"33b4a14edb42f0fe57ff70887be0fbc3","sha1":"a5c55979ebc911ddba991edb628ede6d70bbff36","sha256":"179bbf3db4b5a12659275545cb970ea8c71c657b8f3acb23de9546aa0d8dfd94","sha512":"ffbdf1808a1d389a9b2a6b8c8d4ff1c5b74b3ade1d44c8c1d3fb31c683b2b52c58388ea7bfb5304046e82eb3041a8c200bc51042875ab289cca5bf9d94fcb438","ssdeep":"","tlshash":"cb614ed875c3a42d0363b5b9843f5457fa6a2824f64c0c61d86ce292793ae0ac3639e0","size":3342,"data":"","first_seen":"2025-09-19T02:19:58.472642Z","last_seen":"2025-09-20T06:53:38.252963Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/a4d37d01.d.m.NF3uovUq.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"7874cb8a06564f1c730e8e22eee4a3bb","sha1":"f145035d11864f16c28ddda363ee3efd4ec65d84","sha256":"2d187a6266818521f4fdb0b5b07309ebdabaa0b78bc852ad90584d0e5a7b8287","sha512":"6abe25b86051d225736f5d278226bac97b79ab0c045152fcbe1f92db0cce70f180b1d02f148e2f8bcd6dea420210d37658e8e6241dd4de26158e6ea75b88e24c","ssdeep":"","tlshash":"eb11c46e9951c4719268c8acc32128518a7b4ba793f1454ce1ac65ff0f90063c31b5a6","size":916,"data":"","first_seen":"2025-09-20T06:53:38.147849Z","last_seen":"2025-09-20T06:53:38.147849Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/17ff6b76.d.m.CXP5KiY2.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"9491ef6a940092932483bbd5efacf3ae","sha1":"1ac9bba8345b88706e51961aa4d35550237bbee3","sha256":"1e9590ffdd1f4698008d90d3571066688caac032b4bf6c52edf4428905494c10","sha512":"fcb6206e992642aad87d2bf5d2e9ed224a9272ec6ce95600bbc600cce18310175e55e89183bd5e75463f000054911ab011a79eb8146ea15bf10485a8d94b9fe1","ssdeep":"","tlshash":"904195b6b890e078837ec0eec071a0d043166760b35684e4d09e35bc46b8c86c1bcf4b","size":2236,"data":"","first_seen":"2025-09-20T06:53:38.242791Z","last_seen":"2025-09-20T06:53:38.242791Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/en-us/","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"631036c478b6a0b0aaa7d71707779f0f","sha1":"94053f2e94b305e3dda29c04d3ce22346a8336cf","sha256":"0c390ae44fb3e39f9e23de7e61857f53e78be006a2c17cfcd0e583d073fa3762","sha512":"a62202769c20f2ed1686a8fa7c619fc9ae2cf0c3cf33ba268f901422dcce0f910f1ced698eba91c9348863f385c16e9bfa4392c3e220c1fa7d589750fd35a8f4","ssdeep":"","tlshash":"c3f00255790b513d47a3607047ffc20b2827a0a711c1c849d916c8b81fe5ac8c59fbef","size":625,"data":"","first_seen":"2024-03-29T05:33:40Z","last_seen":"2026-03-29T15:19:13.502083Z","times_seen":118,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/en-us/","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"6a01e6f7bce6dbf5d77e90a118c93b0e","sha1":"0dd49694ef9f526b54037573927940d4f49410ee","sha256":"633fe888d0ff0434ff5676b91027d7f70c3af306567d4f1b7d5f30fef585c184","sha512":"bcfd3614437320134d84c7aa5239c54f0ceb14caa75f2bc4199dd14487d248f32638037b41ea918fe8ed8f9d34f18a4dcea0a114499759bfd0d17b70ce2bd228","ssdeep":"","tlshash":"6de028da74110c7570ed05f533b1a11875431108780a5c23ddfdc9142c189c74c134cc","size":341,"data":"","first_seen":"2023-05-07T16:21:54Z","last_seen":"2026-03-29T15:19:13.493938Z","times_seen":114,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/b3b80119.d.m.BroKAO7_.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"3926431464830643edf3790410868dc6","sha1":"c28d1eb124a56835e291e29fb032a7c6bd143053","sha256":"28edc46704ecb6944ee777c48b274eb13f7e046a3d4e87a8f7242b9c67e30864","sha512":"d9b0bfa970c5db0dc60a4df4811f5f07a6313ef1a09b8887ad8d83e0e656e9bddf949de08b27b580ff901b0d60fbf810ba450f27a0bdebdf6d7f69e3c5b18fef","ssdeep":"","tlshash":"3651720b993b2873548124fdf81710234619d25d365ca0b8f7fe758719ab9a5233bf8a","size":2717,"data":"","first_seen":"2025-09-20T06:53:38.256105Z","last_seen":"2025-09-20T06:53:38.256105Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/71c69379.d.m.CipAdSUi.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"f80659338a5ade39b5ed5ae5eb743ba6","sha1":"a681ff447c2e3a86de193bab7b4d616a58a8cc10","sha256":"d2f34639866e1591f754ebbd0ff1df1dcf9977dac52e9c942bdfd58850e112d9","sha512":"f542222be6e3a940a130d7b63bd4e76ff8382f36aec30fb6c6f14b3bc91a42fe3875767505b835686e5871c65874cf91688762eea9059e365261f5c5e38e19a5","ssdeep":"96:hEDXc09OgtWILm09OotcvMdMYO9OEVJMveri4XrKwJM:Y1OMbOotcvAIOEUmripwm","tlshash":"ed91c78d3c7f54719aff988ff0a90c1a9e6d0fe621244d4180bf14bb2ab7c50e662527","size":4593,"data":"","first_seen":"2025-09-20T06:53:38.195292Z","last_seen":"2025-09-20T06:53:38.195292Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/vendors~sentry~app.47087327.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d9c54fad8854c68ee9edbd47ef48d6ad","sha1":"ccbb56a3e851ec8f5d2c6a351843886b62c41b8d","sha256":"b5537d0dfaacaf76b48bc6ea0d75e8b21d419d5a660012ef6545de3da2fda44b","sha512":"0521b89cfd6a23c1ba7e920ef997c526f2d21375078acc5a482428d5c1c48e5ab9e73638818fa93bd8a8c915d4677e24e7f71739e0d8fba4feef714bc1872162","ssdeep":"1536:yAy1BQKh4+lC4el5txG+u0JnbrpxyR7+hlPp:yAy1Jhm1l0Lan5xy0","tlshash":"cd73a2c9b1d2b02053eb19a5903b410ae77a5994300b8490f67cddde7eba15ee273f2d","size":79160,"data":"","first_seen":"2025-07-01T17:03:46.631262Z","last_seen":"2025-12-05T13:54:20.152529Z","times_seen":4909,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/64da48c6.d.m.DZJUAbgG.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"2db71df2b3283471d6d0302f011a4dd8","sha1":"96181b3d7434ba33d94d7d54be695aea379d9f1d","sha256":"8ed2ca6c188031f32e9b9d2a022a2361c8c9cf77cf334c863250d9312c811bcb","sha512":"422b2d1a47d487fe2279f75ee0f512fe31ec60cdabaa2fb46691c06c0a8bdf2687d18db405de0023ac8cbe5eb43d7564a92b7337a9338a1c7a4655da89cb732f","ssdeep":"3072:RFv88egIZ/bTrmxLZANKLJpgF299o2+7l9CUEC18WjtJ:RFU8egi/bTrmNZANKLJpgUD+CUEC18Wj","tlshash":"64141a1a6a0838fe4f710e2e571b7aa472334d84fa21c033d2b59f3e2f5a411f55b5a6","size":192128,"data":"","first_seen":"2025-09-20T06:53:38.188319Z","last_seen":"2025-09-20T06:53:38.188319Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"6c2d8c697add8d61d0811fde38ff5c31","sha1":"cb1622c0d1df571282c49540b198333fa18e93c0","sha256":"2a81ad5c378ce2a9fef60586f65fe58c5fdbb658c73121bd87594e91bbae4b69","sha512":"8ef3461edb93a73618a95e7d14017cd1ab96d8befc90b852a5aaed2663c0679fa3d3cce7fbf952e0ac93c51021a6829e5bbd54df1eaae0d31eada14b51048b3b","ssdeep":"","tlshash":"9fa0220202c0008002f2302cc0023fa3b38b00282ccc38e3c880000fe800023c00cf33","size":72,"data":"","first_seen":"2025-07-12T04:18:41.27049Z","last_seen":"2025-09-28T16:26:18.56498Z","times_seen":12,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/7fbe0154.d.m.unn1YPpf.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"50a9bb10b317e0dc4f6ec1899a26682e","sha1":"e19e2cfde478f3fb95aa510f10274570ad2bfe40","sha256":"1eb5b3981c32de1bbee68d23b8b48cce2f3f77ac1320b4549d5ebb020721c235","sha512":"ae7f01f66de32fec6a4a4a05590779ac577fda93644cff6b5dfa14a67581286df519d7ed499fad6a4b7225dc50de34c09dd4c7d36838c250c0aadc017156e874","ssdeep":"6144:r7fKGJvEvGdrSaV67dmcgUxHtaZAUA4Ic/5/WLODYoCIDIinUVDAlwn3Qd5f9A1O:r7fKGJvEvGdrSaV67dmcgUxHtaZAUA4L","tlshash":"39844b54b2427138d7ba58fd912b098073680f417019d8e4f07dae7e78a6c19d3bae7e","size":376926,"data":"","first_seen":"2025-09-20T06:53:38.262519Z","last_seen":"2025-09-20T06:53:38.262519Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/76a0a3dc.d.m.CF5a6iep.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"16ec0abfb1bf50afd623a3bef9315917","sha1":"5b5285b72f37063a865109fb728e496079369c5d","sha256":"25af59f7979840560a195505d3338c8d0793466cae0ccb35a9ebc4a19c53ca4d","sha512":"77a7d503f0cd376c1901fcb4838fab6535016600ceb9d5746c664b222035147f2a79aa23fe19d02ac05d18121a5cb9de7a0b8a7874d86fa710e4fd4b6acf5fcb","ssdeep":"1536:/aFrMKMH/EEZcOhGol2gHv3tVWoSBNWKpw3j2Vg6:4EZc6GaTj63","tlshash":"fac30a55f18068b5c3a361c6e099408233b80f83b16649c6f6fe9f7e35a7d349362a5f","size":127753,"data":"","first_seen":"2025-09-20T06:53:38.217076Z","last_seen":"2025-09-20T06:53:38.217076Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"a0d0d6fa55c51a1296d24e457ef95398","sha1":"19aa96b5b7748acbd1030edff53d983d59891bc2","sha256":"c4442c805767cb970d41bfd791f713117653cccff811f7cb2c43c919afa55525","sha512":"6a380a2f0ae6818cc7d81ee997f612f48e96009f432cdfe7aa98591c6c6e76b4367924691d6bfdc8443312d79c5c71d217d111a9e22c73fe5dc0fbdfbbce3bbb","ssdeep":"","tlshash":"c5d02b8aa0d051afeaa643d5fa01bf993b359920d08a22b6a45e6d4d610e3631180d1c","size":280,"data":"","first_seen":"2025-09-20T06:53:38.361028Z","last_seen":"2025-09-20T06:53:38.361028Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/vendors~app.6c352908.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bd29760ee85837c7456682c493163142","sha1":"bf59ac66fabae8663ea048aaeb1e0976e3824752","sha256":"757dff52a688cf9983b751e031d49b281a903105c8ca91d7bda6ad5c922a139a","sha512":"31cf7b0f0d56e4e5e03164680056804c2a37180acea8fd09d99327f5afca6388215bb4aba3b8f3bf50ec58240350ef2f577bfa4791649a0db1751a0aebe762b5","ssdeep":"12288:km2wD8/vm6htaTsfA/ibMuyVlTV3XW1R+zzLwSdF:km2wD8/vm6htaTsfA/ibMuyVlTNm/+zp","tlshash":"17c429c4b6e1f5b64b9750e2583b1007f33a495c202d90a4b36cd5dbb8ec58e61b6b3e","size":569731,"data":"","first_seen":"2025-08-21T10:18:15.977942Z","last_seen":"2025-10-31T16:49:06.749861Z","times_seen":2024,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/3d6acc57.d.m.DtDpVTYX.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"6e6b2988e9a808851d77006221440058","sha1":"74f2635809ba8316f24f3139b6dacce50ad40cea","sha256":"d3eb915a26f6e73a411f93e205d2a58f07c3402f61f0bae834bef797b81e20c2","sha512":"97fb1ab7bcb57ccba1855e1f3626f366c3163810db148514e0dda750aa270bb11c20555f44d874c81896e3902c02b99142ae6b1dca3db039fd258bcc9e5ef48e","ssdeep":"768:pNN0F+V+9KSFzGMBuKvKlVy3gmSCDgP5udiFGSJK5Vjhsx9zku35Y6M+ukuda++G:pzt8FCtTgV+9zku3y6Vulda++jZmD","tlshash":"405380cd76c2b0a583a3a474402f840af33e2d55a84dc568f5bbc4d5bcb9819863bf6d","size":65014,"data":"","first_seen":"2025-09-19T02:19:58.255182Z","last_seen":"2025-09-20T06:53:38.184852Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/c7fd5867.d.m.B3ZrtIar.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"852aa0dad1156c5b3e0f3f756c4b5b40","sha1":"f9a2c5e5ac11f66ebe9a9d70c3ba4e464e73c70a","sha256":"b0806c2008280c7b8419fa2d1355adc1bd07d22fa47685a3bc7b000035e38e49","sha512":"820d7a9a62a8e8de2c418e2ce47103fc0ead6c84426e491530b56f65d4c346f1cb020d88108af5f571e87d6e535a3e2da75a96dbb126e91704514c35fd93bbf3","ssdeep":"","tlshash":"f941cecb738498329b57d9acae1f5f72187ff257451ec2a84148f4f015410ddc419b2d","size":1928,"data":"","first_seen":"2025-09-19T02:19:58.348546Z","last_seen":"2025-09-20T06:53:38.173308Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/1eb91405.d.m.CTZu1R63.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"ead7707bf4fae688844da68b890f32c7","sha1":"5deefd85beb75e07ec710cab14acc5348c86511d","sha256":"1c079c47c3681c692e8121f4d89a27257415b2b6e1b643aaaad2f7f07c22e42b","sha512":"88dfbdd5c5411092de0c81dd0131a971d17ac1a5dc1b796363082f754b9b97c11bb5087842d606b90ccee2816103dec53e736b4ae0e45734826792e1ee148ae6","ssdeep":"96:JuPASKyYN1JWoYHSKZM168YOxHaaQnkvNRX/QoJnOovup6bSlN/p68UB0xBK89:Ju/KdWoYHFSRlxHaaQk7X/fJOoWYkN/T","tlshash":"95b1c61d58132af94dd3f55ee23390125b2f896be374d550a9fa8ef15f48ab05232b03","size":5393,"data":"","first_seen":"2025-09-20T06:53:38.238562Z","last_seen":"2025-09-20T06:53:38.238562Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/app.f6496084.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"4e1a17a0e8242fc2066a4ce2e3f3b00d","sha1":"efeda33bd050fa131c382af363444ef8a11142d6","sha256":"cd16ae889df5222cce1eefc5a92fd1ad32b6ac31ec66b7d3f508bde6e2a848bd","sha512":"21553a4f893195fc58616b505afebe8a275dc17b7e4b49cf6cc4d789d3aa2a91af9afd119b79bbea68cbb17498925dc644aeb5899286481e861167c0ef57730c","ssdeep":"12288:HhDrBVfUklyE4qUoPam7f4ktdUE5qOWeoKN:X9UklyEGmLeeoKN","tlshash":"fd150accb5c6b428e3a7a274403f140eb33e6949e84d4054f616e8e56dbe18e9327f9d","size":950037,"data":"","first_seen":"2025-09-20T01:49:31.789316Z","last_seen":"2025-09-22T07:34:18.775821Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/launcher-discovery.002f6994.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"bd4fa4ec84da9f086d08fc7446c4f87b","sha1":"d6dbe4385bc75828833cc05c0e242752795dd1be","sha256":"0847be8165e5f737682a41a5209ce830302ee0e58dbe680d3ace42861fba3075","sha512":"161caeac9c0bdc60f6a288b723d29490b44a132c99e4ebff490f7ae51ebe21a02c03d383f684864411add8b056eb16cada463672ee25c6073bfdb13b55af5a12","ssdeep":"96:AoDqLfqI/xNn95qVsVABMBpUaw8a8FJJFTq695q9BYABGqdcGU7YszHkLOg0/u28:AoaTN958ThWF585Gl8szEs/uIZnDOQu","tlshash":"3d02c488f4bef42c92f7639081af500e63799698c01d41f8b8b594e15efc08d5723f69","size":8599,"data":"","first_seen":"2025-05-14T17:23:51.434137Z","last_seen":"2025-10-07T15:10:41.582135Z","times_seen":969,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/7bdd72e8.d.m.C9aSXX02.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"ca67557c4975f3daf9dcbd2fe3fe8fa0","sha1":"a5cdccaca0bc14ed0e9188e30ba546cc658e81dd","sha256":"a0a89bc574d926459037d03226b708800d90c9671e414e0aab50fb22d1a25c2f","sha512":"f68b6d32532c908a7f240b70671d7262d31619f598dc879567af52c8b9492391c8121270fc12a7b13580230b714bf90bf49e7403129aaa066049265cdd2acb5f","ssdeep":"96:fKshRJJD/RDlV/waI2huJVvVDdTCAtcyvzrQnJrQviQX:9Hj7trhuDvTTXvYJrmX","tlshash":"1c918cc975d3b124a3a62435402f9a0ef63e7d68984ce058f167d1e87d7942ad233f38","size":4381,"data":"","first_seen":"2025-09-19T02:19:58.305531Z","last_seen":"2025-09-20T06:53:38.219222Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/054854ad.d.m.CdUaEnCx.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"eb3abe3415e4e110da05b02b999076fe","sha1":"f9314c14cde48e966941ff9eff00c9074d203ded","sha256":"cb430168ae18043e0f470e7a622b97fbc543702c564cb43a85463aebec2a9fe2","sha512":"98d5c76ca1bc13c8332a48959f15cefd11be701bd735f8c943a4ad24d313c0b62931537bb9cdf7b06440110607dbee39b89fb214ea72ea7acf34af4be459d7fa","ssdeep":"1536:CiYEcsHA07DUnJwz8ehk/ZuTF+MGMTF4HF:CiMS2wz3hkUF+0UF","tlshash":"a043300ded0c54faa3e650b9f4b50e0a5518ae4bf27c4591bab5cc1f8088fa4a36f74d","size":55271,"data":"","first_seen":"2025-09-20T06:53:38.257861Z","last_seen":"2025-09-20T06:53:38.257861Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"widget.intercom.io/widget/cnjqphyx","fqdn":"widget.intercom.io","domain":"intercom.io","tld":"io"},"ip":{"addr":"3.164.206.53","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"61486d7a758354e23b27d7c2df7b461f","sha1":"dc4ac7c04819de4fbd2f44c5ed264f6a3f8c0d36","sha256":"a218083b352a35fa410d1b4bd60b0f6880fd1ecca4d7e324b8c35cd851a20ba8","sha512":"1ad35a045984580de108a4c59808be8e5e9e8a223c43b278068a90e7977248a24fb59f514840b65fea6b192266f6a18bd37a6ebb9e6ba76f23a9828787f90243","ssdeep":"96:vv8/xVqhstBp8HEZgOM0PI0FNuv7fADT9+tlb1JFrlPu:vOVGH8bMkyMHOlPu","tlshash":"08d162eeb6c23d7806a3157a623f770c7f3b648028494810d06989c87a76ddbc15bfad","size":6742,"data":"","first_seen":"2025-09-19T18:34:12.97303Z","last_seen":"2025-09-22T08:39:51.774677Z","times_seen":71,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/7a71a6d3.d.m.BrcMdJDK.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"df6dc91b58d9ce6552ade71fd6cc8c56","sha1":"dd00158b60fecafdeaaf9f37a35d27f6ee866096","sha256":"0dfe090b6a7a8f29971981befaf451c04bf37ec7d10204b5339a8ddf3f0516d2","sha512":"dcbf323786d25446525501b7e4519ba2e41a13cb516b94223c01b730f685e4053a65cda0a8aafffdd89f81fb80004f75bc9e4424649382a9c70207596654e8d6","ssdeep":"384:JgcWFD0Ly5T+fOCxSgM5ScHHsTYWdA3V8eHmPgacWlcSpEy3Md+XjXmQpIaEFX5U:Js0+5ifOCol5SvYWdA3upg5SpJ3MU","tlshash":"41d292c831d9f5e14293a624403fa207f27a3d72041ce598f732eae67c7465a9177e3a","size":28389,"data":"","first_seen":"2025-09-19T02:19:58.349352Z","last_seen":"2025-09-20T06:53:38.274509Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/fe740d55.d.m.BDHEXQZ0.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"5f589cc7b7655902188044b11e92a930","sha1":"1cb57f93479b8fe08019c2fc88013a27f5c83893","sha256":"a648c1f005f32ce0bd81c94ba47dc015e12068f598b9bd19e483d0730383c09c","sha512":"ef23d9a798fc3d9438d976be5719e0d57daa4ad5d0729fbde572aeafb52de383e18974766a7b9b81188cc3f46cdb9e8ad5de68682c55d85089c8bdf22e4e8da8","ssdeep":"384:bjXRm3d79p0eRyz7JVCgYJRHMT7S1Nd5/iZoqbl3CRAAjFXWd4qEg4Bh2QV442nr:bjX8Zp0cyz7JVCgYJNM3S1H5/Q/blSRg","tlshash":"bfb2d7e93282707687e60ae5807b1106f2761dd5384e94d1f02ca9d73c73d6982bbf6d","size":23448,"data":"","first_seen":"2025-09-19T02:19:58.369515Z","last_seen":"2025-09-20T06:53:38.212429Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/713ac740.d.m.RUtYvzut.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"cab6c91b4c147fd51951eb3c3ed45392","sha1":"1c72aa7c49658354863059c634297fc8a323d2e8","sha256":"caed2c203644b059111a2547813bd3dcc564c8fe5f50759add5a052f32f60d8a","sha512":"bea4fdd92cbdcacf94644377e137100a4440dba6acf26ad0e87c4912e53e26d7649b6a605ca9ba0e06159c3709b6a628ff5aa41d33dd14ff5b0282002562aca5","ssdeep":"384:dxtL7dopRfDbesOT3NqWEBI8YAiR3BPS+7VHYLIahPrGwe1tXqlN5P9thIgV2U26:dxtL7mFvesy312IhAiR39S+7FwIahPrf","tlshash":"2872a4e93183b53593eaa9e7403b0109f33c3944340f9494f6adaac63d7651792b3e7a","size":16199,"data":"","first_seen":"2025-09-19T02:19:58.288068Z","last_seen":"2025-09-20T06:53:38.166231Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/2df41dfd.d.m.Cd6cVkuY.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"6c3faf87c897103f8397cea5b40db1dd","sha1":"6ac0f1789fec94dc1e447fe31775463928305133","sha256":"3affc20eee19675686e382c065fbe1bf82de24621ab44c0b9ac56c646dd282c6","sha512":"b2cec0f4fff1d243d68cc0efe246aca11b7662cdaf33fa7302f89e95358e640e13b9802cec7e6bc18304e2e439427a6657d7b2240f9fad1878f31d4f80941813","ssdeep":"384:b6+nRnd5caRiWRz4aWhdu5Dx4Q5bbxlEPa3GmSzRXlj/v4FGhW9sJWO:b6+nRd5cZ24vg594oHxlEy2mGhx/v4FQ","tlshash":"53621af674eda57043e60af0a0b70106f5e451283089d4a0f59f96ff09eb980a967f7d","size":15088,"data":"","first_seen":"2025-09-19T02:19:58.418093Z","last_seen":"2025-09-20T06:53:38.275527Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/2002571f.d.m.m9O7teUL.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"02dfead23d583867ab6528edd4364edb","sha1":"f50cb397d1a47b158c0d94aecde66c90bab748a7","sha256":"3747f2d618365f01855c617e8355e5e2fa9096bbfc5052757165142ffe832e15","sha512":"67a421a84ae51c50f2083ac76584809ea058aa09e2a581869db6948128a72a26dc189f2ac396f466dab0483d74fb1d397052e9b5bff8d394a93c335196ab08ee","ssdeep":"768:FfMUCstetiqMR4SZiG5Aek56hLyUhVqNHuSjUIreGOvZ:F0U10tTSEeRhL1hV0HuS1eGOvZ","tlshash":"42030988b4657a35833352bb86165441a7bd0fdba2204642e1fbef7e18f1d30532bb5e","size":38881,"data":"","first_seen":"2025-09-20T06:53:38.231576Z","last_seen":"2025-09-20T06:53:38.231576Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-JZZNGY93CC\u0026cx=c\u0026gtm=4e59h0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7d091a3a4f7b3f4dab7e08e035d6c82f","sha1":"b07010c4c6bee91b4f9ab36b4a2cdf212881f2ea","sha256":"9fc5831793ef67d14021cba09b526da0135b36c2a7bf065618f0417552542fc3","sha512":"bfffb0f9c67e0ac45cf10dc1326bfc172f29ed11baa28a455f812938c4b6c5bbdee09bff542734eea7df3440b91cdb7688f6fbc5cf098ff693f0a2c589ead4e0","ssdeep":"3072:HFOEnSWOLCSgW/zflqVe3Y05tILQorCkE2vz/8LvKtWwkSdoHybrSwVRblSytu2B:wE3jVesQd2sK+ieYblSytugdYIU8TCGN","tlshash":"f98419cd73c674265396f478903f018ba5bb68a2b44cc899f189dce42e74a9a4137f7c","size":385041,"data":"","first_seen":"2025-09-20T06:53:38.167545Z","last_seen":"2025-09-20T06:53:38.167545Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/rollup.d.m.CJ1rJo15.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"46dbb2a617362142b79007eeb88a2c36","sha1":"440bd47b6e6fb82addb30356058a868b323de8eb","sha256":"f8272769099b2b19521eff60735b889dd87a9726436e86e9db0c7de566943130","sha512":"9272d2c8a0df7a237992a1d304da123d7693cc0eef849d1b2804bda35fc638aadd2cb88b4420571af36a98e5290fa26c392a56adcb1c8b29ad35dce2d9e34e87","ssdeep":"","tlshash":"7f61d8c431e0e57202aa1ca9f077f102f2b82472349de4c0d21c8db56a5acceb099e9e","size":3220,"data":"","first_seen":"2025-06-01T01:07:13.830084Z","last_seen":"2025-10-09T07:39:51.082692Z","times_seen":59,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/8e2531cb.d.m.D-JnE3En.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"c71aa3ecf879ee36cae66a437871533d","sha1":"313ffe60805bcbe137708783daad53ae9dcaad7e","sha256":"cfc4966ca8e9e0f76bedc7f0f940570a8c9d345e13def99d1bff42228a1c5c2e","sha512":"f4d8858dbd8fc36923ff51e1e29c82bb2f7bfef19c8427457652049b1e5cb3c65b5c38b32550c8b90251e294d11eca28faa570cdeb18e7e5d22baacd1e4891bc","ssdeep":"3072:WmkOIIrObRfNir8cD3FLVV7lo9uSCIGXEG4BHJ1BfCk9DWdMQja:eONOFfNir8kM1H9Cdw","tlshash":"7164d48d72f827b5458370b1b53e2532b270e013350c4dd97d9d12a9afaa214eee2fb5","size":335048,"data":"","first_seen":"2025-09-20T06:53:38.143644Z","last_seen":"2025-09-20T06:53:38.143644Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/en-us/","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"be6808b734a8226f932ccbed46abd4c3","sha1":"e99369c89962018d66d6d9d6ab2e044957a72c83","sha256":"e906c2f60e55c9f55751ee306c0c8d68f1b4b5dafadbdfba9f866b116b01c299","sha512":"8eb79da7d960c77acedc69726b2d30bf7aa2db055bc89869c0309e8f07bf9df2d76d9f2a3c2314c7fb27dda571c8bab56ec2dfd518710e7159c5fd42b75f01fc","ssdeep":"","tlshash":"b3f0970e9cc503a043f800c483bbff1df29f210c881c8264c3c78882760aa9398323e8","size":487,"data":"","first_seen":"2023-11-07T14:36:47Z","last_seen":"2026-03-29T15:19:13.501559Z","times_seen":115,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/en-us/","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"47825361daff51eba8f9adb63ec0176c","sha1":"0584ede7473f80962537b96ee852a2bdd9a296b9","sha256":"1f69f72d64b5adfd7fa564ef4782c0c8619aee66648d90b36d730a404abd42df","sha512":"6848903b7f730dd64ed243f5aec3215523093f0ab415ac9b5f45a317ed7f842d6f693ba3274cebc63b753816f39240fff51728b59e3032d39e6ea4eeb81a1010","ssdeep":"","tlshash":"dbe0ab1a1c1eb4222bb41aa8e37b891a30d5120225462aa5cbc7d8683931cca68d6b4c","size":422,"data":"","first_seen":"2025-06-29T03:33:50.260029Z","last_seen":"2025-10-15T09:46:37.874205Z","times_seen":22,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/en-us/","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"f0ffd3b7c2574ac324603ed00488c850","sha1":"623e76c36aa2a886542011e28412cc761d7ceb01","sha256":"c4d0cf241a1bfa1c8bf4cf24e8f89d2ab786a284a39adb2fc8df7ea14e73c154","sha512":"436f9fb4816f6975fec0d965dfc0db4c3c38c53632dd4dc99a6c1a2dd9562fbd67176d0118549ff573c97e3394bad4d601c425cf670acab249ebc8d260591fa2","ssdeep":"","tlshash":"1540000003c00000300000c0000000000003c00000000000c000000000c00000300030","size":7,"data":"","first_seen":"2023-03-07T01:03:35Z","last_seen":"2026-04-04T16:37:52.354262Z","times_seen":64257,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/06b1eb38.d.m.BmbMAqW-.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"e1393cb20086faa29effc8a9a597f853","sha1":"2bb7adfff6e6df8e86fada2ba6881876d2becc63","sha256":"df752dfed704d250f460c1b1cfde8c07adaaed3f42a052dd9a2b800a7035e3ae","sha512":"15a8e95788419423afee4ce2e0af9c2ef7d28daf330f8e84760ac13fc576922deaa39eb1de8b51b8d098898dd9bbbfe79aa2134868a45fd098023699ddb0d122","ssdeep":"1536:kEt78VqYypZuH5UKMeZoR6RQD6nDtxm/ZWe29:wVZH5UKNBQ+nDtkt8","tlshash":"d57317f97357b57293ee11e6407b0406f3ee299a180d085cf2a5aadf367481410ebfb9","size":78321,"data":"","first_seen":"2025-09-19T02:19:58.447265Z","last_seen":"2025-09-20T06:53:38.225057Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtm.js?id=GTM-KGLDT3T","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"83976bf371e7582f71d2fd425c8dac86","sha1":"7cbd616d9ffff90fce55e22e3101dc3b5a29be0a","sha256":"110187a2c067178230302baec15c24f93bf94081a7581fbd5f7a5558569e3109","sha512":"2471eaedad82d74468b358a0872eaf4e81129374a9c2a0a2f407bcfa021ffb0e4510e01c1555ae86c78dc3eb6c32556ad39b3b0639296a4dd4673466eae8188a","ssdeep":"6144:HKbzf9igtKEae7VKQd2sKDBbjSytugd7X:qEQd2lD/","tlshash":"deb4fa8eb6c4a87ac3a65524a43f060e757d20e2b24c9490f0d9ccd42e799797163fef","size":498354,"data":"","first_seen":"2025-09-20T06:53:38.191749Z","last_seen":"2025-09-20T06:53:38.191749Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pixel-us.r2drtb.com/pixel/js?auth=4jg3s6\u0026event=visit\u0026uid=undefined\u0026tid=undefined\u0026cur=undefined\u0026amount=undefined","fqdn":"pixel-us.r2drtb.com","domain":"r2drtb.com","tld":"com"},"ip":{"addr":"88.214.195.101","port":443,"asn":46636,"as":"NATCOWEB","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":false,"md5":"0e33e5c1ea0475e707d1daf1f1d05f16","sha1":"6ea2d3a07febf3c801671afbbe39bdb306f290d3","sha256":"fa2f835664d8f7c101ea672cea3f862c0baa8159d93e11e2a0aa42a9eb5f0424","sha512":"4cfd24f839a38a17e2457e3be247df552ffb4f2e8ab0203056f6e41e6b933dc5d6afcd4568a81dc9ee5b9ca2fe83ea6895af7f3bfe9030899707acffeb33f73c","ssdeep":"","tlshash":"5fe05c6d8a2d7502e2ad34626f35210d2435c5fb3b0144e14c4c5d1818d5e8bba69c58","size":424,"data":"","first_seen":"2024-12-15T10:08:21.989358Z","last_seen":"2025-09-20T06:53:38.316058Z","times_seen":26,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/a538a99f.d.m.DvDDV3ZH.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"a812ac0fb5e3c9caf3fd02804c596c1c","sha1":"726fc7fdf95273704d5f6eaff18aa80c332997dc","sha256":"8365c30bb518bca2a1daed3834a1891cde97e95cdffc292be568704708256f6c","sha512":"9bd4edac7cf3f20ebc656620dbfd5550b6fca764aee42e21e06b2c573bcb45b3df01a498130633eaafb8f9b19b9b78158fcd823abca4a0434ec67ffdaa95c88d","ssdeep":"768:t61/QVoeEHTg+ZgrhbGeLJ880mea4L40wNNBLJrMB83prxApCp/UwmECeQDvpy/b:iUmp2QA/BPQY1","tlshash":"1e03fb8877f3b52757d744ea50371003f6298a08784e8068f26cd9df7e9680696bbf39","size":41122,"data":"","first_seen":"2025-09-19T02:19:58.465962Z","last_seen":"2025-09-20T06:53:38.248164Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/app.dWoIbHRH.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"384200be86f283e2d29c4e98be721c94","sha1":"c137c98f2ffd570e630348b08bfbc211449139e1","sha256":"cebe72f900418486371f7cc4ae14a1bce031baddcccbc50bf375ab96011fc39f","sha512":"81eb4b2a69304fbc2135150268e8eccce9f8e11e0ccd20b78d662a1b618602c0c85993abbce61ace4bb879df364d4d11d25c1e4150294fde9594b9a8db36f08d","ssdeep":"","tlshash":"5d41840967c2957a469904edc21f376163229a90362cc3e1e0ed7d793d61813c52bfe5","size":1893,"data":"","first_seen":"2025-09-20T06:53:38.236684Z","last_seen":"2025-09-20T06:53:38.236684Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/d1f76d1e.d.m.Cti59Oci.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"c167f74073e30efad177a137f0270e53","sha1":"a3b429d36b25bfb7fa979d1db591fe172732e766","sha256":"8bb736bf4a5102bde9e3ffdebfe8c84b11521e3619e2ee9b6146eb2857082812","sha512":"cd98d1abdd67fda3b6e1d35496759d0df6d9765d5f163046ed6ee70694841629877a2597360b25f9b70ce4935fb65bb975776a965e21226c8dab7ef81dd83866","ssdeep":"96:7PpMSUATxvByHRC5pslOURDHwmSis5ZeUzsImjCQ4sSPIaNHo7MKhNIOVcbMvqdy:76SvO8KZ8mUaIHlbPIs+MlOwsIjP9ap","tlshash":"b1c1da9d7fbea53111da45a120ae7046d33950d8b019c051a05ceaac7a23ece89f7f0e","size":5923,"data":"","first_seen":"2025-09-20T06:53:38.32675Z","last_seen":"2025-09-20T06:53:38.32675Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/ac6234e9.d.m.CaxdsSrf.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"4241eac88297f8135b53590b048f80bd","sha1":"c0e30abb341ece6df8ed9511831768cb81a5e00f","sha256":"2fd78fd2fb5c470e4ff7e159434804f73ed0ecaeebe321ad11fdea976940d96f","sha512":"52a3a8afd0cd2ca3a2b9e7ac779162ad132a5a1b37aa687755bf670d224c178e82e2a776ccdec86c318cbb86e7ac4bed1e59a11893529296c4d4eec1f8d8fbd6","ssdeep":"","tlshash":"5031620bb0b67c71e157d4f0c43a5683431f0a173a1506f2681db9e4022a47aa3bfe07","size":1468,"data":"","first_seen":"2025-09-20T06:53:38.180968Z","last_seen":"2025-09-20T06:53:38.180968Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/en-us/","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"33931c7803cd0b396f9acf63933c0e76","sha1":"e5cc7a1393169a2ee78aa4a547180d22ce5576c3","sha256":"aeab1e232b08f2d49b22dacbed64c82546ddf6cfb5898bcd7fe7756e9cad3ce4","sha512":"9ec2d384643197df78eab1fb5ff412c325a1b852d49293408bed5895188a5373f2f47ff7fd472e948ec98afb4110039ffec26c208d9fe9b4957ec94e65439b25","ssdeep":"","tlshash":"ccf024386c147d3d2b9810a093ee890a74f922af0082c62142dddfe6672ee840479a4e","size":542,"data":"","first_seen":"2023-05-07T16:21:54Z","last_seen":"2025-10-15T09:46:37.876847Z","times_seen":25,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/en-us/","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"8219a58f5e6c24166ab3df3793995c97","sha1":"515639c657569a9cc559788eecb797cbb5571093","sha256":"61368c5520febef55d339d7c14ed69a23d44186e607f55b7ebe7863b48eaed10","sha512":"b45cd35321ef0cbce51e39bd20e098a2729ecc24b392b022076c3bc90ddd05103965c50436fd395372e8ef883917582ab0e25592a76b6f25bfebb54cae61a4c2","ssdeep":"","tlshash":"12e0f82e2c0e68c10b646098223f49c834a02e012483aa23e697da043c70ceb9093e0c","size":394,"data":"","first_seen":"2023-05-07T16:21:54Z","last_seen":"2025-10-15T09:46:37.868546Z","times_seen":66,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/vendors~app~tooltips.e743fc3e.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0dcd99ff38bd2098c09ee88f90e8fa22","sha1":"4d896d188754f373dc51e141c760f5f41fccce04","sha256":"83cf532a98a787b7169477f8ba7b02ecb7f41772693d8ab061e2a7b4148f6c39","sha512":"d2e671de5774f61257b88022a0ecb9a48a77841aeadd3c3b08428a46909e2ccb972a8ec514c2854342219780fa21a91c954e0c4aa7c30e5d95509a294700087b","ssdeep":"6144:Ap0/n5IyKHtdp0in5IyKHtSWgrUAAPOXbr01VNKpHjdgN46bJ2ls3wwoxzWWeFbu:U9y94IKpHjdgN46i3R","tlshash":"f515926498a878ed63cf7186908f986e2d6c00338285ee647dd847e717661b63433f7e","size":875012,"data":"","first_seen":"2025-08-26T16:03:15.870511Z","last_seen":"2025-11-07T07:22:00.395756Z","times_seen":2366,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"introduction_type":"scriptElement","is_inline":true,"md5":"3adfa8495ba4ce1069ed0edd879074e4","sha1":"cdd4266b28518f1e3b6a5ea897f4e11a11fc00c6","sha256":"83f13796b2dd1a1758be5b80b069e720eaaf22ac1488bb3e68d7f2809ddb6296","sha512":"5d3afa4adc15bf2328ae36a4e7f859409924e555ba6d7cb2eaca25c2be4f62d64f2dca8fcbba162edb1ce383ac36648cd52b181180cfc8165569ddcd2a230437","ssdeep":"","tlshash":"36b0120865e2b82e06edb06513bb6f15b516d5531c1d5652b44806afbfa1013d83c7f7","size":104,"data":"","first_seen":"2025-04-24T07:07:12.841775Z","last_seen":"2026-03-31T00:45:46.296227Z","times_seen":147,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/d5fda32f.d.m.DX9g-2Hk.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"0b5da3d14b77b82142fc9c461cc230f8","sha1":"a8fc06d1c1653904499b5e1a7ca639c88c6404bc","sha256":"6ab9d23db725d8236fd8a6566ab60d8151acf09742e1ed88200f55529eb38714","sha512":"fd4629357e781a8ad6ac1a07e095dece00ac09e6ff604c83ec4b01c87247335fd71cc4010a9ddbfc406493f874d9072cb50726be7de937e022107a165bba0dd2","ssdeep":"","tlshash":"6f2167af7841d0f5d2a68bf4f0590422d25667b4b33805d4e0de3df117369a2c45fe0a","size":1182,"data":"","first_seen":"2025-09-20T06:53:38.327793Z","last_seen":"2025-09-20T06:53:38.327793Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/a17a5642.d.m.wC7cG7S6.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"7d753d1373e79bad2b63705f7f5ddb9c","sha1":"6f1881282178bbef3c6eacaa5acd977f679d00f8","sha256":"03972688fe8b28167998001c9a2efdc4f9cb7e6b71aecbf18215d8107e9510d2","sha512":"51b61b99926f9ea68de6f6620d6664c68c2722e0205c610c15f0e6ea64fea9555b43409f001057c3ee7f58817202b245866699e46c706820bf8d57512bd67678","ssdeep":"6144:+aW1RjYdw0yNVH2rk8ayQ1002rMO6WOyp4On:pW1RjYdvKx2rkfyQ100Oelyp4On","tlshash":"df6408d971d6703243e70aa5507b4102f7395e90740a91a4f92cddef3eaa40aa2b7f3d","size":334258,"data":"","first_seen":"2025-09-19T02:19:58.29183Z","last_seen":"2025-09-20T06:53:38.214636Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/86620776.d.m.Dlkjrelu.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"cd12a9b5a52c661beed2389cd1d72382","sha1":"1ecfe8af3c301bdd121a6c6e08fc2089f4b676f7","sha256":"86760cf0b4d8ab8dc6916f520a2b8c7bb7c02c792c246afbb50dc47e144f2008","sha512":"e6ac6298e689d7110c5221bc39b60d66e548e2e4eb35b76398b79e4c936b5c99692a6e8e081c0cc461448f39c43070c5fa7c38616dd974091db5ba4e4e2e9895","ssdeep":"24576:qOepMnGH6LAD+dOs1N0sjCV5JjxvAA7Dued5mxWjF2TOj3lgY2E1bmovS229d0co:qOeGGH6LAD+dOsr0sjCV5JjxvAA7DueV","tlshash":"98455b89b549347687f3559aa0ab0401a63c0b45f5688cd0f5fc8e7e2aaad309377f1f","size":1232982,"data":"","first_seen":"2025-09-20T06:53:38.367883Z","last_seen":"2025-09-20T06:53:38.367883Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/en-us/","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"de67a6c6aaaf800dd47099cb738c73da","sha1":"dbfad2730311def8f2720b5a8e0a669d09d41d0d","sha256":"acf908b14f29165de87dbc1c3ec37b7f04935cb917921ec280b8c4e3ab7af31b","sha512":"0c50673ce74683ef2377c054805c7438a18d6da1c60a37f0e157c2eb635800ff904104b5b4de7c96474c3cdada07b8f63c3e31b1e9a8293d76440c65872360f7","ssdeep":"","tlshash":"07f0270e9cc507a457f810c453bbff1df29f210c985d8665c3c68892761af9798363e8","size":484,"data":"","first_seen":"2023-12-10T15:49:15Z","last_seen":"2026-03-29T15:19:13.506535Z","times_seen":111,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/fc6a7b48.d.m.1y-ImlhH.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"0d2d580a5ebbb546b131d15ebdf3732e","sha1":"c2b8255c4771022a1be7d25f08b73d25173761aa","sha256":"54386dd836953e1e059e6f0d297b26b1738c88ff6ad083d6d51788c4b8809d46","sha512":"866ea553804f74558a3f44975a061ab2621732c47a862145b2ed71f905132a1bb83c7a2b954e357eb2e13aecc756f387c0b9bc6c0b06cdf4441a8d9bb14861f9","ssdeep":"1536:rjSthXwsJFAThjynNFNV1qDHUFzdNXhAep+KVZFjzWloilaftJ0LYZO6:rjS3JccnxVsD0FzdHAep+KbF70LYZO6","tlshash":"cab3f749f9054dffd6e7d21ee4070540a5ac1f96b1a40a42a6be8a3f27cc4b493b734e","size":115836,"data":"","first_seen":"2025-09-20T06:53:38.351451Z","last_seen":"2025-09-20T06:53:38.351451Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/7c9eab67.d.m.BkQD2txX.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"6a177f9febef4d3605ed66781c6a01d6","sha1":"d1155ad3d632fc3441cbcbdfc7cca2b20f6ec51d","sha256":"2a4579931c706d0a0090ed5bae408fb9f27a036ac4612058414bb2ad1a36b2b4","sha512":"46d0763665b38b50ded95a1437f116410d2f0a1b2fd14ba360da3c57ac95feea55657decdce05f093a79522423aae08eaf6857c821fda9bd6c92942812509689","ssdeep":"1536:gPA298TnVKQbM9uvdmiC94U41MNgckqB6JP42:gN8bMS62","tlshash":"a5633b8a79b5317063fb11a8a47a050361316b00341dd4f8b9af9dd46fa2984e7e3fbd","size":67595,"data":"","first_seen":"2025-09-20T06:53:38.348997Z","last_seen":"2025-09-20T06:53:38.348997Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/01f20af8.d.m.B4XHZeZT.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"b82be6a70350aeb5ecbf63ccdc1a1144","sha1":"84ae96f7641a8f0e5872ac6cfe5bf539d99b8c60","sha256":"026f2cedf2bf45d996e0edc801997b05eeadce1b6d61158a41760dcebb10325f","sha512":"e5322e0da6baf30993d4e47264e39a523a058e939309140b31d59a214e930306613b899718431ce1be49714ca6eb97df0317e44f0dbfb265767285831e79182b","ssdeep":"3072:JeJhR9YYyG6r4wFjddh3AzbIbVSVqqeJwDiGIsI:JeJhR9YYzwlddPxwDiGZI","tlshash":"90d3f5c872e3f06283e22470002f440af27e6d69949cd4a4f6a5d4f53df995a8637f6e","size":130660,"data":"","first_seen":"2025-09-19T02:19:58.373613Z","last_seen":"2025-09-20T06:53:38.306001Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/f7cf2aa7.d.m.Cn0zlC22.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"b947ef62a7f91df66c383c7f603a51b0","sha1":"54afbe339cf9ad8e4793d3c4e7447cbd1bc7c10d","sha256":"e3b74989ba78a34e873ea7d3e98f3bf9f832584a81de6a23f942862bd7a40857","sha512":"57d2873fe2052ecf8404ce5b2144f76e8b068209ee27c12f593f009e80294d0832fb463c354d5ee365ca6678393d02f0474ab22bbae7dc653ed3be14c448f7a5","ssdeep":"96:kaqcNxpuDF0s/ahcpbjNFpFJRJ3qkdeolh58Q6ud0/bLKCRXxBL:kanx0DGRSpb/pxJ3bdeolh58ad0TemXf","tlshash":"5e9184de76c1b4b997b764e590bb710160291c94701e68e0e12ce6e77e329dfc621f1c","size":4284,"data":"","first_seen":"2025-04-24T07:07:12.664409Z","last_seen":"2026-03-31T00:45:46.22582Z","times_seen":99,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"track.liftdsp.com/smartpixel.js?pixel_id=154038\u0026json_id=ac786b28-283a-4d76-a40b-23e03f94ae14\u0026diagnostics=false","fqdn":"track.liftdsp.com","domain":"liftdsp.com","tld":"com"},"ip":{"addr":"54.240.174.124","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2cc8385e15896d4e0c75c72287858ee0","sha1":"9a44dc2ec1ae023691f4947d9a73631e980f05a3","sha256":"ff25ed162078b3779e300d981837f9bc72ff1bc4897dd83a531a1009ff0213c0","sha512":"60027f5cffead1f4b91485a30539543c12723ca42788211665b324b39e5591d4df3e91ebbf8da5514200ffbcea1d85a5d80e393d3067d01d0bcc3e1996511180","ssdeep":"192:TIWI5Qyb5pxsplCYcJzzxaE56EYryO4pj1semZuYUO:TIV5Qyb5pxGlCrzx8NOhHY/","tlshash":"98f1e8ad25b9143102a419faa17d01640273e33c749b94e0b27d4e65b495ea373bbffc","size":7951,"data":"","first_seen":"2025-09-19T02:19:58.401904Z","last_seen":"2025-10-10T03:20:09.690845Z","times_seen":11,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/frame.8bde6e7e.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"699c9a118de087bd5c4d7535123b6e05","sha1":"367e85c4740915448504d66b40662fa0612f4870","sha256":"7472babd18f274480b69afa3e8ccaced87483754ba628d14937f3a3d50eb183b","sha512":"38fd5d6912276ea5206978f6b2fe0a6935a808132122a36e9a9c18e1835020de6ef2deb908e86b2a652a03ba6bae5f3f317af4bedb46b398c73edc9e96559273","ssdeep":"12288:4vCgESTKgvwRNLHrQcN9yeufGzSYzwE1mM:Ue5LLxHyK1mM","tlshash":"3725c5ccb2d2f06a43976175812f200bf33ea999b54e8450e669d8d1bcb858d9237f7c","size":1044091,"data":"","first_seen":"2025-09-19T18:34:13.086856Z","last_seen":"2025-09-22T08:39:51.721385Z","times_seen":50,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/88582821.d.m.D2OUHn8z.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"6527b2bc0afe32269f7536e5129682e4","sha1":"4f4d1af7ce4457aa88caa719ec11d2d551564121","sha256":"0574282d30f05a4565b45f1ca37dc0efdf22ce4047228ff9029cf5d95a5d6961","sha512":"ee04da16882999583cea197c4719359f1aecbdc79f6d682a8fe831e6e122e5ed91fe017a52a046519438e7258b6b78bc1403c749cb666cb31bf275548ddd50a2","ssdeep":"96:k+Rw54EyJB5k1Ydu1JJGWJhTn4FljEWfKZBy4bdz7naTZ5ToFpjdYNEFErZAZqu4:N24tJB4Ydu1PGW7r4FlVSyO9sToFpJa9","tlshash":"c3c1d6a9338e76404277147d259f1085b07c6884644d182af5e8f87a3c65caa4bffefe","size":6067,"data":"","first_seen":"2025-04-24T07:07:12.79126Z","last_seen":"2026-01-25T14:09:20.204349Z","times_seen":100,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/2491c3d3.d.m.CZ6DTodl.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"8474bbf69f3867dfa7167cca2ab7e09c","sha1":"f25d427ffb31b18c48a69684a5ced5224c0873fd","sha256":"674a0c6fae6dbbc781a9dab97bd35ff473d31f3c390700090ddcf74b693ac054","sha512":"ab6b7bf3ed93049c56a7820b6831fa70e61155139523d1a9a178ca5c3bb85687c1a80ce971057881a562471afed26c2199a84eff2da55ed6a3d66b385e9a69ef","ssdeep":"","tlshash":"1841a79e7454bb36160386d6ea084006613726f3e650086cbbbd7fe1c3ef585d3a1b79","size":2118,"data":"","first_seen":"2025-09-20T06:53:38.311615Z","last_seen":"2025-09-20T06:53:38.311615Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/8a28bc4d.d.m.C6SPDTUI.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"5991e6ea451c5979547694178a67b17d","sha1":"7a185cfb8eca56d83ad665d7f80efaede895ce63","sha256":"a2bafa77a66ad577ecb7506ec583d1c6a3f90d5ae80cb9d68f18bf8bb3a736ad","sha512":"1d47cac116ecb6ad1c6ab79e230cefe055821a1654c8f5ff3f928010e4d31cc7474177dbc14f6d66dfaf5ba7325efb6e57273dd9fff4796b6b5e30bcc03e405e","ssdeep":"6144:UBSAZSgaRL89uaM5a+Jd60nM60Ob1NfWBl8SibE3iM3OY52hiPbG7Id/nEuoEM9a:UBSlLQuaMpBNfWBCSibEneY52OGgp","tlshash":"9ed45b557255383647e601e9906f0a06b33a1a2e9448c49cb66ce9ef38bdc4931bff7c","size":613232,"data":"","first_seen":"2025-09-19T02:19:58.318968Z","last_seen":"2025-09-20T06:53:38.282671Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/a48612de.d.m.CD-qh7qO.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"dd370b588e3b3440dc52c0a2bba061ac","sha1":"d90a2dd0fdaf326b31c329423c61e099a444aa8c","sha256":"df5ae03a4dc4c6ca47dc0c92321cf19ae26f7e68941739da53476d9fe8c23607","sha512":"ee905b7d599acd59999855676930144cf36cc053d805cee101ab7cec270ff3a55022c2ad6511d27510ce9f1095e008912a8832beccd6a94d9eba6efb2d0f2d08","ssdeep":"192:ZPCC7grNwcZifjlJYzqFY5nEo+bYPtl/qQhphf5/Zn1HoDGtyZuZDZgI9ICIxO6v:JCCMrNUlJS3F+bChJ/ZnSGt8iyN","tlshash":"de728315f2858c702253caf651782940f24ece45126996a5b2fcd9fddab1c2fe03e7ac","size":16388,"data":"","first_seen":"2025-09-20T06:53:38.202635Z","last_seen":"2025-09-20T06:53:38.202635Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/27d773af.d.m.CfTuKk3u.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"e1fbae0561e1b1f8796a2e4ba98ff0af","sha1":"967a1bafb842b2b01f31c753ccc961b2c2286511","sha256":"b775258cae032d07681da18b62b9aa7f4356f211d714fb7a5c938fba482384e8","sha512":"22b3ed96a48cd2490d4d83e3c6ef24f9704e1a4bc8325431c952f54ca9d2ba22d9980f0191b01c29542a768a0eace8cb5d56724d0f297e8923a08b6c348a2ead","ssdeep":"384:nE+MMkjiSSi5cH19YNnYeMkUiEvlCbilsyp6eiB4/9kt8o+qjQLn2BJhjvAIIIHb:nE9mSSLYFYeHUxvllpYwdNK3auSU","tlshash":"b1938e9d6a94bc7410a53e42c809e141fccc4a5af7f8f8e2fa5add4826415ce3394fa7","size":94642,"data":"","first_seen":"2025-09-19T02:19:58.341702Z","last_seen":"2025-09-20T06:53:38.356021Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/50305e4a.d.m.BjIt84jY.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"f7638c49062bc5540899477f806faacc","sha1":"0d03954a6b71676fee2642e973f11a5df7bc4b4c","sha256":"1fc46c5fd2c629bf782dd14412dd92b16e8002adc3459111a3bc80df0cbe9149","sha512":"8857c156e70da5d510cbdaad329dda53511fcdf3e5c2a4d38238f1dbb3eceff2519b7098441df58cde2dca24d7fe50f47cbcedaf1f1f340ad7d671b1e629af82","ssdeep":"","tlshash":"7f11358e9cd09db65c84addcc0171021d2a605dab328549f70dd09bb535dc72c02dfe7","size":1070,"data":"","first_seen":"2025-09-20T06:53:38.145123Z","last_seen":"2025-09-20T06:53:38.145123Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/vendor.81fb0609.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"23c6eb263b53b5afa5c5c16b298b46ac","sha1":"c45a8db589dd28f149fe2818007c40f83803b63d","sha256":"6c0e458388d782ecd7455bcf3a2bedfe192fa5c36bc7467481a5e33f594dc47d","sha512":"6f335057a73962631eedab65182e7a66cab554f13454d686549aec7a6ecb00309ea62c3cc99c9e564ba290181bcba7a3badae00383ad621565468d42bdaf6dca","ssdeep":"6144:cxE8LlzpXe7RvofOq1BrFZGEkYg+kfFd+oNEf9upyuAhOL6yX:EE8LlzpORwfH9kYqfFUkEFup/7","tlshash":"40e43bdc79d1f0a207f352f6807f140bf27a1a69680c8490f765d8c968b994e9237f6e","size":684494,"data":"","first_seen":"2025-09-19T10:07:56.098413Z","last_seen":"2025-09-23T13:45:43.323804Z","times_seen":134,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/app~tooltips.944a7624.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d767afac4e95a0a76aa337aea76093bd","sha1":"c2a00f43af005b4127fe2d0e32fad37a78a65bbe","sha256":"c31f34239bf0abfcb24d11fcb5c81194031fb2cb0255f6beda8c7c0014a3a031","sha512":"5a813ab0d6d57e20810cc81eb3704274f0d8c863612deb1dc85ddd898851c12e080c90c41d409ad11f21b3dec56c90facaba238afe93c6c1234de45f091c0d7e","ssdeep":"6144:fdqqwTS9kLqa9zPJvR9N61IiUITJJaqM1LnSIlLN:ghPJvRX61IiUITTatLSI1N","tlshash":"52541988f1d17028e6576124816f050eb33e7999f40e45e4f6aae8e5acbd1ce4123fed","size":303065,"data":"","first_seen":"2025-09-19T11:55:02.81561Z","last_seen":"2025-09-24T13:02:01.677067Z","times_seen":64,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/1bb7e2cc.d.m.Dte5ugFj.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"introduction_type":"importedModule","is_inline":false,"md5":"d4fade9a1f288a4cc0fe850ac87cf711","sha1":"c4acdc9121d19338d4a47f2b3f1283fe2793903d","sha256":"926e21c16c831c490294aa1f8f9b1882c3d1a9ec7cc294a1737c31b5ea797c5a","sha512":"67d190be79c106a5cc7c1b6bf15e9685a53af2fa6fc650a34a231988d4274f240ed32986a97ba5305fed0834b0daea95ee8377d7f9669888e6115e6f096cb29a","ssdeep":"6144:wSWOVJpn5RyF//nXUBL5uzTopB5rs+Fqp:pWOVJpn5R0yY+m","tlshash":"2c54a615ea119eb766f4392db15a6ae2b0324f013b65c27600da1f3d3e7f80cb5364b6","size":305249,"data":"","first_seen":"2025-09-20T06:53:38.352488Z","last_seen":"2025-09-20T06:53:38.352488Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"fe364450e1391215f596d043488f989f","sha1":"d1848aa7b5cfd853609db178070771ad67d351e9","sha256":"c77e5168dffda66b8dc13f1425b4d3630a6656a3e5acf707f4393277ba3c8b5e","sha512":"2b11cd287b8fae7a046f160bee092e22c6db19d38b17888aed6f98f5c3e936a46766fb1e947ecc0cc5964548474b7866eb60a71587a04f1af8f816df8afa221e","ssdeep":"","tlshash":"54600088282020000000228008802020000203e02002020020c020202aa02280800200","size":15,"data":"","first_seen":"2023-03-07T01:02:47Z","last_seen":"2026-04-04T16:49:22.477784Z","times_seen":62994,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]},"http":[{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:50-2.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.008Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:50-2.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 29279\r\nlast-modified: Mon, 14 Nov 2022 11:03:28 GMT\r\netag: \"725f-5ed6c306dfe98\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: MISS\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":29279,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"d429dda4ad6f654d3c9137fcb8b5d276","sha1":"f32648ec8703085d5438c1e646a455bf6a1b32db","sha256":"e2cdf764c3828438511c75ac698cb72ad774dd123d60d25c45ff5e734d76a0b7","sha512":"ff56fe794439f86cb8189b34f68c58b88e4b17fdafb45a3a7f82ea353eaffe1e3ef34ac657ee028b3281bd984fb926429d1540050d2c0b47c3c19666cecfd5b2","ssdeep":"768:ktAHiPj25ACN8keWNK9yaeeb/F+rpfLivQkgRgUYwuxH/4Vdi9:CjkNne5h5b/aPWUOxH/f","tlshash":"d2d2e124ff7ffd768f31bcb4dc7422b92c1248ba5aa22bb15814c5d78b54222e11e9c4","first_seen":"2024-03-29T05:33:40Z","last_seen":"2025-09-20T06:53:38.135138Z","times_seen":5,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":88,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/images/typing-indicator-dots-dark.edd1449360c0b95b68f6.webp","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:10.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.intercomcdn.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 31 Oct 2024 00:00:00 GMT","end":"Fri, 28 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"D2:4F:FB:78:56:DC:20:7E:66:CC:9B:57:7F:92:C2:FA:50:69:C1:5B","sha256":"09:35:37:9C:E9:C9:26:27:7B:F2:E2:42:CA:82:EF:F1:2C:B2:B4:97:04:61:0B:FD:77:9A:15:4D:57:F4:76:D6"}}},"request":{"raw":"GET /images/typing-indicator-dots-dark.edd1449360c0b95b68f6.webp HTTP/1.1\r\nHost: js.intercomcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: image/webp\r\ncontent-length: 13110\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nlast-modified: Fri, 12 Sep 2025 20:29:19 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: _vLeYv_3iJuC6D9piEmTYmrQqflxGBVi\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 20 Sep 2025 06:19:56 GMT\r\ncache-control: max-age=31536000, s-maxage=7200, public\r\netag: \"4a2b68bad9e72ae6e95cbd8b5c8d89be\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 2d4ccfc38ee1229022124d55e34be376.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\ncross-origin-resource-policy: cross-origin\r\nage: 1936\r\nx-amz-cf-id: SMMASljHOyDAFKdotpPqNkk-QL-epYbz2JMLyHEIbAsUqi16Yx_PDg==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":13110,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"4a2b68bad9e72ae6e95cbd8b5c8d89be","sha1":"a03675fb458c08042e996913ee2b0f1304015f19","sha256":"a33b1882b4052fa0f099caea48a19c4d49b088bf370c013b042bdbd723304956","sha512":"766424656fc3636cfdfac75854466b8408e633fce962473fc1d8c966fa72308f6e3f0162d4b2021e399e9695d3d0ee93f8d6c9689a793f6e0bdc5f86262badfd","ssdeep":"384:3C9X27RBsApvv8/10SEc0qPZbRY8GuQiD2ifu7:3C9iRSOvo0dc0OYZjif4","tlshash":"71429fdb1782b919e1232df94ed196e509032de61a0b5fbc50cbe0b70091d99ff16eac","first_seen":"2025-07-01T17:19:57.239392Z","last_seen":"2026-04-04T16:16:53.171669Z","times_seen":6571,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/a4d37d01.tx4paU6c.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/a4d37d01.tx4paU6c.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: text/css\r\ncontent-length: 241\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-f1\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":372,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (371)","md5":"7e56ce49b9f1c0562081d0e95d22e1fe","sha1":"599eb3c13e79d82a9293f46ca04de7ea565ff745","sha256":"e4207b9cc0285d0608f0da9173b149f8cf5662aace00a5d95f4fdfc5dd99b826","sha512":"518fe3b10d29af688b20833c8a0c06547ad9ca3ad4a45945d4b0fa9b1b022f22fd7e77d777ac372624c91d0c042cd57c2c1ee7788aeb20540d25c31c038ac4f6","ssdeep":"","tlshash":"e7e068440c167a35b81ffa6fe2a45a6d91721587ac83876ed15ded6dc2cf9c05215808","first_seen":"2025-02-12T21:05:05.532715Z","last_seen":"2026-01-25T14:09:20.149851Z","times_seen":52,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/fd2fd3f8.d.m.B86WmI9J.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.086Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/fd2fd3f8.d.m.B86WmI9J.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 2170\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-87a\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5963,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (5912)","md5":"38f52a4f73918c4498469647bc400a18","sha1":"b1d553b4b41e486afbdadd4fc6a044b1a0e08c7a","sha256":"0cbdd4b0c2175e39ce37245633773809d2041e1c27bcde12b1cf5505414f3440","sha512":"d877b938f869bb7479f94ed40e76a4e919c1df0770e1bc64bbc219a0e7c1ad6eb514135f3cd35a3455bd0f13121e304946da92178d2fc59c83092acfaef02ee4","ssdeep":"96:c3oAy/zelIVlxdLSU0pd31Fixk2l9eC97Ae0E0hbDO92pli56+p0kYAfvcxaydo5:cCzelg1SFr0k2l9eC97Ar3O92pli56+t","tlshash":"7dc1fd5dde4a82b883c358f6a0f60e4a505de947f13c0a00f8a2ed6f9550fe4932bb5d","first_seen":"2025-09-20T06:53:38.137796Z","last_seen":"2025-09-20T06:53:38.137796Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/robotocondensed/v31/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.103Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/robotocondensed/v31/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 51412\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 19 Sep 2025 14:38:57 GMT\r\nexpires: Sat, 19 Sep 2026 14:38:57 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 10 Sep 2025 16:48:47 GMT\r\ncontent-type: font/woff2\r\nage: 58383\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":51412,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 51412, version 1.0","md5":"9e5e97447fcc00eca79e97de3b337831","sha1":"efafc4ef0f1ac7fefb6e22be4ea9c681a53d415a","sha256":"8d230115e58faa2ed303bee567b91d1a792e0c958a0118998b53648b2ab7c057","sha512":"ff66693e0a9dfcf51c16540c713de433c308e0b4afb31b48aab7fc7b46684e24494468826219fcd82e0cb26a40ec4addb8db741553e66e496d6cb1d7c9513055","ssdeep":"768:18/PyhTHe3I1xDq5OqDPcdn9jxYzJ2LEWPf4FPkEsSfR7vpNfyB4dnzoQub:rr1HAcnlxwJ2LJwFfHuyNub","tlshash":"ac3302a818f688a9d57e19446f2b0d908566123731a2037bcb524f8b12e96e332ddb77","first_seen":"2025-05-29T18:08:33.81349Z","last_seen":"2026-04-04T16:44:56.737356Z","times_seen":18875,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:08.086Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=970305583a5748bcb3ddc0aefc14caed\r\ncontent-type: application/json\r\nsentry-trace: 970305583a5748bcb3ddc0aefc14caed-84eceb7f5f4602a4\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 657841\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251; _ga_JZZNGY93CC=GS2.1.s1758351120$o1$g0$t1758351120$j60$l0$h0; _ga=GA1.1.206665698.1758351120; intercom-id-cnjqphyx=ae23bf96-1d48-4e97-8cb4-428201d1ef26; intercom-session-cnjqphyx=; intercom-device-id-cnjqphyx=287449a7-a7b9-4495-9751-5a88562c3289\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:52:08 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"a9c2f455bad4f2324ad90cc7891dae8f","sha1":"7c9f0ac2dcdbf0bd89809589094eae27e812d7e4","sha256":"b5f9d0bfe297ee174c85077dca0335f628ffe2a13bd426e17c3b0bbecdf6d7e4","sha512":"254c134e821bb154656d1b9960a0b949fd15938350ea869f7bc0fd038ce9c68d66c1a4f49a26d01dcd95fa8591457b82b0c56d539d47474c13b62572d41c8d2a","ssdeep":"","tlshash":"5ec02bc07941030a6d04c04b6270ed51e23071218000841c41c570101484c2c328fa60","first_seen":"2025-09-20T06:53:38.14067Z","last_seen":"2025-09-20T06:53:38.14067Z","times_seen":1,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":0,"dns":0,"connect":0,"send":98,"wait":37,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/vendors~sentry~app.47087327.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:10.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.intercomcdn.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 31 Oct 2024 00:00:00 GMT","end":"Fri, 28 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"D2:4F:FB:78:56:DC:20:7E:66:CC:9B:57:7F:92:C2:FA:50:69:C1:5B","sha256":"09:35:37:9C:E9:C9:26:27:7B:F2:E2:42:CA:82:EF:F1:2C:B2:B4:97:04:61:0B:FD:77:9A:15:4D:57:F4:76:D6"}}},"request":{"raw":"GET /vendors~sentry~app.47087327.js HTTP/1.1\r\nHost: js.intercomcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 26207\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nlast-modified: Fri, 12 Sep 2025 20:29:07 GMT\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: gzip\r\nx-amz-version-id: Nt.Mpy67azh05SWWKINQCw50M4zVBZQJ\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 20 Sep 2025 05:49:11 GMT\r\ncache-control: max-age=31536000, s-maxage=7200, public\r\netag: \"0ee344cda278b921f8fe5e47e5d3e3fc\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 2d4ccfc38ee1229022124d55e34be376.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\ncross-origin-resource-policy: cross-origin\r\nage: 3779\r\nx-amz-cf-id: fKc7pQCxC8Ctt2KtyKYboVlKK0ZU50O_PwIFyhZcF4lmFkiM70wo2g==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":79160,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"d9c54fad8854c68ee9edbd47ef48d6ad","sha1":"ccbb56a3e851ec8f5d2c6a351843886b62c41b8d","sha256":"b5537d0dfaacaf76b48bc6ea0d75e8b21d419d5a660012ef6545de3da2fda44b","sha512":"0521b89cfd6a23c1ba7e920ef997c526f2d21375078acc5a482428d5c1c48e5ab9e73638818fa93bd8a8c915d4677e24e7f71739e0d8fba4feef714bc1872162","ssdeep":"1536:yAy1BQKh4+lC4el5txG+u0JnbrpxyR7+hlPp:yAy1Jhm1l0Lan5xy0","tlshash":"cd73a2c9b1d2b02053eb19a5903b410ae77a5994300b8490f67cddde7eba15ee273f2d","first_seen":"2025-07-01T17:03:46.631262Z","last_seen":"2025-12-05T13:54:20.152529Z","times_seen":4909,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/app.f6496084.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:10.423Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.intercomcdn.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 31 Oct 2024 00:00:00 GMT","end":"Fri, 28 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"D2:4F:FB:78:56:DC:20:7E:66:CC:9B:57:7F:92:C2:FA:50:69:C1:5B","sha256":"09:35:37:9C:E9:C9:26:27:7B:F2:E2:42:CA:82:EF:F1:2C:B2:B4:97:04:61:0B:FD:77:9A:15:4D:57:F4:76:D6"}}},"request":{"raw":"GET /app.f6496084.js HTTP/1.1\r\nHost: js.intercomcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 223424\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nlast-modified: Fri, 19 Sep 2025 15:43:08 GMT\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: gzip\r\nx-amz-version-id: fsm6aQf.pD78nx4iagJvCG.nPqfhmnnK\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 20 Sep 2025 05:59:21 GMT\r\ncache-control: max-age=31536000, s-maxage=7200, public\r\netag: \"ad5f5d233f236bf911aeecf73c9dd33a\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 2d4ccfc38ee1229022124d55e34be376.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\ncross-origin-resource-policy: cross-origin\r\nage: 3170\r\nx-amz-cf-id: XcngMITUozYKrkii9ARuf8GBQgQ2Oik6g8Z8uxWwg9337ocR6TmZLg==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":950037,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65424)","md5":"4e1a17a0e8242fc2066a4ce2e3f3b00d","sha1":"efeda33bd050fa131c382af363444ef8a11142d6","sha256":"cd16ae889df5222cce1eefc5a92fd1ad32b6ac31ec66b7d3f508bde6e2a848bd","sha512":"21553a4f893195fc58616b505afebe8a275dc17b7e4b49cf6cc4d789d3aa2a91af9afd119b79bbea68cbb17498925dc644aeb5899286481e861167c0ef57730c","ssdeep":"12288:HhDrBVfUklyE4qUoPam7f4ktdUE5qOWeoKN:X9UklyEGmLeeoKN","tlshash":"fd150accb5c6b428e3a7a274403f140eb33e6949e84d4054f616e8e56dbe18e9327f9d","first_seen":"2025-09-20T01:49:31.789316Z","last_seen":"2025-09-22T07:34:18.775821Z","times_seen":14,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/8e2531cb.d.m.D-JnE3En.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/8e2531cb.d.m.D-JnE3En.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 69796\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-110a4\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":335048,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (30618)","md5":"c71aa3ecf879ee36cae66a437871533d","sha1":"313ffe60805bcbe137708783daad53ae9dcaad7e","sha256":"cfc4966ca8e9e0f76bedc7f0f940570a8c9d345e13def99d1bff42228a1c5c2e","sha512":"f4d8858dbd8fc36923ff51e1e29c82bb2f7bfef19c8427457652049b1e5cb3c65b5c38b32550c8b90251e294d11eca28faa570cdeb18e7e5d22baacd1e4891bc","ssdeep":"3072:WmkOIIrObRfNir8cD3FLVV7lo9uSCIGXEG4BHJ1BfCk9DWdMQja:eONOFfNir8kM1H9Cdw","tlshash":"7164d48d72f827b5458370b1b53e2532b270e013350c4dd97d9d12a9afaa214eee2fb5","first_seen":"2025-09-20T06:53:38.143644Z","last_seen":"2025-09-20T06:53:38.143644Z","times_seen":1,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/50305e4a.d.m.BjIt84jY.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.737Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/50305e4a.d.m.BjIt84jY.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 689\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-2b1\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1070,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (1019)","md5":"f7638c49062bc5540899477f806faacc","sha1":"0d03954a6b71676fee2642e973f11a5df7bc4b4c","sha256":"1fc46c5fd2c629bf782dd14412dd92b16e8002adc3459111a3bc80df0cbe9149","sha512":"8857c156e70da5d510cbdaad329dda53511fcdf3e5c2a4d38238f1dbb3eceff2519b7098441df58cde2dca24d7fe50f47cbcedaf1f1f340ad7d671b1e629af82","ssdeep":"","tlshash":"7f11358e9cd09db65c84addcc0171021d2a605dab328549f70dd09bb535dc72c02dfe7","first_seen":"2025-09-20T06:53:38.145123Z","last_seen":"2025-09-20T06:53:38.145123Z","times_seen":1,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:13.069Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=970305583a5748bcb3ddc0aefc14caed\r\ncontent-type: application/json\r\nsentry-trace: 970305583a5748bcb3ddc0aefc14caed-84eceb7f5f4602a4\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 7057\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251; _ga_JZZNGY93CC=GS2.1.s1758351120$o1$g0$t1758351120$j60$l0$h0; _ga=GA1.1.206665698.1758351120; intercom-id-cnjqphyx=ae23bf96-1d48-4e97-8cb4-428201d1ef26; intercom-session-cnjqphyx=; intercom-device-id-cnjqphyx=287449a7-a7b9-4495-9751-5a88562c3289\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:52:13 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"051ffddc6b5605ab7929d840367168a4","sha1":"d99801b6a9b8dab446a7f3e4d5ab6ae8401b76c9","sha256":"6a7eea9bba132a30a86757b93fb9cebe97a41ed80668338e0eb6b431a2b1924f","sha512":"591dd442fcb951ce6d9307ebe3428d331132bd36e19b46d8b9a3b98c1e3ad552b96910cc1eb024ce5082eb73a8e3c4c1d956d55035685350c85db2a4d08a0995","ssdeep":"","tlshash":"f7c02b402c0000044d048a4cd330ea84fa2174404208850885d4746000c49bc3a87e11","first_seen":"2025-09-20T06:53:38.146479Z","last_seen":"2025-09-20T06:53:38.146479Z","times_seen":1,"resource_available":false,"data":null}},"time_used":32,"timings":{"blocked":5,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/a4d37d01.d.m.NF3uovUq.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/a4d37d01.d.m.NF3uovUq.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 536\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-218\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":916,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (865)","md5":"7874cb8a06564f1c730e8e22eee4a3bb","sha1":"f145035d11864f16c28ddda363ee3efd4ec65d84","sha256":"2d187a6266818521f4fdb0b5b07309ebdabaa0b78bc852ad90584d0e5a7b8287","sha512":"6abe25b86051d225736f5d278226bac97b79ab0c045152fcbe1f92db0cce70f180b1d02f148e2f8bcd6dea420210d37658e8e6241dd4de26158e6ea75b88e24c","ssdeep":"","tlshash":"eb11c46e9951c4719268c8acc32128518a7b4ba793f1454ce1ac65ff0f90063c31b5a6","first_seen":"2025-09-20T06:53:38.147849Z","last_seen":"2025-09-20T06:53:38.147849Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/actionbn/1125x469+%284%29-282@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.340Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/actionbn/1125x469+%284%29-282@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 95128\r\nlast-modified: Thu, 28 Aug 2025 08:07:16 GMT\r\netag: \"17398-63d6864c67298\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: MISS\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":95128,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 750x313, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"1b673b0b19cba1fc5a9564838728004c","sha1":"de5ec2f92481c526df32eba47dc4377a0d756745","sha256":"dfb0d60cfd2416947c2acd7f2a0f61aa29ab27861763e00ceae12c279daef6de","sha512":"32112cbf6712dc6afe0b48f9c6ad05be664a8967c5f3c352d65c1893d25a7f93a2c27c208fc19e560c94fdd30dd9f6db5e614ece24a3276055bacc0ecfa99312","ssdeep":"1536:PDhnU8csLyxgDTHL2sHwdRKcMCTD7a74ZvKjIPwOnhE25PIH34MS0NPAgITMKCDd:bhU8cWyxgDTSkwvjJ7xZvcIYOnhE29IF","tlshash":"8b9302ba2d93bd04fd9981004f8518a89cdea1f8e30571b675da0abf1bec1210def5e5","first_seen":"2025-09-07T05:29:21.881791Z","last_seen":"2025-09-20T06:53:38.149168Z","times_seen":3,"resource_available":false,"data":null}},"time_used":90,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":62,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"region1.analytics.google.com/g/collect?v=2\u0026tid=G-JZZNGY93CC\u0026gtm=45je59h0v871047016z8890860847za200zb890860847zd890860847\u0026_p=1758351117736\u0026_gaz=1\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=206665698.1758351120\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_s=1\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104779684~104948813~115480710~115616985\u0026dl=https%3A%2F%2Fwww.239797.win%2Fen-us%2F\u0026sid=1758351120\u0026sct=1\u0026seg=0\u0026dt=Online%20Casino%20%26%20Sportsbook%20%7C%20Quick%20%26%20Easy%20Sports%20Bets%20at%20LEON\u0026uid=\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026ep.event_country=NO\u0026ep.platform_type=web\u0026ep.device_type=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026ep.web_version=6.121.2\u0026ep.theme=DARK\u0026ep.full_url=https%3A%2F%2Fwww.239797.win%2Fen-us%2F\u0026ep.previous_page_url=\u0026ep.main_domain=www.239797.win\u0026ep.lead_section=\u0026ep.event_category=home\u0026epn.event_timestamp=1758351119719\u0026ep.event_action=Page%20visit\u0026ep.website_product=li\u0026ep.website_skin=default\u0026ep.website_locale=en_US\u0026ep.first_theme=DARK\u0026up.customer_login=\u0026up.customer_status=logged_out\u0026upn.customer_type=0\u0026up.customer_bet_type=UNDEFINED\u0026up.vs_lw=false\u0026tfd=4543","fqdn":"region1.analytics.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.239.34.36","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"POST /g/collect?v=2\u0026tid=G-JZZNGY93CC\u0026gtm=45je59h0v871047016z8890860847za200zb890860847zd890860847\u0026_p=1758351117736\u0026_gaz=1\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026dma_cps=syphamo\u0026dma=1\u0026cid=206665698.1758351120\u0026ul=en-us\u0026sr=1280x1024\u0026frm=0\u0026pscdl=noapi\u0026_s=1\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104779684~104948813~115480710~115616985\u0026dl=https%3A%2F%2Fwww.239797.win%2Fen-us%2F\u0026sid=1758351120\u0026sct=1\u0026seg=0\u0026dt=Online%20Casino%20%26%20Sportsbook%20%7C%20Quick%20%26%20Easy%20Sports%20Bets%20at%20LEON\u0026uid=\u0026en=page_view\u0026_fv=1\u0026_nsi=1\u0026_ss=1\u0026ep.event_country=NO\u0026ep.platform_type=web\u0026ep.device_type=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026ep.web_version=6.121.2\u0026ep.theme=DARK\u0026ep.full_url=https%3A%2F%2Fwww.239797.win%2Fen-us%2F\u0026ep.previous_page_url=\u0026ep.main_domain=www.239797.win\u0026ep.lead_section=\u0026ep.event_category=home\u0026epn.event_timestamp=1758351119719\u0026ep.event_action=Page%20visit\u0026ep.website_product=li\u0026ep.website_skin=default\u0026ep.website_locale=en_US\u0026ep.first_theme=DARK\u0026up.customer_login=\u0026up.customer_status=logged_out\u0026upn.customer_type=0\u0026up.customer_bet_type=UNDEFINED\u0026up.vs_lw=false\u0026tfd=4543 HTTP/1.1\r\nHost: region1.analytics.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\naccess-control-allow-origin: https://www.239797.win\r\ndate: Sat, 20 Sep 2025 06:52:00 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:158:0\r\ncross-origin-opener-policy-report-only: same-origin; report-to=ascnsrsggc:158:0\r\nreport-to: {\"group\":\"ascnsrsggc:158:0\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:158:0\"}],}\r\nserver: Golfe2\r\ncontent-length: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":157,"timings":{"blocked":62,"dns":0,"connect":22,"send":0,"wait":32,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24_t_2692-7.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.300Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24_t_2692-7.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 5788\r\nlast-modified: Fri, 22 Dec 2023 13:23:23 GMT\r\netag: \"169c-60d191edd84ae\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5788,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit colormap, non-interlaced","md5":"47d937d93b938be5f4701d7b776e7a7e","sha1":"d713fe23a44d1145aabce2c019887af5d32c961f","sha256":"f2c2c362f1c16308f9167628fb550b92b0f2119f2ec3f46a7d69a5a935b4077c","sha512":"17b2d70e5fbd60b67b098daabb3443f85a2628f2f766456d717771c3765b368f0a68d81cb4b0d70dda3791ab71fdbdbbd849ca3fdf786040f922ccd953b70ef6","ssdeep":"96:qNwreqI34mbsSigQR5H1LzasoBrb4kD8TnrxNWS9ce/SMb0V:qqev4K+RLHLkgTnrxNW7eKm0V","tlshash":"25c18db831b1c26ff28838b7c3a44644ada28599757e923db43e686c3d479f39b50d50","first_seen":"2024-09-28T07:04:04.383626Z","last_seen":"2025-12-31T14:23:54.419768Z","times_seen":8,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":72,"dns":0,"connect":0,"send":0,"wait":33,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:2829-2.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.060Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:2829-2.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 22271\r\nlast-modified: Mon, 14 Nov 2022 11:15:45 GMT\r\netag: \"56ff-5ed6c5c5b4659\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22271,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"f7233dcda8045400203254694da6dffb","sha1":"4864acf084c360acb7c84acbd17ff7ea8d8d8bc6","sha256":"9a1b10dacb76fa5da43b5c27b466898ba8819e463107544540ecce30737fa68d","sha512":"70f8f0d17c9005ee2c1d5cd4d5f912e95e9b37db5c8596ee11a077825ff40c8aae64e61d4af6f6f870735452d715ba784e5673a95ff8810ee7ba29b76995f358","ssdeep":"384:Em8PSgoDsYFcoZE/MNyrwhCUiqdY1Sa9OSAHWv4woXItPlb2/O:EVoGkNtKqy1Sa9OSAHWfoXEPlb4O","tlshash":"c4a2c0c71e80bd56ad82b04d18729ab62cd2f31d3bb0e42d6acaffe460711d0d954dd2","first_seen":"2023-05-09T14:38:30Z","last_seen":"2026-01-17T13:04:18.720522Z","times_seen":54,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/vendor.81fb0609.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:03.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.intercomcdn.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 31 Oct 2024 00:00:00 GMT","end":"Fri, 28 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"D2:4F:FB:78:56:DC:20:7E:66:CC:9B:57:7F:92:C2:FA:50:69:C1:5B","sha256":"09:35:37:9C:E9:C9:26:27:7B:F2:E2:42:CA:82:EF:F1:2C:B2:B4:97:04:61:0B:FD:77:9A:15:4D:57:F4:76:D6"}}},"request":{"raw":"GET /vendor.81fb0609.js HTTP/1.1\r\nHost: js.intercomcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 212269\r\nlast-modified: Fri, 19 Sep 2025 09:58:50 GMT\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: gzip\r\nx-amz-version-id: FvyQGZcpveANvhtc04joIwiFDKEuwIW4\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 20 Sep 2025 06:01:04 GMT\r\ncache-control: max-age=31536000, s-maxage=7200, public\r\netag: \"59cffe2afbf09148b3a8349fc870cc37\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 de27d82c1c354527a5740acf5043eab4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: jnSNNzNG-PCGRW7GzlT-eGs2zLdrlVB6MKE2ualfMLNzWLtmHWzH_w==\r\nage: 3060\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncross-origin-resource-policy: cross-origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":684494,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65463)","md5":"23c6eb263b53b5afa5c5c16b298b46ac","sha1":"c45a8db589dd28f149fe2818007c40f83803b63d","sha256":"6c0e458388d782ecd7455bcf3a2bedfe192fa5c36bc7467481a5e33f594dc47d","sha512":"6f335057a73962631eedab65182e7a66cab554f13454d686549aec7a6ecb00309ea62c3cc99c9e564ba290181bcba7a3badae00383ad621565468d42bdaf6dca","ssdeep":"6144:cxE8LlzpXe7RvofOq1BrFZGEkYg+kfFd+oNEf9upyuAhOL6yX:EE8LlzpORwfH9kYqfFUkEFup/7","tlshash":"40e43bdc79d1f0a207f352f6807f140bf27a1a69680c8490f765d8c968b994e9237f6e","first_seen":"2025-09-19T10:07:56.098413Z","last_seen":"2025-09-23T13:45:43.323804Z","times_seen":134,"resource_available":true,"data":null}},"time_used":274,"timings":{"blocked":114,"dns":88,"connect":8,"send":0,"wait":37,"receive":8,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24_t_33-6.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.948Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24_t_33-6.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 26047\r\nlast-modified: Mon, 18 Nov 2024 23:24:07 GMT\r\netag: \"65bf-62738368bd21c\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":26047,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced","md5":"e8af57b4fb1014acc154bd6283fba64d","sha1":"13546c91041334c2122bcf8a6bb655a75e1ff0d8","sha256":"839637e3bec6b15d289cc4af1d345164845bb66798a6afc0f1534d388a3e8785","sha512":"595ec3ef5b5994635938c08e2826fe02db9cf9cb2e2e36d13be8433ccde625312f5e939e96725a0cebe1873dac5177fb8894323a2aef0befe9351592516e5765","ssdeep":"768:uKxMGw7MloHAMMZ8EKMVmvEe/Y4/rPrcScCeBe:GubMMZRKZvEq/rPYSMe","tlshash":"21c2e1820d6fe3c5d0fca344dd7d76c080d618b40295bcaadf678ec9651918bbda4b4b","first_seen":"2024-12-15T10:08:22.018778Z","last_seen":"2025-09-20T06:53:38.153034Z","times_seen":6,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/actionbn/1125x469+%286%29-169@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/actionbn/1125x469+%286%29-169@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 54944\r\nlast-modified: Thu, 28 Aug 2025 11:25:26 GMT\r\netag: \"d6a0-63d6b2972a69e\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: MISS\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":54944,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 750x313, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"95211e76175cb3aea78f1652c05e3584","sha1":"ee05fb9b7f8fa1b9eef1a9a793f6009ecfdd2b5e","sha256":"1cbdbde4c81dded1dcc25d646ee9423447e93097237debd5806f14ebbf12d68d","sha512":"6130dfb5e3cb1d0e1d704093cc4167f5d47602755e6a69c0129e415547bc590c6f72c631ae50699635b8fc486e16652db93a704d0dac3889d3980aee2c1397b4","ssdeep":"1536:donZVLDepOokOLg0GElmnTdqGbfIzWC6mpHYgajbhF:mhDe4oJLgd9TM8fIf66aj","tlshash":"ef33029b34ce85cf09d67bf8236098d3fc985b84a3a11c92467b6286f7335cdb86815d","first_seen":"2025-09-19T02:19:58.257883Z","last_seen":"2025-09-20T06:53:38.153763Z","times_seen":2,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.091Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 19 Sep 2025 13:04:57 GMT\r\nexpires: Sat, 19 Sep 2026 13:04:57 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nage: 64023\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T16:49:22.253707Z","times_seen":714894,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"o237537.ingest.us.sentry.io/api/4508036400611328/envelope/?sentry_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c\u0026sentry_version=7\u0026sentry_client=sentry.javascript.vue%2F7.120.0","fqdn":"o237537.ingest.us.sentry.io","domain":"sentry.io","tld":"io"},"ip":{"addr":"34.120.195.249","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ingest.sentry.io","organization":"Sentry"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 24 Jul 2025 00:00:00 GMT","end":"Mon, 24 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C7:A0:3C:30:51:F2:AE:98:2C:88:9F:C7:8D:24:55:ED:C3:34:BD","sha256":"78:73:F7:3D:EE:58:1B:F8:9A:1E:17:AB:A3:70:00:86:76:EA:4E:AF:AB:F4:7B:34:5F:FA:39:D8:3B:5D:F4:B5"}}},"request":{"raw":"POST /api/4508036400611328/envelope/?sentry_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c\u0026sentry_version=7\u0026sentry_client=sentry.javascript.vue%2F7.120.0 HTTP/1.1\r\nHost: o237537.ingest.us.sentry.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 419\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: application/json\r\ncontent-length: 2\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after\r\ncross-origin-resource-policy: cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"99914b932bd37a50b983c5e7c90ae93b","sha1":"bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f","sha256":"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","sha512":"27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd","ssdeep":"","tlshash":"c7100000000000c00000000c00000000000000000c0000000000000000000000000000","first_seen":"2023-03-07T01:15:26Z","last_seen":"2026-04-04T16:49:46.122104Z","times_seen":554536,"resource_available":true,"data":null}},"time_used":266,"timings":{"blocked":112,"dns":19,"connect":11,"send":0,"wait":41,"receive":0,"ssl":80},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:3604.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.225Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:3604.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 72012\r\nlast-modified: Fri, 18 Nov 2022 14:45:26 GMT\r\netag: \"1194c-5edbfc19a04b7\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":72012,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 218 x 218, 8-bit/color RGBA, non-interlaced","md5":"2317ba3508801313d79d25ccd6dea8f9","sha1":"7b145f2eb105aac296c419e0c2f05dfb7559f7e7","sha256":"f00a6e1dba50d89c5dff65490073c1a78fe7f53a70ed170401cf9d4a218653be","sha512":"e0c0d58ca4f7a60e799ed0793e58e938ccde13fac1ed492210978bedafe004573663081e8e523569fb5deda8735204bf6bf7cd4ef3622b249ebfae0450652928","ssdeep":"1536:ISCrNNIwV3g/SRmVTVHOWVqDBC7YE9rJ6wngA1:ISChNHiX0WJYE9BN","tlshash":"606302cc18fb0e74fac6a461a18165d5735ca22ce2c0be73331ddeacc9158d26188e6f","first_seen":"2025-09-20T06:53:38.157306Z","last_seen":"2025-10-18T03:17:27.565837Z","times_seen":2,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.384Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/\r\ncontent-type: application/json\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-modernity: modern\r\nx-app-env: prod\r\nx-app-skin: default\r\nx-app-layout: desktop\r\nx-app-os: windows\r\nx-app-browser: firefox\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 79571\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":190038,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"e24a06a68ca8c9452660051390b03af4","sha1":"f980db41be3bf8172de3bc83b60d63fbc223cee7","sha256":"22b741a701ce87c41b6ecda24feaa2ead350d7dff22f3ca72c359e338437c23e","sha512":"e72252f23dfbf21c8a06443d54be27daf108c5fc12a24edb399df2ec44bdf60064d1fc128137f25bbe386170a81500dc3f2dc62025ae600b1686e819334548d2","ssdeep":"3072:9qgHJvPw6vtpCDQlKgpysWLPrZ5PE0JcaoR/PUTmwi5:9qgHJZ2gprArZ9E0JcaoR/PUTRi5","tlshash":"e104970e36a19ebb1983ab193817c5437239b0bd1ba6c1de5c9480d83d9ae5d3137cf6","first_seen":"2025-09-20T06:53:38.158483Z","last_seen":"2025-09-20T06:53:38.158483Z","times_seen":1,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":21,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/76a0a3dc.JEu34XJX.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/76a0a3dc.JEu34XJX.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: text/css\r\ncontent-length: 5186\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-1442\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":30856,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (30855)","md5":"80a8c3fdfba2a43e0c87c65ca4836269","sha1":"c4198cfec01c2dbfcf45d1e887056403eb234181","sha256":"a7280c028d7e3258b858ad6393c3c8e07cfd16e34487ffab66ff4dcd767918b5","sha512":"8c51bcae3dd1a10c047e7ecbec9d68507078b42a24d09df08cdcf18d87a0ff191bc3495416c938224933f255f550e752bf855d7f02e14f217f409d8b48ccec85","ssdeep":"384:sx3g05ks2XTo2DIjCOo5CSz373lV/iCDz8:sh5h2XDsjCr3l8","tlshash":"39d29679dd9459beb2336719d5ddaccb6219cd43c8d32da6e1fad32cc0c23516b22a08","first_seen":"2025-09-19T02:19:58.293371Z","last_seen":"2025-09-20T06:53:38.159998Z","times_seen":2,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/054854ad.Ayv4KLnw.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.995Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/054854ad.Ayv4KLnw.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: text/css\r\ncontent-length: 3805\r\nlast-modified: Wed, 13 Aug 2025 10:19:33 GMT\r\netag: \"689c66b5-edd\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22045,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (22044)","md5":"82ff37fe65bd61bc8d317a889f10c6a8","sha1":"a71e38305415139b6b9e261ab651fdc13767197f","sha256":"fec67c0df72c4ee5e98b6bf1a933f881041c98fad0e6445a85c25bf320396409","sha512":"3dc4df74c9f7111dcf4357a4a219a10c0d4a4a2c7d61b90c140f6304b09738f6c2d5d0b8f0fe8e15d31723b4ca7d575afc54745941d8e13b7284d3480c7e1c2a","ssdeep":"384:vTHcfc5vK1lzqsm79+h6lHgs0lMNyV3T1K0b3bUgja+B77F/:vTkc5vK1csI9kyNyV3T1L3bpmEF/","tlshash":"97a2012ece1862aab4e65076b5e45f4f2405ec47f53a4659fd51ad2ec0c2f52372b30c","first_seen":"2025-08-16T06:41:47.107416Z","last_seen":"2025-09-20T06:53:38.161403Z","times_seen":5,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24_t_169496-2.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24_t_169496-2.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 40394\r\nlast-modified: Sun, 09 Feb 2025 11:24:50 GMT\r\netag: \"9dca-62db3d704331c\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40394,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit colormap, non-interlaced","md5":"cfd7239152545771640b282aaad6ca49","sha1":"33990a60118ff150d5380a517566433bbf20eceb","sha256":"c209dccf29f701664e71d710ae7cf3d5d3ae068aeabf3192e8c332dce37be09f","sha512":"0e8c3f5f68b37edba213dae44e530c59e8a4c951033e06a4a39f88dac6a35f5e40edcf22a2ad3fbe3689040516c992e6cb1661e57eaf8acbf1f5d24e7a715390","ssdeep":"768:zS04N5Ibxk17PhVJvTaQ0y5lTacktFiK6VirQ1avpAC94xoL7:zS04bIVkVTJaQ0yz8T6crcUD9coL7","tlshash":"4f03010b0b5877109e895dd134a69c30c767188e7897fbf0706cd7e349f20ec66b22a4","first_seen":"2025-07-01T17:19:57.361455Z","last_seen":"2025-09-20T06:53:38.162853Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,100..900;1,100..900\u0026display=swap\u0026family=Roboto:ital,wght@0,300;0,400;0,500;0,700;1,400\u0026display=swap\u0026family=Mulish:wght@400;700;900\u0026display=swap\u0026family=Prompt:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900\u0026display=swap\u0026family=Oswald:wght@200..700\u0026display=swap\u0026family=Rubik:ital,wght@0,300..900;1,300..900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.346Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:49 GMT","end":"Mon, 01 Dec 2025 08:36:48 GMT"},"fingerprint":{"sha1":"9E:38:51:02:B6:22:9C:08:6B:24:B8:A0:EB:DB:60:D9:27:B2:68:90","sha256":"67:AF:7E:56:AB:8D:96:FB:D0:75:CA:28:6D:16:B6:67:FD:7F:58:6F:CC:AA:78:B5:01:13:76:2C:AB:BE:80:4E"}}},"request":{"raw":"GET /css2?family=Roboto+Condensed:ital,wght@0,100..900;1,100..900\u0026display=swap\u0026family=Roboto:ital,wght@0,300;0,400;0,500;0,700;1,400\u0026display=swap\u0026family=Mulish:wght@400;700;900\u0026display=swap\u0026family=Prompt:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900\u0026display=swap\u0026family=Oswald:wght@200..700\u0026display=swap\u0026family=Rubik:ital,wght@0,300..900;1,300..900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 20 Sep 2025 06:51:56 GMT\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":73509,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"33a191bc886c411503792a448163949e","sha1":"d98e06dffb7ee88f73f75b172e8f64c8481a50db","sha256":"5c407cdf1c2d3890a2fd3f31bf4c8cf3fa167b9e74a3be5b1dc51c94cb2e58cf","sha512":"ac054345022927884eb1bedac6dbb9e955aa842ebd84703b4973ed08207a1ec24d2d3b9fe5b9cd19ffb374270e23ebd9428a576329c8586ed43a42fd0a842715","ssdeep":"768:KuujH72NuwEIwLu2ieE3HDaZzcqUHgqqaNLbPZc70afUQRptmJKBLfhQE8YtCR6R:KuGH72NFEIwLziePzBiad","tlshash":"0873eea1041b9540eb871cc223cf7e36ee4ea2617050c179affd1a9aecebc62536475d","first_seen":"2025-09-19T02:19:58.355682Z","last_seen":"2025-10-08T02:43:14.720804Z","times_seen":10,"resource_available":false,"data":null}},"time_used":597,"timings":{"blocked":270,"dns":1,"connect":28,"send":0,"wait":51,"receive":0,"ssl":244},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/713ac740.d.m.RUtYvzut.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.954Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/713ac740.d.m.RUtYvzut.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 6652\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-19fc\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16199,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (16148)","md5":"cab6c91b4c147fd51951eb3c3ed45392","sha1":"1c72aa7c49658354863059c634297fc8a323d2e8","sha256":"caed2c203644b059111a2547813bd3dcc564c8fe5f50759add5a052f32f60d8a","sha512":"bea4fdd92cbdcacf94644377e137100a4440dba6acf26ad0e87c4912e53e26d7649b6a605ca9ba0e06159c3709b6a628ff5aa41d33dd14ff5b0282002562aca5","ssdeep":"384:dxtL7dopRfDbesOT3NqWEBI8YAiR3BPS+7VHYLIahPrGwe1tXqlN5P9thIgV2U26:dxtL7mFvesy312IhAiR39S+7FwIahPrf","tlshash":"2872a4e93183b53593eaa9e7403b0109f33c3944340f9494f6adaac63d7651792b3e7a","first_seen":"2025-09-19T02:19:58.288068Z","last_seen":"2025-09-20T06:53:38.166231Z","times_seen":2,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-JZZNGY93CC\u0026cx=c\u0026gtm=4e59h0","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"GET /gtag/js?id=G-JZZNGY93CC\u0026cx=c\u0026gtm=4e59h0 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\nexpires: Sat, 20 Sep 2025 06:51:59 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 132220\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":385041,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"7d091a3a4f7b3f4dab7e08e035d6c82f","sha1":"b07010c4c6bee91b4f9ab36b4a2cdf212881f2ea","sha256":"9fc5831793ef67d14021cba09b526da0135b36c2a7bf065618f0417552542fc3","sha512":"bfffb0f9c67e0ac45cf10dc1326bfc172f29ed11baa28a455f812938c4b6c5bbdee09bff542734eea7df3440b91cdb7688f6fbc5cf098ff693f0a2c589ead4e0","ssdeep":"3072:HFOEnSWOLCSgW/zflqVe3Y05tILQorCkE2vz/8LvKtWwkSdoHybrSwVRblSytu2B:wE3jVesQd2sK+ieYblSytugdYIU8TCGN","tlshash":"f98419cd73c674265396f478903f018ba5bb68a2b44cc899f189dce42e74a9a4137f7c","first_seen":"2025-09-20T06:53:38.167545Z","last_seen":"2025-09-20T06:53:38.167545Z","times_seen":1,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":54,"receive":60,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"o237537.ingest.us.sentry.io/api/4508036400611328/envelope/?sentry_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c\u0026sentry_version=7\u0026sentry_client=sentry.javascript.vue%2F7.120.0","fqdn":"o237537.ingest.us.sentry.io","domain":"sentry.io","tld":"io"},"ip":{"addr":"34.120.195.249","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:04.376Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ingest.sentry.io","organization":"Sentry"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 24 Jul 2025 00:00:00 GMT","end":"Mon, 24 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C7:A0:3C:30:51:F2:AE:98:2C:88:9F:C7:8D:24:55:ED:C3:34:BD","sha256":"78:73:F7:3D:EE:58:1B:F8:9A:1E:17:AB:A3:70:00:86:76:EA:4E:AF:AB:F4:7B:34:5F:FA:39:D8:3B:5D:F4:B5"}}},"request":{"raw":"POST /api/4508036400611328/envelope/?sentry_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c\u0026sentry_version=7\u0026sentry_client=sentry.javascript.vue%2F7.120.0 HTTP/1.1\r\nHost: o237537.ingest.us.sentry.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 189967\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 429 Too Many Requests\r\nserver: nginx\r\ndate: Sat, 20 Sep 2025 06:52:04 GMT\r\ncontent-type: application/json\r\nretry-after: 60\r\nx-sentry-rate-limits: 60:transaction;profile;transaction_indexed;span;span_indexed:organization:span_usage_exceeded\r\nvary: origin, access-control-request-method, access-control-request-headers, accept-encoding\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after\r\ncontent-encoding: br\r\ncross-origin-resource-policy: cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"429","status_text":"Too Many Requests","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":198,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"478b411c59eb87249bea32cf7c7be5d2","sha1":"023907c62eb55758905bb3c0e640b5b204ae0652","sha256":"bac10d17440dcd6f6c6c4e0bd7eca2e1a7eec030ef3b1143d4be3791dcf91263","sha512":"fd5a62565a479ebe0d27a4e3891117df96bb4bac0dd13bb46dbe674d7813557f41f99b00669d4fe3959279b14f64c0738d1627bd0257a22d6103e3b713022222","ssdeep":"","tlshash":"5ad022ebc07a4e6a0ac213a953404924a932aa0a1fcacf2668dc812a0289204662d31d","first_seen":"2023-04-06T03:33:39Z","last_seen":"2026-04-04T15:40:50.299377Z","times_seen":14787,"resource_available":false,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":45,"wait":49,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-2/betline/headline-matches?ctag=en-US\u0026flags=reg,urlv2,mm2,rrc\u0026merged=true","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.241Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"GET /api-2/betline/headline-matches?ctag=en-US\u0026flags=reg,urlv2,mm2,rrc\u0026merged=true HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=e0c7f323a8eb4a3eb2d752ec81e08189,sentry-sample_rate=1,sentry-transaction=home,sentry-sampled=true\r\nsentry-trace: e0c7f323a8eb4a3eb2d752ec81e08189-8d27117028a98fc8-1\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/json\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":124602,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d086c18914f7849c3b915d3239dbc138","sha1":"d1230f432459fc30c05e7f54ed6373a1a2954f72","sha256":"3b72f49edee8d8b47a726da67539045ce512eeb2c0979b1e5227a1b0fe1f72a1","sha512":"d52a94b8ce842c12d19006bb259d09086bb841bd9d9439a158da09af1fa02c31b2ea4a41e76abab0cb91b9951d3440ad3945c359cbec2e8bbe6ba5c844ad1294","ssdeep":"3072:4v+a/heUSjqVOWSObVWF3UjFG6hKc3acb/bOWqoXycNwh3hUiC5/SW9eQA6c3:4v+a/heUSjqVOWSObVWF3UjFG6hKc3a3","tlshash":"ecc30c0822090dbdd76229d9cd872bf558c4537fbed8ee82b6eccbc465753ae221111b","first_seen":"2025-09-20T06:53:38.169523Z","last_seen":"2025-09-20T06:53:38.169523Z","times_seen":1,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":132,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:2814-1.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.062Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:2814-1.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 16056\r\nlast-modified: Mon, 14 Nov 2022 11:16:13 GMT\r\netag: \"3eb8-5ed6c5e0380bf\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16056,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"e20780d40310fabe5134620ac3f6f8dd","sha1":"0fad528693bae8751a7148a34def6e9e25ac2d16","sha256":"d0355588405cb59a701e75e5b6ded3b456d4aa050a7f127c5979279b4d39f65f","sha512":"84c01a3ed98f6ab4bebdf36fe28c20a058532807cd62402b00d83cee49c3e04beaa0dd9c1c313f5362948c1d5e54db5272515587cb840888d6d1a7208420004e","ssdeep":"384:T2OFzLeosneDEavq9VJ8Pw6XBz3h4iMcT8EJQ1TddZDYhnG:ioeos6Eado6XB7hpJThM4nG","tlshash":"d172e08dd524d1ab953b8a8e6a3d85f6c6afc95e5349205f012d00ef34697f930ce03c","first_seen":"2023-09-17T17:56:43Z","last_seen":"2026-03-22T19:47:28.400643Z","times_seen":19,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:299130.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.177Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:299130.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 64605\r\nlast-modified: Mon, 14 Nov 2022 12:17:46 GMT\r\netag: \"fc5d-5ed6d3a2bd4c8\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":64605,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit/color RGBA, non-interlaced","md5":"ab73d7a7de2ceb641df942a6cc9eab77","sha1":"130c4feb528c34bc0de09d0bd178d66e6ce21115","sha256":"c05a19f472790eb013c7c97c4e0f50832d1e47ec44373f4e55fdba2d45771e57","sha512":"d0bfd004b5fd5b3091a1cdb2a15ef206b4bfec2ff038ef16785cf9fc664cf3ae88629783a94a3a1ed50fc00c7b0425f73341079975480b2c876ee9cb13164905","ssdeep":"1536:CajDVHHoDImn63ocv47XiOeqMNoL5Xo5ewwLrbaP1NLJVeB:C8DVHHo0I7BWNgAeprMuB","tlshash":"c05301fca20b05ab72984dc65e8d674b77b352041b5243009c61fcbf468acbc1f959ab","first_seen":"2025-09-19T02:19:58.393994Z","last_seen":"2025-10-14T14:52:16.816873Z","times_seen":3,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/actionbn/1125x469+%2842%29-2@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.312Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/actionbn/1125x469+%2842%29-2@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 48660\r\nlast-modified: Mon, 25 Aug 2025 12:51:45 GMT\r\netag: \"be14-63d3004a07e37\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":48660,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 750x313, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"bdb75cb2d8037f3f24a2d0166e28ab6f","sha1":"3b23c919d880597a23c8d021d9ca9cd08a7b4d66","sha256":"10c4949e214099bf5c8b6791bcf5205f367cbe1a6cc6aceaba52e7b6beba003b","sha512":"3145e802ae112f741a79c4d42fafadacf33406ffa47464cb19d090c664ce22dd28f8936718681a417b09022df52ce8b4714870309a3cc927b5d86cf2aba7faaf","ssdeep":"768:rTgZA2UzH8Dh3fVdmfzVu9zKrvGmyRA8Fz4qAhCwaCDyYPUe00BOwo8pMHrWfi:rkZA38Dhv/z0ByRACwCmDzztOL8s","tlshash":"3123f2b10a60b9da4cf3106234f793d68c1447730ffa55ae9e016b483ea374578356be","first_seen":"2025-08-29T14:52:32.51601Z","last_seen":"2025-09-20T06:53:38.172661Z","times_seen":4,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/c7fd5867.d.m.B3ZrtIar.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.771Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/c7fd5867.d.m.B3ZrtIar.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 832\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-340\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1928,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1877)","md5":"852aa0dad1156c5b3e0f3f756c4b5b40","sha1":"f9a2c5e5ac11f66ebe9a9d70c3ba4e464e73c70a","sha256":"b0806c2008280c7b8419fa2d1355adc1bd07d22fa47685a3bc7b000035e38e49","sha512":"820d7a9a62a8e8de2c418e2ce47103fc0ead6c84426e491530b56f65d4c346f1cb020d88108af5f571e87d6e535a3e2da75a96dbb126e91704514c35fd93bbf3","ssdeep":"","tlshash":"f941cecb738498329b57d9acae1f5f72187ff257451ec2a84148f4f015410ddc419b2d","first_seen":"2025-09-19T02:19:58.348546Z","last_seen":"2025-09-20T06:53:38.173308Z","times_seen":2,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/favicon/favicon-228.png","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.881Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"GET /favicon/favicon-228.png HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: image/png\r\ncontent-length: 3660\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-e4c\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3660,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 228 x 228, 8-bit/color RGBA, non-interlaced","md5":"c565bfb0d2b161d0b15e3a5b4e6ddec1","sha1":"02b2e975911f913cd604af7c48628d216eae73e5","sha256":"f54df6349b3aae33b002f4c28bac23076606c4d99b86167d7d796069f7c115cb","sha512":"b315def9b6e768fb0dd4e667a81c954a3f35090b4eef9c12a46428433447eb226f227c9402334c0ae8ef6ae3c02b775ccf7d881b1140a23d6eed5fccefa82954","ssdeep":"","tlshash":"3d717ddddde878c66985742cce9b518ce0854b5073c5a1ad6e90d87254052236c7e74e","first_seen":"2023-12-10T15:49:18Z","last_seen":"2026-03-29T15:19:13.454848Z","times_seen":117,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/gb.D8GxWOXI.svg","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.051Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/gb.D8GxWOXI.svg HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:52:00 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 483\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-1e3\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:52:00 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":962,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f0871e81adbdad984698b1d46526b395","sha1":"725519f07e7d85f65f6cf3002cf944450332b924","sha256":"40e2b7b3d0644d155b19b75de5b5191e8bf7d0de5067bcdb63130f6c66cbe130","sha512":"1dd071e554393352e4a497cb62af38105a953a3c016f49a44258688b556bc037ac626ac20ff407677e0fefe0673fa59155d7025e5580649785bff96cfefea2bc","ssdeep":"","tlshash":"e311909499bf004c58c5c287fee85e8447fbb2cbb7614944b44d26dc7b08c8b46a2a5d","first_seen":"2025-02-12T21:05:05.610244Z","last_seen":"2026-03-31T00:45:46.207855Z","times_seen":33,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=e0c7f323a8eb4a3eb2d752ec81e08189,sentry-sample_rate=1,sentry-transaction=home,sentry-sampled=true\r\ncontent-type: application/json\r\nsentry-trace: e0c7f323a8eb4a3eb2d752ec81e08189-a2f6fd37b9624ad2-1\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 6690\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251; _ga_JZZNGY93CC=GS2.1.s1758351120$o1$g0$t1758351120$j60$l0$h0; _ga=GA1.1.206665698.1758351120\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:52:00 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"4c4f53140dfc3e782f4228e7d1598f80","sha1":"f0703fb6e48e214758d3775b8e2cf73946213f05","sha256":"31a8ea5e1fc90d60c7837c5d8711e74b328b445b62093258e0ea18e4a64055e3","sha512":"ba65be4901d1c8d4516dd90a0a99a9a6cd5a6b9e9bc6f70f8738922027d42d6d3f23410de55359146198781efd1e022c794b6a3de181e0ff76b3d3759c10d606","ssdeep":"","tlshash":"4bc02bc0a81111471d15871b7b31c9d0b234b0000010882513cab801008997c308b940","first_seen":"2025-09-20T06:53:38.175504Z","last_seen":"2025-09-20T06:53:38.175504Z","times_seen":1,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-2/betline/headline-matches?ctag=en-US\u0026flags=reg,urlv2,mm2,rrc\u0026merged=true","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.986Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"GET /api-2/betline/headline-matches?ctag=en-US\u0026flags=reg,urlv2,mm2,rrc\u0026merged=true HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=e0c7f323a8eb4a3eb2d752ec81e08189,sentry-sample_rate=1,sentry-sampled=true\r\nsentry-trace: e0c7f323a8eb4a3eb2d752ec81e08189-a5c0e9824a7a5fef-1\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/json\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":124602,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d086c18914f7849c3b915d3239dbc138","sha1":"d1230f432459fc30c05e7f54ed6373a1a2954f72","sha256":"3b72f49edee8d8b47a726da67539045ce512eeb2c0979b1e5227a1b0fe1f72a1","sha512":"d52a94b8ce842c12d19006bb259d09086bb841bd9d9439a158da09af1fa02c31b2ea4a41e76abab0cb91b9951d3440ad3945c359cbec2e8bbe6ba5c844ad1294","ssdeep":"3072:4v+a/heUSjqVOWSObVWF3UjFG6hKc3acb/bOWqoXycNwh3hUiC5/SW9eQA6c3:4v+a/heUSjqVOWSObVWF3UjFG6hKc3a3","tlshash":"ecc30c0822090dbdd76229d9cd872bf558c4537fbed8ee82b6eccbc465753ae221111b","first_seen":"2025-09-20T06:53:38.169523Z","last_seen":"2025-09-20T06:53:38.169523Z","times_seen":1,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":64,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:14-2.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.963Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:14-2.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 9231\r\nlast-modified: Mon, 14 Nov 2022 11:03:41 GMT\r\netag: \"240f-5ed6c31371f11\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9231,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"7753b46364f4e9c6ad1af8efaaab396d","sha1":"8f57359389bbd438e713b4712bdee1c918f119e5","sha256":"4b9f3fe163b3b37525b3477d1cc44a4ffe24bf568ebe1f578170ce43738a044d","sha512":"f98e5f66f2904c793c89b47d9c9c326d81b3ef217bb3b4a8e2eeb4479fe73be220297b2cc2c4c3e2980b16f7ce42f1c6dc060959fbc72448b1d6af2c48237266","ssdeep":"192:WJ/A7bVRNQUOUApriLK6+oBqaCpkRFlV3OGstnWctskCa7LB3g+4k3:WkbdQU2EK6lqaI6zVZoWYs6B3","tlshash":"6d12be46de0a7c98c9677eeee5cf88627c9c94e4b416ce1e3af0b06846c410e75b51cc","first_seen":"2024-02-07T10:20:48Z","last_seen":"2025-10-18T03:17:27.981522Z","times_seen":15,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/ac6234e9.d.m.CaxdsSrf.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/ac6234e9.d.m.CaxdsSrf.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 748\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-2ec\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1468,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (1417)","md5":"4241eac88297f8135b53590b048f80bd","sha1":"c0e30abb341ece6df8ed9511831768cb81a5e00f","sha256":"2fd78fd2fb5c470e4ff7e159434804f73ed0ecaeebe321ad11fdea976940d96f","sha512":"52a3a8afd0cd2ca3a2b9e7ac779162ad132a5a1b37aa687755bf670d224c178e82e2a776ccdec86c318cbb86e7ac4bed1e59a11893529296c4d4eec1f8d8fbd6","ssdeep":"","tlshash":"5031620bb0b67c71e157d4f0c43a5683431f0a173a1506f2681db9e4022a47aa3bfe07","first_seen":"2025-09-20T06:53:38.180968Z","last_seen":"2025-09-20T06:53:38.180968Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:24985.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:24985.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 6467\r\nlast-modified: Mon, 14 Nov 2022 11:05:30 GMT\r\netag: \"1943-5ed6c37b0d89b\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: MISS\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6467,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit colormap, non-interlaced","md5":"15e4462e28f15d58c07c1e5a148884c1","sha1":"d6fba49a3cf83476447d3d64c5ee3d49569dafaa","sha256":"593781c36e06f144d48aff47d196f9402f293f4c10bc0c57fb430c0d729b25db","sha512":"e34739f3a27e33c0ad658109a2fe71a232502609ce6d43652701d288b217f97d1e6896f0787fd36acc5fdddba849bf82d5591e4ffaf4f46420eecae4044bec98","ssdeep":"192:nR6BRio3YAocWvZnzlaO9I5ulWzNAPU/9WFEJZLL:RXHAB2aD0MzN/Q2ZLL","tlshash":"91d18e5f96a47a6cc186405b9d9b3db39f30b7908d22853a95038c5a7dc2d7419c02d7","first_seen":"2023-11-07T14:36:48Z","last_seen":"2025-10-27T01:31:05.841726Z","times_seen":12,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24_t_106755-3.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24_t_106755-3.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 152416\r\nlast-modified: Tue, 28 Jan 2025 17:26:49 GMT\r\netag: \"25360-62cc77f7c15a2\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":152416,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 320, 8-bit/color RGBA, non-interlaced","md5":"4f4463c151a33684fe4d60d2330fa5ca","sha1":"2e6ceaaab19484dc66af0eb42fd49ff7bbf30a04","sha256":"12a5bd2be2230e174a38de5e3f079ebdce224dd6b21fac0efa452e6201890913","sha512":"27f6e7b06b859bc34737659fc89e7581c97bfe9ed545d37741945c2a2ac3122f2ceb431cdadecee9b98c25ac6f8a813f8ac176562bd05633104ada2841460789","ssdeep":"3072:aCxVXmsSd7FKTUmB8b3gRtjvaza1TZ2KLLx6JOvKZVstHpMnJYn5lE93:ZxVXmsS56PBCwRFzE6K4tHiOn5l6","tlshash":"8ae312d1eb43fc6b9658ab13e15532f7e3c62899275ae088e319622bf1f58415402adc","first_seen":"2025-02-22T12:39:09.276664Z","last_seen":"2025-10-27T01:31:05.807777Z","times_seen":6,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ps.l.liftdsp.com/ac786b28-283a-4d76-a40b-23e03f94ae14.json","fqdn":"ps.l.liftdsp.com","domain":"liftdsp.com","tld":"com"},"ip":{"addr":"54.240.174.68","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ps.l.liftdsp.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Fri, 07 Mar 2025 00:00:00 GMT","end":"Sun, 05 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"3C:FF:93:7A:39:16:1E:F6:27:5B:22:3F:5F:C7:A6:C3:6A:22:BF:62","sha256":"0E:06:CF:4F:55:41:8D:9F:FF:83:14:09:B2:03:4C:67:98:C5:19:10:75:CB:52:BB:6F:5A:2C:81:E1:FF:B2:29"}}},"request":{"raw":"GET /ac786b28-283a-4d76-a40b-23e03f94ae14.json HTTP/1.1\r\nHost: ps.l.liftdsp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/json\r\ncontent-length: 50\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\naccess-control-max-age: 3000\r\nlast-modified: Wed, 07 Aug 2024 15:08:37 GMT\r\nx-amz-server-side-encryption: AES256\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 20 Sep 2025 06:51:55 GMT\r\ncache-control: public,max-age=900\r\netag: \"e96cd5af6f065e5048b3ddd2913dac50\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: QKReMUwCUCQ5NqRte6nPdxrNUTK851ggIvsuoS2J9ERTEWz19qwCag==\r\nage: 21\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":50,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e96cd5af6f065e5048b3ddd2913dac50","sha1":"98f5fff6913c150009fb01c2cf5bbe83c250f80c","sha256":"88c38dd5fd1531be2d044c85bfd00517c41ce29b03c514d620d80a80241a1f11","sha512":"9478fcbed66ba6836ed9bccc5f3f3c1681d7527489c521c85566a2368089191fe173735d89f1277a5f86da659be50879b9e0ac7f62c1d7a1d4a905af8c49f990","ssdeep":"","tlshash":"6790041740037457c457c75041443d55d75d0d370c170f7404551d4503f53777540117","first_seen":"2024-08-31T07:43:55Z","last_seen":"2026-03-29T15:19:13.337153Z","times_seen":103,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":62,"dns":28,"connect":1,"send":0,"wait":4,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"downloads.intercomcdn.com/i/o/428145/9a41bc05dc8028cfff193a94/114dcf446f058a01bd3dd81e24e7b02d.png","fqdn":"downloads.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:10.971Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"intercom-attachments-10.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Thu, 08 May 2025 00:00:00 GMT","end":"Sat, 06 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"80:39:5A:61:B9:3A:AD:E3:0D:BB:AB:CB:AB:CA:18:25:C6:1D:51:3B","sha256":"29:2F:F8:E4:A9:36:14:92:E7:9A:84:74:E1:F6:17:CB:D8:E5:F8:BB:C5:8C:78:3F:59:76:34:D2:D5:78:69:A3"}}},"request":{"raw":"GET /i/o/428145/9a41bc05dc8028cfff193a94/114dcf446f058a01bd3dd81e24e7b02d.png HTTP/1.1\r\nHost: downloads.intercomcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/86620776.d.m.Dlkjrelu.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.960Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/86620776.d.m.Dlkjrelu.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 354604\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-5692c\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1232982,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (63951)","md5":"012a41063b924182d30a1af618b40214","sha1":"bac4cd16a81a3a00fd039055bc509fdc0c249a1d","sha256":"6f3bb3207811876b4164ef7991ea15ecdd95f7f0f1bceb659125e16c6d4ff596","sha512":"0b10a7a1ab8dda07b8496d27b08dbe1d0c80f71961af9298c8ab6818ecd8e5b9b4f19b09075427a44c5a652d3de3aa133829fd961a63d5b0d650238148c531f0","ssdeep":"24576:qOepMnGH6LAD+dOs1N0sjCV5JjxvAA7Dued5mxWjF2TOj3lgY2E1bmovSz:qOeGGH6LAD+dOsr0sjCV5JjxvAA7Due0","tlshash":"54255c897649347287f355aaa0ab0401a6380b55f5588cc0f5fc9e7e2aaed309377f1f","first_seen":"2025-09-20T06:53:38.183809Z","last_seen":"2025-09-20T06:53:38.183809Z","times_seen":1,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/3d6acc57.d.m.DtDpVTYX.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.259Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/3d6acc57.d.m.DtDpVTYX.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 23677\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-5c7d\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":65014,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (62871)","md5":"6e6b2988e9a808851d77006221440058","sha1":"74f2635809ba8316f24f3139b6dacce50ad40cea","sha256":"d3eb915a26f6e73a411f93e205d2a58f07c3402f61f0bae834bef797b81e20c2","sha512":"97fb1ab7bcb57ccba1855e1f3626f366c3163810db148514e0dda750aa270bb11c20555f44d874c81896e3902c02b99142ae6b1dca3db039fd258bcc9e5ef48e","ssdeep":"768:pNN0F+V+9KSFzGMBuKvKlVy3gmSCDgP5udiFGSJK5Vjhsx9zku35Y6M+ukuda++G:pzt8FCtTgV+9zku3y6Vulda++jZmD","tlshash":"405380cd76c2b0a583a3a474402f840af33e2d55a84dc568f5bbc4d5bcb9819863bf6d","first_seen":"2025-09-19T02:19:58.255182Z","last_seen":"2025-09-20T06:53:38.184852Z","times_seen":2,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/moonSw.DTmx5t_S.svg","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.054Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/moonSw.DTmx5t_S.svg HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/assets/86620776.CqsnoeB7.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:52:00 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 235\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-eb\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:52:00 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":326,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f673be269667167e50ad29b3c8d4ca22","sha1":"1884d32e417962d76ad00b4b342243ee5c5ee813","sha256":"1248692f89afc35d90d402e22d5db4ddccd51391372bb1db5ecc317385255fe9","sha512":"0d12c27d1bcd3109bccb82f486e6b817aa7f9c14290c8979d68d4ddb5b8443f7c73a83d478cceffbd14e6aa8c83437863b4befabcbaf2a7a492c946e7fb4acca","ssdeep":"","tlshash":"00e07df24689880c342bcd72575146a523cf00fc346808e6d5ceca7af0c7a94e61bd44","first_seen":"2025-02-07T04:57:00.93733Z","last_seen":"2026-03-31T00:45:46.273576Z","times_seen":105,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24_t_445419.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.167Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24_t_445419.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 12077\r\nlast-modified: Mon, 16 Oct 2023 08:02:42 GMT\r\netag: \"2f2d-607d0d4a72eb4\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":12077,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"2d18d2bd4f72ef314daed25098e8fcdf","sha1":"cd8b3efd3aa72d6e2a5815817e60c8d2c36f39ea","sha256":"658369af820c82985c986868691e28c5ff7bfddc370fb739377276d025221848","sha512":"a87a5bafd569f000fc8a6e1a1d1b00db7b7c2f944f643a9d6af0cba3ad8d573e60790f6a79dc6da29fc1d3b1c29ca701aeca6d1c65eafa1cfc9c5790296b41e2","ssdeep":"192:okIuSBs1+oQ9XyZmTMG2HFmJcik4JM+ojndPMjYEdMRMpE+LqPTE5dbACtl9Q34:1IuSL0ZmTF2H4Jg+o9MjYEdYhTEl9Qo","tlshash":"f742c08155f78fd10e6b4cb3b3e044a6683dc955f0d9a4658054f0d07c2b8bacbb19ce","first_seen":"2025-07-01T17:19:57.228934Z","last_seen":"2025-10-14T14:52:18.346204Z","times_seen":4,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"widget.intercom.io/widget/cnjqphyx","fqdn":"widget.intercom.io","domain":"intercom.io","tld":"io"},"ip":{"addr":"3.164.206.53","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:03.311Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.intercom.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Sat, 14 Dec 2024 00:00:00 GMT","end":"Sun, 11 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:E3:24:32:5B:DE:76:F0:A4:43:7F:C2:84:CD:98:D0:50:48:25:7E","sha256":"B0:C5:D5:8B:41:34:A0:3C:41:21:0F:E0:A4:E1:C3:F7:66:24:A3:25:E9:E6:67:D5:40:EA:68:FB:D3:70:73:74"}}},"request":{"raw":"GET /widget/cnjqphyx HTTP/1.1\r\nHost: widget.intercom.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 2672\r\nlast-modified: Fri, 19 Sep 2025 15:45:17 GMT\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: gzip\r\nx-amz-version-id: .HoOJPV7YooX.DwHe1Hp6mUhrG4SrZ5A\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 20 Sep 2025 06:49:14 GMT\r\ncache-control: max-age=300, s-maxage=300, public\r\netag: \"a0c83da62346a053f1dc4a933b9c8454\"\r\nx-cache: Error from cloudfront\r\nvia: 1.1 72bf99485c118cad1199db46aaa7ea8a.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: HEL51-P5\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: zXixc-DwmccykuOhREUpJkSv6TSjViNIHLB9Sg8owYguGka_H1G7-Q==\r\nage: 191\r\ncross-origin-resource-policy: cross-origin\r\nvary: accept-encoding, Origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":6742,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6742), with no line terminators","md5":"61486d7a758354e23b27d7c2df7b461f","sha1":"dc4ac7c04819de4fbd2f44c5ed264f6a3f8c0d36","sha256":"a218083b352a35fa410d1b4bd60b0f6880fd1ecca4d7e324b8c35cd851a20ba8","sha512":"1ad35a045984580de108a4c59808be8e5e9e8a223c43b278068a90e7977248a24fb59f514840b65fea6b192266f6a18bd37a6ebb9e6ba76f23a9828787f90243","ssdeep":"96:vv8/xVqhstBp8HEZgOM0PI0FNuv7fADT9+tlb1JFrlPu:vOVGH8bMkyMHOlPu","tlshash":"08d162eeb6c23d7806a3157a623f770c7f3b648028494810d06989c87a76ddbc15bfad","first_seen":"2025-09-19T18:34:12.97303Z","last_seen":"2025-09-22T08:39:51.774677Z","times_seen":71,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":49,"dns":16,"connect":14,"send":0,"wait":15,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/64da48c6.d.m.DZJUAbgG.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/64da48c6.d.m.DZJUAbgG.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 48638\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-bdfe\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":192128,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (60476)","md5":"2db71df2b3283471d6d0302f011a4dd8","sha1":"96181b3d7434ba33d94d7d54be695aea379d9f1d","sha256":"8ed2ca6c188031f32e9b9d2a022a2361c8c9cf77cf334c863250d9312c811bcb","sha512":"422b2d1a47d487fe2279f75ee0f512fe31ec60cdabaa2fb46691c06c0a8bdf2687d18db405de0023ac8cbe5eb43d7564a92b7337a9338a1c7a4655da89cb732f","ssdeep":"3072:RFv88egIZ/bTrmxLZANKLJpgF299o2+7l9CUEC18WjtJ:RFU8egi/bTrmNZANKLJpgUD+CUEC18Wj","tlshash":"64141a1a6a0838fe4f710e2e571b7aa472334d84fa21c033d2b59f3e2f5a411f55b5a6","first_seen":"2025-09-20T06:53:38.188319Z","last_seen":"2025-09-20T06:53:38.188319Z","times_seen":1,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/50305e4a.DB0LIsL0.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.426Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/50305e4a.DB0LIsL0.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: text/css\r\ncontent-length: 135\r\nlast-modified: Mon, 01 Sep 2025 17:20:25 GMT\r\netag: \"68b5d5d9-87\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":130,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"907ac9cfb52ac014c83660d4594f9b02","sha1":"5f62003a8ba7c052178d800ce08eb6562f0ae699","sha256":"964d6f99fb6ca7eb121ca386b807fc661721b1a444da4b5a400916b938ab6d15","sha512":"c3ed4e2dd7b42ec2bd06630a5d156b8e4617f41b6dcd75c8b1f6156ad47ee7bfc4b7beb02310877519cc27c24fecfa92120acb26a9f4b678104e48ff1a282cbd","ssdeep":"","tlshash":"3bc02b5b08d0f377a694308ccd5c7e0480608002a80c03403040e438d1e0030510cc17","first_seen":"2025-09-07T05:29:21.958659Z","last_seen":"2026-03-29T15:19:13.396394Z","times_seen":35,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:48-2.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.266Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:48-2.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 32055\r\nlast-modified: Mon, 14 Nov 2022 11:03:34 GMT\r\netag: \"7d37-5ed6c30c99d96\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32055,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"91c02fefc155193ba38f6db70bd8adc3","sha1":"272515581c15c89160504c5bb37be31073688bc5","sha256":"ff632e81bc4c4e1e948b92db7e8ed20a3482843500f19d40b065e52fa34119c4","sha512":"7e11423e1eae7daac03f14aa10065a7c9bdabf02686c2ea890e50a1ed0bd30a166e39217f64c4a637d974ebe1bde957a14c937f1470b37d6e40c5520a97bc499","ssdeep":"768:GrcENr1r9J0FEKsf0UXKSSvm92f/9y52j/mNUJOYqvCFq2r/i:GrprJ9yFVsf08M+y/9bjDOjMq","tlshash":"60e2f16aa75cc23e2c9649df4ba4539ae2d25df70323187cf510d17f015a56233ebac8","first_seen":"2023-12-10T15:49:17Z","last_seen":"2025-10-18T03:17:27.422328Z","times_seen":14,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":66,"connect":37,"send":0,"wait":7,"receive":15,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/files/showcase/dark/color-esport.svg","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.333Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/files/showcase/dark/color-esport.svg HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 19 Mar 2021 17:11:17 GMT\r\netag: W/\"c49-5bde6cddfff2d\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3145,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"1d6280e68aabc41f98590f26a8d9777d","sha1":"a78490af36a48c3fcaf70f775c085fb5cc8f09b8","sha256":"3dda9b271d14659c452372e5ea0ffeff160b98f06a8f71a1636513fcc9dee439","sha512":"4560b989a80056d7ab017706b7154059bf95e5d29dfb97da7595c6288d956cf5ae884eee0458bfa9e944762c6ede445f0a9b2b9c28c25d6c4c265fbd2a14c0be","ssdeep":"","tlshash":"095145e7eaece0d5e84ad7a8d827c866b62d38fa67d3db5083c46f5df02409d4485d10","first_seen":"2023-07-08T17:48:53Z","last_seen":"2026-03-29T15:19:13.333625Z","times_seen":62,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":59,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/oswald/v57/TK3iWkUHHAIjg752GT8G.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.414Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/oswald/v57/TK3iWkUHHAIjg752GT8G.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 28488\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 19 Sep 2025 15:35:10 GMT\r\nexpires: Sat, 19 Sep 2026 15:35:10 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Wed, 10 Sep 2025 16:46:11 GMT\r\ncontent-type: font/woff2\r\nage: 55007\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28488,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 28488, version 1.0","md5":"22c3b00d2e65fb2c876a292423108958","sha1":"3c61d84659817fef687045bbfa0e1da9568e164b","sha256":"bd73278ee0c50041b91b4c03d1229e35b501637f46b6409e7da2d3a758446ea5","sha512":"33954d8a7ed3c87b3af8577bbae9439b9efba2a64445463d893681dad085bb8630d31c995ce010510a9c732926017dba9d5fd5002d0000ec1488b61889d6ddfe","ssdeep":"384:jlzdJfoB5YJ2kG1CdQegm8m00xr19KB668/BOTqE85gyqvPA34uEomcGvpMwvg84:jlzdyBzhIb0u1QB6vBOv8uvPAovJCs4","tlshash":"cfd2e0195e9673efe4552d3ea830affe91e32aad30507162c5db6c1155c438bc8e4ec4","first_seen":"2025-09-11T19:05:43.498829Z","last_seen":"2026-04-04T15:23:37.465743Z","times_seen":18136,"resource_available":false,"data":null}},"time_used":304,"timings":{"blocked":145,"dns":1,"connect":20,"send":0,"wait":8,"receive":2,"ssl":125},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtm.js?id=GTM-KGLDT3T","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.773Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"GET /gtm.js?id=GTM-KGLDT3T HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\nexpires: Sat, 20 Sep 2025 06:51:57 GMT\r\ncache-control: private, max-age=900\r\nlast-modified: Sat, 20 Sep 2025 06:00:00 GMT\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 121253\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":498354,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (45277)","md5":"83976bf371e7582f71d2fd425c8dac86","sha1":"7cbd616d9ffff90fce55e22e3101dc3b5a29be0a","sha256":"110187a2c067178230302baec15c24f93bf94081a7581fbd5f7a5558569e3109","sha512":"2471eaedad82d74468b358a0872eaf4e81129374a9c2a0a2f407bcfa021ffb0e4510e01c1555ae86c78dc3eb6c32556ad39b3b0639296a4dd4673466eae8188a","ssdeep":"6144:HKbzf9igtKEae7VKQd2sKDBbjSytugd7X:qEQd2lD/","tlshash":"deb4fa8eb6c4a87ac3a65524a43f060e757d20e2b24c9490f0d9ccd42e799797163fef","first_seen":"2025-09-20T06:53:38.191749Z","last_seen":"2025-09-20T06:53:38.191749Z","times_seen":1,"resource_available":true,"data":null}},"time_used":293,"timings":{"blocked":100,"dns":5,"connect":14,"send":0,"wait":47,"receive":41,"ssl":82},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/assets/sprite.MSFGSUBA.svg","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.238Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"GET /assets/sprite.MSFGSUBA.svg HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/en-us/\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: same-origin\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 915617\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-df8a1\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":915617,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a3e70e58d6400447738a4bfcab3d12d9","sha1":"761cf6a2794f2fa4f029a7cebf2626f548550f88","sha256":"5add74d66433822f72693c7cc19cd0ffd16aad3ec34943318a88cd6abfdb1514","sha512":"fcec6ebbfa5ae993fa232d988e71240a341bfca019dbb7abe0ae900e4bca80e52fe745df7549824e7590c15f6404f80725e99a0bf5654cc2aed90ee3d2e3bf68","ssdeep":"6144:lmWDijAXtLUHMqeEXTPYUTIVr+LcPLiD6aL9oJ2OYHNAMonj7aZ:lmfeidIUcD+y2fd","tlshash":"2915ccc51128538ca04bba6ddb7ffec0172f30a7795545821bafc79c915f680fb8a868","first_seen":"2025-09-19T02:19:58.335711Z","last_seen":"2025-09-20T06:53:38.192946Z","times_seen":2,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":108,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/f7cf2aa7.d.m.Cn0zlC22.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/f7cf2aa7.d.m.Cn0zlC22.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 1914\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-77a\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4284,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4233)","md5":"b947ef62a7f91df66c383c7f603a51b0","sha1":"54afbe339cf9ad8e4793d3c4e7447cbd1bc7c10d","sha256":"e3b74989ba78a34e873ea7d3e98f3bf9f832584a81de6a23f942862bd7a40857","sha512":"57d2873fe2052ecf8404ce5b2144f76e8b068209ee27c12f593f009e80294d0832fb463c354d5ee365ca6678393d02f0474ab22bbae7dc653ed3be14c448f7a5","ssdeep":"96:kaqcNxpuDF0s/ahcpbjNFpFJRJ3qkdeolh58Q6ud0/bLKCRXxBL:kanx0DGRSpb/pxJ3bdeolh58ad0TemXf","tlshash":"5e9184de76c1b4b997b764e590bb710160291c94701e68e0e12ce6e77e329dfc621f1c","first_seen":"2025-04-24T07:07:12.664409Z","last_seen":"2026-03-31T00:45:46.22582Z","times_seen":99,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/mulish/v18/1Ptvg83HX_SGhgqk3wot.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.412Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/mulish/v18/1Ptvg83HX_SGhgqk3wot.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 29968\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Thu, 18 Sep 2025 08:20:12 GMT\r\nexpires: Fri, 18 Sep 2026 08:20:12 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 08 Sep 2025 18:00:40 GMT\r\ncontent-type: font/woff2\r\nage: 167505\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":29968,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 29968, version 1.0","md5":"50220d0057de0b9e5dc8b4fb36ee97a9","sha1":"4d0c1135f6767c3945e596c25abf69919ba4b646","sha256":"8d1d33d6beea5a722b8f336d79c61c07405949457e37b5e65454c72dc10aba1a","sha512":"e305c7df33c9c99a62adc9637eac538520d846fdafffa738095667c8eb5326519564899211099ae4f39b63fb6d62f9366553861f101d797063447a61be8d1df4","ssdeep":"384:u8H1OIFdhnzrgxPfQPhTI67jde+X+7LEF15v/+cVur4KlRNME5BSwkR42VrSebai:3VOargxCRdpOW73Q/NMEqw8XrS8Bz","tlshash":"f3d2f2784521eddf2ecff7167a43bd92208be67b88f9268d92c5601b21360342c1dde5","first_seen":"2025-09-09T02:39:13.146786Z","last_seen":"2026-04-04T16:18:50.502344Z","times_seen":5119,"resource_available":false,"data":null}},"time_used":359,"timings":{"blocked":182,"dns":0,"connect":0,"send":0,"wait":8,"receive":2,"ssl":167},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"o237537.ingest.us.sentry.io/api/4508036400611328/envelope/?sentry_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c\u0026sentry_version=7\u0026sentry_client=sentry.javascript.vue%2F7.120.0","fqdn":"o237537.ingest.us.sentry.io","domain":"sentry.io","tld":"io"},"ip":{"addr":"34.120.195.249","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.792Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ingest.sentry.io","organization":"Sentry"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 24 Jul 2025 00:00:00 GMT","end":"Mon, 24 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C7:A0:3C:30:51:F2:AE:98:2C:88:9F:C7:8D:24:55:ED:C3:34:BD","sha256":"78:73:F7:3D:EE:58:1B:F8:9A:1E:17:AB:A3:70:00:86:76:EA:4E:AF:AB:F4:7B:34:5F:FA:39:D8:3B:5D:F4:B5"}}},"request":{"raw":"POST /api/4508036400611328/envelope/?sentry_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c\u0026sentry_version=7\u0026sentry_client=sentry.javascript.vue%2F7.120.0 HTTP/1.1\r\nHost: o237537.ingest.us.sentry.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 425\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: application/json\r\ncontent-length: 2\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after\r\ncross-origin-resource-policy: cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":2,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"99914b932bd37a50b983c5e7c90ae93b","sha1":"bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f","sha256":"44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a","sha512":"27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd","ssdeep":"","tlshash":"c7100000000000c00000000c00000000000000000c0000000000000000000000000000","first_seen":"2023-03-07T01:15:26Z","last_seen":"2026-04-04T16:49:46.122104Z","times_seen":554536,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"www.239797.win/subscriptions?platform=web\u0026skin=default","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.891Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"GET /subscriptions?platform=web\u0026skin=default HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://www.239797.win\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: rYaP21FNJjKiP3lY/2iKBA==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: nginx/1.16.0\r\nDate: Sat, 20 Sep 2025 06:51:59 GMT\r\nConnection: upgrade\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\nupgrade: websocket\r\nsec-websocket-accept: G3rvhRX+t92dp9DzwZHmGW+bvUw=\r\nStrict-Transport-Security: max-age=31536000; includeSubDomains\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":1,"connect":19,"send":0,"wait":30,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"239797.win/","fqdn":"239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-20T06:51:55.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: text/html\r\ncontent-length: 145\r\nlocation: https://www.239797.win/\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38168,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":170,"timings":{"blocked":74,"dns":1,"connect":19,"send":0,"wait":21,"receive":0,"ssl":52},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/71c69379.d.m.CipAdSUi.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/71c69379.d.m.CipAdSUi.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 1903\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-76f\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4593,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (4542)","md5":"f80659338a5ade39b5ed5ae5eb743ba6","sha1":"a681ff447c2e3a86de193bab7b4d616a58a8cc10","sha256":"d2f34639866e1591f754ebbd0ff1df1dcf9977dac52e9c942bdfd58850e112d9","sha512":"f542222be6e3a940a130d7b63bd4e76ff8382f36aec30fb6c6f14b3bc91a42fe3875767505b835686e5871c65874cf91688762eea9059e365261f5c5e38e19a5","ssdeep":"96:hEDXc09OgtWILm09OotcvMdMYO9OEVJMveri4XrKwJM:Y1OMbOotcvAIOEUmripwm","tlshash":"ed91c78d3c7f54719aff988ff0a90c1a9e6d0fe621244d4180bf14bb2ab7c50e662527","first_seen":"2025-09-20T06:53:38.195292Z","last_seen":"2025-09-20T06:53:38.195292Z","times_seen":1,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:03.265Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=e0c7f323a8eb4a3eb2d752ec81e08189,sentry-sample_rate=1,sentry-transaction=home,sentry-sampled=true\r\ncontent-type: application/json\r\nsentry-trace: e0c7f323a8eb4a3eb2d752ec81e08189-9fd04b1a4bedd5ac-1\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 140\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251; _ga_JZZNGY93CC=GS2.1.s1758351120$o1$g0$t1758351120$j60$l0$h0; _ga=GA1.1.206665698.1758351120\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:52:03 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":195,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"4265ea69fb443950f1c3f075c340959e","sha1":"672eb04987a6067a652137f7ecf32155d7b0b3cd","sha256":"8995cd2887a418d49530aecac04664d7d62c37fdd4f2a7962589b8f558a3f366","sha512":"141a37af909e194ee67cf95aed9d8f9094f69e146159901d98ee7cecb846c6c6e08e9e7b40c7ab6d05af6f1f4a666622e79147aa9d1d37bff3ba9358f7b83491","ssdeep":"","tlshash":"70d02282c40e0e1a0f01a0894038f58f747e20370aaa6c34c9c97219bdcb86c528ca38","first_seen":"2025-09-20T06:53:38.19644Z","last_seen":"2025-09-20T06:53:38.19644Z","times_seen":1,"resource_available":false,"data":null}},"time_used":33,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"track.liftdsp.com/smartpixel.js?pixel_id=154038\u0026json_id=ac786b28-283a-4d76-a40b-23e03f94ae14\u0026diagnostics=false","fqdn":"track.liftdsp.com","domain":"liftdsp.com","tld":"com"},"ip":{"addr":"54.240.174.124","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"track.liftdsp.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Fri, 25 Jul 2025 00:00:00 GMT","end":"Sun, 23 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F5:18:52:8D:E1:26:95:D7:DB:15:DF:B9:09:C9:C3:C0:77:05:A0:CA","sha256":"73:B8:80:92:8F:BE:DE:B0:39:0F:83:CA:C8:55:E1:16:99:75:C0:B1:4B:73:FD:83:54:F0:AC:CA:65:35:39:40"}}},"request":{"raw":"GET /smartpixel.js?pixel_id=154038\u0026json_id=ac786b28-283a-4d76-a40b-23e03f94ae14\u0026diagnostics=false HTTP/1.1\r\nHost: track.liftdsp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\nlast-modified: Tue, 16 Sep 2025 15:19:11 GMT\r\ncontent-encoding: br\r\nserver: nginx\r\nx-powered-by: Express\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncache-control: public, max-age=0\r\netag: W/\"1f0f-199531bbd98\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: EQjROTozxCe4wAGjv_-H22UoL4P5eowyvuig02VoN1rj1u_5oJjh2w==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":7951,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (7908)","md5":"2cc8385e15896d4e0c75c72287858ee0","sha1":"9a44dc2ec1ae023691f4947d9a73631e980f05a3","sha256":"ff25ed162078b3779e300d981837f9bc72ff1bc4897dd83a531a1009ff0213c0","sha512":"60027f5cffead1f4b91485a30539543c12723ca42788211665b324b39e5591d4df3e91ebbf8da5514200ffbcea1d85a5d80e393d3067d01d0bcc3e1996511180","ssdeep":"192:TIWI5Qyb5pxsplCYcJzzxaE56EYryO4pj1semZuYUO:TIV5Qyb5pxGlCrzx8NOhHY/","tlshash":"98f1e8ad25b9143102a419faa17d01640273e33c749b94e0b27d4e65b495ea373bbffc","first_seen":"2025-09-19T02:19:58.401904Z","last_seen":"2025-10-10T03:20:09.690845Z","times_seen":11,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":109,"dns":108,"connect":1,"send":0,"wait":26,"receive":0,"ssl":6},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:175014.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.166Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:175014.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 15932\r\nlast-modified: Mon, 14 Nov 2022 12:43:12 GMT\r\netag: \"3e3c-5ed6d951a9ae2\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15932,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"32fa3a676bbad1d75bcf35d9eb22ff46","sha1":"ea72b2dcd7548e5b26877f93417223e62fec226d","sha256":"170f7154a92b1001fa1ea632f249d2eac050e76cda1fbf35bd845251b7cef970","sha512":"18d08d9b7b3393570019fe2b1c2c25e0d28d260e1fce122d9800e5858806f44de5844a5f8eb7d875c3a9d5441fe35c5521b0efc29cffe7d5e056bb86e29e895c","ssdeep":"384:wDtuZIBQHT3uovman9E657wkqfNoykBO4IJBfI:whulHTeovde6lhCNoZmg","tlshash":"6b62d0d02e97a4c7d634c26049027bfb3cb170a25c17fe5dc1456c19e8aa384fb58a96","first_seen":"2025-02-12T21:05:05.569506Z","last_seen":"2025-10-18T03:17:27.739817Z","times_seen":8,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/64da48c6.B_8oPlol.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/64da48c6.B_8oPlol.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: text/css\r\ncontent-length: 4124\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-101c\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19353,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (19352)","md5":"bde322d8a4ff3bcb71e14f86d774c367","sha1":"dbb9e332fed27e87e1d80cb63698d34ce9b74513","sha256":"62d43bb22f7e9b994a0ddf2dff13dc3ce8c8738917ed87b9df79854dd1a4b15a","sha512":"4a95db3ab74044d213132fb2b5b8d499ea58c456823bd7ef7d940a6b83076fa85c283803b14606e2c254c2aeedc48a603d7c94e04d4eabed32470acd05b3fc79","ssdeep":"384:K7vLCu3GWUVrfvNPoA5U9L1I1n3Y4FUfBFo7:KzLl3GWUlfvNPh+BK1n3Y4GfBFo7","tlshash":"a392a8dd0d58267abb3b612fc6e7ba0ce22ecc4699a216da71f1e51d47c138093e3d14","first_seen":"2025-09-19T02:19:58.382215Z","last_seen":"2025-09-20T06:53:38.199512Z","times_seen":2,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages2-21a8b.kxcdn.com/SC/Leonbets/web2_footer_icons/6d-10.svg","fqdn":"cdnimages2-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.224Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /SC/Leonbets/web2_footer_icons/6d-10.svg HTTP/1.1\r\nHost: cdnimages2-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 02 Jun 2023 12:10:30 GMT\r\netag: W/\"ca0-5fd24706b3b87\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\npragma: public\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3232,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"4feb8d06f37c2f44aecd2679273e7166","sha1":"51b090ba7ec1540ee91b5eb2f5baaff00e1b9091","sha256":"793070f67620a3fea86fc80d857382a8b1f6811104a9d39acf076a2e35e0b1ce","sha512":"98983acf509780027ddf42bdf7f9bef69ea871111634bc4becaaab9dcf479bc3c24123c959e112b33cfc0afcfbf36a977bd3d8eb73926076866771563e34c20b","ssdeep":"","tlshash":"ec61fad9232856aae44072f9cf56a4dc2d0eeef483c54479cb422f1670a40e51f379eb","first_seen":"2023-11-29T05:22:04Z","last_seen":"2026-03-31T00:45:46.233786Z","times_seen":72,"resource_available":false,"data":null}},"time_used":384,"timings":{"blocked":180,"dns":81,"connect":5,"send":0,"wait":25,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:475488.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.071Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:475488.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 5148\r\nlast-modified: Mon, 21 Nov 2022 15:17:39 GMT\r\netag: \"141c-5edfc8e58c56a\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: MISS\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5148,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit colormap, non-interlaced","md5":"f020bbe0e39a35cb0570252ffbf68e17","sha1":"0fb090bd8d1f018f7b671453d597cbac64242502","sha256":"353d9a13c8b8cefff11a67fc375e16d014cf3e0d67ba2fcc5d0600f01a6e8c45","sha512":"ae7f59b934d10363ff3d2c7d0e5639ce8adf5440d44ff43b78bb827620cba7ed03620b4c89484074e4638417b7f48092043e36f5854f95a6b65aba5d06323bb0","ssdeep":"96:pOODzWTR4EgOtis2e+/nnkKheHcTRW4/PA3xJAPW25qZND0/qHUjv:0ODWR4TOtpW1el4/PAhOW2sHfUjv","tlshash":"26b14b9f22e0ab04ea2753b79958745b90661d693b4c273c464bf0f0c0f16bc6c6340b","first_seen":"2024-08-20T14:34:19.231946Z","last_seen":"2025-09-20T06:53:38.201409Z","times_seen":6,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":183,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/images/typing-indicator-dots-light.bca780561b938c6d59fa.webp","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:10.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.intercomcdn.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 31 Oct 2024 00:00:00 GMT","end":"Fri, 28 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"D2:4F:FB:78:56:DC:20:7E:66:CC:9B:57:7F:92:C2:FA:50:69:C1:5B","sha256":"09:35:37:9C:E9:C9:26:27:7B:F2:E2:42:CA:82:EF:F1:2C:B2:B4:97:04:61:0B:FD:77:9A:15:4D:57:F4:76:D6"}}},"request":{"raw":"GET /images/typing-indicator-dots-light.bca780561b938c6d59fa.webp HTTP/1.1\r\nHost: js.intercomcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: image/webp\r\ncontent-length: 13034\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nlast-modified: Fri, 12 Sep 2025 20:29:19 GMT\r\nx-amz-server-side-encryption: AES256\r\nx-amz-version-id: 15e.MGXIEmXh4ew6YmqJOFBB4hvdD9Zv\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 20 Sep 2025 05:19:18 GMT\r\ncache-control: max-age=31536000, s-maxage=7200, public\r\netag: \"b700720d35e89d819d57de437af03efd\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 2d4ccfc38ee1229022124d55e34be376.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\ncross-origin-resource-policy: cross-origin\r\nage: 5576\r\nx-amz-cf-id: KWkuHz-cUMXMIY3sbFZDG7u4MzmmYIx7jiFSFf-vJjCqtnE7m9tXJQ==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]}],"data":{"size":13034,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image","md5":"b700720d35e89d819d57de437af03efd","sha1":"7494ac76d2d990f18f996f62b6178f5157c166d1","sha256":"8282648c2bb0939b8d60499cc5720a7784697c07e9c9df3fedc7c17095826507","sha512":"70672f1200ffce46aae932af1c019d72d38b35f65d0f16f79c7b67907c2cb4a1664424656220479ba604146de3a56aef116828f7577f132703344446580d4bf8","ssdeep":"384:OC9X27RBsApMK2WfWNMs9PNSx2eUBbGGuQiD2ifu7:OC9iRSOMKnds9F1/jif4","tlshash":"5e42aed6f753b499e16318f64e92d0d02622169d24039f68a047f6f3998098dff0ef9c","first_seen":"2025-07-01T17:19:57.394659Z","last_seen":"2026-04-04T16:16:53.170148Z","times_seen":6572,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/a48612de.d.m.CD-qh7qO.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.981Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/a48612de.d.m.CD-qh7qO.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 5101\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-13ed\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16388,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (13642)","md5":"dd370b588e3b3440dc52c0a2bba061ac","sha1":"d90a2dd0fdaf326b31c329423c61e099a444aa8c","sha256":"df5ae03a4dc4c6ca47dc0c92321cf19ae26f7e68941739da53476d9fe8c23607","sha512":"ee905b7d599acd59999855676930144cf36cc053d805cee101ab7cec270ff3a55022c2ad6511d27510ce9f1095e008912a8832beccd6a94d9eba6efb2d0f2d08","ssdeep":"192:ZPCC7grNwcZifjlJYzqFY5nEo+bYPtl/qQhphf5/Zn1HoDGtyZuZDZgI9ICIxO6v:JCCMrNUlJS3F+bChJ/ZnSGt8iyN","tlshash":"de728315f2858c702253caf651782940f24ece45126996a5b2fcd9fddab1c2fe03e7ac","first_seen":"2025-09-20T06:53:38.202635Z","last_seen":"2025-09-20T06:53:38.202635Z","times_seen":1,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.016Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=e0c7f323a8eb4a3eb2d752ec81e08189,sentry-sample_rate=1,sentry-transaction=home,sentry-sampled=true\r\ncontent-type: application/json\r\nsentry-trace: e0c7f323a8eb4a3eb2d752ec81e08189-be75dce842ba5f17-1\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 367\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":132743,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"0bb8f67041ed60344e2d72528a23af35","sha1":"3e357a054a760cb001ec6de40f1ae03379cfb28f","sha256":"6e3269d8ead8846e4976c41ccfe4076daf2519c78edacca4640f34d30c41022b","sha512":"55f227443ebd764d4dd56e5027f3c50c189ffe37aa3d0037b270030ddc91d637b43ff5bca83b7ba05f4b6273befa6ddcab962f550dd100043649552741db2eea","ssdeep":"3072:NqxQ/QVp2VUD0JaJMNCfql/MNCQVgXp8pXpep5pypHpfpjpyp7pUpZpEpZpXpepA:NqxQ/QVp2VUD0JaJMNCfql/MNCQVgXpv","tlshash":"7cd3d03fa789b4abe7ce235c7c6f38d49b1e20071a44f3a5725e44558fa08fb20752a5","first_seen":"2025-09-20T06:53:38.203706Z","last_seen":"2025-09-20T06:53:38.203706Z","times_seen":1,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/sunSw.DL-onBB5.svg","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.053Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/sunSw.DL-onBB5.svg HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/assets/86620776.CqsnoeB7.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:52:00 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 263\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-107\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:52:00 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":364,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b0811eb7ab652dc7ee7bee06fed53671","sha1":"1192b619f776177819ebc73c6f6f31b11b891d24","sha256":"0565ef51f5934a1fc6f8a6e25f958de335b791559e5e0c100b2649acbe64f92b","sha512":"89bdfee5cd795ad373e227320ee5ad9b5509e9e1321726170fd93642d694389df569212784af41ed18a6a21f578507ea65d15cfe5d599e168ed956eae70f4ac9","ssdeep":"","tlshash":"d8e068d34b0af6ac92418636d9a83ae0321e64aa107420a8846e05a020569cee207ce8","first_seen":"2025-02-07T04:57:00.938579Z","last_seen":"2026-03-31T00:45:46.258466Z","times_seen":105,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-2/betline/headline-matches/changes?ctag=en-US\u0026allVtag=9c2cd386-31e1-4ce9-a140-28e9b63a9300\u0026flags=reg,urlv2,mm2,rrc","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:08.136Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"GET /api-2/betline/headline-matches/changes?ctag=en-US\u0026allVtag=9c2cd386-31e1-4ce9-a140-28e9b63a9300\u0026flags=reg,urlv2,mm2,rrc HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=970305583a5748bcb3ddc0aefc14caed\r\nsentry-trace: 970305583a5748bcb3ddc0aefc14caed-84eceb7f5f4602a4\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251; _ga_JZZNGY93CC=GS2.1.s1758351120$o1$g0$t1758351120$j60$l0$h0; _ga=GA1.1.206665698.1758351120; intercom-id-cnjqphyx=ae23bf96-1d48-4e97-8cb4-428201d1ef26; intercom-session-cnjqphyx=; intercom-device-id-cnjqphyx=287449a7-a7b9-4495-9751-5a88562c3289\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:52:08 GMT\r\ncontent-type: application/json\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":124582,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"93bdbf6569f4ba3eacebc10f5068a1b5","sha1":"a02b274052ce7d4294e9c5ffc0e96e105d405499","sha256":"6da11df1c3294eb1f86da58a8712823a2a7b2b7f8ecb4354691fc2d11a0191b3","sha512":"d80c47301f453913a4e59cc90c1e961d1b889361f919213b333319cefd091eec7efefcc88e3af23adfe56aea3dfe1b1071ccac44a3310fe398a817a4e281bdfd","ssdeep":"3072:Bv+a/heUk1qVOWSObVWF3UjFG6hKc3acb/bOWqoXycNwy3iUCCt/5WmgQA6c6:Bv+a/heUk1qVOWSObVWF3UjFG6hKc3aA","tlshash":"0cc30c0822091dbcd76229d9cd872bf558c4537fbed8ee82b6eccbc465753ae221111b","first_seen":"2025-09-20T06:53:38.206062Z","last_seen":"2025-09-20T06:53:38.206062Z","times_seen":1,"resource_available":false,"data":null}},"time_used":86,"timings":{"blocked":6,"dns":0,"connect":0,"send":0,"wait":80,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/actionbn/1125x469+%286%29-193@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.329Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/actionbn/1125x469+%286%29-193@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 51284\r\nlast-modified: Tue, 02 Sep 2025 13:43:27 GMT\r\netag: \"c854-63dd1ac380af8\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":51284,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 750x313, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"843bd8ec55fff3e514c34f5a39a0016b","sha1":"e2eb1ac97d4ffaf6ae2b2acf0c3564b887473e70","sha256":"1105c5ef9017a57cf1ab1be61b8f18ac37c5afe3b1da9b383ab6ec4144337f06","sha512":"416157b215365911ca9e4919084466550b4de94b4cb57b78e63d2309435dc172cccb80c7c31f0842d4442b6832937f893a9d3365d843c943473baae9f94c85ea","ssdeep":"1536:My7t4UyP2KrSkNuWAM0lHb3KK5Q/Rvp+EI:vt47PVStM0dKRqn","tlshash":"8f33f1714648d3f4eb12126ba8fab4b41c6c6936ce140c25adbee60deb30cbd64d95cd","first_seen":"2025-09-07T05:29:21.841334Z","last_seen":"2025-09-20T06:53:38.207125Z","times_seen":3,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pixel-us.r2drtb.com/pixel?auth=4jg3s6\u0026event=visit\u0026uid=undefined\u0026tid=undefined\u0026cur=undefined\u0026amount=undefined\u0026site=www.239797.win\u0026ln=en-US","fqdn":"pixel-us.r2drtb.com","domain":"r2drtb.com","tld":"com"},"ip":{"addr":"88.214.195.101","port":443,"asn":46636,"as":"NATCOWEB","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.480Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2drtb.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 26 Jun 2025 00:00:00 GMT","end":"Wed, 08 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:48:15:25:D2:83:00:DD:7D:70:07:A2:B0:40:FB:88:E5:9B:C3:05","sha256":"59:30:1A:64:93:31:49:89:58:C3:C8:2E:88:12:01:02:54:8C:F0:86:A1:40:B7:58:E0:4A:3B:ED:8D:8F:9F:A0"}}},"request":{"raw":"GET /pixel?auth=4jg3s6\u0026event=visit\u0026uid=undefined\u0026tid=undefined\u0026cur=undefined\u0026amount=undefined\u0026site=www.239797.win\u0026ln=en-US HTTP/1.1\r\nHost: pixel-us.r2drtb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 20 Sep 2025 06:51:59 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nCache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store\r\nPragma: no-cache\r\nExpires: Sat, 01 Jan 2000 00:00:00 GMT\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.575Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=e0c7f323a8eb4a3eb2d752ec81e08189,sentry-sample_rate=1,sentry-transaction=home,sentry-sampled=true\r\ncontent-type: application/json\r\nsentry-trace: e0c7f323a8eb4a3eb2d752ec81e08189-854a02fc6e5323c7-1\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 364\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":10568,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"63a706a9664abd2c976bb7efbef46604","sha1":"7d199498f0e7b2e8af984127c98e1bb910bcef8d","sha256":"59f87bb72ba80694553ab296f0745576771e7a44cf4c33277ae7bc0e3c2bfa74","sha512":"2d32a81254f38f6f088e8759dfe6d5240207753d5c875eb4fd26df7d92da1bf0048cb4f3b959c73bbd2c60af3ba78a30680be0af50d4515a5be42de60674010f","ssdeep":"192:nX26vxqdJITZgr0+H4iUovZIErDOn9jJEe+54Xd6/utsIjXE7I48EIJ1OJqyNQ:XBqwUZni9j/M/utVmmAUiQ","tlshash":"7422a507978823673217536b73df32d55e2e448d172988601cb98958f35cf2ada3abcd","first_seen":"2025-09-20T06:53:38.20829Z","last_seen":"2025-09-20T06:53:38.20829Z","times_seen":1,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:43854.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.093Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:43854.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 5407\r\nlast-modified: Mon, 14 Nov 2022 11:05:02 GMT\r\netag: \"151f-5ed6c3609b77b\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5407,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"6ee857d579cb3551526f38f420783c80","sha1":"caf7ae2ad498df7057319ada891e74b31d92afba","sha256":"07417c2a27f28f7a89009236e4de55f08251fef62620289addd8815b7da5acab","sha512":"8d2df32baf2e680a6e882ddb9c4e3ad4f3fdbcefe7cbb0a0d74c68c5b933b32f4bfcff5fbed60830eed504053000952705180082974fb4e44064467a4a3f7728","ssdeep":"96:rrIVX576xlqOuXmZi8OAVvfEvL9X1mRRkg/MhxtaTGS56ON+++uemEv6cmOXB:rrQXheqOuWZnHvsvL9XOkg/YmGo6i++e","tlshash":"ccb17de60d330200c38d8d6782e6aa8d23bad84cc09a099f7e4c42e79d7d19d20cee65","first_seen":"2025-09-20T06:53:38.209546Z","last_seen":"2025-10-14T14:52:18.292116Z","times_seen":2,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:3938.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.134Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:3938.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 6052\r\nlast-modified: Mon, 14 Nov 2022 11:05:01 GMT\r\netag: \"17a4-5ed6c35f8a022\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: MISS\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6052,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit colormap, non-interlaced","md5":"5e5a2b1aca77a3c569847047698e9da2","sha1":"5a6746f54ed4b1ccf4e55f053f694eb9f5bdd467","sha256":"c920601b759fa1845f019d5451374520de474c22477e2f36b8c264ac1a0c2cd0","sha512":"cb72ccd4dbde572dbb32cb442d029b7a06df5472f77d7aa3284993a17270eca3816e01f2d32c7f67b5c0c267068de152ecccc9b9faa6db8b77f271f048d54e0c","ssdeep":"96:zKz/O7RJuXXFkUUexh6kXPeiz6LSYYhlBKGjDP47ydmvsmkG/WQ:+zW7RJy/eiuSpQuuDvsmpeQ","tlshash":"a4c18f5fa5b020e3950450c6e0ad185477212aef460725b4f76fa6943a3c2c69e91ebe","first_seen":"2024-08-19T15:55:59.428064Z","last_seen":"2025-10-27T01:31:05.969262Z","times_seen":6,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:48632.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.150Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:48632.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 6179\r\nlast-modified: Mon, 14 Nov 2022 11:36:05 GMT\r\netag: \"1823-5ed6ca5101603\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6179,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced","md5":"fe7578805fe341b474878be3f4acdb1c","sha1":"57f789b24a83af71604bc48c42a2717c46e7d12a","sha256":"2a814e77318d3d113336c11f88c13950812a7e0c91b533958181043d6d21c9be","sha512":"887d25cc7b30fff7acf0f2211a986863499de589c42e8bcf4e8d4b91c0bb492dfbb6a9c3e8e1054d51ebd421a879d724c882530f90ace61c4d840feca84efffa","ssdeep":"96:TDT5AcFO69RvDnup5n7OBzF5SmtO7CYsLpRp6xu4HEHblUKkg0mgA3fNGyDME+9:T3nJZj1d1OIR0xu4HEuKB0mN3fLNw","tlshash":"b8d19f0f6789e13356e214f968438c00277a66595f581148759edb5a673cececfd0c0e","first_seen":"2025-09-20T06:53:38.211194Z","last_seen":"2025-09-20T06:53:38.211194Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/fe740d55.d.m.BDHEXQZ0.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.755Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/fe740d55.d.m.BDHEXQZ0.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 9582\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-256e\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23448,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (23397)","md5":"5f589cc7b7655902188044b11e92a930","sha1":"1cb57f93479b8fe08019c2fc88013a27f5c83893","sha256":"a648c1f005f32ce0bd81c94ba47dc015e12068f598b9bd19e483d0730383c09c","sha512":"ef23d9a798fc3d9438d976be5719e0d57daa4ad5d0729fbde572aeafb52de383e18974766a7b9b81188cc3f46cdb9e8ad5de68682c55d85089c8bdf22e4e8da8","ssdeep":"384:bjXRm3d79p0eRyz7JVCgYJRHMT7S1Nd5/iZoqbl3CRAAjFXWd4qEg4Bh2QV442nr:bjX8Zp0cyz7JVCgYJNM3S1H5/Q/blSRg","tlshash":"bfb2d7e93282707687e60ae5807b1106f2761dd5384e94d1f02ca9d73c73d6982bbf6d","first_seen":"2025-09-19T02:19:58.369515Z","last_seen":"2025-09-20T06:53:38.212429Z","times_seen":2,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/files/showcase/dark/color-roulette-1.svg","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.326Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/files/showcase/dark/color-roulette-1.svg HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 19 Mar 2021 17:11:17 GMT\r\netag: W/\"12f5-5bde6cde231b5\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4853,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"a330652e8d9e63c87f6b17ab02fbc724","sha1":"7d781f9d01000f50052faad11b76c23156c58eaf","sha256":"988e9effd6680b71fa8355efb7f41e55baf7fa096fff438cc8838ad0186043a1","sha512":"cf78061c968e5e82be1ee1740d62c65eba749396551fbde6829d1f65a00c2841bb35214d9671e53999229d16a555d58cbf3290c5731ecc54b60b84ff9a05cce8","ssdeep":"96:n8PhecVgS5XbsGy/iyylgH8VJy3Y58tTXSFPv99:nU08JRbdB9yLtTi","tlshash":"24a164ebb3d0b7c0d143e3b0d0229574776729baff6ac3864290ee55aa550c9484ec94","first_seen":"2023-07-08T17:48:53Z","last_seen":"2026-03-29T15:19:13.361076Z","times_seen":61,"resource_available":false,"data":null}},"time_used":79,"timings":{"blocked":47,"dns":0,"connect":0,"send":0,"wait":32,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:2828-1.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.277Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:2828-1.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 5225\r\nlast-modified: Mon, 14 Nov 2022 11:15:50 GMT\r\netag: \"1469-5ed6c5cb1575a\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5225,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit colormap, non-interlaced","md5":"0f643f15485227f705967971cfd640f0","sha1":"20140f5f388d28c5af9f3400542127c32cfca5aa","sha256":"905d5650ca03417b858083f379262e711a565c9439b28d6cefdc1bddaf553398","sha512":"55744d2a9804bc23dfd62e5c8b9d5c6ac2dd0217e8e4ae2d774a4d4d5617233bf11171252127832fae5af1aa2df245afa4a191619915c696ce5be6a5f970f5bd","ssdeep":"96:FppIF3znnO688eLoO26XX8aEFAmFsb5+K1xxts6infjovAC:FppIdznnX8RLoO26XX4wb5fDZ2jVC","tlshash":"d7b16dccf2497cf6cc0c99a76622434118642daa71bec496e4243176e437a9d3c4b2eb","first_seen":"2024-05-30T08:30:17Z","last_seen":"2026-03-28T11:02:42.369021Z","times_seen":44,"resource_available":false,"data":null}},"time_used":126,"timings":{"blocked":0,"dns":54,"connect":37,"send":0,"wait":33,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/a17a5642.d.m.wC7cG7S6.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.969Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/a17a5642.d.m.wC7cG7S6.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 108103\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-1a647\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":334258,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (19927)","md5":"7d753d1373e79bad2b63705f7f5ddb9c","sha1":"6f1881282178bbef3c6eacaa5acd977f679d00f8","sha256":"03972688fe8b28167998001c9a2efdc4f9cb7e6b71aecbf18215d8107e9510d2","sha512":"51b61b99926f9ea68de6f6620d6664c68c2722e0205c610c15f0e6ea64fea9555b43409f001057c3ee7f58817202b245866699e46c706820bf8d57512bd67678","ssdeep":"6144:+aW1RjYdw0yNVH2rk8ayQ1002rMO6WOyp4On:pW1RjYdvKx2rkfyQ100Oelyp4On","tlshash":"df6408d971d6703243e70aa5507b4102f7395e90740a91a4f92cddef3eaa40aa2b7f3d","first_seen":"2025-09-19T02:19:58.29183Z","last_seen":"2025-09-20T06:53:38.214636Z","times_seen":2,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/actionbn/1125x469-5073@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.293Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/actionbn/1125x469-5073@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 46636\r\nlast-modified: Tue, 02 Sep 2025 08:05:37 GMT\r\netag: \"b62c-63dccf40831f8\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":46636,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 750x313, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"b8ef85f876f0cbf37e847be596e10f7a","sha1":"30d30eeeb402324704c6dbc7a6b8febb8a5ead3d","sha256":"5e26c9d580781a82eac79e99f7fa280e996eeac30d282b17a022d7645826aa2d","sha512":"972e23288229b174a02e999e3ed395e6a76c2ea7f2a342e98906fdbd53fb60b296537e4472d67f41cc5a15d329b7ea0219d5c00dc9961e9dad036ef392f79008","ssdeep":"768:jpc6jfwPXGZ39zD/A+vijgyNwiuTLSau6UVRxx0UWIGDfou2yuMKX1v:i6j4PGZNzc+munTLSau6PUqDpjuX1v","tlshash":"3f2302205cf4d0da95df1797675066a383b2ca3c04b941792ade0f1a87abed2e70384e","first_seen":"2025-09-07T05:29:22.003349Z","last_seen":"2025-09-20T06:53:38.215812Z","times_seen":3,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/76a0a3dc.d.m.CF5a6iep.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.024Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/76a0a3dc.d.m.CF5a6iep.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 34425\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-8679\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":127753,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65299)","md5":"16ec0abfb1bf50afd623a3bef9315917","sha1":"5b5285b72f37063a865109fb728e496079369c5d","sha256":"25af59f7979840560a195505d3338c8d0793466cae0ccb35a9ebc4a19c53ca4d","sha512":"77a7d503f0cd376c1901fcb4838fab6535016600ceb9d5746c664b222035147f2a79aa23fe19d02ac05d18121a5cb9de7a0b8a7874d86fa710e4fd4b6acf5fcb","ssdeep":"1536:/aFrMKMH/EEZcOhGol2gHv3tVWoSBNWKpw3j2Vg6:4EZc6GaTj63","tlshash":"fac30a55f18068b5c3a361c6e099408233b80f83b16649c6f6fe9f7e35a7d349362a5f","first_seen":"2025-09-20T06:53:38.217076Z","last_seen":"2025-09-20T06:53:38.217076Z","times_seen":1,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:09.493Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=970305583a5748bcb3ddc0aefc14caed\r\ncontent-type: application/json\r\nsentry-trace: 970305583a5748bcb3ddc0aefc14caed-84eceb7f5f4602a4\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 139\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251; _ga_JZZNGY93CC=GS2.1.s1758351120$o1$g0$t1758351120$j60$l0$h0; _ga=GA1.1.206665698.1758351120; intercom-id-cnjqphyx=ae23bf96-1d48-4e97-8cb4-428201d1ef26; intercom-session-cnjqphyx=; intercom-device-id-cnjqphyx=287449a7-a7b9-4495-9751-5a88562c3289\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:52:09 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":205815,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"fd767a34e6f4437c325e78b93a9be686","sha1":"7b70eccb5a7c701c8ca9c0ff8ecde7b790d6ddf5","sha256":"b9e561ab50d85bf13251625df0d1f18eb64274becdeb9357e534c3e7f1a150ba","sha512":"8c545d4af21cb1a59223b025944aca6ef09b92ece9980e19f9740b03e0464085e38e71e80cc65d43eac059ff8e293b63c665ecf0c3104e3bb0855106156acab0","ssdeep":"768:j1aVXsJxbniFIr2Z8+KMNa7YpG3LVdc/ORgDC4USXXmJh4T6wtX1PGx0i0AjuF0q:o3glweSMhTiu39qagqnJ+nd","tlshash":"6814c5a9771f583e743b54fe97064b61262671b6bc2ca060e96fbd5830becad6035c03","first_seen":"2025-09-20T06:53:38.218169Z","last_seen":"2025-09-20T06:53:38.218169Z","times_seen":1,"resource_available":false,"data":null}},"time_used":62,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":62,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/7bdd72e8.d.m.C9aSXX02.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/7bdd72e8.d.m.C9aSXX02.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 1655\r\nlast-modified: Wed, 17 Sep 2025 12:25:09 GMT\r\netag: \"68caa8a5-677\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4381,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (4330)","md5":"ca67557c4975f3daf9dcbd2fe3fe8fa0","sha1":"a5cdccaca0bc14ed0e9188e30ba546cc658e81dd","sha256":"a0a89bc574d926459037d03226b708800d90c9671e414e0aab50fb22d1a25c2f","sha512":"f68b6d32532c908a7f240b70671d7262d31619f598dc879567af52c8b9492391c8121270fc12a7b13580230b714bf90bf49e7403129aaa066049265cdd2acb5f","ssdeep":"96:fKshRJJD/RDlV/waI2huJVvVDdTCAtcyvzrQnJrQviQX:9Hj7trhuDvTTXvYJrmX","tlshash":"1c918cc975d3b124a3a62435402f9a0ef63e7d68984ce058f167d1e87d7942ad233f38","first_seen":"2025-09-19T02:19:58.305531Z","last_seen":"2025-09-20T06:53:38.219222Z","times_seen":2,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/fd2fd3f8.TadvuQR6.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/fd2fd3f8.TadvuQR6.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: text/css\r\ncontent-length: 738\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-2e2\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2989,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (2988)","md5":"033bf2fa4706b216fda9578d8c6b2078","sha1":"3a89ff4e4f31fe24af064232028922a020cb24b7","sha256":"9655e30d07b8a936979f4a5e82b8926f744fa3082131939cf7210dbd6df5f83c","sha512":"26f73c89b717b126d8e751a478783e21ecebf07b0833979f5610459a9e6d57b9458c191b868e87c8ef329e4c3f5185b68a16dac4fbc54a65dbb56e0281fdec7d","ssdeep":"","tlshash":"615126adce1853a9a4d754fab1e64e4e5004ac43f8391a51b991fd2ec182fd1630ab4c","first_seen":"2025-04-24T07:07:12.695805Z","last_seen":"2026-01-25T14:09:20.120042Z","times_seen":90,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:3946.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:3946.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 3614\r\nlast-modified: Mon, 14 Nov 2022 11:24:44 GMT\r\netag: \"e1e-5ed6c7c7a960a\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: MISS\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3614,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 240 x 240, 8-bit colormap, non-interlaced","md5":"6dd845281d9d93ef5656890d0dd38db2","sha1":"b817316ef876253bd7b67cdce5df2d07bf47da4a","sha256":"16aca23e54679eb44d5a673c7802ad35d83cb5e9834a013da075929a8722b58d","sha512":"7454e8e5ebcc74cb21784d9029ff7cb1ba82c8d6473cb46a3957cdc505824b55a0d84fbe0faaa4bcf1a354299e851b4960b14c4288ad08eece24b6b8af4618b6","ssdeep":"","tlshash":"54715bd0cae0f27c860b3d190881f14cf2f5ce409b293d364266b36a6d7e94e9adb418","first_seen":"2023-11-07T14:36:48Z","last_seen":"2025-09-20T06:53:38.220961Z","times_seen":3,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/06b1eb38.d.m.BmbMAqW-.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.751Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/06b1eb38.d.m.BmbMAqW-.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 31783\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-7c27\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":78321,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"e1393cb20086faa29effc8a9a597f853","sha1":"2bb7adfff6e6df8e86fada2ba6881876d2becc63","sha256":"df752dfed704d250f460c1b1cfde8c07adaaed3f42a052dd9a2b800a7035e3ae","sha512":"15a8e95788419423afee4ce2e0af9c2ef7d28daf330f8e84760ac13fc576922deaa39eb1de8b51b8d098898dd9bbbfe79aa2134868a45fd098023699ddb0d122","ssdeep":"1536:kEt78VqYypZuH5UKMeZoR6RQD6nDtxm/ZWe29:wVZH5UKNBQ+nDtkt8","tlshash":"d57317f97357b57293ee11e6407b0406f3ee299a180d085cf2a5aadf367481410ebfb9","first_seen":"2025-09-19T02:19:58.447265Z","last_seen":"2025-09-20T06:53:38.225057Z","times_seen":2,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/\r\ncontent-type: application/json\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-modernity: modern\r\nx-app-env: prod\r\nx-app-skin: default\r\nx-app-layout: desktop\r\nx-app-os: windows\r\nx-app-browser: firefox\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nx-app-theme: DARK\r\nContent-Length: 186\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: firstTheme=DARK; Max-Age=315360000; Expires=Tue, 18 Sep 2035 06:51:57 GMT; Path=/; Secure; HttpOnly; SameSite=None\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1109,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"210eb97d083f2c5fc1105592c43df989","sha1":"4ab8602fdc57dd37ea664d8cba7e5ba0275a5563","sha256":"352111378a89b99be5829b4ea4b5feb325fc49803a3149205a92caef80440e31","sha512":"ca00f0b8d941ab1d61625fd3b809d3cdf558914836fd55681ffbcca69c69dfddb28f0559f5058bd69bf18823ba675b065cc43fbe2ab1861a939ceb63c1cd8c07","ssdeep":"","tlshash":"cc11685c11900c7fda0b1361a511fec9e39c58e374e8ff7d9480df99a9fa4a463228c2","first_seen":"2025-09-20T06:53:38.226076Z","last_seen":"2025-09-20T06:53:38.226076Z","times_seen":1,"resource_available":false,"data":null}},"time_used":35,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"o237537.ingest.us.sentry.io/api/4508036400611328/envelope/?sentry_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c\u0026sentry_version=7\u0026sentry_client=sentry.javascript.vue%2F7.120.0","fqdn":"o237537.ingest.us.sentry.io","domain":"sentry.io","tld":"io"},"ip":{"addr":"34.120.195.249","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:08.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ingest.sentry.io","organization":"Sentry"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 24 Jul 2025 00:00:00 GMT","end":"Mon, 24 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C7:A0:3C:30:51:F2:AE:98:2C:88:9F:C7:8D:24:55:ED:C3:34:BD","sha256":"78:73:F7:3D:EE:58:1B:F8:9A:1E:17:AB:A3:70:00:86:76:EA:4E:AF:AB:F4:7B:34:5F:FA:39:D8:3B:5D:F4:B5"}}},"request":{"raw":"POST /api/4508036400611328/envelope/?sentry_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c\u0026sentry_version=7\u0026sentry_client=sentry.javascript.vue%2F7.120.0 HTTP/1.1\r\nHost: o237537.ingest.us.sentry.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 578617\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Sep 2025 06:52:08 GMT\r\ncontent-type: application/json\r\ncontent-length: 41\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after\r\ncross-origin-resource-policy: cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":41,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"175eea399e45553738968782bf3a207a","sha1":"b60385ff39a1186995de3e323f84b3b20d2d6907","sha256":"42bc4ad0f47b6f74182ee43ad085a0d25d5dc29e5e2e014b7ca7035c14bc68da","sha512":"2504c7e2e67e72f09e22c80b02d9416a7d4f1023860bdc8fd5535ee932cb0810d8a5bddbfe41ff4d2562a5e91ac7f3a0d372ba9f4fe1ccea81452ff958c57a2d","ssdeep":"","tlshash":"099004070035d7c5f04031c31cd0c3515c05045074774555503550353541c7110300c7","first_seen":"2025-09-20T06:53:38.227041Z","last_seen":"2025-09-20T06:53:38.227041Z","times_seen":1,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":0,"dns":0,"connect":0,"send":53,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/2002571f.d.m.m9O7teUL.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.902Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/2002571f.d.m.m9O7teUL.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 12309\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-3015\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":38881,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (38830)","md5":"02dfead23d583867ab6528edd4364edb","sha1":"f50cb397d1a47b158c0d94aecde66c90bab748a7","sha256":"3747f2d618365f01855c617e8355e5e2fa9096bbfc5052757165142ffe832e15","sha512":"67a421a84ae51c50f2083ac76584809ea058aa09e2a581869db6948128a72a26dc189f2ac396f466dab0483d74fb1d397052e9b5bff8d394a93c335196ab08ee","ssdeep":"768:FfMUCstetiqMR4SZiG5Aek56hLyUhVqNHuSjUIreGOvZ:F0U10tTSEeRhL1hV0HuS1eGOvZ","tlshash":"42030988b4657a35833352bb86165441a7bd0fdba2204642e1fbef7e18f1d30532bb5e","first_seen":"2025-09-20T06:53:38.231576Z","last_seen":"2025-09-20T06:53:38.231576Z","times_seen":1,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.google.no/ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-JZZNGY93CC\u0026cid=206665698.1758351120\u0026gtm=45je59h0v871047016z8890860847za200zb890860847zd890860847\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104779684~104948813~115480710~115616985\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104779684~104948813~115480710~115616985\u0026z=2000675608","fqdn":"www.google.no","domain":"google.no","tld":"no"},"ip":{"addr":"142.250.74.131","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.477Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.no","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:39:23 GMT","end":"Mon, 01 Dec 2025 08:39:22 GMT"},"fingerprint":{"sha1":"42:CA:DF:AC:84:77:2A:0C:CC:0B:0C:7D:2C:7F:F7:A4:90:1B:05:F3","sha256":"4E:E3:F5:47:6B:82:78:8F:EB:24:48:87:45:0A:2B:B2:1C:6C:5C:89:6A:E4:47:C7:0C:F5:35:47:93:B2:F2:BE"}}},"request":{"raw":"GET /ads/ga-audiences?v=1\u0026t=sr\u0026slf_rd=1\u0026_r=4\u0026tid=G-JZZNGY93CC\u0026cid=206665698.1758351120\u0026gtm=45je59h0v871047016z8890860847za200zb890860847zd890860847\u0026aip=1\u0026dma=1\u0026dma_cps=syphamo\u0026gcd=13l3lPl2l1l1\u0026npa=1\u0026frm=0\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104779684~104948813~115480710~115616985\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104779684~104948813~115480710~115616985\u0026z=2000675608 HTTP/1.1\r\nHost: www.google.no\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\np3p: policyref=\"https://www.googleadservices.com/pagead/p3p.xml\", CP=\"NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC\"\r\ntiming-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ndate: Sat, 20 Sep 2025 06:52:00 GMT\r\npragma: no-cache\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\nx-content-type-options: nosniff\r\nserver: cafe\r\ncontent-length: 42\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":42,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"d89746888da2d9510b64a9f031eaecd5","sha1":"d5fceb6532643d0d84ffe09c40c481ecdf59e15a","sha256":"ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629","sha512":"d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c","ssdeep":"","tlshash":"c4900023fa808000c3a8c2300a0b238a2b8c80200a28030b80ae208cec3a3a22c03020","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-04T16:49:10.498201Z","times_seen":763585,"resource_available":true,"data":null}},"time_used":222,"timings":{"blocked":94,"dns":0,"connect":21,"send":0,"wait":32,"receive":1,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/88582821.d.m.D2OUHn8z.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/88582821.d.m.D2OUHn8z.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 2621\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-a3d\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6067,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6016)","md5":"6527b2bc0afe32269f7536e5129682e4","sha1":"4f4d1af7ce4457aa88caa719ec11d2d551564121","sha256":"0574282d30f05a4565b45f1ca37dc0efdf22ce4047228ff9029cf5d95a5d6961","sha512":"ee04da16882999583cea197c4719359f1aecbdc79f6d682a8fe831e6e122e5ed91fe017a52a046519438e7258b6b78bc1403c749cb666cb31bf275548ddd50a2","ssdeep":"96:k+Rw54EyJB5k1Ydu1JJGWJhTn4FljEWfKZBy4bdz7naTZ5ToFpjdYNEFErZAZqu4:N24tJB4Ydu1PGW7r4FlVSyO9sToFpJa9","tlshash":"c3c1d6a9338e76404277147d259f1085b07c6884644d182af5e8f87a3c65caa4bffefe","first_seen":"2025-04-24T07:07:12.79126Z","last_seen":"2026-01-25T14:09:20.204349Z","times_seen":100,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/94ae4756.d.m.DH-3UKsJ.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/94ae4756.d.m.DH-3UKsJ.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 19133\r\nlast-modified: Wed, 17 Sep 2025 12:25:09 GMT\r\netag: \"68caa8a5-4abd\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":65847,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (44006), with NEL line terminators","md5":"3f0b4325c6e3a35c8f9e3b004a21c8b3","sha1":"8b1574260e9310d9ba8195938c94811e84e4736c","sha256":"89785515513dc76d7c741a0af304c89e18454b8f6e93da8140c95ace8b037c13","sha512":"4eca04a3247a0e3786c7876e12966fc32d06209334507dca4d2e4be88fa20b3401ad32df12217eadf71793e0630ef416d9bb714a83736584038480184d560e19","ssdeep":"768:I/gq4MTeIckmO4Vi4equcad4Q2OajU0zCXspLS0IRQVrenuRcfG2OOPf4qtFWMO0:IYMTeIQS2bZpu0+62FivZWV5","tlshash":"c45360c971c2f0a683e76034003f8405f37a5d65a4acd1a4daeac4f97dfa8199237f29","first_seen":"2025-09-19T02:19:58.439295Z","last_seen":"2025-09-20T06:53:38.234112Z","times_seen":2,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/actionbn/1125x469+%2814%29-70@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.335Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/actionbn/1125x469+%2814%29-70@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 66658\r\nlast-modified: Thu, 28 Aug 2025 13:10:56 GMT\r\netag: \"10462-63d6ca2bb0eb3\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":66658,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 750x313, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"47e3eb1f337b2bc74912fde2369b5d42","sha1":"179900913d4b0af183f2302b93af597c9090f144","sha256":"56930c78dc13e747d6a1bf070caf9ffb507b0783459cd60e777507198b5e2158","sha512":"3e714ca16fc0e192d16726a908c09e3d99997d540c2cc498c05b3a3efbc143c25858b40d2aceb99062f6d3e19188a41f06d2bac78246658a658471df3ddde362","ssdeep":"1536:RnLyK9wuPIanYLclKuip1urTpEnX7Hs160wxpanVme/u64usJJOz:RnmK9fWuKf32aX7Hs160wxmVa64uMM","tlshash":"d25301345cecc417bbb04897c0c52e57eae834e87adc6ecdd3be51952c9e06d8a86760","first_seen":"2025-09-07T05:29:21.854395Z","last_seen":"2025-09-20T06:53:38.235494Z","times_seen":3,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/app.dWoIbHRH.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.347Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/app.dWoIbHRH.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 998\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-3e6\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1893,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (1402)","md5":"384200be86f283e2d29c4e98be721c94","sha1":"c137c98f2ffd570e630348b08bfbc211449139e1","sha256":"cebe72f900418486371f7cc4ae14a1bce031baddcccbc50bf375ab96011fc39f","sha512":"81eb4b2a69304fbc2135150268e8eccce9f8e11e0ccd20b78d662a1b618602c0c85993abbce61ace4bb879df364d4d11d25c1e4150294fde9594b9a8db36f08d","ssdeep":"","tlshash":"5d41840967c2957a469904edc21f376163229a90362cc3e1e0ed7d793d61813c52bfe5","first_seen":"2025-09-20T06:53:38.236684Z","last_seen":"2025-09-20T06:53:38.236684Z","times_seen":1,"resource_available":true,"data":null}},"time_used":358,"timings":{"blocked":173,"dns":128,"connect":5,"send":0,"wait":2,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/launcher-discovery.002f6994.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:10.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.intercomcdn.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 31 Oct 2024 00:00:00 GMT","end":"Fri, 28 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"D2:4F:FB:78:56:DC:20:7E:66:CC:9B:57:7F:92:C2:FA:50:69:C1:5B","sha256":"09:35:37:9C:E9:C9:26:27:7B:F2:E2:42:CA:82:EF:F1:2C:B2:B4:97:04:61:0B:FD:77:9A:15:4D:57:F4:76:D6"}}},"request":{"raw":"GET /launcher-discovery.002f6994.js HTTP/1.1\r\nHost: js.intercomcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 2662\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nlast-modified: Fri, 12 Sep 2025 20:29:05 GMT\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: gzip\r\nx-amz-version-id: Wht6RZE47ih8H55RE86U7H0p1e6qSSt4\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 20 Sep 2025 05:08:21 GMT\r\ncache-control: max-age=31536000, s-maxage=7200, public\r\netag: \"288ee68592ced6ff94e23c9c900e002e\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 2d4ccfc38ee1229022124d55e34be376.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\ncross-origin-resource-policy: cross-origin\r\nage: 6256\r\nx-amz-cf-id: nuNupD_LPdV1eX4sTd6NADbxs4QZnMs1eIvIoJf70ZU0cHlvvNLbLA==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":8599,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (8599), with no line terminators","md5":"bd4fa4ec84da9f086d08fc7446c4f87b","sha1":"d6dbe4385bc75828833cc05c0e242752795dd1be","sha256":"0847be8165e5f737682a41a5209ce830302ee0e58dbe680d3ace42861fba3075","sha512":"161caeac9c0bdc60f6a288b723d29490b44a132c99e4ebff490f7ae51ebe21a02c03d383f684864411add8b056eb16cada463672ee25c6073bfdb13b55af5a12","ssdeep":"96:AoDqLfqI/xNn95qVsVABMBpUaw8a8FJJFTq695q9BYABGqdcGU7YszHkLOg0/u28:AoaTN958ThWF585Gl8szEs/uIZnDOQu","tlshash":"3d02c488f4bef42c92f7639081af500e63799698c01d41f8b8b594e15efc08d5723f69","first_seen":"2025-05-14T17:23:51.434137Z","last_seen":"2025-10-07T15:10:41.582135Z","times_seen":969,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/a?v=3\u0026t=l\u0026pid=681960847\u0026rv=59h0\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104779684~104948813~115480710~115616985\u0026u=AAAAAAAIAAAAAIAg\u0026ut=AAAAAQ\u0026h=Ag\u0026gtm=45je59h0v871047016za200zb890860847zd890860847\u0026cl=2.3.1~3.4.1\u0026ccid=71047016\u0026cid=G-JZZNGY93CC\u0026l=L1813.S73.B61.E263.I711.TC13.HTC0~gtm.init_consent.S2.V1.TS5ogtdma.TI9.TE2~gtm.init.S1.V1.TS5ogtcrossdomain.TI11.TE1.TS5ogt1pdatav2.TI13.TE3.TS5ccdgafirst.TI22.TE1.TS5ccdgaregscope.TI19.TE1.TS5ccdemdownload.TI18.TE1.TS5ccdemoutboundclick.TI17.TE1.TS5ccdconversionmarking.TI16.TE1.TS5setproductsettings.TI21.TE250.TS5ogtgooglesignals.TI20.TE250.TS5ccdautoredact.TI15.TE244.TS5ccdgalast.TI14.TE243~gtm.js.S1.V1.TS5gct.TI6.TE1~gtm.dom.E240~*.S1.V1.E239~gtm.load.S1.V1.E203~GA2733","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.726Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"GET /a?v=3\u0026t=l\u0026pid=681960847\u0026rv=59h0\u0026tag_exp=101509157~103116026~103200004~103233427~104527906~104528500~104684208~104684211~104779684~104948813~115480710~115616985\u0026u=AAAAAAAIAAAAAIAg\u0026ut=AAAAAQ\u0026h=Ag\u0026gtm=45je59h0v871047016za200zb890860847zd890860847\u0026cl=2.3.1~3.4.1\u0026ccid=71047016\u0026cid=G-JZZNGY93CC\u0026l=L1813.S73.B61.E263.I711.TC13.HTC0~gtm.init_consent.S2.V1.TS5ogtdma.TI9.TE2~gtm.init.S1.V1.TS5ogtcrossdomain.TI11.TE1.TS5ogt1pdatav2.TI13.TE3.TS5ccdgafirst.TI22.TE1.TS5ccdgaregscope.TI19.TE1.TS5ccdemdownload.TI18.TE1.TS5ccdemoutboundclick.TI17.TE1.TS5ccdconversionmarking.TI16.TE1.TS5setproductsettings.TI21.TE250.TS5ogtgooglesignals.TI20.TE250.TS5ccdautoredact.TI15.TE244.TS5ccdgalast.TI14.TE243~gtm.js.S1.V1.TS5gct.TI6.TE1~gtm.dom.E240~*.S1.V1.E239~gtm.load.S1.V1.E203~GA2733 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sat, 20 Sep 2025 06:52:00 GMT\r\ncontent-type: text/html\r\nserver: Google Tag Manager\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":43,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/1eb91405.d.m.CTZu1R63.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.809Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/1eb91405.d.m.CTZu1R63.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 2250\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-8ca\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5393,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (5342)","md5":"ead7707bf4fae688844da68b890f32c7","sha1":"5deefd85beb75e07ec710cab14acc5348c86511d","sha256":"1c079c47c3681c692e8121f4d89a27257415b2b6e1b643aaaad2f7f07c22e42b","sha512":"88dfbdd5c5411092de0c81dd0131a971d17ac1a5dc1b796363082f754b9b97c11bb5087842d606b90ccee2816103dec53e736b4ae0e45734826792e1ee148ae6","ssdeep":"96:JuPASKyYN1JWoYHSKZM168YOxHaaQnkvNRX/QoJnOovup6bSlN/p68UB0xBK89:Ju/KdWoYHFSRlxHaaQk7X/fJOoWYkN/T","tlshash":"95b1c61d58132af94dd3f55ee23390125b2f896be374d550a9fa8ef15f48ab05232b03","first_seen":"2025-09-20T06:53:38.238562Z","last_seen":"2025-09-20T06:53:38.238562Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/mascot.C4J6IXOg.svg","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.296Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/mascot.C4J6IXOg.svg HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 4804\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-12c4\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10810,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f4cfed5dc8f597a9ce3ace9cc0d54468","sha1":"d02e363b2a9a00da32b6a9d73a03b904ce5650fc","sha256":"86ac12bafdcfdceeca1301bec6db2de3b5d02cf3982a6f11da62e2c383f61662","sha512":"36716691243cea3866beeefab568cc29f891e356ae23a8d02ba59549a74db3119b02b40f017f4841610f27bdbdc17c4f8aa1b34064d10a6c0e413f36b7d1ee19","ssdeep":"192:Mw9sYYA4QVZsvsQHnI3woqdZgC1KlAArjzLCscXRo/f7CVxsjs0q:M6YAXsI14g7V6scBUCVz","tlshash":"812276e437f9a3e4f106f3ec8756e4247e5328fa7a61c569c3aa2c58ea4145c0d98cd3","first_seen":"2025-06-01T01:07:13.940104Z","last_seen":"2026-03-29T15:19:13.408178Z","times_seen":92,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:77407.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.050Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:77407.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 16480\r\nlast-modified: Mon, 21 Nov 2022 17:02:00 GMT\r\netag: \"4060-5edfe038df538\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16480,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 256 x 256, 8-bit colormap, non-interlaced","md5":"e9a013cd84d99ee65a8b87309d69442f","sha1":"bf0c5384c071390833a1daad74447ad8e4d58d52","sha256":"ee1ae78f8caf8cdb372f9d415d8246cc769e92b3c0df15fe7658396a9557902b","sha512":"f944099473130e9f588d444642b20b1f2b5057efc3e4fee20a2a1740c7651ebcdc7c070ca21688b632096b1a3b2b502934190ff92faccbbb7136c15d38514d0b","ssdeep":"384:sufi/bRBG284FnFTUBrfQnlYxDvvL0eszwVoa2cM62:sufi/lnnWfQnlYJvnVf2hF","tlshash":"0572c0d33eaae425f9763191071a9226b2500e4e45e89fc002b377700f3b15eeeab761","first_seen":"2025-08-16T06:41:46.985167Z","last_seen":"2025-09-20T06:53:38.240443Z","times_seen":3,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/files/showcase/dark/highest-odds-improved.svg","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.685Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/files/showcase/dark/highest-odds-improved.svg HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 988\r\nlast-modified: Mon, 04 Nov 2024 12:32:26 GMT\r\netag: \"3dc-626157a2f80de\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":988,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3f1932ffc775b300408d5db3c8bf329f","sha1":"d28bd96269536e261087b37c21c572f228cfaf94","sha256":"dbbaea8456664ae861efbffc7dbbff140ade719093dbf848c02717a934e06588","sha512":"432d1916b637a5eed9b356f535950c28f18365f3952468a09f22141e008dedc571125ee20660ee4468548729572c8911a3015574ef1f4f36709dd20a75b1faa5","ssdeep":"","tlshash":"59110eb69268e8d2f544d370ca5854e5227215bb66ea4364d1c0efc0ac2b0c62a8d8b2","first_seen":"2024-12-15T10:08:22.090868Z","last_seen":"2026-03-29T15:19:13.36951Z","times_seen":54,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"o237537.ingest.us.sentry.io/api/4508036400611328/envelope/?sentry_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c\u0026sentry_version=7\u0026sentry_client=sentry.javascript.vue%2F7.120.0","fqdn":"o237537.ingest.us.sentry.io","domain":"sentry.io","tld":"io"},"ip":{"addr":"34.120.195.249","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:13.043Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ingest.sentry.io","organization":"Sentry"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 24 Jul 2025 00:00:00 GMT","end":"Mon, 24 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C7:A0:3C:30:51:F2:AE:98:2C:88:9F:C7:8D:24:55:ED:C3:34:BD","sha256":"78:73:F7:3D:EE:58:1B:F8:9A:1E:17:AB:A3:70:00:86:76:EA:4E:AF:AB:F4:7B:34:5F:FA:39:D8:3B:5D:F4:B5"}}},"request":{"raw":"POST /api/4508036400611328/envelope/?sentry_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c\u0026sentry_version=7\u0026sentry_client=sentry.javascript.vue%2F7.120.0 HTTP/1.1\r\nHost: o237537.ingest.us.sentry.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 579521\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Sep 2025 06:52:13 GMT\r\ncontent-type: application/json\r\ncontent-length: 41\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after\r\ncross-origin-resource-policy: cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":41,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"86f5048bd42583dec2d3f35e61bee920","sha1":"1ec1086ecdd0d62a6d967e2a6d03e3071fd3886e","sha256":"6ddd08391f52c8aefdf15a9fe1e80d4c42d54be95ab7e8901c1c542ebb360312","sha512":"913d4c7db2e9f29c2ba6fd7a225bec173fffbac336ed11366ee8839c8ce887f356fc34d5b49dbe60e48846dca53d5cefa46fa009eafacc4dc85216e353f9d178","ssdeep":"","tlshash":"fe900435c00c1735d43340c7755140c1545cc554fd017c0cd354f31104c4f30c140035","first_seen":"2025-09-20T06:53:38.241655Z","last_seen":"2025-09-20T06:53:38.241655Z","times_seen":1,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":1,"dns":0,"connect":0,"send":35,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/17ff6b76.d.m.CXP5KiY2.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/17ff6b76.d.m.CXP5KiY2.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 1207\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-4b7\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2236,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (2185)","md5":"9491ef6a940092932483bbd5efacf3ae","sha1":"1ac9bba8345b88706e51961aa4d35550237bbee3","sha256":"1e9590ffdd1f4698008d90d3571066688caac032b4bf6c52edf4428905494c10","sha512":"fcb6206e992642aad87d2bf5d2e9ed224a9272ec6ce95600bbc600cce18310175e55e89183bd5e75463f000054911ab011a79eb8146ea15bf10485a8d94b9fe1","ssdeep":"","tlshash":"904195b6b890e078837ec0eec071a0d043166760b35684e4d09e35bc46b8c86c1bcf4b","first_seen":"2025-09-20T06:53:38.242791Z","last_seen":"2025-09-20T06:53:38.242791Z","times_seen":1,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24_t_6333-5.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24_t_6333-5.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 56012\r\nlast-modified: Mon, 11 Nov 2024 21:24:55 GMT\r\netag: \"dacc-626a9bb63d05f\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":56012,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1200 x 1071, 8-bit gray+alpha, non-interlaced","md5":"9e42862ab7362ed1afa228ed4755ffab","sha1":"7b9289aa4f8c9c75cfbf2f2ba72535aeff7548cf","sha256":"9f70c0f2fed0d7b295ee123556d235f93d76fc7d014d435b76da1d8f799760db","sha512":"b7b77236dcdd779350427d52af235c7f6363f5c669e2eb4ed9a31a284470095ce832b6e30f27c1bdcd282a0a9e6029bc2ceb2758e28925dab793b685d667f1eb","ssdeep":"1536:3OZtkZaDm9RSVBmKScmZPgGX2i8GPnCLEBk:StPDm9Zc2PgjwnOEW","tlshash":"74430280f02b5429275ff5a698863091fd081bfbd7115b53e78f3580eeda937a6c6483","first_seen":"2024-12-26T10:25:56.758917Z","last_seen":"2025-10-18T03:17:27.54502Z","times_seen":7,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/a48612de.EG-SH0wB.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.829Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/a48612de.EG-SH0wB.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: text/css\r\ncontent-length: 2344\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-928\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8899,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (8898)","md5":"3709e413dec9b29b413e55ff6de554cf","sha1":"21deadacaf7eec3c2414890b84a84086c5ab1a3d","sha256":"5b3c42cf36b410b740d14b5fc052792b46464975d99dcfe7ff70428845eb9fd1","sha512":"a17f2939ab642af70cd4c6df6827b448885c771c6cf36fa508672b4367d66fc6984e75cb4212a994d08ac0d8af77bbbf4c575d02fd330306c01cb2b2580e3b2d","ssdeep":"96:fOf+7XO0jBEn8iwbXD89zk1ks/4VvZAsGlFEBrubG8+DnktTqdvbO:fOCjG5YXOzk1kmGR6dtepC","tlshash":"b502302582e05c3951a343b6d7c9dd88722cce43623309ebf3a9a45f892159e737e79c","first_seen":"2025-04-24T07:07:12.750658Z","last_seen":"2025-09-20T06:53:38.244682Z","times_seen":27,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:34-2.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.992Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:34-2.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 13905\r\nlast-modified: Mon, 14 Nov 2022 11:03:36 GMT\r\netag: \"3651-5ed6c30e63e4b\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":13905,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"63056732da2a94e1cdcb5dc46eb3a314","sha1":"64dedc12b85236f3eac25cf1a39e6a20c31b29e7","sha256":"9f58f9f706d4adab425001292d9d0554fed85a3263dc4c1c667985c106c5a571","sha512":"351262fdc7db220310a087edeb464e7141f46a276828aa11db2f0f3a9d201f450d52d3768404c32ef733fe9163a2b9027111e841a6c682f0eb86102e23b618f4","ssdeep":"384:qPGBJAZ4TurM/baF6aTqdeDDgmqJhsO9yl+cHYOJorkt:4GBJ16A/SXqyDyJR9XOJSkt","tlshash":"c552d081a042f5b01e25bd216ec653aaf796845c15f8b1273383a5dccbe8d7394f8393","first_seen":"2023-05-22T06:42:39Z","last_seen":"2026-03-15T07:26:29.440317Z","times_seen":23,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:36380.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:36380.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 25584\r\nlast-modified: Mon, 14 Nov 2022 11:13:49 GMT\r\netag: \"63f0-5ed6c55760efc\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":25584,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"61beb242edc1b57155f66c4c07710d10","sha1":"e24816b6ff3cad624d9402edf7ffb6c88bb90ad5","sha256":"536b7323cfad29438fce0e82cc89b314ce27d65845515c1d49179d9b74c3185d","sha512":"d78d9cbe545cb4ba095a20efc9ab6b3e296a505f78643bf2b3ba057a43745ea458330a8a70233481b67ca87502791bb30d9c54a768e5ce4a97289688461c478e","ssdeep":"768:qAy8cD58I12EB7JATB+XdQmMQ7IpzB+1OEAhZ:qA3dEdJATBoHX7IjSeZ","tlshash":"c6b2e196bb809f4930a708892271acb2cd6b7830159eebe5bff1543e1d1155cc5ab3e1","first_seen":"2023-12-12T16:38:30Z","last_seen":"2025-09-20T06:53:38.246744Z","times_seen":10,"resource_available":false,"data":null}},"time_used":128,"timings":{"blocked":0,"dns":62,"connect":37,"send":0,"wait":30,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/a538a99f.d.m.DvDDV3ZH.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/a538a99f.d.m.DvDDV3ZH.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 12801\r\nlast-modified: Wed, 17 Sep 2025 12:25:09 GMT\r\netag: \"68caa8a5-3201\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":41122,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (41071)","md5":"a812ac0fb5e3c9caf3fd02804c596c1c","sha1":"726fc7fdf95273704d5f6eaff18aa80c332997dc","sha256":"8365c30bb518bca2a1daed3834a1891cde97e95cdffc292be568704708256f6c","sha512":"9bd4edac7cf3f20ebc656620dbfd5550b6fca764aee42e21e06b2c573bcb45b3df01a498130633eaafb8f9b19b9b78158fcd823abca4a0434ec67ffdaa95c88d","ssdeep":"768:t61/QVoeEHTg+ZgrhbGeLJ880mea4L40wNNBLJrMB83prxApCp/UwmECeQDvpy/b:iUmp2QA/BPQY1","tlshash":"1e03fb8877f3b52757d744ea50371003f6298a08784e8068f26cd9df7e9680696bbf39","first_seen":"2025-09-19T02:19:58.465962Z","last_seen":"2025-09-20T06:53:38.248164Z","times_seen":2,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 19 Sep 2025 13:04:57 GMT\r\nexpires: Sat, 19 Sep 2026 13:04:57 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nage: 64020\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T16:49:22.253707Z","times_seen":714894,"resource_available":false,"data":null}},"time_used":155,"timings":{"blocked":68,"dns":6,"connect":7,"send":0,"wait":8,"receive":9,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/files/showcase/dark/color-promos.svg","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.336Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/files/showcase/dark/color-promos.svg HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 03 Aug 2022 11:27:28 GMT\r\netag: W/\"699-5e55484974360\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1689,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"10156adee5d5413574d9a0b8606a3827","sha1":"53003c416e785a1debf70723c15061c1bfe8f476","sha256":"78271c224efe35393eead263436870aa77b3f67c0ee8abd649edfff455c5dfec","sha512":"2590932f61fc7e1fcda6a008cfcf539bde9c153f45625f4985f96ee753daf87ace64c8ca751d00da26baee288760a33e008081ac8709dea68d3854c565dc4c76","ssdeep":"","tlshash":"933110f162f6a7da9589df60d8b4f426512b14f63dd0c45092d3eb18961b04e6c0db90","first_seen":"2023-07-08T17:48:53Z","last_seen":"2026-03-29T15:19:13.350435Z","times_seen":61,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":65,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/fc6a7b48.BOivwGBO.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.430Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/fc6a7b48.BOivwGBO.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: text/css\r\ncontent-length: 7406\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-1cee\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40548,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (40547)","md5":"ac26f3640f49323cc6e83898c88a2a35","sha1":"6f2d73c59fc1ec705f111fc044adf5795c002c23","sha256":"fea02910ebb0add7a5ee0ececd055d315b3c484127dd58cf237a7b8f4c67a011","sha512":"2968c9b5fd9c7844a0a9424e3fa4cac255271ce44ef827cf030732f085b068624824e991d401572f39bd4437641a41c64a63396e6e15b3df489f5cf71d85dcf1","ssdeep":"384:q8pPYtpOjTYUs0IRp2UzExIvTEg8lfAqdIEMtqI8nSYqIt+2owzSXu5wNLtfc6vl:lIrMfAoI1UnSk8wOe6Tf9V8vBsx09GZ","tlshash":"360385579e50a13ef8a3f71ee4e2ea4db1248c03acb2565bf566573dc3c32d15622b08","first_seen":"2025-09-19T02:19:58.332766Z","last_seen":"2025-09-20T06:53:38.250011Z","times_seen":2,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:111039.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.092Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:111039.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 8743\r\nlast-modified: Mon, 14 Nov 2022 11:05:21 GMT\r\netag: \"2227-5ed6c3731d264\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8743,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit colormap, non-interlaced","md5":"4254f7bb7440423d1996b5e3c854354c","sha1":"c9c83a88632df43b3e0b535e0371ebf6ba6fd518","sha256":"30d46add0559c771c90a618ca8f9d3442488e0f4ebad5db485b57ea1aa3176a1","sha512":"23e15f7cf213ef9fe0fdcfe922b644a922e59b0708d049005797c5181fedacb359378ed10eaf5599e48e83a96137ab6650ff1325c54e91b798971748588676d2","ssdeep":"192:gSy0GHoenzKMcx+FLM8OMOzDWbOMZoDi++hYK7oiKB/lyxz+Z5B:gn08/nf94ZhzD8OmQS7oisyK5B","tlshash":"9f02ae0976211886d9a9c48260aaab2454b35d106e06e2e450cbfd3ce13b375abfb1c3","first_seen":"2023-11-07T14:36:48Z","last_seen":"2025-10-27T01:31:05.88933Z","times_seen":7,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/vite-plugin-import-retry.179bbf.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/vite-plugin-import-retry.179bbf.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 1368\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-558\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3342,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3342), with no line terminators","md5":"33b4a14edb42f0fe57ff70887be0fbc3","sha1":"a5c55979ebc911ddba991edb628ede6d70bbff36","sha256":"179bbf3db4b5a12659275545cb970ea8c71c657b8f3acb23de9546aa0d8dfd94","sha512":"ffbdf1808a1d389a9b2a6b8c8d4ff1c5b74b3ade1d44c8c1d3fb31c683b2b52c58388ea7bfb5304046e82eb3041a8c200bc51042875ab289cca5bf9d94fcb438","ssdeep":"","tlshash":"cb614ed875c3a42d0363b5b9843f5457fa6a2824f64c0c61d86ce292793ae0ac3639e0","first_seen":"2025-09-19T02:19:58.472642Z","last_seen":"2025-09-20T06:53:38.252963Z","times_seen":2,"resource_available":true,"data":null}},"time_used":553,"timings":{"blocked":274,"dns":127,"connect":5,"send":0,"wait":2,"receive":0,"ssl":139},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/files/showcase/dark/color-live-1.svg","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.324Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/files/showcase/dark/color-live-1.svg HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 622\r\nlast-modified: Thu, 25 Mar 2021 21:01:52 GMT\r\netag: \"26e-5be62b9832baa\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":622,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"97692ea3e43a69f5716af9c2ad83be76","sha1":"24ceb6099fdd5a7e32ca3a55cff85268f1b2acfe","sha256":"c3862cc2028935c5a5f21f873fe7efdc309a56a5776f5a55453c25e94c804b77","sha512":"58f23778d2fbc42d234a6790f96c044a392223d93b0e61120d514a87353e95f1c16affe289c3a78da978284839f5a6bc22681cc86978388529ccf22c099aef4b","ssdeep":"","tlshash":"cff07def9728ed0ad598c655c61c947a019ec2f3a05d46219284ef283d4d0db6d1d994","first_seen":"2023-07-08T17:48:53Z","last_seen":"2026-03-29T15:19:13.39212Z","times_seen":64,"resource_available":false,"data":null}},"time_used":95,"timings":{"blocked":48,"dns":0,"connect":0,"send":0,"wait":33,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.506Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=e0c7f323a8eb4a3eb2d752ec81e08189,sentry-sample_rate=1,sentry-transaction=home,sentry-sampled=true\r\ncontent-type: application/json\r\nsentry-trace: e0c7f323a8eb4a3eb2d752ec81e08189-9f6275a066f1a4bd-1\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 139\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":205815,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"77e1c84b10c95a178289355de82e162c","sha1":"8eadf760d8ec03d655a34470503603c958200ad4","sha256":"eaefd3ab21db253eaeb052765cc6009b1041696b1fee21f88fc2287b294bec98","sha512":"214577d7c504095aaae6bbda855aee3c838298d63f831e8085aa5b35dd6174d4d75710b488ff7162fb5955c66c05264bf32ab2ecb3ceec8d6de236e2ddfda498","ssdeep":"768:e1aVXsJxbniFIr2Z8+KMNa7YpG3LVdc/ORgDC4USXXmJh4T6wtX1PGx0i0AjuF0q:z3glweSMhTiu39qagqnJ+nd","tlshash":"f614c5a9771f583e743b54fe97064b61262671b6bc2ca060e96fbd5830becad6035c03","first_seen":"2025-09-20T06:53:38.25477Z","last_seen":"2025-09-20T06:53:38.25477Z","times_seen":1,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":70,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/b3b80119.d.m.BroKAO7_.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:01.241Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/b3b80119.d.m.BroKAO7_.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:52:01 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 1256\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-4e8\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:52:01 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2717,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (2666)","md5":"3926431464830643edf3790410868dc6","sha1":"c28d1eb124a56835e291e29fb032a7c6bd143053","sha256":"28edc46704ecb6944ee777c48b274eb13f7e046a3d4e87a8f7242b9c67e30864","sha512":"d9b0bfa970c5db0dc60a4df4811f5f07a6313ef1a09b8887ad8d83e0e656e9bddf949de08b27b580ff901b0d60fbf810ba450f27a0bdebdf6d7f69e3c5b18fef","ssdeep":"","tlshash":"3651720b993b2873548124fdf81710234619d25d365ca0b8f7fe758719ab9a5233bf8a","first_seen":"2025-09-20T06:53:38.256105Z","last_seen":"2025-09-20T06:53:38.256105Z","times_seen":1,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/frame.8bde6e7e.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:03.427Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.intercomcdn.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 31 Oct 2024 00:00:00 GMT","end":"Fri, 28 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"D2:4F:FB:78:56:DC:20:7E:66:CC:9B:57:7F:92:C2:FA:50:69:C1:5B","sha256":"09:35:37:9C:E9:C9:26:27:7B:F2:E2:42:CA:82:EF:F1:2C:B2:B4:97:04:61:0B:FD:77:9A:15:4D:57:F4:76:D6"}}},"request":{"raw":"GET /frame.8bde6e7e.js HTTP/1.1\r\nHost: js.intercomcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 221583\r\nlast-modified: Fri, 19 Sep 2025 15:43:08 GMT\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: gzip\r\nx-amz-version-id: 6R1xRrOMm4DgqIl.1d5s3uPB2yL0cliU\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 20 Sep 2025 05:45:19 GMT\r\ncache-control: max-age=31536000, s-maxage=7200, public\r\netag: \"e4428f3af7dfc047878ca21de731187b\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 de27d82c1c354527a5740acf5043eab4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: 8tFW0CHhgySYND0wa5hqWm50RSX7rgrZO3Wc6FDxQVrgFJzQHBlQRw==\r\nage: 4005\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncross-origin-resource-policy: cross-origin\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":1044091,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65464)","md5":"699c9a118de087bd5c4d7535123b6e05","sha1":"367e85c4740915448504d66b40662fa0612f4870","sha256":"7472babd18f274480b69afa3e8ccaced87483754ba628d14937f3a3d50eb183b","sha512":"38fd5d6912276ea5206978f6b2fe0a6935a808132122a36e9a9c18e1835020de6ef2deb908e86b2a652a03ba6bae5f3f317af4bedb46b398c73edc9e96559273","ssdeep":"12288:4vCgESTKgvwRNLHrQcN9yeufGzSYzwE1mM:Ue5LLxHyK1mM","tlshash":"3725c5ccb2d2f06a43976175812f200bf33ea999b54e8450e669d8d1bcb858d9237f7c","first_seen":"2025-09-19T18:34:13.086856Z","last_seen":"2025-09-22T08:39:51.721385Z","times_seen":50,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":113,"dns":88,"connect":7,"send":0,"wait":9,"receive":28,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/054854ad.d.m.CdUaEnCx.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.030Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/054854ad.d.m.CdUaEnCx.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 14185\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-3769\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":55271,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (55218)","md5":"eb3abe3415e4e110da05b02b999076fe","sha1":"f9314c14cde48e966941ff9eff00c9074d203ded","sha256":"cb430168ae18043e0f470e7a622b97fbc543702c564cb43a85463aebec2a9fe2","sha512":"98d5c76ca1bc13c8332a48959f15cefd11be701bd735f8c943a4ad24d313c0b62931537bb9cdf7b06440110607dbee39b89fb214ea72ea7acf34af4be459d7fa","ssdeep":"1536:CiYEcsHA07DUnJwz8ehk/ZuTF+MGMTF4HF:CiMS2wz3hkUF+0UF","tlshash":"a043300ded0c54faa3e650b9f4b50e0a5518ae4bf27c4591bab5cc1f8088fa4a36f74d","first_seen":"2025-09-20T06:53:38.257861Z","last_seen":"2025-09-20T06:53:38.257861Z","times_seen":1,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:3937.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:3937.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 3602\r\nlast-modified: Mon, 14 Nov 2022 11:05:00 GMT\r\netag: \"e12-5ed6c35ea76d8\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3602,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit colormap, non-interlaced","md5":"814536329748d932fa54057a2929faf0","sha1":"c3c1f3a73fa3e6557be6f801e80b4db4dd24f306","sha256":"f84a63ac03d6f718a5f6eb4cb7afb7d81e4b7b3e843e1ef4fb7f5472b2948b99","sha512":"3233f83f225e9b704568d275a8a78ca892309022db2f19b853cfbf5598fb0f4d61e89899631b3ad59f65dd7efd30b5af79121fd4d7062af0d923b5ff98c08d57","ssdeep":"","tlshash":"fd713c5b9441e22553d70ddeb654cc792b1fde3ba7fb12874202d1c8272806ed49e0d6","first_seen":"2025-08-29T14:52:32.363306Z","last_seen":"2025-10-14T14:52:17.428014Z","times_seen":6,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-2/betline/headline-matches/changes?ctag=en-US\u0026allVtag=9c2cd386-31e1-4ce9-a140-28e9b63a9300\u0026flags=reg,urlv2,mm2,rrc","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:02.932Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"GET /api-2/betline/headline-matches/changes?ctag=en-US\u0026allVtag=9c2cd386-31e1-4ce9-a140-28e9b63a9300\u0026flags=reg,urlv2,mm2,rrc HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=e0c7f323a8eb4a3eb2d752ec81e08189,sentry-sample_rate=1,sentry-transaction=home,sentry-sampled=true\r\nsentry-trace: e0c7f323a8eb4a3eb2d752ec81e08189-8ffe7abe5f84edc9-1\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251; _ga_JZZNGY93CC=GS2.1.s1758351120$o1$g0$t1758351120$j60$l0$h0; _ga=GA1.1.206665698.1758351120\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:52:02 GMT\r\ncontent-type: application/json\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":124585,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"bb1b3e258794816bf2367a49cb2524e4","sha1":"34fd9e2d3916502af13532f6391ae2521153760e","sha256":"7e053d3e3e3c4b435f2f011686f8f3e8d041f7cc22ac1357b7d346de40d9d859","sha512":"3468397fb20ac4e4222daedf5573f614aa981a3d2445cbf3e50e7acfa8490692256e3edb408b4f05da80ec8b5df558de0af36e000764a5a3d9c6585095d27655","ssdeep":"3072:wv+a/heUSjqVOWSObVWF3UjFG6hKc3acb/bOWqoXycNwk3NU3Ct/SW9eQA6c3:wv+a/heUSjqVOWSObVWF3UjFG6hKc3av","tlshash":"b0c30c0822090dbdd76229d9cd872bf558c4537fbed8ee82b6eccbc465753ae221111b","first_seen":"2025-09-20T06:53:38.25959Z","last_seen":"2025-09-20T06:53:38.25959Z","times_seen":1,"resource_available":false,"data":null}},"time_used":54,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":54,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api-iam.intercom.io/messenger/web/ping","fqdn":"api-iam.intercom.io","domain":"intercom.io","tld":"io"},"ip":{"addr":"3.225.121.170","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:03.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.intercom.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Sat, 14 Dec 2024 00:00:00 GMT","end":"Sun, 11 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:E3:24:32:5B:DE:76:F0:A4:43:7F:C2:84:CD:98:D0:50:48:25:7E","sha256":"B0:C5:D5:8B:41:34:A0:3C:41:21:0F:E0:A4:E1:C3:F7:66:24:A3:25:E9:E6:67:D5:40:EA:68:FB:D3:70:73:74"}}},"request":{"raw":"POST /messenger/web/ping HTTP/1.1\r\nHost: api-iam.intercom.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 636\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Sep 2025 06:52:04 GMT\r\ncontent-type: application/json; charset=utf-8\r\nstatus: 200 OK\r\nvary: Accept,Accept-Encoding\r\nx-intercom-version: 37faa6e9e4fdd69aea2996a602b8291f9c50843c\r\naccess-control-expose-headers: x-request-id, x-runtime\r\ncontent-encoding: gzip\r\nx-request-id: 002ggd89hgj3q5vtqrp0\r\netag: W/\"92ec1b9b5cf1088fe65006b90826a2bb\"\r\nx-frame-options: SAMEORIGIN\r\ncache-control: max-age=0, private, must-revalidate\r\naccess-control-allow-origin: https://www.239797.win\r\nstrict-transport-security: max-age=31556952; includeSubDomains; preload\r\nreferrer-policy: strict-origin-when-cross-origin\r\naccess-control-max-age: 86400\r\nx-xss-protection: 1; mode=block\r\nx-request-queueing: 0\r\ntiming-allow-origin: *\r\naccess-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA, traceparent, X-Continue-Intercom-Trace\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: POST, GET, OPTIONS\r\nx-runtime: 0.198360\r\nx-content-type-options: nosniff\r\nserver: nginx\r\nx-ami-version: ami-08d0dc1db7f9c4990\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5790,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"26164da163c03049724c4e80f75a4f99","sha1":"c810f11d9a5bd07cafdea29bb374e3f19ce59e71","sha256":"92ec1b9b5cf1088fe65006b90826a2bbe4cfd20131e33614cecb7fede30c9667","sha512":"8c39e05cfc8d8e6250738fb9362880047d444ac5aab0e3b1eea44083fc3a2d97e2dca936b889b3069f8d9be42ff83683e2df41ed176aaaef7c8131a86ddb7532","ssdeep":"96:4rVV7R2aM9Jt5B2oYHAipxO+VNlz5QWMlzWNlGjGMli9B18AOU54Hwhi8w7fzG6x:4rVV7RhM7kgilB47X7bG6tb","tlshash":"b9c1588c89481c3ea38b46dac755ff064b7e81b7b1941d88f96ccb2d21db299516b207","first_seen":"2025-09-20T06:53:38.260771Z","last_seen":"2025-09-20T06:53:38.260771Z","times_seen":1,"resource_available":false,"data":null}},"time_used":702,"timings":{"blocked":195,"dns":1,"connect":94,"send":0,"wait":311,"receive":0,"ssl":98},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/7fbe0154.d.m.unn1YPpf.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.956Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/7fbe0154.d.m.unn1YPpf.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 114241\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-1be41\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":376926,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (36415)","md5":"50a9bb10b317e0dc4f6ec1899a26682e","sha1":"e19e2cfde478f3fb95aa510f10274570ad2bfe40","sha256":"1eb5b3981c32de1bbee68d23b8b48cce2f3f77ac1320b4549d5ebb020721c235","sha512":"ae7f01f66de32fec6a4a4a05590779ac577fda93644cff6b5dfa14a67581286df519d7ed499fad6a4b7225dc50de34c09dd4c7d36838c250c0aadc017156e874","ssdeep":"6144:r7fKGJvEvGdrSaV67dmcgUxHtaZAUA4Ic/5/WLODYoCIDIinUVDAlwn3Qd5f9A1O:r7fKGJvEvGdrSaV67dmcgUxHtaZAUA4L","tlshash":"39844b54b2427138d7ba58fd912b098073680f417019d8e4f07dae7e78a6c19d3bae7e","first_seen":"2025-09-20T06:53:38.262519Z","last_seen":"2025-09-20T06:53:38.262519Z","times_seen":1,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages2-21a8b.kxcdn.com/SC/Leonbets/web2_footer_icons/SBCAwards23%20horizontal%20logo-75.svg","fqdn":"cdnimages2-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.227Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /SC/Leonbets/web2_footer_icons/SBCAwards23%20horizontal%20logo-75.svg HTTP/1.1\r\nHost: cdnimages2-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 29 Nov 2023 14:52:11 GMT\r\netag: W/\"80c3-60b4bae105d1c\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\npragma: public\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":32963,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"39f208963969a20927c77ff170d58fe2","sha1":"157f6e26b782db4a04d09122b259cf005ff47079","sha256":"7b626c040aadee9765e07e14b599af4cc2ed9f265653b5b5ef05aee038338a7e","sha512":"4dfe4615d190c87884b12becb29311f49d0295b64099e82acc41fc50e707536e3aa2da8cfd6ad60503a17ecb45521cc594ee32e4f19c55ac3ce451f9f82ab0d2","ssdeep":"384:RwW7ILFIilDA/XifM1VSVsgMILWtGB9ROdBdhH22jUWQRZ:tMF0SW9gAdBTrIRZ","tlshash":"33e29c5fe369dd77e18ae39cc5008034226a82a779c1c794c2f9ff4f566648a6c0ebd1","first_seen":"2023-12-10T15:49:17Z","last_seen":"2026-03-29T15:19:13.474228Z","times_seen":107,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":113,"dns":85,"connect":5,"send":0,"wait":30,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:7-2.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.978Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:7-2.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 21845\r\nlast-modified: Mon, 14 Nov 2022 11:03:32 GMT\r\netag: \"5555-5ed6c30ae1626\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":21845,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"249225e8af0a72a2ea6390afe5672f1f","sha1":"e61a16997a24337a16e27be4cd8e87840760487d","sha256":"426ddf3584e1c7bee6ebddff437b55f5202c03086cc4c53a538f1265e87c0d3c","sha512":"f5e5820bd79fe0c9c9c45cb3a6719820f0c4cb4b3eea05ae27d180747a2e78506a0eb2c46ad1166ef01726a015cc06574ca27afbb65b564aa72df9357b3d4a5e","ssdeep":"384:k2NaWwltJBRkNxsBQQemURDcEnr9njfMYakatIjwLcUiqtHmptkoqUSY:TN4ltJoTrQ9URDhnRnj0sa6jGcqcJSY","tlshash":"14a2d0e6e52af450fde1de519d3b90c11a4e2d126c4323ce9428dc7ebb023de69a1db1","first_seen":"2023-08-13T00:52:21Z","last_seen":"2026-03-05T11:01:01.076717Z","times_seen":618,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"track.liftdsp.com/collect?data=eyJpX3NlZ21lbnRfaWQiOjE1NDAzOCwiYl9zZWdtZW50X2lkIjpudWxsLCJsaWZ0X3VzZXJfaWQiOiIwYTBiOTc3OS1iMjM4LTQ2Y2ItYWE0YS0xZTBjYTNhNmEyNTEiLCJwaXhlbF9maXJlX2lkIjoiMTc1ODM1MTExOTgwMy05MWFiOWJlMi0zMDhjLTQyNDItODNmNi00ZGQyZWIzZTFmNGMiLCJwaXhlbF9maXJlX2dyb3VwX2lkIjoiMTc1ODM1MTExOTgwMy02YThmZWQ3OS01ZjBkLTQ0Y2UtYjhkNi03Njk5ZWIzMDM4ZTMiLCJjdXN0b21fZGF0YSI6e30sInRyaWdnZXJfcnVsZSI6bnVsbCwiZmluZ2VycHJpbnRfb3J0YiI6IlRXOTZhV3hzWVM4MUxqQWdLRmRwYm1SdmQzTWdUbFFnTVRBdU1Ec2dWMmx1TmpRN0lIZzJORHNnY25ZNk1UTTBMakFwSUVkbFkydHZMekl3TVRBd01UQXhJRVpwY21WbWIzZ3ZNVE0wTGpCOFpXNHRWVk44TVRJNE1IZ3hNREkwZkZWVVF3PT0iLCJmaW5nZXJwcmludF9oaWdocmVzIjoiVFc5NmFXeHNZUzgxTGpBZ0tGZHBibVJ2ZDNNZ1RsUWdNVEF1TURzZ1YybHVOalE3SUhnMk5Ec2djblk2TVRNMExqQXBJRWRsWTJ0dkx6SXdNVEF3TVRBeElFWnBjbVZtYjNndk1UTTBMakI4Wlc0dFZWTjhNVEk0TUhneE1ESTBmRlZVUTN4WGFXNHpNbnd5Tkh3ME9Id3dmRFY4TVRZeU1qTXhNekk0T1h3eE1UazFOVFUzTlRSOFRXVnpZWHhzYkhadGNHbHdaUT09IiwidXJsIjoiaHR0cHM6Ly93d3cuMjM5Nzk3Lndpbi9lbi11cy8iLCJkZXZpY2UiOnsidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEzNC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEzNC4wIiwibGFuZ3VhZ2UiOiJlbi1VUyIsInBsYXRmb3JtIjoiV2luMzIiLCJzY3JlZW4iOiIxMjgweDEwMjQiLCJkZXZpY2VfdHlwZSI6ImRlc2t0b3AiLCJvcyI6IldpbmRvd3MifSwidGNmX3N0cmluZyI6bnVsbCwiZ2Rwcl9hcHBsaWVzIjpudWxsLCJ1c19wcml2YWN5X3N0cmluZyI6bnVsbCwidGltZXN0YW1wIjoiMjAyNS0wOS0yMFQwNjo1MTo1OS44MDNaIn0=","fqdn":"track.liftdsp.com","domain":"liftdsp.com","tld":"com"},"ip":{"addr":"54.240.174.124","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.729Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"track.liftdsp.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Fri, 25 Jul 2025 00:00:00 GMT","end":"Sun, 23 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F5:18:52:8D:E1:26:95:D7:DB:15:DF:B9:09:C9:C3:C0:77:05:A0:CA","sha256":"73:B8:80:92:8F:BE:DE:B0:39:0F:83:CA:C8:55:E1:16:99:75:C0:B1:4B:73:FD:83:54:F0:AC:CA:65:35:39:40"}}},"request":{"raw":"GET /collect?data=eyJpX3NlZ21lbnRfaWQiOjE1NDAzOCwiYl9zZWdtZW50X2lkIjpudWxsLCJsaWZ0X3VzZXJfaWQiOiIwYTBiOTc3OS1iMjM4LTQ2Y2ItYWE0YS0xZTBjYTNhNmEyNTEiLCJwaXhlbF9maXJlX2lkIjoiMTc1ODM1MTExOTgwMy05MWFiOWJlMi0zMDhjLTQyNDItODNmNi00ZGQyZWIzZTFmNGMiLCJwaXhlbF9maXJlX2dyb3VwX2lkIjoiMTc1ODM1MTExOTgwMy02YThmZWQ3OS01ZjBkLTQ0Y2UtYjhkNi03Njk5ZWIzMDM4ZTMiLCJjdXN0b21fZGF0YSI6e30sInRyaWdnZXJfcnVsZSI6bnVsbCwiZmluZ2VycHJpbnRfb3J0YiI6IlRXOTZhV3hzWVM4MUxqQWdLRmRwYm1SdmQzTWdUbFFnTVRBdU1Ec2dWMmx1TmpRN0lIZzJORHNnY25ZNk1UTTBMakFwSUVkbFkydHZMekl3TVRBd01UQXhJRVpwY21WbWIzZ3ZNVE0wTGpCOFpXNHRWVk44TVRJNE1IZ3hNREkwZkZWVVF3PT0iLCJmaW5nZXJwcmludF9oaWdocmVzIjoiVFc5NmFXeHNZUzgxTGpBZ0tGZHBibVJ2ZDNNZ1RsUWdNVEF1TURzZ1YybHVOalE3SUhnMk5Ec2djblk2TVRNMExqQXBJRWRsWTJ0dkx6SXdNVEF3TVRBeElFWnBjbVZtYjNndk1UTTBMakI4Wlc0dFZWTjhNVEk0TUhneE1ESTBmRlZVUTN4WGFXNHpNbnd5Tkh3ME9Id3dmRFY4TVRZeU1qTXhNekk0T1h3eE1UazFOVFUzTlRSOFRXVnpZWHhzYkhadGNHbHdaUT09IiwidXJsIjoiaHR0cHM6Ly93d3cuMjM5Nzk3Lndpbi9lbi11cy8iLCJkZXZpY2UiOnsidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEzNC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEzNC4wIiwibGFuZ3VhZ2UiOiJlbi1VUyIsInBsYXRmb3JtIjoiV2luMzIiLCJzY3JlZW4iOiIxMjgweDEwMjQiLCJkZXZpY2VfdHlwZSI6ImRlc2t0b3AiLCJvcyI6IldpbmRvd3MifSwidGNmX3N0cmluZyI6bnVsbCwiZ2Rwcl9hcHBsaWVzIjpudWxsLCJ1c19wcml2YWN5X3N0cmluZyI6bnVsbCwidGltZXN0YW1wIjoiMjAyNS0wOS0yMFQwNjo1MTo1OS44MDNaIn0= HTTP/1.1\r\nHost: track.liftdsp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 500 Internal Server Error\r\ncontent-type: text/html; charset=utf-8\r\ncontent-length: 12\r\ndate: Sat, 20 Sep 2025 06:52:02 GMT\r\netag: W/\"c-ghCMv/+Srhv72FFxL2itcyRPdGg\"\r\nserver: nginx\r\nx-powered-by: Express\r\nx-cache: Error from cloudfront\r\nvia: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: 1y1Sh68krO5mritp6L7_DMDcJpMxEKb8JB3uDa3cZZy5DUTRd6fHcA==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"500","status_text":"Internal Server Error","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Express","description":"Express is a web application framework for Node.js, released as free and open-source software under the MIT License. It is designed for building web applications and APIs.","website":"https://expressjs.com","common_platform_enumeration":"cpe:2.3:a:expressjs:express:*:*:*:*:*:*:*:*","icon":"Express.svg","categories":["Web frameworks","Web servers"]},{"name":"Node.js","description":"Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside a web browser.","website":"https://nodejs.org","common_platform_enumeration":"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*","icon":"Node.js.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":2158,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2158,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages2-21a8b.kxcdn.com/SC/Leonbets/web2_footer_icons/SiGMA-Awards-Europe-Negative-36.svg","fqdn":"cdnimages2-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.229Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /SC/Leonbets/web2_footer_icons/SiGMA-Awards-Europe-Negative-36.svg HTTP/1.1\r\nHost: cdnimages2-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Wed, 29 Nov 2023 14:53:10 GMT\r\netag: W/\"1e6e2-60b4bb197b2dd\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\npragma: public\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":124642,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"065691d045bfc538dbfde5499a6d2674","sha1":"6cd30a84f1eaadf7e5dfc0b63b4767fd30a8df50","sha256":"c38f15c7b168fd96961ea9673f5ab93f5e1eeac70ba805e27369f5d1febbb285","sha512":"8fa87b3aa5f20681301f0e4ceadc73e7e7bee3a280af44c602419ab274f38248235df2887d214ec0cf9e23fe6389f2ea91477781620cb459369a78fed086a507","ssdeep":"1536:9g1mplOk3XLELTLyO/aCBNZsv/7GHLIe6Ej:Re64","tlshash":"36c3835bf3f9e6f6e109d3a8c6818430322a1af37d91c6a443f5af5edd1404e1c6da92","first_seen":"2023-12-10T15:49:17Z","last_seen":"2026-03-29T15:19:13.489458Z","times_seen":107,"resource_available":false,"data":null}},"time_used":412,"timings":{"blocked":201,"dns":83,"connect":5,"send":0,"wait":4,"receive":0,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:37-2.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.975Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:37-2.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 6183\r\nlast-modified: Mon, 14 Nov 2022 11:03:15 GMT\r\netag: \"1827-5ed6c2fb1bf42\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6183,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit colormap, non-interlaced","md5":"32c1a5e244629df0f1af330da2344108","sha1":"e5444650fa7e616336ac377012dff883dac734fe","sha256":"08c527095c9e7bf8fac7dc301bc489920a54759f103fb2c5c9792a2704a766cb","sha512":"a1d31d0cc4621be9657510a1587d067c2e6ce2d5cc9b4bf899ad6632e4edee22b5f91352cc0171191f689ad0c26433050a63f29a1cb5d6422c5a362846beb1a7","ssdeep":"192:JGPwl1ODfTImiuiazYLD2LSqYumHEURR7uy1W7:Jg9TE2zqKzY8UjKb7","tlshash":"c4d1a0ef12e2c6c9841a529a1e26af116b350b1204cdd6471fec118abc93d3d46d6458","first_seen":"2023-12-10T15:49:17Z","last_seen":"2025-09-20T06:53:38.26606Z","times_seen":8,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:3943.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.107Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:3943.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 3710\r\nlast-modified: Mon, 14 Nov 2022 11:05:12 GMT\r\netag: \"e7e-5ed6c369ee605\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: MISS\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3710,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced","md5":"d401bdf54a4e4ba82152618b2a043f2d","sha1":"db698d1aea64a051dcbc67663aa1119dc187baf3","sha256":"804673a1cbec3c88ad7cc6e2d6a5b98ddcdce6532300da5c296315f264c68a2b","sha512":"9633c2b49ecefb2e7342b9053765489ad1b46bbffaeefd10a1e3364d8719748e40db7e98e3d092a02a808b26f2ac255a7b4813b2c7de3fc0d109934c3417de63","ssdeep":"","tlshash":"5b717f12d5753965f0dd92e094153ce7d3694e52585d2eea02c57cfc5f413c70b419c6","first_seen":"2025-02-22T12:39:09.27262Z","last_seen":"2025-09-20T06:53:38.266638Z","times_seen":4,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/actionbn/1125x469+%286%29-221@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.304Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/actionbn/1125x469+%286%29-221@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 45162\r\nlast-modified: Fri, 12 Sep 2025 12:44:16 GMT\r\netag: \"b06a-63e9a03040833\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45162,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 750x313, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"450d88cff7e1641522f1e7950d3d76ce","sha1":"2546801ba93e452f8b477b85818d5d94adf8e13f","sha256":"422fa1055f1d91871b7813915adf5b373b3bb50cf74cca1b239ce3a6ae6164e2","sha512":"a1fe43bdaf3f4f079d7627b67d2eb2d99eaeb9637b2e0d8fb201e73e78341024aeee9f9e7b27660355e9360912ae4a839832e393327ddafff90d3d62b0ea0563","ssdeep":"768:L6OSy9sNpKupb+XWHio73+R3NMZEkT8sN/FhyPykvzlVCJVraZJCE0F9KZ4/K:mOSy941+uiftkT8G/FhGykvn6raZ90FC","tlshash":"9b13f259c312b2315d78176b4a6c2622b07ceb471ec4d4fdb4c87024d6d0ba89fe5af5","first_seen":"2025-09-19T02:19:58.353459Z","last_seen":"2025-09-20T06:53:38.26724Z","times_seen":2,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/f06cd424.d.m.DNxjDgC4.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.262Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/f06cd424.d.m.DNxjDgC4.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 8415\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-20df\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22548,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (22497)","md5":"bfbbc0b9733b9a06ac04d2f42c0e6f8d","sha1":"25ff6039bcb72584376df8321341fa8ab788f53c","sha256":"b4d4a5b50d22502899af7a7d4684c2b44d40444e3ff9acd2537c0c3a5b241b56","sha512":"a3dbd0bb893fea9a8cc088f0e75f83e694b1c43ec98aad2445c06f73378211d925b9a8413a2d4f315c685978c0d65df7761193438176ccaf9398754e75e5f8ea","ssdeep":"384:BBxVYwMgUryABLDpK9CCQxe6INs37rMQWwsydsC3+5r/wJ106qlwACpGlJvhRbn5:BlM9rysLDpKwmNs3fMmc2+5cJ106qlwq","tlshash":"cfa22cb7236292b246ab018990770543d31407d5f14884f179feadae35b9ca2f366f3e","first_seen":"2025-09-20T06:53:38.268376Z","last_seen":"2025-09-20T06:53:38.268376Z","times_seen":1,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/1eb91405.BSU_Jlmq.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/1eb91405.BSU_Jlmq.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: text/css\r\ncontent-length: 495\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-1ef\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1255,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1254)","md5":"f2b0bad6ee88db39a1ffe56a174bda01","sha1":"7062a6d87269ae86636b52d6d188fefd7be66a46","sha256":"a72f767dfbe1dda81fce7a682aa9664b81522fb0d135ed1a079f609328ad2580","sha512":"a14267d80f29afa01760670d4f204f2ef817e6f0bcc2a15ceaf4f370aa96dc352a17f521026f17588b7bc7f2722f1ddca1164864ef2e3b342aadf13487eef171","ssdeep":"","tlshash":"fe2173060d4772b59ce3e11fe0e2b634931edc0fcab3e949a225996c875669ce270f18","first_seen":"2025-04-24T07:07:12.647761Z","last_seen":"2026-01-25T14:09:20.133194Z","times_seen":45,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/prompt/v12/-W__XJnvUD7dzB2KYNod.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.413Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/prompt/v12/-W__XJnvUD7dzB2KYNod.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 17940\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 19 Sep 2025 14:38:10 GMT\r\nexpires: Sat, 19 Sep 2026 14:38:10 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 28 Aug 2025 11:25:32 GMT\r\ncontent-type: font/woff2\r\nage: 58427\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17940,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 17940, version 1.0","md5":"d00c3e51355e3bb01c063709fbab809f","sha1":"13dadc7c5b140de8748bc9203573b93931451126","sha256":"76f4b0e556e9bdcdcd9c839d20f5e3420a3ccca3f2d5da2f7beefb0e95a09bcb","sha512":"f25c89140713d8d0f135d05f658cc46473e1664376486271aef7239e01999fe9ef32ac5d839183c3c22026eb7a7bbd4d102f1beb0c531c80a80e25b04a580674","ssdeep":"384:nhLa3NqEycXKtdAqWvZH8VqnY62EwwlcES75nBCOmplNSkTkb:n4IEycXY5WllvvwvHnf4yQU","tlshash":"5782d1cd9304ce64b06b600e2b61b48463c72f77e938c77f5146cd35abda9574e112a5","first_seen":"2025-04-24T06:53:03.973679Z","last_seen":"2026-04-04T16:05:26.328745Z","times_seen":2965,"resource_available":false,"data":null}},"time_used":406,"timings":{"blocked":197,"dns":1,"connect":8,"send":0,"wait":8,"receive":2,"ssl":187},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.847Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=e0c7f323a8eb4a3eb2d752ec81e08189,sentry-sample_rate=1,sentry-transaction=home,sentry-sampled=true\r\ncontent-type: application/json\r\nsentry-trace: e0c7f323a8eb4a3eb2d752ec81e08189-8ee7016774adbae0-1\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 269\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":104237,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"82f0e3da7666bc8aeb2df051018988b6","sha1":"859ec1503a9b02c1d948f619f03986ce05715450","sha256":"f788fa1753128dee4ffa1a9d4260dff2a9e3517e53e161c1cb97b9ecea77e2aa","sha512":"e614797c5a79fb0e7d21d9177e3e4982b44ead577c64213546a6a392c393b3574ad8526fff20d3017a0cbca907f16fe45a96af1da80cea0ea853a5db4ecf151d","ssdeep":"3072:74tAhSbWnsfGF27CArixaPreFEX4djiBgzMBcUroTq5CX9pklWHyh5UVG3iH9wR7:74tAhSbWnsfGF27CArixaPreFEX4djin","tlshash":"11a3f26f6285aca7eb4e139cbc5f3ce8564f2003a544f7a0b15e9e5586f04ff5122272","first_seen":"2025-09-20T06:53:38.270802Z","last_seen":"2025-09-20T06:53:38.270802Z","times_seen":1,"resource_available":false,"data":null}},"time_used":64,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":64,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:43-2.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.007Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:43-2.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 9271\r\nlast-modified: Mon, 14 Nov 2022 11:03:26 GMT\r\netag: \"2437-5ed6c30527728\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: MISS\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9271,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"56516725aefb1df0f73e7a6bc3ec6842","sha1":"b5d1f20d7e2be408e316cee47a38e2aadbba1564","sha256":"3735bd31a6c7cabcb3ed9307583d4b1e8525709a440fac95397996e339ec16ae","sha512":"8d476ba9c5a1108b0e6df85f289719c2dfd8538ed005942b9d29a853ed3107c704f93c585b6f39e12019fdb346d74e3e9922e36121bcda2df55466d0dd32d647","ssdeep":"192:vOJPnkR3v0uxl3AIUHp9xJZPeLWzzGmYT6KuaHhEe0aEbn:qPkVjlQFbPeKnQcaHhi9","tlshash":"1212ade6031c5dcab095a1a41372ac9b512b1337a52ce989b3c9d8181c6327f3d83bfc","first_seen":"2023-05-22T06:42:39Z","last_seen":"2026-03-22T19:47:28.432114Z","times_seen":40,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":90,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/app~tooltips.944a7624.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:10.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.intercomcdn.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 31 Oct 2024 00:00:00 GMT","end":"Fri, 28 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"D2:4F:FB:78:56:DC:20:7E:66:CC:9B:57:7F:92:C2:FA:50:69:C1:5B","sha256":"09:35:37:9C:E9:C9:26:27:7B:F2:E2:42:CA:82:EF:F1:2C:B2:B4:97:04:61:0B:FD:77:9A:15:4D:57:F4:76:D6"}}},"request":{"raw":"GET /app~tooltips.944a7624.js HTTP/1.1\r\nHost: js.intercomcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 69128\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nlast-modified: Fri, 19 Sep 2025 15:43:08 GMT\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: gzip\r\nx-amz-version-id: wUDG7hdTsaS_iTjFBQoH6YBYOipA7GCb\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 20 Sep 2025 05:09:31 GMT\r\ncache-control: max-age=31536000, s-maxage=7200, public\r\netag: \"f69b30c6db7f761b43c475f1edf50447\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 2d4ccfc38ee1229022124d55e34be376.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\ncross-origin-resource-policy: cross-origin\r\nage: 6159\r\nx-amz-cf-id: MGmRqzUjnWxJ5e_fmtWj1mrRRdmY3bxRgWIKeRBcjMkws8W5P196lQ==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":303065,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65457)","md5":"d767afac4e95a0a76aa337aea76093bd","sha1":"c2a00f43af005b4127fe2d0e32fad37a78a65bbe","sha256":"c31f34239bf0abfcb24d11fcb5c81194031fb2cb0255f6beda8c7c0014a3a031","sha512":"5a813ab0d6d57e20810cc81eb3704274f0d8c863612deb1dc85ddd898851c12e080c90c41d409ad11f21b3dec56c90facaba238afe93c6c1234de45f091c0d7e","ssdeep":"6144:fdqqwTS9kLqa9zPJvR9N61IiUITJJaqM1LnSIlLN:ghPJvRX61IiUITTatLSI1N","tlshash":"52541988f1d17028e6576124816f050eb33e7999f40e45e4f6aae8e5acbd1ce4123fed","first_seen":"2025-09-19T11:55:02.81561Z","last_seen":"2025-09-24T13:02:01.677067Z","times_seen":64,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":19,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/7a71a6d3.d.m.BrcMdJDK.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.957Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/7a71a6d3.d.m.BrcMdJDK.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 8230\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-2026\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28389,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (28338)","md5":"df6dc91b58d9ce6552ade71fd6cc8c56","sha1":"dd00158b60fecafdeaaf9f37a35d27f6ee866096","sha256":"0dfe090b6a7a8f29971981befaf451c04bf37ec7d10204b5339a8ddf3f0516d2","sha512":"dcbf323786d25446525501b7e4519ba2e41a13cb516b94223c01b730f685e4053a65cda0a8aafffdd89f81fb80004f75bc9e4424649382a9c70207596654e8d6","ssdeep":"384:JgcWFD0Ly5T+fOCxSgM5ScHHsTYWdA3V8eHmPgacWlcSpEy3Md+XjXmQpIaEFX5U:Js0+5ifOCol5SvYWdA3upg5SpJ3MU","tlshash":"41d292c831d9f5e14293a624403fa207f27a3d72041ce598f732eae67c7465a9177e3a","first_seen":"2025-09-19T02:19:58.349352Z","last_seen":"2025-09-20T06:53:38.274509Z","times_seen":2,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/2df41dfd.d.m.Cd6cVkuY.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.970Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/2df41dfd.d.m.Cd6cVkuY.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 6007\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-1777\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15088,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (15037)","md5":"6c3faf87c897103f8397cea5b40db1dd","sha1":"6ac0f1789fec94dc1e447fe31775463928305133","sha256":"3affc20eee19675686e382c065fbe1bf82de24621ab44c0b9ac56c646dd282c6","sha512":"b2cec0f4fff1d243d68cc0efe246aca11b7662cdaf33fa7302f89e95358e640e13b9802cec7e6bc18304e2e439427a6657d7b2240f9fad1878f31d4f80941813","ssdeep":"384:b6+nRnd5caRiWRz4aWhdu5Dx4Q5bbxlEPa3GmSzRXlj/v4FGhW9sJWO:b6+nRd5cZ24vg594oHxlEy2mGhx/v4FQ","tlshash":"53621af674eda57043e60af0a0b70106f5e451283089d4a0f59f96ff09eb980a967f7d","first_seen":"2025-09-19T02:19:58.418093Z","last_seen":"2025-09-20T06:53:38.275527Z","times_seen":2,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/logo.CTzo9Wgk.svg","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/logo.CTzo9Wgk.svg HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 576\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-240\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":989,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"c084e668671b35036439f1639690ef75","sha1":"9988516ab917ea62df37ef9136a9ee89da7e049c","sha256":"6516e9411efd44270ddd1ed1af1523a9c63a61a1bf29b697e1aac53302963b36","sha512":"edec61a2a75471788a707cabe122822827b51e7ae00390f54c00b36dc201a0885b035718ea7f4ec9b2e6344dc485b7d2182c142019daa3fd17f1cae14864a80f","ssdeep":"","tlshash":"0c1121eb861062bcab55afa5ea307416b10f547e3f4a86acc26c830014939d4e40cc54","first_seen":"2025-02-12T21:05:05.539064Z","last_seen":"2026-03-29T15:19:13.409426Z","times_seen":96,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/files/top-nav/vip-ic.svg","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.244Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/files/top-nav/vip-ic.svg HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Mon, 29 Jul 2024 11:38:11 GMT\r\netag: W/\"106a-61e614bbda1cd\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":4202,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7ef082510b46a6aeb00c0df559b2de18","sha1":"b483a67c1a80a1db0afdd67246d5faf47f846f42","sha256":"155705ad90a321b396a52fbab695bc92f9a2046aac18371fb9a172657e97c2a6","sha512":"b23cde6916243bb8bd8695e5a97722d815217395a2727cd39aa9f459f344b88c951a260a56557d6bab22af21307f9765e408b8f67d310970747131cd6fdb2d11","ssdeep":"48:e8O6IHpZU+i2/zId7HoWsiN0thXLiJpwO/b37IvgFLQLZi/hABNFkg62venBHcA2:go0kMWsA03i/bYgF0I/hABLkrQeBB5K","tlshash":"c681892aa144d61d5883e24dcbbf91e1134e4066f1ea92dc7affd3aca10f4d4f946834","first_seen":"2024-08-31T07:43:54Z","last_seen":"2026-03-29T15:19:13.373051Z","times_seen":108,"resource_available":false,"data":null}},"time_used":132,"timings":{"blocked":127,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:38-2.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.271Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:38-2.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 28061\r\nlast-modified: Mon, 14 Nov 2022 11:03:17 GMT\r\netag: \"6d9d-5ed6c2fcac604\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":28061,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"615274b59dd4e7749cdce02d0e5ea639","sha1":"01ba6f71a68ccad7df058e5dab2c3b43f402e290","sha256":"a4353df0d45673ae0685be75ad1345ad25b4786d92775932761d45bd21175e47","sha512":"8f0e079ad5946d985c358ef1d2096a1cb5318c6111dab1ec461cd28e2cf398d185cf1c4991e759106348dc83bbb9efe5411930d4f962664f94dcff9b049c629e","ssdeep":"768:3STgmoxu0KmjSQveUNXI44ajRCcFtESD0wA:ioMZmuQveUNXIgzkwA","tlshash":"2cc2f183414499c16b6976c92b317a3726c737eab097b32d2df3e291770f092042cadb","first_seen":"2023-05-22T06:42:39Z","last_seen":"2026-03-14T21:34:59.568744Z","times_seen":96,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":-1,"dns":61,"connect":37,"send":0,"wait":33,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:557438.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.224Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:557438.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 16014\r\nlast-modified: Fri, 18 Nov 2022 14:46:07 GMT\r\netag: \"3e8e-5edbfc40b9de9\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16014,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"ba6b9ef5f45c91b980b37b26ffbe4f00","sha1":"cefff870078fcf4552af158c200b4bd550de2277","sha256":"a4493b7e5f103beaa85b263d2376c0e9275b7840906549abd26ba22bf0fdd2c0","sha512":"bff1e6db375396a73ffbe34b3ca9b54fa7a6da8b892dfc37d0e823d150630fbad651da02758df86004511c523dda2039888c8c23d61c98b18bdf221324a89295","ssdeep":"384:ZsEcq1Ly/55aZxLoVjpV3rTprNjSo+U49IC9KFBERG7GTg5cF:Uq1Ly/5sF6TvUnoFBqvz","tlshash":"5e72d0026e2aa3de25dbb7821d1d642624fb26132431bf07c94b18c1c61fc6ca99775c","first_seen":"2025-09-20T06:53:38.280381Z","last_seen":"2025-09-20T06:53:38.280381Z","times_seen":1,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pool.liftdsp.com/ul_cb/pixel?id=154038\u0026t=js\u0026sink_id=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251\u0026\u0026timestamp=2025-09-20T06:51:59.803Z\u0026fire_id=1758351119803-91ab9be2-308c-4242-83f6-4dd2eb3e1f4c","fqdn":"pool.liftdsp.com","domain":"liftdsp.com","tld":"com"},"ip":{"addr":"35.206.140.87","port":443,"asn":15169,"as":"GOOGLE","country":"Belgium","country_code":"BE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.991Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pool.liftdsp.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Thu, 04 Sep 2025 00:00:00 GMT","end":"Sat, 03 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E9:D1:1F:8C:03:79:86:40:F2:82:80:03:91:2F:F5:D3:BE:9E:80:E6","sha256":"45:A8:F2:04:BC:98:4C:A8:E1:9A:B1:A0:3F:CF:0A:6A:43:2C:B4:D6:CC:5C:26:2E:59:FD:FC:B1:AE:AE:58:26"}}},"request":{"raw":"GET /ul_cb/pixel?id=154038\u0026t=js\u0026sink_id=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251\u0026\u0026timestamp=2025-09-20T06:51:59.803Z\u0026fire_id=1758351119803-91ab9be2-308c-4242-83f6-4dd2eb3e1f4c HTTP/1.1\r\nHost: pool.liftdsp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-length: 0\r\ncontent-type: text/javascript; charset=UTF-8\r\ndate: Sat, 20 Sep 2025 06:52:01 GMT\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":29,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/bn/2460x696+%283%29-78@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:06.896Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/bn/2460x696+%283%29-78@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:52:06 GMT\r\ncontent-type: image/webp\r\ncontent-length: 131062\r\nlast-modified: Tue, 16 Sep 2025 11:15:20 GMT\r\netag: \"1fff6-63ee93c550534\"\r\nexpires: Mon, 20 Oct 2025 06:52:06 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":131062,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1640x464, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"684ace39a4226fe9df645929eb268cee","sha1":"05c0728208e7dee9f7dfa6c751a2c2ee67357215","sha256":"d87ae93819aa69e02bafde3d14a2d11bd938ffaeed7e838e3f0c4a679e6c25fa","sha512":"5498149a71e8fde95b1b29e5906213c345cbf02d65a9b7b9dc7cf74095f169f64629ff91cc93693bd97140f450a088c6a8f9dcefe26d5a66ab2c672f3a8e4065","ssdeep":"3072:SbzxVwsiYL9mebX1xI99CspYgmsiBknuT+gxK9jx8T:qz5lxI99LDyBk0I9x8T","tlshash":"77d31210f82ce26d2fd9fc814f945f26e5e1607b804c7c4372abbef838558e92559c9a","first_seen":"2025-09-19T02:19:58.404125Z","last_seen":"2025-09-20T06:53:38.281503Z","times_seen":2,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/8a28bc4d.d.m.C6SPDTUI.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.967Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/8a28bc4d.d.m.C6SPDTUI.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 167344\r\nlast-modified: Wed, 17 Sep 2025 12:25:09 GMT\r\netag: \"68caa8a5-28db0\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":613232,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (22580)","md5":"5991e6ea451c5979547694178a67b17d","sha1":"7a185cfb8eca56d83ad665d7f80efaede895ce63","sha256":"a2bafa77a66ad577ecb7506ec583d1c6a3f90d5ae80cb9d68f18bf8bb3a736ad","sha512":"1d47cac116ecb6ad1c6ab79e230cefe055821a1654c8f5ff3f928010e4d31cc7474177dbc14f6d66dfaf5ba7325efb6e57273dd9fff4796b6b5e30bcc03e405e","ssdeep":"6144:UBSAZSgaRL89uaM5a+Jd60nM60Ob1NfWBl8SibE3iM3OY52hiPbG7Id/nEuoEM9a:UBSlLQuaMpBNfWBCSibEneY52OGgp","tlshash":"9ed45b557255383647e601e9906f0a06b33a1a2e9448c49cb66ce9ef38bdc4931bff7c","first_seen":"2025-09-19T02:19:58.318968Z","last_seen":"2025-09-20T06:53:38.282671Z","times_seen":2,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-2/betline/daily-combo?ctag=en-US\u0026locale=en_US","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.988Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"GET /api-2/betline/daily-combo?ctag=en-US\u0026locale=en_US HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=e0c7f323a8eb4a3eb2d752ec81e08189,sentry-sample_rate=1,sentry-sampled=true\r\nsentry-trace: e0c7f323a8eb4a3eb2d752ec81e08189-ac3fe3f7ca88d271-1\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/json\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":12440,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"82dce7a944df5c0373634b6a50d4f3e9","sha1":"4214fe7e5592d45044386e5808f52f7f408ac7df","sha256":"053ca07723ee3ffa4ebf3a9c9610519501e8cdc59fcb5ba752c35aec7a0edc07","sha512":"2d4906bccaddcee14b4658fbd05b538e51610f536e0e151fad27d382c1da9db66791163cc60de6793ce5602477d101cac2fab1888ed9e2801e2ae3c20f91716c","ssdeep":"384:Ij48d8rZW8d8r6m8d8ffW8p84Vdq8p84Vzs8p84moU8n8EIX8n8E108n8JS48n8l:248d8NW8d8um8d8nW8p84/q8p849s8p6","tlshash":"ed42f20e06cc0dfddb6428deada72dbd61a5021a96c0ed57f16ecfd87130ab5307264a","first_seen":"2025-09-20T06:53:38.284087Z","last_seen":"2025-09-20T06:53:38.284087Z","times_seen":1,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:14.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=970305583a5748bcb3ddc0aefc14caed\r\ncontent-type: application/json\r\nsentry-trace: 970305583a5748bcb3ddc0aefc14caed-84eceb7f5f4602a4\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 139\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251; _ga_JZZNGY93CC=GS2.1.s1758351120$o1$g0$t1758351120$j60$l0$h0; _ga=GA1.1.206665698.1758351120; intercom-id-cnjqphyx=ae23bf96-1d48-4e97-8cb4-428201d1ef26; intercom-session-cnjqphyx=; intercom-device-id-cnjqphyx=287449a7-a7b9-4495-9751-5a88562c3289\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:52:14 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":205659,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"6feef98ab448f9c7be322f74857099a6","sha1":"9a8120db96c0eaa37fe9b101883d7bd24a7e00d9","sha256":"5e997fc11fb0c1852168913765b450545313532cfa3830ffac5bb0943a2a34a2","sha512":"ce66f1b87b578aed2454b7814bc1838e5cd0e9b9a046cd7cd43dfbd64dae1222f82865b60137b0b6f36d34c2ea3ed865e96554f7c67c0a0b4d04c7c3e830760a","ssdeep":"768:91aVXsJxbniFIr2Z8+KMNa7YpG3LVdc/ORgDC4USXXmJh4T6wtX1PGx0i0AjuF0J:O3glweSMhTNu3kTagqnJ+nd","tlshash":"e714c5a9771f583e743b54fe97064b61262671b6bc2ca060e96fbd5830becad6035c03","first_seen":"2025-09-20T06:53:38.28517Z","last_seen":"2025-09-20T06:53:38.28517Z","times_seen":1,"resource_available":false,"data":null}},"time_used":74,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":73,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:30-2.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.946Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:30-2.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 17710\r\nlast-modified: Mon, 14 Nov 2022 11:03:22 GMT\r\netag: \"452e-5ed6c301a2fc3\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17710,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"bea6fea3c0f3193a59a74efe88e70b85","sha1":"49e152caa5b726fca78b654cf0a7f60b81a1cc68","sha256":"363b006c7d44d6f6223fddc948fc19b0ac87c0b3f0dbe92ef1655ae2a2f947ef","sha512":"3015b81f070aff9720f22dddcc6b1f52ed5df74cd199bbd159b34ebc7f7fa202c507cafeff50af929089476c6b11782f892752c4a35a4a7bc31cb59c351ceae1","ssdeep":"384:jW2QDddgW+ePGzQw0MvkMASUjxqqSqWn1vsU+tfkJTlJxZXskUi+HE:jRQDddgyPG5vkRwwS10z+LHsq+HE","tlshash":"bc82d1c55a5cd3af22d6d4480651b0c0c6f720c6ea96c667272cec302def6b2227bd21","first_seen":"2024-05-15T05:49:44Z","last_seen":"2026-03-01T05:41:07.375122Z","times_seen":9,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-2/betline/headline-matches/changes?ctag=en-US\u0026allVtag=9c2cd386-31e1-4ce9-a140-28e9b63a9300\u0026flags=reg,urlv2,mm2,rrc","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:13.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"GET /api-2/betline/headline-matches/changes?ctag=en-US\u0026allVtag=9c2cd386-31e1-4ce9-a140-28e9b63a9300\u0026flags=reg,urlv2,mm2,rrc HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=970305583a5748bcb3ddc0aefc14caed\r\nsentry-trace: 970305583a5748bcb3ddc0aefc14caed-84eceb7f5f4602a4\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251; _ga_JZZNGY93CC=GS2.1.s1758351120$o1$g0$t1758351120$j60$l0$h0; _ga=GA1.1.206665698.1758351120; intercom-id-cnjqphyx=ae23bf96-1d48-4e97-8cb4-428201d1ef26; intercom-session-cnjqphyx=; intercom-device-id-cnjqphyx=287449a7-a7b9-4495-9751-5a88562c3289\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:52:13 GMT\r\ncontent-type: application/json\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":124473,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"e673932b34b6a244e2f780d311b56c05","sha1":"3a430a77b4206ed4d3042d7b792dfd66519453e0","sha256":"4381aa9f12fc47511c73f37c55fec54457537c1f8be05d158fd641afb3307902","sha512":"f9804cbd86f03997d3573659aa0bb32d1c0c8149b932977b29ce4579d4273c9e9f654395846cf2f31348a50eab73308ca6173b4389d9aff83fa4046ec29bcf4d","ssdeep":"3072:zv+a/heUk1qVOWSObVWF3UjFG6hKc3acb/bOWqoXycNwS3iU0Ce/546tQA6c3:zv+a/heUk1qVOWSObVWF3UjFG6hKc3a7","tlshash":"51c30c0c22090dbdd76229d9cd872bf558c4537fbed8ee82b6eccac465753ae221111b","first_seen":"2025-09-20T06:53:38.288046Z","last_seen":"2025-09-20T06:53:38.288046Z","times_seen":1,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:762562.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.238Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:762562.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 19514\r\nlast-modified: Fri, 18 Nov 2022 14:46:05 GMT\r\netag: \"4c3a-5edbfc3f8f049\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":19514,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"0a4f8b47bb6076988dba278f00bcd4bd","sha1":"cce76b5bb54172d2b1aa318605c8669d4f17bc71","sha256":"33fa1420377286add019b872e454245849fc76877dd3a0d30ec5fcbc8564bd49","sha512":"58018b533459cfeac529fa93caa5eceab72b5c64e8d148108a5afc1accfd4e6359d2664f44df97a3d7c9ce7b0fd879098a6517173902c5b2451aeb71d1e228ef","ssdeep":"384:scX+yxStIUCzhO+2829cmHHTipJbZ1OiFuse6NIqu/8u2+hcs8:BXKCgu2+AT8bZ11A2/8LcJ","tlshash":"f792d1bb8264f95e1e98a7ff1ce2a17144e4e4e1bb6ce14fb844c11915f10522d3d61c","first_seen":"2025-09-20T06:53:38.294393Z","last_seen":"2025-09-20T06:53:38.294393Z","times_seen":1,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pool.liftdsp.com/pixel?id=154038\u0026t=js\u0026sink_id=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251\u0026\u0026timestamp=2025-09-20T06:51:59.803Z\u0026fire_id=1758351119803-91ab9be2-308c-4242-83f6-4dd2eb3e1f4c","fqdn":"pool.liftdsp.com","domain":"liftdsp.com","tld":"com"},"ip":{"addr":"35.206.140.87","port":443,"asn":15169,"as":"GOOGLE","country":"Belgium","country_code":"BE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.731Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pool.liftdsp.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Thu, 04 Sep 2025 00:00:00 GMT","end":"Sat, 03 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E9:D1:1F:8C:03:79:86:40:F2:82:80:03:91:2F:F5:D3:BE:9E:80:E6","sha256":"45:A8:F2:04:BC:98:4C:A8:E1:9A:B1:A0:3F:CF:0A:6A:43:2C:B4:D6:CC:5C:26:2E:59:FD:FC:B1:AE:AE:58:26"}}},"request":{"raw":"GET /pixel?id=154038\u0026t=js\u0026sink_id=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251\u0026\u0026timestamp=2025-09-20T06:51:59.803Z\u0026fire_id=1758351119803-91ab9be2-308c-4242-83f6-4dd2eb3e1f4c HTTP/1.1\r\nHost: pool.liftdsp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-length: 0\r\ndate: Sat, 20 Sep 2025 06:52:00 GMT\r\nlocation: https://pool.liftdsp.com/ul_cb/pixel?id=154038\u0026t=js\u0026sink_id=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251\u0026\u0026timestamp=2025-09-20T06:51:59.803Z\u0026fire_id=1758351119803-91ab9be2-308c-4242-83f6-4dd2eb3e1f4c\r\nset-cookie: tuuid=33522205-a19f-4a99-8b15-9882695aa380; path=/; expires=Sun, 20-Sep-2026 06:52:00 GMT\nc=1758351120; path=/; expires=Sun, 20-Sep-2026 06:52:00 GMT\ntuuid_lu=1758351120; path=/; expires=Sun, 20-Sep-2026 06:52:00 GMT\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":476,"timings":{"blocked":222,"dns":112,"connect":26,"send":0,"wait":30,"receive":0,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/vendors~app.6c352908.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:10.416Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.intercomcdn.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 31 Oct 2024 00:00:00 GMT","end":"Fri, 28 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"D2:4F:FB:78:56:DC:20:7E:66:CC:9B:57:7F:92:C2:FA:50:69:C1:5B","sha256":"09:35:37:9C:E9:C9:26:27:7B:F2:E2:42:CA:82:EF:F1:2C:B2:B4:97:04:61:0B:FD:77:9A:15:4D:57:F4:76:D6"}}},"request":{"raw":"GET /vendors~app.6c352908.js HTTP/1.1\r\nHost: js.intercomcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 118581\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nlast-modified: Fri, 12 Sep 2025 20:29:05 GMT\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: gzip\r\nx-amz-version-id: XcdOkMK3UWZMVXSLuPfaChOGHzGTV97H\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 20 Sep 2025 05:12:15 GMT\r\ncache-control: max-age=31536000, s-maxage=7200, public\r\netag: \"07993dec3c4dd37ac0a42cbf0b494f98\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 2d4ccfc38ee1229022124d55e34be376.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\ncross-origin-resource-policy: cross-origin\r\nage: 5996\r\nx-amz-cf-id: 2AnVHFobfZs_voGTXPt3_IHCEy1xjpb7i-eQ_Hl9mJARaTT1XpFvYQ==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":569731,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"bd29760ee85837c7456682c493163142","sha1":"bf59ac66fabae8663ea048aaeb1e0976e3824752","sha256":"757dff52a688cf9983b751e031d49b281a903105c8ca91d7bda6ad5c922a139a","sha512":"31cf7b0f0d56e4e5e03164680056804c2a37180acea8fd09d99327f5afca6388215bb4aba3b8f3bf50ec58240350ef2f577bfa4791649a0db1751a0aebe762b5","ssdeep":"12288:km2wD8/vm6htaTsfA/ibMuyVlTV3XW1R+zzLwSdF:km2wD8/vm6htaTsfA/ibMuyVlTNm/+zp","tlshash":"17c429c4b6e1f5b64b9750e2583b1007f33a495c202d90a4b36cd5dbb8ec58e61b6b3e","first_seen":"2025-08-21T10:18:15.977942Z","last_seen":"2025-10-31T16:49:06.749861Z","times_seen":2024,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":25,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:13.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=970305583a5748bcb3ddc0aefc14caed\r\ncontent-type: application/json\r\nsentry-trace: 970305583a5748bcb3ddc0aefc14caed-84eceb7f5f4602a4\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 656113\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251; _ga_JZZNGY93CC=GS2.1.s1758351120$o1$g0$t1758351120$j60$l0$h0; _ga=GA1.1.206665698.1758351120; intercom-id-cnjqphyx=ae23bf96-1d48-4e97-8cb4-428201d1ef26; intercom-session-cnjqphyx=; intercom-device-id-cnjqphyx=287449a7-a7b9-4495-9751-5a88562c3289\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:52:13 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"2923398f2d5b9bd4dc586ed37add0a11","sha1":"d763eecf27d352d32c78f2cc7fec0e3f31a0fe89","sha256":"9edb30982904bfc0eb135fae65561b7fbcb731190e1665f481f6fa62ae81b30f","sha512":"6e67a94d543f8d7e09be1716203852d78702afdbf05a34b95ef2d7af81167f3caf76d02a51d04eb8d34d3008b3fc66cfe784b7c55cc6d82015dc933361758324","ssdeep":"","tlshash":"d1c02b883d2141011c08d94df321ea84f32132118004466841c860108188cbc694ba40","first_seen":"2025-09-20T06:53:38.295991Z","last_seen":"2025-09-20T06:53:38.295991Z","times_seen":1,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":0,"dns":0,"connect":0,"send":98,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages2-21a8b.kxcdn.com/SC/Leonbets/web2_footer_icons/18+%C3%82%C2%A0%C3%A2%C2%80%C2%94%20%C3%90%C2%BA%C3%90%C2%BE%C3%90%C2%BF%C3%90%C2%B8%C3%91%C2%8F-9.svg","fqdn":"cdnimages2-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.222Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /SC/Leonbets/web2_footer_icons/18+%C3%82%C2%A0%C3%A2%C2%80%C2%94%20%C3%90%C2%BA%C3%90%C2%BE%C3%90%C2%BF%C3%90%C2%B8%C3%91%C2%8F-9.svg HTTP/1.1\r\nHost: cdnimages2-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 02 Jun 2023 12:08:21 GMT\r\netag: W/\"acb-5fd2468b9d3f6\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\npragma: public\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2763,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"63e9bdf84336ba2f0d7fd0116bbc47e0","sha1":"5f1882ed3aa41267bbdb1c083902955e2a965022","sha256":"2c0b2b2f7ac364b363a152aeddf08ad89a3b4043e3347cead0206158492c8a2a","sha512":"f59720c3a786afb91c58de81a4097faebb49e15008f2918805b041afa60d8e790d2296ccc3b01b008992ca92135c59135f27b7c5760542999f8a5c7089e9b5cb","ssdeep":"","tlshash":"145101efa7d4b2c0d807e3b094094a793adf287f77158744425aaee6fb02094484e8c4","first_seen":"2023-07-08T17:48:53Z","last_seen":"2026-03-31T00:45:46.207178Z","times_seen":122,"resource_available":false,"data":null}},"time_used":264,"timings":{"blocked":116,"dns":84,"connect":2,"send":0,"wait":32,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:3-2.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.990Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:3-2.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 8821\r\nlast-modified: Mon, 14 Nov 2022 11:03:12 GMT\r\netag: \"2275-5ed6c2f829fcc\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":8821,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"50d8bfccc82ade31fd24753f6a468dee","sha1":"bec1cd1690fbef4592b7ce479afc04991ad6f911","sha256":"5dfbe72e3f5e1b51bf3db69ebfde87a7afa9a65c2097b835cc9952d67df4cd5c","sha512":"c88f38ecc656c38ef2c019456fe2b908ef480115ee4220712d59ecd6ff857a2a2b83c67c4785d759d3a77c9bb2da08b6731284c8caf5ad9d68733128e8b1524a","ssdeep":"192:UHulNg0yVkZsQz0yBf2WtV/sbyGQIu6dnyN2IW516qdxtbk7nnI2xF:Uyj0uPX/tIy9INTWqnYnnlF","tlshash":"8502bef9df891c64f13fce5eca166d54a0334e683448960b510dee297703b9aaaf54c1","first_seen":"2023-05-22T06:42:39Z","last_seen":"2025-11-01T20:26:03.715678Z","times_seen":32,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:2833-2.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.072Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:2833-2.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 17158\r\nlast-modified: Mon, 14 Nov 2022 11:16:09 GMT\r\netag: \"4306-5ed6c5dce17c8\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: MISS\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17158,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"6da0299ec50e0a6ecaf413a6c68e650d","sha1":"6344ba2a4ff6ff8cb62365699354886e961b04f5","sha256":"bcacccf3efb28091badcf1ea86a406f4b047c6974bcfe887cfe3bd98db97f2de","sha512":"ebdcd32faf6e9d162325953625fcbf2c7a8ac70d6cd12f57ab6cc85cc633cd970a6539eca360c60c99bceafd90706a830dd13612529b57f2c5f1eaf0f1168b39","ssdeep":"384:0F/OVBEJRSapKx3WlWlg+sj8OL1LvbXpFI61+qRP1I1jboZEzPRrq/j+vqz:pVBESoKx3W49srvbXV1+IPoIZUdvw","tlshash":"a372e1d76f94f1d9c450ce127c9534235116422daa93304ea7aea42874cf835fb568bf","first_seen":"2023-05-17T09:11:30Z","last_seen":"2025-10-24T13:28:33.913922Z","times_seen":34,"resource_available":false,"data":null}},"time_used":63,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":43,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/bn/Welcome_2460x696-2@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.893Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/bn/Welcome_2460x696-2@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 66052\r\nlast-modified: Tue, 08 Apr 2025 13:16:28 GMT\r\netag: \"10204-63244290f7f12\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":66052,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1640x464, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"1a54a8c00e690c8d9d726fa66a06e163","sha1":"10bef299a85b8c7a26a82ab9bd6349a9c571ffb1","sha256":"9c15543acae97b969edf698a080decbb11d274fa839ae90b391a076b8df37717","sha512":"50a15bfeecba8ab3a209fbca2f327b7146486574161d00dfcee9f14d571a3da8006997455542f23e4e057229065d3e2fe6f3ba09006d645539b1faf5244abe35","ssdeep":"1536:tSWLO2GUOBAfb+Seo3u3SD4QmEBZRQkF9ZVJ74i:u2GUhj+SLu3S0QlZnVZ4i","tlshash":"b053020a6fd788c7ce5762736f49340444205b985bae33261f6adedbc28b3792d14e8d","first_seen":"2025-04-24T07:07:12.76485Z","last_seen":"2025-09-20T06:53:38.298732Z","times_seen":14,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:08.032Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=970305583a5748bcb3ddc0aefc14caed\r\ncontent-type: application/json\r\nsentry-trace: 970305583a5748bcb3ddc0aefc14caed-84eceb7f5f4602a4\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 8698\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251; _ga_JZZNGY93CC=GS2.1.s1758351120$o1$g0$t1758351120$j60$l0$h0; _ga=GA1.1.206665698.1758351120; intercom-id-cnjqphyx=ae23bf96-1d48-4e97-8cb4-428201d1ef26; intercom-session-cnjqphyx=; intercom-device-id-cnjqphyx=287449a7-a7b9-4495-9751-5a88562c3289\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:52:08 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"55af422e1dc379b58dc68b00410da384","sha1":"fd6161d81bd4ab8fc7a54852d8b829b0a80edab5","sha256":"1db1c82202476c6451963c76b3b2c9ec57c5578abb8bbbef30d8e59b67bdd2f9","sha512":"277387b315d8911456cf79d5440e0ed422be88cd48a8e07822aa45def10780df313ade7c53abe09280fb722b850c52df7f40161201320eb146601b9fa7efd56f","ssdeep":"","tlshash":"56c02b44ec0040018e3cc40a9330ea4eab28306140100a9801cd710040449ec3a4f515","first_seen":"2025-09-20T06:53:38.299228Z","last_seen":"2025-09-20T06:53:38.299228Z","times_seen":1,"resource_available":false,"data":null}},"time_used":29,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/7fbe0154.D1LkYgmR.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/7fbe0154.D1LkYgmR.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: text/css\r\ncontent-length: 18959\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-4a0f\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":121933,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"e3d4e4bea193ffb1be90d66a1dfde4c7","sha1":"1c45a4479fb68df8954519918cb7668efe12e058","sha256":"49ae297373213bcb3951fafb908e1c0760106452407e9461e101c98af386ed73","sha512":"1d751512f8d4dd8f778eb3f80fae232389279f7a3ba7b01ea80e92c4896b79fa1802924e87071acd66bd5efbfcb29f14d9f590c5087623384cc197255f9dabdb","ssdeep":"3072:oBBlS6q6LnH7uQzI4JLcBgdgPjP7M10bVMby2cekOKywXwfOIl6V6duEerdA5wuB:oBBlS6q6LnH7uQzI4JLcBgdgPjP7M10o","tlshash":"dbc398fb8e50a27bf767ac9dc3e5f948724eac03cc921976d5b212ac42d6391d390b05","first_seen":"2025-09-19T02:19:58.406366Z","last_seen":"2025-09-20T06:53:38.300274Z","times_seen":2,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/files/showcase/dark/color-tv-1.svg","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.331Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/files/showcase/dark/color-tv-1.svg HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 700\r\nlast-modified: Fri, 19 Mar 2021 17:11:17 GMT\r\netag: \"2bc-5bde6cde231b5\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":700,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"78201370f184cfcceb67ba6d353d3c5b","sha1":"5a291d4ffaf0fdb05027782eb86aa1913c2745e9","sha256":"7e67ee52b9a022aa7601e1a818cfa91bd7bd9dd4d4e677e24891033ed87b9b61","sha512":"939781d469961267ff6baafc61a97c0224eb50a8d12f76be9faeca4f4f2f92922cea90429b5f64d0622870cdbdf9310d14b63da2c1b0803545b9f6bc40f1f385","ssdeep":"","tlshash":"ac012397d15c4a89ba4bc368dd0bf435709c30f745f3d0209142eb7674991da3c1e9d8","first_seen":"2023-07-08T17:48:53Z","last_seen":"2026-03-29T15:19:13.432094Z","times_seen":66,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":48,"dns":0,"connect":0,"send":0,"wait":48,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/71c69379.Df-RY1xq.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.231Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/71c69379.Df-RY1xq.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: text/css\r\ncontent-length: 155\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-9b\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":219,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3423d7cc3aa7ac44d033e2e4be0b00d4","sha1":"a4d591bc0446811187b44bbc1b41c07a7f48f232","sha256":"152add0de253a858678d73d9988ee6214da2dc169ad58e26e2f95e472b50fed6","sha512":"65c19ef7f61a6266e6f34255b873f9d0d88f42971a124787b263063acf53f4c0759f3b40a563d4aaeeee269edf833b3921dea4e9b2fa89f82423aacd6cd8f2e9","ssdeep":"","tlshash":"87d0a7568df1d6336cd0590bb3444a8c30c29c0b85175b04c49a140cf4b359b3202384","first_seen":"2025-04-24T07:07:12.797229Z","last_seen":"2026-03-31T00:45:46.183155Z","times_seen":113,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24_t_200261-2.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24_t_200261-2.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 15105\r\nlast-modified: Mon, 18 Aug 2025 23:27:47 GMT\r\netag: \"3b01-63cac1663b0b9\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15105,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"6c74c397fc82db583b07897f3b47cbfd","sha1":"024bfafab5f5a865bac1add7f9ad32251d8438f6","sha256":"bebff6949fc033218f0183cec5d1b60ebc97c8136b9bbbee5bae67862ec6f001","sha512":"5c7d081811d9fb6c46410ec9ea24d3cb539a70e1eb6516afaa24c307d68419d4dc66668c21eec295f773a62bc9d2c6a673302d02ed2bc7b42f45180700f3f68c","ssdeep":"384:d03DP7TX/NbQ/MP1HRzZbVTG7LdIA1vDR454jM:dUvTPNQ/MhRzq7LdIA1v94OY","tlshash":"3662c0d6858b303335212798976f57ccc0a7b5923a20fd65e63adac9f0c6ad935227c1","first_seen":"2025-09-20T06:53:38.303681Z","last_seen":"2025-09-20T06:53:38.303681Z","times_seen":1,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.962Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=e0c7f323a8eb4a3eb2d752ec81e08189,sentry-sample_rate=1,sentry-transaction=home,sentry-sampled=true\r\ncontent-type: application/json\r\nsentry-trace: e0c7f323a8eb4a3eb2d752ec81e08189-a84e60d09b36dc2b-1\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 7404\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251; _ga_JZZNGY93CC=GS2.1.s1758351120$o1$g0$t1758351120$j60$l0$h0; _ga=GA1.1.206665698.1758351120\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:52:00 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"15adb5a7c9c2b0f379821619b62cbedb","sha1":"64216ebd846b71fe9a21167b4986d2a05fc4f094","sha256":"1604a81bde3c0c265f0633ed023752bcead42bb07570d8505cab1d0f3d8627e8","sha512":"a20b89100b2cccbcd97157ccc49abeda63186510c8a722b814e63ffd4d77c57b931bcdf185dd1e171ee6d933dfa2a407d72bf301f442e21c815d06c1aba983ec","ssdeep":"","tlshash":"43c022c33c8002000e0a800aa220e8c8f322b2000800283c83eef800b0accbc3a8fc23","first_seen":"2025-09-20T06:53:38.304664Z","last_seen":"2025-09-20T06:53:38.304664Z","times_seen":1,"resource_available":false,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/01f20af8.d.m.B4XHZeZT.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/01f20af8.d.m.B4XHZeZT.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 44261\r\nlast-modified: Wed, 17 Sep 2025 12:25:09 GMT\r\netag: \"68caa8a5-ace5\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":130660,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (30853)","md5":"b82be6a70350aeb5ecbf63ccdc1a1144","sha1":"84ae96f7641a8f0e5872ac6cfe5bf539d99b8c60","sha256":"026f2cedf2bf45d996e0edc801997b05eeadce1b6d61158a41760dcebb10325f","sha512":"e5322e0da6baf30993d4e47264e39a523a058e939309140b31d59a214e930306613b899718431ce1be49714ca6eb97df0317e44f0dbfb265767285831e79182b","ssdeep":"3072:JeJhR9YYyG6r4wFjddh3AzbIbVSVqqeJwDiGIsI:JeJhR9YYzwlddPxwDiGZI","tlshash":"90d3f5c872e3f06283e22470002f440af27e6d69949cd4a4f6a5d4f53df995a8637f6e","first_seen":"2025-09-19T02:19:58.373613Z","last_seen":"2025-09-20T06:53:38.306001Z","times_seen":2,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/8a28bc4d.Zz91Zmdd.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.842Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/8a28bc4d.Zz91Zmdd.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: text/css\r\ncontent-length: 4378\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-111a\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":22987,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (22986)","md5":"72bda927578b5aa7dcb8a5f16e2485db","sha1":"123538bf37d8ac1034de00633da3c254090d25ab","sha256":"14b7a03c801bac68f96425f2063f7518368964f93c48cf93242dc5920bf3609c","sha512":"67468312135ae0cbc84132b9e0238bc5beeae3f32b95086e0278c11e54938f985dce5c2a900c41a8985258021e3044a35d6f8db63b6429f981723d3b532c36d9","ssdeep":"192:+BMmdvKyAFB6C5S6elpt5DV9829gSm2hd2HaBEQpPL+2P2gtxvfTQlBltomDFyK4:No5GB6Cc6yuEvfrKEXWWl","tlshash":"11a253ace290a13aad27e53bd398c6cc6314e980fd52db65f312712984cfee1077d949","first_seen":"2025-02-07T04:57:00.60814Z","last_seen":"2026-03-31T00:45:46.166838Z","times_seen":129,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24_t_6-3.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.961Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24_t_6-3.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 15268\r\nlast-modified: Sat, 19 Aug 2023 07:22:47 GMT\r\netag: \"3ba4-6034183148286\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15268,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"e39ad59c40501a16397ce856b2bc20ac","sha1":"6525ae4cee82535c39c6038d44925c71e6ddc941","sha256":"a7498a752a83b2656232405d7dc180f4318ae9e312f208817cbe4aa46e19c03d","sha512":"1218313ceddcdb1e05fc9f5a9ecf2a929c79842f7b25f5d3afc16b19585b67c7b2a9f45d3e5cf31f4e2e07a4773008db7d37ab08757c2dbc6eceeae1f17ee959","ssdeep":"384:NCn6M/OAAv0t25DYxf7lYzUdmBidCq35f+OG1nnC:w/OAb25DYxfdQARDinC","tlshash":"6e62df7077e023371e806e43e7e5bc2539b6753e09797a6d38020498aeb6baf41b5022","first_seen":"2024-03-29T05:33:40Z","last_seen":"2025-10-18T03:17:28.046121Z","times_seen":6,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.380Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/\r\ncontent-type: application/json\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-modernity: modern\r\nx-app-env: prod\r\nx-app-skin: default\r\nx-app-layout: desktop\r\nx-app-os: windows\r\nx-app-browser: firefox\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 830\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: ABTestSeed=84; Max-Age=315360000; Expires=Tue, 18 Sep 2035 06:51:57 GMT; Path=/; Secure; HttpOnly; SameSite=Lax\nqtag_rfrr=null-null; Max-Age=2592000; Expires=Mon, 20 Oct 2025 06:51:57 GMT; Path=/; Secure; HttpOnly; SameSite=Lax\nipfrom=91.90.42.154; Max-Age=31536000; Expires=Sun, 20 Sep 2026 06:51:57 GMT; Path=/; Secure; HttpOnly; SameSite=Lax\nx-app-language=en_US; Max-Age=2147483647; Expires=Thu, 08 Oct 2093 10:06:04 GMT; Path=/; Secure; HttpOnly; SameSite=None\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131180,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"Unicode text, UTF-8 text, with very long lines (65483), with no line terminators","md5":"3f60f0c7c409bcb1c84666ce287c919e","sha1":"ff67e454fe417aec91e31cf10568a57dcdac4e82","sha256":"5d517a44498711e45b91f053f7fb1451e66f34416270bb713040a61d45b0bda0","sha512":"377bf1b50aafc5fe64f437dcb046c3795a2bde9ad3e0c87d6196ca60f5bd4e7a46c828d9663e605b95bdadc9260556b5cca5a454e166e78be9fb546dd21c453e","ssdeep":"3072:pVcaZuxTBTCLwRcCbqTYZEYKpIbUp4FY5KzuTUHOt+DZqJo70JvYj6JSnununMVj:pVcaZWTCLwRcCbqTYZEYKpIbUp4FY5Ku","tlshash":"c5d3c83e721cddafc4874d9d733f2e760429d02625caac9c8d4dca6981ef2f86132656","first_seen":"2025-09-20T06:53:38.308105Z","last_seen":"2025-09-20T06:53:38.308105Z","times_seen":1,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/bn/2460x696+%283%29-77@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:13.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/bn/2460x696+%283%29-77@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:52:13 GMT\r\ncontent-type: image/webp\r\ncontent-length: 66594\r\nlast-modified: Wed, 03 Sep 2025 14:19:12 GMT\r\netag: \"10422-63de649f23cd5\"\r\nexpires: Mon, 20 Oct 2025 06:52:13 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":66594,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1640x464, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"69886c8f4857535f47d669d946b0d23b","sha1":"b3874b648d900d2ca3122f5e25da4742ccf88f5d","sha256":"40ba36561a7cc7880d55d9d9aadab03a2368da59e0e231da61e5b40f5bc9b8e3","sha512":"1c20e72e4a2006d201fe6e4d9c158efe081e83bf595a7bb56e17b329ae6624b7480bf8ba4c0ef4dfd6a64bb10d32d87f5d89c450eeaadcbe8187fca660a4c744","ssdeep":"1536:aggQzgOYr8qkmdfyNGzwe6UGvja1htHLqnAEHh128detiL2:aggQMfoEdfxzZ6UGoPpELD2","tlshash":"a85312b5603b89e619bb27744047fbc6c9ca300f17dfec2e324aba599656004f8af751","first_seen":"2025-09-07T05:29:22.044105Z","last_seen":"2025-09-20T06:53:38.309281Z","times_seen":3,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:2695-1.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.294Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:2695-1.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 129859\r\nlast-modified: Mon, 14 Nov 2022 11:30:30 GMT\r\netag: \"1fb43-5ed6c911e4578\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":129859,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 316 x 316, 8-bit/color RGBA, non-interlaced","md5":"38c4bfa2f517153ac003207586d90928","sha1":"5c10239dfa12ea9d30cbd6c87069fc46947d244c","sha256":"4925daa8577607e528c9d7e14ba3650f2efb567f344566fe6fbf81c7f99785d6","sha512":"398134d54a89e12081c6b2c5603b6faa3588fc4d240935af069304b220c375e6644bb52ce83ae7ec792c12220ed9e12f17308372f89e80d238222308544826b6","ssdeep":"3072:/iy3oHrJPqeHT7RN+QnWG+l2+O/KrsJcUYU:qbLllHL+zG+lLOS4Jc1U","tlshash":"16c312a7580ce9f1cb9cdb2dd1ab88ec486351c84d5e515b8772c8d39b0bf6a27b0613","first_seen":"2025-04-27T23:05:09.899811Z","last_seen":"2025-09-20T06:53:38.310513Z","times_seen":2,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":78,"dns":0,"connect":0,"send":0,"wait":33,"receive":20,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.intercomcdn.com/vendors~app~tooltips.e743fc3e.js","fqdn":"js.intercomcdn.com","domain":"intercomcdn.com","tld":"com"},"ip":{"addr":"3.164.240.120","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:10.409Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.intercomcdn.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Thu, 31 Oct 2024 00:00:00 GMT","end":"Fri, 28 Nov 2025 23:59:59 GMT"},"fingerprint":{"sha1":"D2:4F:FB:78:56:DC:20:7E:66:CC:9B:57:7F:92:C2:FA:50:69:C1:5B","sha256":"09:35:37:9C:E9:C9:26:27:7B:F2:E2:42:CA:82:EF:F1:2C:B2:B4:97:04:61:0B:FD:77:9A:15:4D:57:F4:76:D6"}}},"request":{"raw":"GET /vendors~app~tooltips.e743fc3e.js HTTP/1.1\r\nHost: js.intercomcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 182893\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nlast-modified: Thu, 18 Sep 2025 19:52:13 GMT\r\nx-amz-server-side-encryption: AES256\r\ncontent-encoding: gzip\r\nx-amz-version-id: PdDDBftL5N4_HAkvgvrF0enWguKjrNqb\r\naccept-ranges: bytes\r\nserver: AmazonS3\r\ndate: Sat, 20 Sep 2025 05:28:35 GMT\r\ncache-control: max-age=31536000, s-maxage=7200, public\r\netag: \"245575a2fc7396556e4255b3497bb758\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 2d4ccfc38ee1229022124d55e34be376.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nalt-svc: h3=\":443\"; ma=86400\r\ncross-origin-resource-policy: cross-origin\r\nage: 5015\r\nx-amz-cf-id: oUMglgaTvLYJsocffOidQSTExIJwTyRepztl-grWLf_c87GuuZRpLQ==\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":875012,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"data","md5":"0dcd99ff38bd2098c09ee88f90e8fa22","sha1":"4d896d188754f373dc51e141c760f5f41fccce04","sha256":"83cf532a98a787b7169477f8ba7b02ecb7f41772693d8ab061e2a7b4148f6c39","sha512":"d2e671de5774f61257b88022a0ecb9a48a77841aeadd3c3b08428a46909e2ccb972a8ec514c2854342219780fa21a91c954e0c4aa7c30e5d95509a294700087b","ssdeep":"6144:Ap0/n5IyKHtdp0in5IyKHtSWgrUAAPOXbr01VNKpHjdgN46bJ2ls3wwoxzWWeFbu:U9y94IKpHjdgN46i3R","tlshash":"f515926498a878ed63cf7186908f986e2d6c00338285ee647dd847e717661b63433f7e","first_seen":"2025-08-26T16:03:15.870511Z","last_seen":"2025-11-07T07:22:00.395756Z","times_seen":2366,"resource_available":true,"data":null}},"time_used":50,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":40,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/2491c3d3.d.m.CZ6DTodl.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/2491c3d3.d.m.CZ6DTodl.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 931\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-3a3\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2118,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (2067)","md5":"8474bbf69f3867dfa7167cca2ab7e09c","sha1":"f25d427ffb31b18c48a69684a5ced5224c0873fd","sha256":"674a0c6fae6dbbc781a9dab97bd35ff473d31f3c390700090ddcf74b693ac054","sha512":"ab6b7bf3ed93049c56a7820b6831fa70e61155139523d1a9a178ca5c3bb85687c1a80ce971057881a562471afed26c2199a84eff2da55ed6a3d66b385e9a69ef","ssdeep":"","tlshash":"1841a79e7454bb36160386d6ea084006613726f3e650086cbbbd7fe1c3ef585d3a1b79","first_seen":"2025-09-20T06:53:38.311615Z","last_seen":"2025-09-20T06:53:38.311615Z","times_seen":1,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pixel-us.r2drtb.com/pixel/js?auth=4jg3s6\u0026event=visit\u0026uid=undefined\u0026tid=undefined\u0026cur=undefined\u0026amount=undefined","fqdn":"pixel-us.r2drtb.com","domain":"r2drtb.com","tld":"com"},"ip":{"addr":"88.214.195.101","port":443,"asn":46636,"as":"NATCOWEB","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.r2drtb.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV R36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 26 Jun 2025 00:00:00 GMT","end":"Wed, 08 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"D0:48:15:25:D2:83:00:DD:7D:70:07:A2:B0:40:FB:88:E5:9B:C3:05","sha256":"59:30:1A:64:93:31:49:89:58:C3:C8:2E:88:12:01:02:54:8C:F0:86:A1:40:B7:58:E0:4A:3B:ED:8D:8F:9F:A0"}}},"request":{"raw":"GET /pixel/js?auth=4jg3s6\u0026event=visit\u0026uid=undefined\u0026tid=undefined\u0026cur=undefined\u0026amount=undefined HTTP/1.1\r\nHost: pixel-us.r2drtb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Sat, 20 Sep 2025 06:51:59 GMT\r\nContent-Type: text/javascript\r\nContent-Length: 424\r\nConnection: keep-alive\r\nCache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store\r\nPragma: no-cache\r\nExpires: Sat, 01 Jan 2000 00:00:00 GMT\r\nAccess-Control-Allow-Origin: *\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":424,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"0e33e5c1ea0475e707d1daf1f1d05f16","sha1":"6ea2d3a07febf3c801671afbbe39bdb306f290d3","sha256":"fa2f835664d8f7c101ea672cea3f862c0baa8159d93e11e2a0aa42a9eb5f0424","sha512":"4cfd24f839a38a17e2457e3be247df552ffb4f2e8ab0203056f6e41e6b933dc5d6afcd4568a81dc9ee5b9ca2fe83ea6895af7f3bfe9030899707acffeb33f73c","ssdeep":"","tlshash":"5fe05c6d8a2d7502e2ad34626f35210d2435c5fb3b0144e14c4c5d1818d5e8bba69c58","first_seen":"2024-12-15T10:08:21.989358Z","last_seen":"2025-09-20T06:53:38.316058Z","times_seen":26,"resource_available":true,"data":null}},"time_used":1408,"timings":{"blocked":654,"dns":204,"connect":99,"send":0,"wait":99,"receive":0,"ssl":350},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24_t_203681-3.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.200Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24_t_203681-3.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 44642\r\nlast-modified: Sun, 09 Feb 2025 09:25:53 GMT\r\netag: \"ae62-62db22dab504e\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":44642,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit colormap, non-interlaced","md5":"94131659ffd8523ab9b3622048d27026","sha1":"5dca97c96d8920ba0b0e720203160e2e5d345d56","sha256":"5bfb1f02fd2d757fb0132d9eddc6358241f74790b26c52a1d19c2e3d124f928b","sha512":"e84f21cdb08471dfef97bf93f818a7bee34446e855c37f9701bef0770c61f2144757c15e2772d7cb5eaa5b144d2365fe7ab571bd37d54e65d541f46c76d32fac","ssdeep":"768:Aefmge9Rs+5TKYBFoO20ZFxwLY++/uGqjdHEbInPJSzX4QeD8515rpNa2:KgaRs8lVXFOGuJEbIszXPdvO2","tlshash":"fb1302564744f784cafdea56683577b28a171b2e3cb34cb2c5cc6a709a7c219c9c8742","first_seen":"2025-09-19T02:19:58.319873Z","last_seen":"2025-09-20T06:53:38.316639Z","times_seen":2,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/actionbn/1125x469+%282%29-310@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/actionbn/1125x469+%282%29-310@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 56734\r\nlast-modified: Thu, 11 Sep 2025 13:34:44 GMT\r\netag: \"dd9e-63e8699a3775c\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":56734,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 750x313, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"da792889b11b04b8a5ecad98e3dab780","sha1":"4495b8b97dbb9966730c0375fe7367de43bb5898","sha256":"c1d00307dfea408c2dc885f9ba82e18ad6e2b5c0cfdb5933a74636f4efb5623a","sha512":"e0897e87f10ea59f8e4be58628567aeb2d1bafb46ecc6eee0151d4b865b7151b38ffd528e93bc1fff678f9922c83b4855513bba246acc4fb236cd2c38a62c4a5","ssdeep":"1536:TdUbx6mucPpiB0neTA4KbrhqGgQROIYAz+L5j0J:TdUjhiW6VwhqGHRrY5jC","tlshash":"454302c92748f31e3d3df6ace71d126614a4850292f32db2a6e738d9736bda060523f5","first_seen":"2025-09-19T02:19:58.467629Z","last_seen":"2025-09-20T06:53:38.31774Z","times_seen":2,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/86620776.CqsnoeB7.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/86620776.CqsnoeB7.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: text/css\r\ncontent-length: 45415\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-b167\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":273282,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"95b4c18a35a323de362d2444881a1f70","sha1":"25dcb7d2189d9c30ae9a7644ca8add2edc526c83","sha256":"64caacafbd6e084a3c68119d859d40581a27e37b836450c2033efde52996f683","sha512":"633b4ef5c0e20c88a55252b8d168c3406d34fd3920a90a21240f7344c6a827af1ef901143930d95b82109752b331453b842e46c140adccabf9bb96735cda0807","ssdeep":"6144:730wXabrAQyY7t35lPJB3VKIN506LU+H09LdiQ5iw6cKISRnMCjiZqMX6A24IxB9:730wqbrAQyY7t35lPJB3VKIN506LU+HJ","tlshash":"0744d8ab9e20613ef5b3b92ee1d9be4d7108dc03c9634659e4a2962cc1c77d25736f08","first_seen":"2025-09-19T02:19:58.297748Z","last_seen":"2025-09-20T06:53:38.318738Z","times_seen":2,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/favicon.ico","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 1150\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-47e\"\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"64de7da7635492586554d0f6d496ad86","sha1":"c8db566c07e86c484dfeeacb9c509616f68af64e","sha256":"e8ceb48efc3ae43c8756f9d57267ddbf0676c1951cacb0928b7d4e538e40688d","sha512":"ba4309f5d30b4b6e34d8c5da4427338168d7b34e10884e77ca36cf35275a0754e4d51dbbd764418bffae5137170ded83da5e5ec538341381bd37bd740fd3967b","ssdeep":"","tlshash":"5b218c1234618c68cc580930ceffd7b2baa67cd4220b12f266f1bf7b3870340461a601","first_seen":"2023-12-12T16:38:31Z","last_seen":"2026-03-29T15:19:13.331537Z","times_seen":277,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/files/showcase/dark/color-cherry-1.svg","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/files/showcase/dark/color-cherry-1.svg HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 19 Mar 2021 17:11:17 GMT\r\netag: W/\"903-5bde6cde22214\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2307,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"f7f39547f4e8a3bbb235c0744e02300e","sha1":"cec29670768057f3f1527829b51b756fa4257f1d","sha256":"f7c787a6c2d25303927c9c7a8c60a941044203e259f96a120f8559aac119b7da","sha512":"8cea2f9a4bca0b746648b082ab6b81a8b2ee2c18a8e71e3538924a9e14e63a8c73d07aa364cc9da13fcd896d3aece082ff108c6d1a8bd0d3b67dabb48172ebc2","ssdeep":"","tlshash":"4d4140eae6c8b4e1e187d3c88900d47662eb79fb37bbcb4440846f4966251dd8e4cd90","first_seen":"2023-07-08T17:48:53Z","last_seen":"2026-03-29T15:19:13.393062Z","times_seen":62,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":47,"dns":0,"connect":0,"send":0,"wait":33,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/actionbn/1125x469%282%29-592@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.344Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/actionbn/1125x469%282%29-592@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 56518\r\nlast-modified: Thu, 28 Aug 2025 14:57:28 GMT\r\netag: \"dcc6-63d6e1fbf01c5\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":56518,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 750x313, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"8b81ec3eb6d6f792330984944c228994","sha1":"a3fd98f628a641c8c6ab8e79070113496d8c946b","sha256":"ed5851fa884a773322f9babfd7991d294733b3a647e919d3ac5a989c24461ec2","sha512":"255b6a554e17c73db76c97746acff8dbf8e3c33af9bdedcecb03bd34283d2e88e6ca9613bcba33f5ace56522a9843904166161ca0bba41c8ef2e453e73277892","ssdeep":"1536:BhZY12lUD4CjIu3xG6nusCGOGGRNWVVhbMqf:BrIV4CcutnyGW0VhP","tlshash":"5643026e722cfe3ae6a20549d098df21454591fb09f084a50dee94fa0ca07e2ceddec5","first_seen":"2025-09-07T05:29:21.81311Z","last_seen":"2025-09-20T06:53:38.321409Z","times_seen":3,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"o237537.ingest.us.sentry.io/api/4508036400611328/envelope/?sentry_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c\u0026sentry_version=7\u0026sentry_client=sentry.javascript.vue%2F7.120.0","fqdn":"o237537.ingest.us.sentry.io","domain":"sentry.io","tld":"io"},"ip":{"addr":"34.120.195.249","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.811Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ingest.sentry.io","organization":"Sentry"},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Thu, 24 Jul 2025 00:00:00 GMT","end":"Mon, 24 Aug 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C4:C7:A0:3C:30:51:F2:AE:98:2C:88:9F:C7:8D:24:55:ED:C3:34:BD","sha256":"78:73:F7:3D:EE:58:1B:F8:9A:1E:17:AB:A3:70:00:86:76:EA:4E:AF:AB:F4:7B:34:5F:FA:39:D8:3B:5D:F4:B5"}}},"request":{"raw":"POST /api/4508036400611328/envelope/?sentry_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c\u0026sentry_version=7\u0026sentry_client=sentry.javascript.vue%2F7.120.0 HTTP/1.1\r\nHost: o237537.ingest.us.sentry.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 575969\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: application/json\r\ncontent-length: 41\r\nvary: origin, access-control-request-method, access-control-request-headers\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after\r\ncross-origin-resource-policy: cross-origin\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvia: 1.1 google\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":41,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"cea89826bd1dd9031680c87a02845ad0","sha1":"36da21cfeea359425056c1fe61a90b50937fff56","sha256":"cbe5a628840466793fdb1b0310d06e25df1d9caccbaaef805cfe08f3cbc6920d","sha512":"e91dc4ddd75018af6151c6744fb736b49c41df5304d4b382c4a43aee508918527cb8301fbfaad84290643846a6b87577eca75f775e57ae30a2a2127ef28143e3","ssdeep":"","tlshash":"a49004050c0c1775411100070f44d0741c7003c0f01d55cc5145535013333547104455","first_seen":"2025-09-20T06:53:38.322436Z","last_seen":"2025-09-20T06:53:38.322436Z","times_seen":1,"resource_available":false,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":60,"wait":44,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/bn/2460x696%2B%281%29-143-2@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.894Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/bn/2460x696%2B%281%29-143-2@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 120606\r\nlast-modified: Wed, 10 Sep 2025 08:08:32 GMT\r\netag: \"1d71e-63e6ded36b030\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":120606,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1640x464, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"a475bbde12db585b9cc5b442ea936ace","sha1":"8657c8a02eb68486eaceb3385a9df099ad02823f","sha256":"b44bcec65c07789edc64763567d9cb1a1dff31c535a4b45eca517d16b2310d59","sha512":"843a89513ab1eed938f4b397ac009bbe33c91a9745f7bc115d4fc8b576ba940a42a4dd387787c96480991ddde2d69e13a50b7c75f8b82801bca424d785aa828e","ssdeep":"3072:LXUjcy1120y7E33NHfl19w/ngOWb4iqracTIiR:OP112Lg3hn9wfa/BcTv","tlshash":"a3c3120a27cdbc224ec5c42918b51a93576924fbd08b766cfbf221d1161bfc126788f9","first_seen":"2025-09-19T02:19:58.444499Z","last_seen":"2025-09-20T06:53:38.323303Z","times_seen":2,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/bn/960x576+%2810%29@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/bn/960x576+%2810%29@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 50412\r\nlast-modified: Wed, 10 Sep 2025 14:00:05 GMT\r\netag: \"c4ec-63e72d6767312\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":50412,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 640x384, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"9f75a245ea14cbbf2fd75e56626c9858","sha1":"dd8940f67632476174aff225a6bbcc6a1ad0af95","sha256":"62e561a48cce5a289288858cef97e277cf1787488f9d78f14f9f464317f768aa","sha512":"69f38a37346d04a12fcf7b930170f0ca76287e8fab7b874de8b419aa03ec5eb0e6099687c5e0c01c632a7f6b036d64eb621ecdb61618f6c58222ada98f314f85","ssdeep":"1536:jYpuUG8NTW24bJILVdOF0/VwhGmnWp61CDuucuX:s4iV4biLVdOqShtH1CDuucuX","tlshash":"1d33f2624e847531e035194e71370fa3889578fec75c8c8f86fdbb6d88619c7829e428","first_seen":"2025-09-19T02:19:58.364225Z","last_seen":"2025-09-20T06:53:38.324556Z","times_seen":2,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":3,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api-iam.intercom.io/messenger/web/launcher_settings","fqdn":"api-iam.intercom.io","domain":"intercom.io","tld":"io"},"ip":{"addr":"3.225.121.170","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:03.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.intercom.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Sat, 14 Dec 2024 00:00:00 GMT","end":"Sun, 11 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:E3:24:32:5B:DE:76:F0:A4:43:7F:C2:84:CD:98:D0:50:48:25:7E","sha256":"B0:C5:D5:8B:41:34:A0:3C:41:21:0F:E0:A4:E1:C3:F7:66:24:A3:25:E9:E6:67:D5:40:EA:68:FB:D3:70:73:74"}}},"request":{"raw":"POST /messenger/web/launcher_settings HTTP/1.1\r\nHost: api-iam.intercom.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 448\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Sep 2025 06:52:04 GMT\r\ncontent-type: application/json; charset=utf-8\r\nstatus: 200 OK\r\nvary: Accept,Accept-Encoding\r\nx-intercom-version: 37faa6e9e4fdd69aea2996a602b8291f9c50843c\r\naccess-control-expose-headers: x-request-id, x-runtime\r\ncontent-encoding: gzip\r\nx-request-id: 002giplf2log60rklem0\r\netag: W/\"0c552093b394d285b87f805447e10213\"\r\nx-frame-options: SAMEORIGIN\r\ncache-control: max-age=0, private, must-revalidate\r\naccess-control-allow-origin: https://www.239797.win\r\nstrict-transport-security: max-age=31556952; includeSubDomains; preload\r\nreferrer-policy: strict-origin-when-cross-origin\r\naccess-control-max-age: 86400\r\nx-xss-protection: 1; mode=block\r\nx-request-queueing: 0\r\ntiming-allow-origin: *\r\naccess-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA, traceparent, X-Continue-Intercom-Trace\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: POST, GET, OPTIONS\r\nx-runtime: 0.032206\r\nx-content-type-options: nosniff\r\nserver: nginx\r\nx-ami-version: ami-08d0dc1db7f9c4990\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":451,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"33e3f7f7d6b03ee3d9daa80fe646a071","sha1":"1c7f3f9ab20eac6beb977cd672cd2a6bffc7b810","sha256":"0c552093b394d285b87f805447e102139f3159e8dfe9fb717441f9f5c05413f9","sha512":"265716544385491be2480a712ee5477d1fb27a8f16d1adfb3cb7ac50a5c3cdf43c2fa5f6872d54e3650795e094b9f8dc5b9677f8cf860c862117f1709f08def7","ssdeep":"","tlshash":"0cf023ed9b9c483355d28febc31adf36070d80e9a1800da0fcb4db28608b10a1546407","first_seen":"2025-09-20T06:53:38.325715Z","last_seen":"2025-09-20T06:53:38.325715Z","times_seen":1,"resource_available":false,"data":null}},"time_used":522,"timings":{"blocked":197,"dns":5,"connect":93,"send":0,"wait":128,"receive":0,"ssl":97},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/d1f76d1e.d.m.Cti59Oci.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.968Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/d1f76d1e.d.m.Cti59Oci.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 2813\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-afd\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":5923,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5872)","md5":"c167f74073e30efad177a137f0270e53","sha1":"a3b429d36b25bfb7fa979d1db591fe172732e766","sha256":"8bb736bf4a5102bde9e3ffdebfe8c84b11521e3619e2ee9b6146eb2857082812","sha512":"cd98d1abdd67fda3b6e1d35496759d0df6d9765d5f163046ed6ee70694841629877a2597360b25f9b70ce4935fb65bb975776a965e21226c8dab7ef81dd83866","ssdeep":"96:7PpMSUATxvByHRC5pslOURDHwmSis5ZeUzsImjCQ4sSPIaNHo7MKhNIOVcbMvqdy:76SvO8KZ8mUaIHlbPIs+MlOwsIjP9ap","tlshash":"b1c1da9d7fbea53111da45a120ae7046d33950d8b019c051a05ceaac7a23ece89f7f0e","first_seen":"2025-09-20T06:53:38.32675Z","last_seen":"2025-09-20T06:53:38.32675Z","times_seen":1,"resource_available":true,"data":null}},"time_used":19,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/d5fda32f.d.m.DX9g-2Hk.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.972Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/d5fda32f.d.m.DX9g-2Hk.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 736\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-2e0\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1182,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (1131)","md5":"0b5da3d14b77b82142fc9c461cc230f8","sha1":"a8fc06d1c1653904499b5e1a7ca639c88c6404bc","sha256":"6ab9d23db725d8236fd8a6566ab60d8151acf09742e1ed88200f55529eb38714","sha512":"fd4629357e781a8ad6ac1a07e095dece00ac09e6ff604c83ec4b01c87247335fd71cc4010a9ddbfc406493f874d9072cb50726be7de937e022107a165bba0dd2","ssdeep":"","tlshash":"6f2167af7841d0f5d2a68bf4f0590422d25667b4b33805d4e0de3df117369a2c45fe0a","first_seen":"2025-09-20T06:53:38.327793Z","last_seen":"2025-09-20T06:53:38.327793Z","times_seen":1,"resource_available":true,"data":null}},"time_used":31,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":18,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-20T06:51:56.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: text/html;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nset-cookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; Max-Age=2147483647; Expires=Thu, 08 Oct 2093 10:06:03 GMT; Path=/; Secure; SameSite=Lax\r\nlink: \u003chttps://mrspeedtime-21a8b.kxcdn.com/js/vite-plugin-import-retry.179bbf.js\u003e; rel=preload; as=script; crossorigin=anonymous, \u003chttps://mrspeedtime-21a8b.kxcdn.com/js/app.dWoIbHRH.js\u003e; rel=preload; as=script; crossorigin=anonymous, \u003chttps://mrspeedtime-21a8b.kxcdn.com/js/rollup.d.m.CJ1rJo15.js\u003e; rel=preload; as=script; crossorigin=anonymous, \u003chttps://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,100..900;1,100..900\u0026display=swap\u0026family=Roboto:ital,wght@0,300;0,400;0,500;0,700;1,400\u0026display=swap\u0026family=Mulish:wght@400;700;900\u0026display=swap\u0026family=Prompt:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900\u0026display=swap\u0026family=Oswald:wght@200..700\u0026display=swap\u0026family=Rubik:ital,wght@0,300..900;1,300..900\u0026display=swap\u003e; rel=preload; as=style; crossorigin=anonymous\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38168,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (22872)","md5":"6b55d433f358c0904a1e567b8491c8fc","sha1":"0e9965c8f7e30c17ef580d41bb5dc8d01b745c21","sha256":"e9947b40ac03b88422420f890a238aaba41bd2663b74bdc2408f9234cb9c335e","sha512":"7bd59906930e59802dbbb69d033988659275a1b099fe2dfe10014a28245f6d2b094fe5566631ae79fce38f7a9cb87cb6870ab53bad0d06d2f7d71f4a242f93c9","ssdeep":"384:Kvwsmj1NN4RwN1MfOjzB0oQlaKD6USquaQtGokYbMHuAO5sz2J3SBCW:KosmxNN4Rw2gzBMHD6dqvokSMQs6JE","tlshash":"200319fe5f0895fdfb1193ebf756208c6a09b87bdd4289b5c26d768c71c6b9048a1043","first_seen":"2025-09-20T06:53:38.328741Z","last_seen":"2025-09-20T06:53:38.328741Z","times_seen":1,"resource_available":false,"data":null}},"time_used":45,"timings":{"blocked":18,"dns":0,"connect":0,"send":0,"wait":27,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/d5fda32f.BqXcrL3D.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/d5fda32f.BqXcrL3D.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: text/css\r\ncontent-length: 120\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-78\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":116,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"0e3f801093974b7c53450d81a860e02a","sha1":"47bf28b5b2778488c0334e38a4952d1a736a3f7d","sha256":"2908de2f63299db485f9b3ac86491df38d46d4c0d2d4880947322463d6208a57","sha512":"299093ab8239609e80318ade483fb2199137f5d41a94f36458633968f52b0aa699fa91fd4286554be9643fa8f1fff7195c457b72237b010d0cbe31c49b194cf6","ssdeep":"","tlshash":"abb09bb151136958d9115431396842579141d431c15591044985655e54df1520db43dc","first_seen":"2025-04-24T07:07:12.823713Z","last_seen":"2025-09-20T06:53:38.329897Z","times_seen":27,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/files/showcase/dark/color-betgames-2.svg","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/files/showcase/dark/color-betgames-2.svg HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Fri, 04 Mar 2022 12:05:53 GMT\r\netag: W/\"ab4-5d963561fc083\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2740,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"db490482cc5e4dde92d07f1e78cbe356","sha1":"549879d09508b9c36bdd62526363b7ac1b2ce4b3","sha256":"fe26a1772d4c6a0a07b933f71d9cf7a02bf9a0e6866ba9e820b7590a957c7676","sha512":"4c15698456f384ae0ac1a61b650b67c95c4c376260405ff57ecd8863dc8b4f729e0c6e1cbd7a623a6595f3597a0a4ea5b1294fdd8e8c327d60012986539d2a2a","ssdeep":"","tlshash":"375151bae2a6a751e20af3f4dd01e435306c18f76ad7c2558341be46292208e05afcc5","first_seen":"2023-07-08T17:48:53Z","last_seen":"2025-10-18T01:41:29.270458Z","times_seen":37,"resource_available":false,"data":null}},"time_used":100,"timings":{"blocked":49,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24_t_24264-5.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.049Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24_t_24264-5.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 11853\r\nlast-modified: Wed, 18 Sep 2024 21:24:40 GMT\r\netag: \"2e4d-6226b6f0e9828\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":11853,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"c23d8fc84a970763939ae0a3357df91e","sha1":"7587b0bfd74888ac78409ed7fc870a8bc187f736","sha256":"3c2828b7b31ce6451a2fdbc03c04f4320e6a04be97cbc608791513dd493a1dd4","sha512":"795083fd6ebb5f132c50da309e7a674347e891f5c9461d2186c653d70e205d3e7a46275f8739d1b60f79a7fa5819c8ff2b7b68fc415be81c3b2868182ce5ab33","ssdeep":"192:aMmMRFgsVOR8W1FrHQ+Z9nHqfHh6HX7xhDgzFjUKd+4EwFo8/Sp4jem3:asgsI209DZ9nH4637nDEFgWw8/HSm3","tlshash":"0e32b0aedbc83cba3f1f1ce82952b48fd8d94b16e5db10a90d3592a326781d43553033","first_seen":"2025-04-24T07:07:12.634302Z","last_seen":"2026-03-22T06:43:59.296612Z","times_seen":12,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:3609.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.237Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:3609.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 111559\r\nlast-modified: Fri, 18 Nov 2022 14:45:55 GMT\r\netag: \"1b3c7-5edbfc35efef1\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":111559,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 903 x 1024, 8-bit/color RGBA, non-interlaced","md5":"12bf1f5bb07f25ebfb0954fd97ab53ec","sha1":"a7a92a65684c810c4d2224244294670e1ea0ac08","sha256":"e11ae8a22361e7ba2cb55488155f93849c6e3588bdebf2a9ad8ea50707924a30","sha512":"ec8d995f9446b7fd01bf14f8c8432cf111f16624fc818b267211d5e5b4bfef2398b1e729a6747b2c5ed04b884dfacb066985a7d92f74b083a1fde0ed2ff87805","ssdeep":"3072:Q5AORGPabDgfHoNmRtXlE/Hdo2XuMu+D2PGmXu:tIGbfowRt1S9X+Mui2Pi","tlshash":"d5b312d654efa85a131e33907b28d81f9f3d30c2a3026a88815eb59c5d85a21ebec7d5","first_seen":"2025-09-20T06:53:38.33263Z","last_seen":"2025-09-20T06:53:38.33263Z","times_seen":1,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/bn/2460x696-6197@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.898Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/bn/2460x696-6197@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 122958\r\nlast-modified: Sat, 12 Apr 2025 14:42:11 GMT\r\netag: \"1e04e-63295d300c73a\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":122958,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 1640x464, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"21fcbd3bebc2c5c55889e529a4a17dbf","sha1":"f14d967b0e4f9c43676abf685d12315437b7b93d","sha256":"06183fd4a2facdb948008126f80e246948053cb260a19b645e8beea2689c9961","sha512":"e5bf3fdaf6f180892426483a89aa9cc3c438b143978e4d9b945c90e54bed9e956c903df10d5d6c79517bbab7d7267e2e60f56551f7756eaf728702c21922a4b1","ssdeep":"3072:PyLk0X5YIyIsPDkmsQuJauUwu69zUourlUpCCT/AC:XmD+uouju69IlrVCT/J","tlshash":"4cc312d129df7374f60fa871fce610b475a610eebb92b109a8d1c1f692ab04a5c83641","first_seen":"2025-04-24T07:07:12.822124Z","last_seen":"2025-09-20T06:53:38.333555Z","times_seen":8,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24_t_44-11.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.265Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24_t_44-11.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 17647\r\nlast-modified: Tue, 17 Sep 2024 11:24:10 GMT\r\netag: \"44ef-6224eeda7ff1b\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":17647,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 160 x 160, 8-bit/color RGBA, non-interlaced","md5":"0c75b40849d3ebf63583ad5bcd05e718","sha1":"03712a1ed76b5db73a9a1eb0038d18444fdd1a5b","sha256":"93752c07c9340d41f21d8a98eab706210d6cb22180f66789dd79879d413cafeb","sha512":"26601546c787d5d26a3806254d7531449ed219949a4b72a88f4cbf30d2161ff64b0e1c8dabed53ec1d99bc81e0ab2773e5c57752e81710f57e0111456eec5f5e","ssdeep":"384:L0w3UC4OaKSTyuY/PjFUB8fcPgu4J87x3ohBbY:LFUK60Bir4cChBE","tlshash":"7e82d0aec0599d9670dcadaa700d1f85c6d462fc36a459a2db9da1ce0030f707e2a3c8","first_seen":"2024-12-26T10:25:56.886279Z","last_seen":"2025-09-20T06:53:38.334046Z","times_seen":3,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":106,"dns":0,"connect":0,"send":0,"wait":5,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24:t:2825-1.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.281Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24:t:2825-1.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/png\r\ncontent-length: 14731\r\nlast-modified: Mon, 14 Nov 2022 11:16:01 GMT\r\netag: \"398b-5ed6c5d4d5c09\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":14731,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced","md5":"d119a6ba340e6078b511b3f2db972dc9","sha1":"f06835e1d2662987741db2a8cc92a977b1ecbce0","sha256":"e607f942cb5b76c25809fc871b2bce34056b09c13c12f3af363fe255c928fb91","sha512":"e7f449c6df835a3af09712a86928b7eb48a46c84e6c5a2177027afac733a199aa7edb3910e20dca28e840ba2679f128bd767970ef4715c3295c6433bc5299295","ssdeep":"384:zuwBo30Keq9JQs/yOD30Z4f64KcQudwe8kyH01jrFzxQRGH5:63pHKOD30g64KcrSe8kyHMjxj","tlshash":"a562cfe54131e049247396598ace43b71b59be2c8c6d388b3eb83e269117db00f3127f","first_seen":"2023-11-02T10:46:19Z","last_seen":"2025-10-04T04:20:18.813071Z","times_seen":24,"resource_available":false,"data":null}},"time_used":131,"timings":{"blocked":91,"dns":0,"connect":0,"send":0,"wait":33,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api-iam.intercom.io/messenger/web/ping","fqdn":"api-iam.intercom.io","domain":"intercom.io","tld":"io"},"ip":{"addr":"3.225.121.170","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:04.401Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.intercom.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Sat, 14 Dec 2024 00:00:00 GMT","end":"Sun, 11 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"40:E3:24:32:5B:DE:76:F0:A4:43:7F:C2:84:CD:98:D0:50:48:25:7E","sha256":"B0:C5:D5:8B:41:34:A0:3C:41:21:0F:E0:A4:E1:C3:F7:66:24:A3:25:E9:E6:67:D5:40:EA:68:FB:D3:70:73:74"}}},"request":{"raw":"POST /messenger/web/ping HTTP/1.1\r\nHost: api-iam.intercom.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 670\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 20 Sep 2025 06:52:04 GMT\r\ncontent-type: application/json; charset=utf-8\r\nstatus: 200 OK\r\nvary: Accept,Accept-Encoding\r\nx-intercom-version: 37faa6e9e4fdd69aea2996a602b8291f9c50843c\r\naccess-control-expose-headers: x-request-id, x-runtime\r\ncontent-encoding: gzip\r\nx-request-id: 00006ttt2jokh5ull2a0\r\netag: W/\"2c233b334661e3c23c6580897ce86572\"\r\nx-frame-options: SAMEORIGIN\r\ncache-control: max-age=0, private, must-revalidate\r\naccess-control-allow-origin: https://www.239797.win\r\nstrict-transport-security: max-age=31556952; includeSubDomains; preload\r\nreferrer-policy: strict-origin-when-cross-origin\r\naccess-control-max-age: 86400\r\nx-xss-protection: 1; mode=block\r\nx-request-queueing: 0\r\ntiming-allow-origin: *\r\naccess-control-allow-headers: Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA, traceparent, X-Continue-Intercom-Trace\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: POST, GET, OPTIONS\r\nx-runtime: 0.217859\r\nx-content-type-options: nosniff\r\nserver: nginx\r\nx-ami-version: ami-08d0dc1db7f9c4990\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5859,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"6f6f1776f60f9efe791d2a1c2dfb9745","sha1":"179ebac00fa6a0eefc30601b78a529835f9335ea","sha256":"2c233b334661e3c23c6580897ce865726aabe173a604cc6da33fbb762b9d3aa0","sha512":"5532495bf782b98226ae46951173bb583137135fb5dba5fee977023e0f75b9a5b34e702c970135a1d292470766b6be53324658a339f3c9212a58c1cac22b9cc4","ssdeep":"96:4rVV7R2aM9Jt582oYHAQR+VNlz5QWMlzWNlGjGMli9B18AOU54Hwhi8w7fzQ6t1Z:4rVV7RhM7NgQCB47X7bQ6tb","tlshash":"36c1488c89481c7e638b46dac355bf064b7e81b7b1942d88fd6ccb2e21db3d9516b207","first_seen":"2025-09-20T06:53:38.336668Z","last_seen":"2025-09-20T06:53:38.336668Z","times_seen":1,"resource_available":false,"data":null}},"time_used":337,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":337,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/f06cd424.Dd74Yc_c.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.849Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/f06cd424.Dd74Yc_c.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: text/css\r\ncontent-length: 584\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-248\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1432,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (1431)","md5":"6cbf540dd2a6c89fc9e82a987e8c628f","sha1":"4370f7b310a28065a6f37b039edbb6ab60f7c577","sha256":"f3cd42fd3531448a70732cfd5b1b308395116a6b0e199d0bfd4e4b44aff806c7","sha512":"0c2f430ab4002f2839fe83266b95e826c9f27bcea6a1742f58bb3001740b32e6b523bdd43c18d3a3484a5b8e2f7af52ad5a44e9bbf39d2b4daffa8f8194ffc35","ssdeep":"","tlshash":"05219ef3054de1394807b68b6470ca4ec52ad165ba6b16b812ff712f41cfef05e116ac","first_seen":"2025-09-19T02:19:58.389648Z","last_seen":"2026-01-05T18:44:37.74079Z","times_seen":96,"resource_available":false,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/assets/2002571f.DS8Fwki6.css","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /assets/2002571f.DS8Fwki6.css HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: text/css\r\ncontent-length: 3686\r\nlast-modified: Wed, 13 Aug 2025 10:19:33 GMT\r\netag: \"689c66b5-e66\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":16753,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (16752)","md5":"656a41c9df07674d2feb5490b54fb131","sha1":"c43446eb48ace4110a228aec5e24f2b75100ed3b","sha256":"15ada4cab1b526a879f906aafd0f476367d0f8b6ac2095968f72a901c782cb84","sha512":"e2720606222759676fb2b9d6523edd202e689c05005175be0f014ccd7242447ee500b82c8c0f6feaef9d32494e9d28f5915af8d5e07cc0b3ecbf1483551d694b","ssdeep":"384:To9wbDukHiaOhg20z3KdGsOwOqmi98ZUaA:MCiJhfQ3KMsOW8HA","tlshash":"707274950db5ba3bb123b2bfd1e1fe4d6519c807c412665ad1e2fabd80c27621b23f44","first_seen":"2025-08-16T06:41:46.977369Z","last_seen":"2025-09-20T06:53:38.338698Z","times_seen":5,"resource_available":false,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-1","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.806Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"POST /api-1 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=e0c7f323a8eb4a3eb2d752ec81e08189,sentry-sample_rate=1,sentry-transaction=home,sentry-sampled=true\r\ncontent-type: application/json\r\nsentry-trace: e0c7f323a8eb4a3eb2d752ec81e08189-b885246a13cbbc70-1\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nContent-Length: 655920\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK; pixelsink_uid=0a0b9779-b238-46cb-aa4a-1e0ca3a6a251; _ga_JZZNGY93CC=GS2.1.s1758351120$o1$g0$t1758351120$j60$l0$h0; _ga=GA1.1.206665698.1758351120\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:52:00 GMT\r\ncontent-type: application/json;charset=UTF-8\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\ncontent-language: en-US\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":131,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"f1207b29967a164aee8d52f676ed0974","sha1":"4f4895379dd19ef30a9352c43d84b7bba28cda93","sha256":"4657456cae6a743f62f9d0f6fd2574b47b107551c490f49c79681159b7cf6192","sha512":"8aae2e1b2a1c737695a8a289e0226ac39c3a0dc0f1a3ff89c2444f0b4e17e659a1808abef6f215d1d23880f6326a5c9e2cb5d5041f3832c3712308a5da408d94","ssdeep":"","tlshash":"a5c09bc27c1551491d06e556d772e5d9f71174414140583e4bdaf11041e597c35c7a51","first_seen":"2025-09-20T06:53:38.339192Z","last_seen":"2025-09-20T06:53:38.339192Z","times_seen":1,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":0,"dns":0,"connect":0,"send":98,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/rollup.d.m.CJ1rJo15.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.345Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/rollup.d.m.CJ1rJo15.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 1564\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-61c\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3220,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3171)","md5":"46dbb2a617362142b79007eeb88a2c36","sha1":"440bd47b6e6fb82addb30356058a868b323de8eb","sha256":"f8272769099b2b19521eff60735b889dd87a9726436e86e9db0c7de566943130","sha512":"9272d2c8a0df7a237992a1d304da123d7693cc0eef849d1b2804bda35fc638aadd2cb88b4420571af36a98e5290fa26c392a56adcb1c8b29ad35dce2d9e34e87","ssdeep":"","tlshash":"7f61d8c431e0e57202aa1ca9f077f102f2b82472349de4c0d21c8db56a5acceb099e9e","first_seen":"2025-06-01T01:07:13.830084Z","last_seen":"2025-10-09T07:39:51.082692Z","times_seen":59,"resource_available":true,"data":null}},"time_used":362,"timings":{"blocked":176,"dns":128,"connect":2,"send":0,"wait":2,"receive":0,"ssl":49},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/files/showcase/dark/color-fastgames-1.svg","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.334Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/files/showcase/dark/color-fastgames-1.svg HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Thu, 03 Mar 2022 12:10:23 GMT\r\netag: W/\"55b-5d94f4862b1cd\"\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1371,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b42397dd8157df7d92dbb0bade9d95a6","sha1":"4a1e5c65f03170c3c7fb20b8ca7c5db903587f4f","sha256":"fa3b577a638cbb33b1bc0324a32c3f032f945586d316b994e73b766d6e776b66","sha512":"9951b4673110aae3bfdecfbc191a0471c4970ad2a9bdf497b3476f8f935e220c4d037eef8e51154423b54e403f4fdcf4b19dd24c9015481fe09292f5b1253376","ssdeep":"","tlshash":"dd2133bad1e9f891da00e3bc9d28ecf1355611f77586c194c3e5ae49d41d0ad488cac1","first_seen":"2023-07-08T17:48:53Z","last_seen":"2026-03-29T15:19:13.464739Z","times_seen":60,"resource_available":false,"data":null}},"time_used":94,"timings":{"blocked":58,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.239797.win/api-2/betline/sports?ctag=en-US\u0026flags=urlv2","fqdn":"www.239797.win","domain":"239797.win","tld":"win"},"ip":{"addr":"80.85.85.163","port":443,"asn":63949,"as":"Akamai Connected Cloud","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"239797.win","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 09 Sep 2025 02:18:25 GMT","end":"Mon, 08 Dec 2025 02:18:24 GMT"},"fingerprint":{"sha1":"E8:8A:57:77:BC:21:D7:09:C5:24:EA:1C:57:23:98:6A:64:F5:DE:DF","sha256":"CA:4F:70:FC:A5:DD:EF:2A:49:D8:F0:8A:76:A5:56:87:1C:FD:8C:8D:CB:3A:50:A5:F4:BD:6D:8B:B5:0D:0A:0D"}}},"request":{"raw":"GET /api-2/betline/sports?ctag=en-US\u0026flags=urlv2 HTTP/1.1\r\nHost: www.239797.win\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.239797.win/en-us/\r\nbaggage: sentry-environment=prod,sentry-release=6.121.2,sentry-public_key=49b7cc7b9bcb8faa9bcc1eb74ae4099c,sentry-trace_id=e0c7f323a8eb4a3eb2d752ec81e08189,sentry-sample_rate=1,sentry-transaction=home,sentry-sampled=true\r\nsentry-trace: e0c7f323a8eb4a3eb2d752ec81e08189-a96f9dc1877947bd-1\r\nx-app-browser: firefox\r\nx-app-env: prod\r\nx-app-language: en_US\r\nx-app-layout: desktop\r\nx-app-modernity: modern\r\nx-app-os: windows\r\nx-app-platform: web\r\nx-app-rendering: csr\r\nx-app-skin: default\r\nx-app-theme: DARK\r\nx-app-version: 6.121.2\r\nx-requested-uri: /\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: eua=syFTG5xheOkWSiUoL5sV8yfzua4kTECFRduchPnoWjnDn0T+gC2uaXKJsbzQIdC9Ryq2v8H+n+KOfsP4UbX1VkR1z5RFvfOlzs9ocFsIMnG0vK79Lp72Sv59H/+3fZdvEKkU5xU3UxGfLOLJ003AygswpTFuM88p1RTmS/NQPhA+C2ClRXD0dfNaBLkJIIOgUqG/BKEygUtD1fRFbY6c6PnfXuYU; ABTestSeed=84; qtag_rfrr=null-null; ipfrom=91.90.42.154; x-app-language=en_US; firstTheme=DARK\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/json\r\nvary: origin,access-control-request-method,access-control-request-headers,accept-encoding\r\nx-content-type-options: nosniff\r\nx-xss-protection: 0\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: 0\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":230808,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"4f2b164c5b2707f720f37c9c720efc54","sha1":"856d794fc09ef334c3aea355a4945e2ae0cdff9c","sha256":"ddfa455d7fc47459126bf531921a13865d28beef0fe98de1aebf6f8071ce49ef","sha512":"32d1ea64ba28cf08f4b5a4521cede9a3ce6a03d70371f6e6058c0d555bee177a1cbc2973514f6e7da8026612fa8b234b013404e315291edeecbd42513cad0b2b","ssdeep":"6144:3cKzreFqVsgYAUbPuUmtMWyoTa7DcS4hpg74XW6aMhuFBdnJ0YtU0AyN4cQCdnUY:MF","tlshash":"8634ce6a719c685de7242479d4473b69a3ad208ffc0cdd11f3c8cec934b69a427722a7","first_seen":"2025-09-20T06:53:38.341838Z","last_seen":"2025-09-20T06:53:38.341838Z","times_seen":1,"resource_available":false,"data":null}},"time_used":71,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":71,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-20","alert":"Sinkholed","trigger":"www.239797.win","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/app.dWoIbHRH.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.343Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/app.dWoIbHRH.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 998\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-3e6\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1893,"size_decoded":0,"mime_type":"application/javascript","magic":"Java source, ASCII text, with very long lines (1402)","md5":"384200be86f283e2d29c4e98be721c94","sha1":"c137c98f2ffd570e630348b08bfbc211449139e1","sha256":"cebe72f900418486371f7cc4ae14a1bce031baddcccbc50bf375ab96011fc39f","sha512":"81eb4b2a69304fbc2135150268e8eccce9f8e11e0ccd20b78d662a1b618602c0c85993abbce61ace4bb879df364d4d11d25c1e4150294fde9594b9a8db36f08d","ssdeep":"","tlshash":"5d41840967c2957a469904edc21f376163229a90362cc3e1e0ed7d793d61813c52bfe5","first_seen":"2025-09-20T06:53:38.236684Z","last_seen":"2025-09-20T06:53:38.236684Z","times_seen":1,"resource_available":true,"data":null}},"time_used":350,"timings":{"blocked":173,"dns":124,"connect":4,"send":0,"wait":3,"receive":0,"ssl":43},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/7c9eab67.d.m.BkQD2txX.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.643Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/7c9eab67.d.m.BkQD2txX.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 22351\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-574f\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":67595,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with very long lines (27900)","md5":"6a177f9febef4d3605ed66781c6a01d6","sha1":"d1155ad3d632fc3441cbcbdfc7cca2b20f6ec51d","sha256":"2a4579931c706d0a0090ed5bae408fb9f27a036ac4612058414bb2ad1a36b2b4","sha512":"46d0763665b38b50ded95a1437f116410d2f0a1b2fd14ba360da3c57ac95feea55657decdce05f093a79522423aae08eaf6857c821fda9bd6c92942812509689","ssdeep":"1536:gPA298TnVKQbM9uvdmiC94U41MNgckqB6JP42:gN8bMS62","tlshash":"a5633b8a79b5317063fb11a8a47a050361316b00341dd4f8b9af9dd46fa2984e7e3fbd","first_seen":"2025-09-20T06:53:38.348997Z","last_seen":"2025-09-20T06:53:38.348997Z","times_seen":1,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/fc6a7b48.d.m.1y-ImlhH.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:58.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/fc6a7b48.d.m.1y-ImlhH.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:58 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 31390\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-7a9e\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:58 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":115836,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"0d2d580a5ebbb546b131d15ebdf3732e","sha1":"c2b8255c4771022a1be7d25f08b73d25173761aa","sha256":"54386dd836953e1e059e6f0d297b26b1738c88ff6ad083d6d51788c4b8809d46","sha512":"866ea553804f74558a3f44975a061ab2621732c47a862145b2ed71f905132a1bb83c7a2b954e357eb2e13aecc756f387c0b9bc6c0b06cdf4441a8d9bb14861f9","ssdeep":"1536:rjSthXwsJFAThjynNFNV1qDHUFzdNXhAep+KVZFjzWloilaftJ0LYZO6:rjS3JccnxVsD0FzdHAep+KbF70LYZO6","tlshash":"cab3f749f9054dffd6e7d21ee4070540a5ac1f96b1a40a42a6be8a3f27cc4b493b734e","first_seen":"2025-09-20T06:53:38.351451Z","last_seen":"2025-09-20T06:53:38.351451Z","times_seen":1,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":2,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/rollup.d.m.CJ1rJo15.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/rollup.d.m.CJ1rJo15.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 1564\r\nlast-modified: Mon, 07 Jul 2025 16:39:59 GMT\r\netag: \"686bf85f-61c\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3220,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (3171)","md5":"46dbb2a617362142b79007eeb88a2c36","sha1":"440bd47b6e6fb82addb30356058a868b323de8eb","sha256":"f8272769099b2b19521eff60735b889dd87a9726436e86e9db0c7de566943130","sha512":"9272d2c8a0df7a237992a1d304da123d7693cc0eef849d1b2804bda35fc638aadd2cb88b4420571af36a98e5290fa26c392a56adcb1c8b29ad35dce2d9e34e87","ssdeep":"","tlshash":"7f61d8c431e0e57202aa1ca9f077f102f2b82472349de4c0d21c8db56a5acceb099e9e","first_seen":"2025-06-01T01:07:13.830084Z","last_seen":"2025-10-09T07:39:51.082692Z","times_seen":59,"resource_available":true,"data":null}},"time_used":2,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":2,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/1bb7e2cc.d.m.Dte5ugFj.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.641Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/1bb7e2cc.d.m.Dte5ugFj.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 62086\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-f286\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":305249,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (40080)","md5":"d4fade9a1f288a4cc0fe850ac87cf711","sha1":"c4acdc9121d19338d4a47f2b3f1283fe2793903d","sha256":"926e21c16c831c490294aa1f8f9b1882c3d1a9ec7cc294a1737c31b5ea797c5a","sha512":"67d190be79c106a5cc7c1b6bf15e9685a53af2fa6fc650a34a231988d4274f240ed32986a97ba5305fed0834b0daea95ee8377d7f9669888e6115e6f096cb29a","ssdeep":"6144:wSWOVJpn5RyF//nXUBL5uzTopB5rs+Fqp:pWOVJpn5R0yY+m","tlshash":"2c54a615ea119eb766f4392db15a6ae2b0324f013b65c27600da1f3d3e7f80cb5364b6","first_seen":"2025-09-20T06:53:38.352488Z","last_seen":"2025-09-20T06:53:38.352488Z","times_seen":1,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24_t_341220.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.208Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24_t_341220.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 15155\r\nlast-modified: Thu, 23 May 2024 15:27:59 GMT\r\netag: \"3b33-61920b23885e7\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":15155,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 100 x 100, 8-bit/color RGBA, non-interlaced","md5":"2635f9299ff101286702b26690586b1e","sha1":"da430bcf2a7d19624d92444574cd6d8102bd8645","sha256":"febddc31c34faed274fe48ba65336ec0d29f0da4398a2e812e261fb9f60ea6c0","sha512":"f8dd7ea9f6372a7c66077891cb9be1af33d437ba14b7f724e5f41cffe8a8a32fb1618719a64eab87d2b4c7d20e736c42b29536c483a4f9023ce047e1416a5e69","ssdeep":"384:pWoK9kATzPRzl9pMzoMwqQlCh+zUOrFp1nx3Xr9KdMi:pXKyYzpzrpMzoJqQgh+zUOrFbnVr8dMi","tlshash":"ee62c0b7a91c3aca323a202a98f51c1ecb50f546d7a431433cb645c8ff6ca48dd45d6b","first_seen":"2025-06-29T03:33:50.104597Z","last_seen":"2025-10-18T03:17:27.824044Z","times_seen":5,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:00.082Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/roboto/v49/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 19 Sep 2025 13:04:57 GMT\r\nexpires: Sat, 19 Sep 2026 13:04:57 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Mon, 08 Sep 2025 18:08:05 GMT\r\ncontent-type: font/woff2\r\nage: 64023\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-04T16:49:22.253707Z","times_seen":714894,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":8,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"wss","addr":"nexus-websocket-a.intercom.io/pubsub/5-sEMnIBe91Aa1GHJIjMvP2-EdwfRGxSXT976Wxt5dr7HCXQ0A3KO44TxhrdPpVXTgB35p-WuW74uVVY2ZOgdVyJfal3_jyOsDTdVp?X-Nexus-New-Client=true\u0026X-Nexus-Version=0.14.0\u0026user_role=visitor","fqdn":"nexus-websocket-a.intercom.io","domain":"intercom.io","tld":"io"},"ip":{"addr":"18.97.36.46","port":443,"asn":14618,"as":"AMAZON-AES","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"websocket","requested_by":"https://www.239797.win/","date":"2025-09-20T06:52:04.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nexus-websocket-a.intercom.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Mon, 08 Sep 2025 00:00:00 GMT","end":"Wed, 07 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5B:20:11:79:9E:6F:58:15:2B:89:DD:5C:DE:80:08:89:D6:0E:18:4D","sha256":"B8:10:76:1A:37:66:06:C7:4D:AE:50:03:73:69:52:0C:37:BD:46:1C:EA:36:07:26:E8:3C:FF:FA:39:BA:CA:81"}}},"request":{"raw":"GET /pubsub/5-sEMnIBe91Aa1GHJIjMvP2-EdwfRGxSXT976Wxt5dr7HCXQ0A3KO44TxhrdPpVXTgB35p-WuW74uVVY2ZOgdVyJfal3_jyOsDTdVp?X-Nexus-New-Client=true\u0026X-Nexus-Version=0.14.0\u0026user_role=visitor HTTP/1.1\r\nHost: nexus-websocket-a.intercom.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nSec-WebSocket-Version: 13\r\nOrigin: https://www.239797.win\r\nSec-WebSocket-Extensions: permessage-deflate\r\nSec-WebSocket-Key: Wg+xZtHggohGHFHxlEv/nw==\r\nDNT: 1\r\nConnection: keep-alive, Upgrade\r\nSec-Fetch-Dest: websocket\r\nSec-Fetch-Mode: websocket\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nUpgrade: websocket\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 101 Switching Protocols\r\nServer: nginx\r\nDate: Sat, 20 Sep 2025 06:52:04 GMT\r\nConnection: upgrade\r\nUpgrade: websocket\r\nSec-WebSocket-Accept: xbStjd0vZNVeV1nsrOo79O2Od2o=\r\nSec-WebSocket-Extensions: permessage-deflate; server_no_context_takeover; client_no_context_takeover\r\n\r\n","headers":null,"cookies":null,"status_code":"101","status_text":"Switching Protocols","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T16:49:31.594606Z","times_seen":13339169,"resource_available":true,"data":null}},"time_used":287,"timings":{"blocked":0,"dns":0,"connect":93,"send":0,"wait":93,"receive":0,"ssl":101},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/5f62684a.d.m.DdEDGjW8.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:56.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/5f62684a.d.m.DdEDGjW8.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:56 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 7904\r\nlast-modified: Fri, 19 Sep 2025 10:41:21 GMT\r\netag: \"68cd3351-1ee0\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:56 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":23854,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12856)","md5":"08773c648ec0315086c9436b158eb9b6","sha1":"e6fa45cccdc9be227c38acfd80070bebcb569112","sha256":"37430d24b458859ea19c51d7062889e34cd2f9c215065a75897c7e5213d2be47","sha512":"d8e859821574fce2bd73b3e8e594f04cc89315cf7cce2849e0b1b4eab5948358baac93659f1d133d13ff58f9873b2959311019ed25c18bbf2099db8a1b5c5aa9","ssdeep":"384:0HWZLZBGjosH+g7qTfOjwJ9cCXIwCItGby1GcIn8QpKLQ1uRoRjBy4e86DyMFXnr:0HWIjosp7qTfOEZXI9IGW1GcU8QpKLQk","tlshash":"fcb20981329272a1838694f2e6334212e33a75543805a4bd7dbdb9db7981d877b72bf0","first_seen":"2025-09-20T06:53:38.35406Z","last_seen":"2025-09-20T06:53:38.35406Z","times_seen":1,"resource_available":true,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/config_logos_v2/scores24_t_122368-3.png","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.148Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/config_logos_v2/scores24_t_122368-3.png HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/png\r\ncontent-length: 37850\r\nlast-modified: Wed, 05 Feb 2025 17:26:02 GMT\r\netag: \"93da-62d686b6dd148\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":37850,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 300 x 300, 8-bit colormap, non-interlaced","md5":"85c1b636e0736a64278d821f65c32dac","sha1":"53a5c5a3a38477047dd93eb1f41e36f5f5a5187e","sha256":"83e4562318a9686471f9edc2beee29dae342b4d72dd7af10572f60a33864ac24","sha512":"85e2b143eece121404868476cb596694a30c6183ff5618eb403e5c8d599b0a793c4e3b711d6186e9dc6fd722fc988acf1ea09a095787d78dadc441b10e5a6a67","ssdeep":"768:5Z2GQOasjmaAYVvdBVXl/PV8mWL+m+SfmYJVj7XDJtikt:5ZfQ19udBVpV+q3SfpbXFwkt","tlshash":"4b03f170f1f229451c50e043af28fe7a493cab03e836368d922b95315a778c1f1eee45","first_seen":"2025-09-20T06:53:38.355003Z","last_seen":"2025-10-07T09:44:50.34801Z","times_seen":2,"resource_available":false,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":3,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mrspeedtime-21a8b.kxcdn.com/js/27d773af.d.m.CfTuKk3u.js","fqdn":"mrspeedtime-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:57.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /js/27d773af.d.m.CfTuKk3u.js HTTP/1.1\r\nHost: mrspeedtime-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.239797.win\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mrspeedtime-21a8b.kxcdn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:57 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 9729\r\nlast-modified: Fri, 12 Sep 2025 11:24:49 GMT\r\netag: \"68c40301-2601\"\r\ncontent-encoding: gzip\r\nexpires: Mon, 20 Oct 2025 06:51:57 GMT\r\ncache-control: max-age=2592000\r\nvary: Accept-Encoding\r\nx-cache: HIT\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":94642,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"e1fbae0561e1b1f8796a2e4ba98ff0af","sha1":"967a1bafb842b2b01f31c753ccc961b2c2286511","sha256":"b775258cae032d07681da18b62b9aa7f4356f211d714fb7a5c938fba482384e8","sha512":"22b3ed96a48cd2490d4d83e3c6ef24f9704e1a4bc8325431c952f54ca9d2ba22d9980f0191b01c29542a768a0eace8cb5d56724d0f297e8923a08b6c348a2ead","ssdeep":"384:nE+MMkjiSSi5cH19YNnYeMkUiEvlCbilsyp6eiB4/9kt8o+qjQLn2BJhjvAIIIHb:nE9mSSLYFYeHUxvllpYwdNK3auSU","tlshash":"b1938e9d6a94bc7410a53e42c809e141fccc4a5af7f8f8e2fa5add4826415ce3394fa7","first_seen":"2025-09-19T02:19:58.341702Z","last_seen":"2025-09-20T06:53:38.356021Z","times_seen":2,"resource_available":true,"data":null}},"time_used":3,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":3,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnimages3-21a8b.kxcdn.com/HRJLWPLB/images/SC/Leonbets/actionbn/1125%C3%91%C2%85469+%281%29-201@x2.webp","fqdn":"cdnimages3-21a8b.kxcdn.com","domain":"kxcdn.com","tld":"com"},"ip":{"addr":"195.16.73.219","port":443,"asn":56655,"as":"Gigahost AS","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.239797.win/","date":"2025-09-20T06:51:59.327Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.kxcdn.com","organization":""},"issuer":{"commonName":"Thawte TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 07 Jul 2025 00:00:00 GMT","end":"Thu, 23 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E5:F4:68:86:C8:9D:5E:2C:27:13:12:E5:FD:45:08:C3:39:9E:4C:BE","sha256":"31:29:9B:70:E1:AD:07:98:B4:E8:01:B6:8D:4F:B8:74:43:64:1B:14:37:FD:3F:19:C6:07:00:7D:78:F1:73:A8"}}},"request":{"raw":"GET /HRJLWPLB/images/SC/Leonbets/actionbn/1125%C3%91%C2%85469+%281%29-201@x2.webp HTTP/1.1\r\nHost: cdnimages3-21a8b.kxcdn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.239797.win/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: keycdn\r\ndate: Sat, 20 Sep 2025 06:51:59 GMT\r\ncontent-type: image/webp\r\ncontent-length: 50004\r\nlast-modified: Thu, 04 Sep 2025 09:36:46 GMT\r\netag: \"c354-63df675ba1576\"\r\nexpires: Mon, 20 Oct 2025 06:51:59 GMT\r\ncache-control: max-age=2592000\r\nx-cache: HIT\r\nx-shield: active\r\nx-edge-location: noos\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":50004,"size_decoded":0,"mime_type":"image/webp","magic":"RIFF (little-endian) data, Web/P image, VP8 encoding, 750x313, Scaling: [none]x[none], YUV color, decoders should clamp","md5":"85e1c08bdde2318ae7b4b25bb195f119","sha1":"1e32b8a9a185c6f6da353dd535f0f24f07d75c5f","sha256":"4398685bf8d7561d76c9183871be51743fc363300407199b62c2e15930a6ef91","sha512":"0b81a1c886add4e8f425c1c7a45b598c913f2a13f890797a0608cd0a989e4f5212bb6190a6529678f825ba3b6649cce3ea023a026356109896e0a1967e7ff9b5","ssdeep":"1536:wtNFdL3D/coJTk6K7pfF9AauADie5FB96EW64I5aJ4E:wt7dL3D/cATkvfF96WFLU6J5aJb","tlshash":"81230114c483ccd8589cf891463d43f6bd2de6e05206aff2c822819ff8a7694e79f169","first_seen":"2025-09-07T05:29:21.969554Z","last_seen":"2025-09-20T06:53:38.357079Z","times_seen":3,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}