firefox.settings.services.mozilla.com/v1/
200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 050bfd0155f265780e88dabcdde8b147
93ff7f46889322c0e9dbd3f4695e4c6a7fefe08f
9f3db0b3c51195b5313122d984f5f5f62b2df0f1d818eafefaa8b73e15914038
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Backoff, Alert, Retry-After, Content-Length, Content-Type
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 25 Oct 2022 11:53:07 GMT
Expires: Tue, 25 Oct 2022 12:13:37 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: odbOLP7CGAnG6Il-rockzZ2jA23TqtL00Osd05mSf_9rxZOmXPrSgQ==
Age: 2679
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash e36c852b5e145f2f09fe73111fb162e1
e439c6a462f86a3003d6464a8b9999b1c4d1e210
52a721168d0c41cb0854ff8c730fce3b79db2e804b383238e95ff1401922bd74
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "52A721168D0C41CB0854FF8C730FCE3B79DB2E804B383238E95FF1401922BD74"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3292
Expires: Tue, 25 Oct 2022 13:32:38 GMT
Date: Tue, 25 Oct 2022 12:37:46 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 8db408c487f7d35bba323046736e8d3a
01b91e2dce7c6d3de9adfe6ff4d38f9b24ab7db0
9aeafc72c1a969243e1fc96f68ce18888034a749ee70582208bf814bd40b61a5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9AEAFC72C1A969243E1FC96F68CE18888034A749EE70582208BF814BD40B61A5"
Last-Modified: Tue, 25 Oct 2022 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4102
Expires: Tue, 25 Oct 2022 13:46:08 GMT
Date: Tue, 25 Oct 2022 12:37:46 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zBOxSlK+DVuwjppKmF74ZxJqLtG5A79TXfQobF/MQNBJNdQP1KPrwU/OA4nZAgNbGkk/XG21LK0=
x-amz-request-id: WFZDCKXKQGQDHE8Y
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 25 Oct 2022 12:08:56 GMT
age: 1730
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 12:37:46 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
xcigamesdd.com/mario-rabbids-sparks-of-hope/
200 OK 36 kB URL HTTP/1.1 xcigamesdd.com/mario-rabbids-sparks-of-hope/
IP
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (46351), with CRLF, LF line terminators
Hash 494e72019ad07fc02c49a96937d90380
cc67264cfae710a4a6b9dc7d08a6a774b90ac170
5b6ddce7e00acb376a61241a4e5797617494767f7abcb3d3fc994c4c7d796add
GET /mario-rabbids-sparks-of-hope/ HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
set-cookie: __wpdm_client=c11170dca089cc3d7eb6d01a7f1a1068; HttpOnly
content-type: text/html; charset=UTF-8
x-pingback: http://xcigamesdd.com/xmlrpc.php
link: <https://xcigamesdd.com/wp-json/>; rel="https://api.w.org/", <https://xcigamesdd.com/wp-json/wp/v2/posts/6793>; rel="alternate"; type="application/json", <https://xcigamesdd.com/?p=6793>; rel=shortlink
cache-control: public, max-age=0
expires: Tue, 25 Oct 2022 12:37:45 GMT
x-litespeed-cache: miss
content-length: 35734
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
date: Tue, 25 Oct 2022 12:37:45 GMT
xcigamesdd.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=2.4.0.7
200 OK 12 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=2.4.0.7
IP
File type ASCII text, with very long lines (65371)
Hash be7f4c7d5b01eeb9658f928317e6d6b4
8f7d25b03481d045dc2f87119959459630265351
ba0ad71c3596a80cc6dc24f6c8c4ae90693cdcda8c02c314cec234860f785b04
GET /wp-content/plugins/content-views-query-and-display-post-page/public/assets/css/cv.css?ver=2.4.0.7 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: text/css
last-modified: Mon, 04 Jul 2022 22:11:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 11759
date: Tue, 25 Oct 2022 12:37:46 GMT
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash d114ab00b1cfe7f9b4f56c7b3655b55d
641e580d6148329b0c9eb2d49f5f8a30c08f30e9
e5420e919b2c05c148179c7d85a210941be6862b1f65ccfafcfc38d960bf38d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 12:37:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/css/font-awesome/css/font-awesome.min.css?ver=6.0.3
200 OK 4.7 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/css/font-awesome/css/font-awesome.min.css?ver=6.0.3
IP
File type ASCII text, with very long lines (20604)
Hash 2cb90fac97922f17341da79b40c6fd8b
d5b9b24bff8cba81e5c345483e7a107414325b43
dc1a9cc5dbad4697419ba2abcf7a4789657a718177f1974b6e36838dfac517e0
GET /wp-content/plugins/responsive-accordion-and-collapse/css/font-awesome/css/font-awesome.min.css?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 13:41:41 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 4653
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/download-manager/assets/css/front.css?ver=6.0.3
200 OK 12 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/download-manager/assets/css/front.css?ver=6.0.3
IP
File type ASCII text, with very long lines (482)
Hash a4c7398634fdfefa2438148aac1c00d0
45d3dbee49ac5d499a6d4429f98e78e5f15b9741
6f0f132936a00fa08dd112b80ce1058290821c853896e4594844647aee6a628c
GET /wp-content/plugins/download-manager/assets/css/front.css?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: text/css
last-modified: Mon, 17 Oct 2022 07:51:06 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 11716
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/allow-webp-image/public/css/allow-webp-image-public.css?ver=1.0.1
200 OK 98 B URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/allow-webp-image/public/css/allow-webp-image-public.css?ver=1.0.1
IP
Hash e6094661d8923e95b233019ebff7c8f0
cfd836d385d475baffee45d85cfeb9bb36e70d9e
547dda3c14b284819be511be1e410da94a5efc6ccc4a9afe1c75394f9333191a
GET /wp-content/plugins/allow-webp-image/public/css/allow-webp-image-public.css?ver=1.0.1 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: text/css
last-modified: Tue, 22 Mar 2022 02:01:23 GMT
accept-ranges: bytes
content-length: 98
date: Tue, 25 Oct 2022 12:37:46 GMT
vary: Accept-Encoding
xcigamesdd.com/wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=3.2.3
200 OK 463 B URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=3.2.3
IP
File type ASCII text, with very long lines (1451), with no line terminators
Hash 245e525ddd673a0a9a7ebe8a1a32eb00
68410696a60f51dcb5df8fa9d0c0ef96879197e8
94db2ea5cd36e9dd7e7758bd12e65e7b19d96e87488b5aadafccde60884f917a
GET /wp-content/plugins/contextual-related-posts/css/rounded-thumbs.min.css?ver=3.2.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: text/css
last-modified: Fri, 02 Sep 2022 16:48:09 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 463
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/download-manager/assets/bootstrap/css/bootstrap.min.css?ver=6.0.3
200 OK 9.8 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/download-manager/assets/bootstrap/css/bootstrap.min.css?ver=6.0.3
IP
File type ASCII text, with very long lines (57835), with no line terminators
Hash 399ba5b3f84b6def00ce6b87e33fbb50
665985a193f8d9f3df9a8639adaebb401c03d75c
1bccaeb95d636659690f1220233e083ce31272d50ca7142a27fb9c59b8fdc525
GET /wp-content/plugins/download-manager/assets/bootstrap/css/bootstrap.min.css?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: text/css
last-modified: Mon, 17 Oct 2022 07:51:05 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 9771
date: Tue, 25 Oct 2022 12:37:46 GMT
arsnivyr.com/1?z=5382937
200 OK 3.5 kB IP
File type ASCII text, with very long lines (7782)
Hash cff7f6c56a6964095d5ba0e79394ad16
7fa4fbeff499115b355374613658cf8575ac7547
93aff4d25f0a28144bb3c7d6a36f95d03a94a3e64297af4d7f11f245cb8fd69a
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5382937 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 25 Oct 2022 12:37:47 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin:
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
X-Trace-Id: 0355f0f7d58ac555686d06dc71f275d2
Access-Control-Expose-Headers: X-Sc
X-Sc: NCwIjoAGZXJ8XZcIMQM9oBZTipYeuiC05S1TpiZ4AKYf38Jm4OHBGUaEHeG9fUAQzhH6uJTUSa5eaZPz8Z5PozW5HRM=
Set-Cookie: scm=1; expires=Wed, 25 Oct 2023 12:37:47 GMT; secure; SameSite=None
OAID=3c8ac2c6020c4abea9ed873ff9f77c10; expires=Wed, 25 Oct 2023 12:37:47 GMT; secure; SameSite=None
oaidts=1666701467; expires=Wed, 25 Oct 2023 12:37:47 GMT; secure; SameSite=None
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
xcigamesdd.com/wp-content/plugins/download-manager/assets/fontawesome/css/all.min.css?ver=6.0.3
200 OK 21 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/download-manager/assets/fontawesome/css/all.min.css?ver=6.0.3
IP
File type ASCII text, with very long lines (65317)
Hash 5e17a5be51d5306c1f0cf06584857b5a
012e4548497b1183ed61e76adc32921f1d71df61
f1d26d7b6a4d8c71f0397878b2d70bb7ac05e89d59f52ee30331e9a12ee9e163
GET /wp-content/plugins/download-manager/assets/fontawesome/css/all.min.css?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: text/css
last-modified: Mon, 17 Oct 2022 07:51:06 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 20848
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/css/bootstrap-front.css?ver=6.0.3
200 OK 1.6 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/css/bootstrap-front.css?ver=6.0.3
IP
Hash 80bced94327e5768680e9eaa99458c7a
a7a4a0b80521d015572c968a73bf4f666ecd3300
02a566fe43f6cebf0d491eb007147939c867a42af384bc5d276477aca528cfc5
GET /wp-content/plugins/responsive-accordion-and-collapse/css/bootstrap-front.css?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: text/css
last-modified: Tue, 11 Oct 2022 13:41:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 1572
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/if-menu/assets/if-menu-site.css?ver=6.0.3
200 OK 491 B URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/if-menu/assets/if-menu-site.css?ver=6.0.3
IP
Hash 9dc75495a901b0f89baf50f2fb963f4e
948f3e9c570f041c440a58cccd2485a1b09b203e
b5d3cd652f4d5c2a8d565ed3cb3b9fec781ddaa0d296ce4fc07a628e97a6513d
GET /wp-content/plugins/if-menu/assets/if-menu-site.css?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: text/css
last-modified: Mon, 27 Jun 2022 03:09:31 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 491
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4
200 OK 1.8 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4
IP
File type ASCII text, with very long lines (8319)
Hash 0689a6c3f80a5459a071f1011cdf3960
f7422ba0692c1615df809d59cda5d66b992d8061
cb30e5065929317605de07d6d5b68dddf00674132ffd71e153f844d469fe5ae5
GET /wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css?ver=14.1.4 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: text/css
last-modified: Tue, 20 Sep 2022 15:28:51 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 1786
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/themes/orbital/assets/css/main.css?ver=6.0.3
200 OK 11 kB URL HTTP/1.1 xcigamesdd.com/wp-content/themes/orbital/assets/css/main.css?ver=6.0.3
IP
File type ASCII text, with very long lines (55626)
Hash 8b0b80e1670e19e21b21518fc248ecdd
5d9eff9ea9ae4875fff2e8d9f5a005dc6e926be5
ad4698f12c9b9c535bd1d7077065806bf3a9690c1a1a02f5dc66afd9b1dc1bb3
GET /wp-content/themes/orbital/assets/css/main.css?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: text/css
last-modified: Sat, 29 Jan 2022 15:58:54 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 11233
date: Tue, 25 Oct 2022 12:37:46 GMT
use.fontawesome.com/releases/v5.7.2/js/all.js?ver=6.0.3
200 OK 402 kB URL HTTP/1.1 use.fontawesome.com/releases/v5.7.2/js/all.js?ver=6.0.3
IP
File type ASCII text, with very long lines (65536), with no line terminators
Size 402 kB (402168 bytes)
Hash 2e77c777e56da87903605efc63a17a2e
1609e549e4bda4d6c0d185ddc8f0b302e8597c32
076bf0a40668e22b3cc9070631537f2d7812408717a40f2f2cee22a21342020d
GET /releases/v5.7.2/js/all.js?ver=6.0.3 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 12:37:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
x-amz-id-2: W23z2TAg1Lw9aSjkRJVdtv5X/oDNLnzZbMSTvgihtWBnLfmVu87Tk9tm5pWmRFI2DIsI25grNzs=
x-amz-request-id: D99E9EQ18Z9MHXJB
Last-Modified: Wed, 30 Jun 2021 15:45:57 GMT
ETag: W/"3321acfaaf879848a1f6773e691e2dd0"
Cache-Control: max-age=31556926
CF-Cache-Status: HIT
Age: 653426
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AjP67FHnD4NP0N0nzFVOFuJl4WmXUnM7PayJfJrmKgMN3dUm9pbfyHz1LVxdiQUvKdtLz6EBsraP1zn6daHJ%2FMVdk%2Bmwe0MxiYEqkeiQqicQmkiJTDJebsENmpxXRDveu7%2Fgst79"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75fb01698a3d8879-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
xcigamesdd.com/wp-content/plugins/allow-webp-image/public/js/allow-webp-image-public.js?ver=1.0.1
200 OK 475 B URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/allow-webp-image/public/js/allow-webp-image-public.js?ver=1.0.1
IP
Hash f18f244bed87a1ae2819af17fb2766cb
07add1b1b35612815df2f7a491dff60ab34507f5
8b772d78e109484da06c428e7c6f3de1ab9f9128313cad7be43088c2a70d7755
GET /wp-content/plugins/allow-webp-image/public/js/allow-webp-image-public.js?ver=1.0.1 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Tue, 22 Mar 2022 02:01:23 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 475
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/download-manager/assets/js/front.js?ver=3.2.58
200 OK 11 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/download-manager/assets/js/front.js?ver=3.2.58
IP
File type ASCII text, with very long lines (4122)
Hash 3cbd85c841637aad5fb79be852864447
1101da7834adea5fbd347c9012921dc50ae61853
74cec79ecb31abcb3d25e5db47719ae1ed103b8f0381ef7448b91701c1828845
GET /wp-content/plugins/download-manager/assets/js/front.js?ver=3.2.58 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Mon, 17 Oct 2022 07:51:07 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 10932
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
200 OK 4.2 kB URL HTTP/1.1 xcigamesdd.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP
File type ASCII text, with very long lines (11126)
Hash c41f3a82e911de81a1817131069bc7d2
1e883290a0b794916cead41e5f0705716fd77b89
e9791f24770f098ea30bb4d25e2e10bdedb97132d0bbf7d2bd79eedac22efa27
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Sat, 10 Sep 2022 21:42:19 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 4168
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
200 OK 31 kB URL HTTP/1.1 xcigamesdd.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
IP
File type ASCII text, with very long lines (65447)
Hash 554969c8ed0e4b5eece1261c4e1e9cd0
3b514b21c2e26b2caa15054e43ed00184a8ebc38
4a10709ca76c5112fbaf69e065b4ef93dd37bcffd4ae39b351e56d40c9322123
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.0 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Sat, 10 Sep 2022 21:42:19 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 30969
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4
200 OK 4.6 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4
IP
File type ASCII text, with very long lines (1003)
Hash b368ca801928cdcb87d5162d1521af98
ed36cd9e6ad5122f9bc4f59cb87359c7ed52d404
91230b93eaa7ae02f4ce76d51e89252d545954e87b014e19c838021afd73ae8b
GET /wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js?ver=14.1.4 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 15:28:52 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 4587
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/koko-analytics/assets/dist/js/script.js?ver=1.0.34
200 OK 901 B URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/koko-analytics/assets/dist/js/script.js?ver=1.0.34
IP
File type ASCII text, with very long lines (1706)
Hash 2538ff8c73971083371620417f177f7f
bc3766d3fc416907aaa20a242641a45c26081df7
e6eea4b52f9fd3525887378ead0d048b603cac0a117bd2272a96ae131c0352d4
GET /wp-content/plugins/koko-analytics/assets/dist/js/script.js?ver=1.0.34 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 15:28:55 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 901
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
200 OK 7.1 kB URL HTTP/1.1 xcigamesdd.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
IP
File type Unicode text, UTF-8 text, with very long lines (19138), with no line terminators
Hash a0798e1907e23a55c0f4ffebabb1fd48
aae64554a44eb45ae03b497cacfbb56b30cedade
5eb6c2a3b9c101ee2806a07fbd9177c4480db87871bef7d6a760a26dff1bd12b
GET /wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Sat, 10 Sep 2022 21:42:14 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 7098
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=2.4.0.7
200 OK 6.7 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=2.4.0.7
IP
File type ASCII text, with very long lines (12198), with CRLF line terminators
Hash 2e22c8149399e73ff0da65402d803699
129f97cae31d3d3dca417341ec415d2303dce30b
114ee3bb4212ea8f6d7d9d10c786a684674a4973b9b938c21b0f7e8aaa5b5971
GET /wp-content/plugins/content-views-query-and-display-post-page/public/assets/js/cv.js?ver=2.4.0.7 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Mon, 04 Jul 2022 22:11:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 6730
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/pt-content-views-pro/public/assets/js/cvpro.min.js?ver=5.8.0
200 OK 46 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/pt-content-views-pro/public/assets/js/cvpro.min.js?ver=5.8.0
IP
File type Unicode text, UTF-8 text, with very long lines (32126)
Hash 0aec5f99695007286dc53e9e8a1c2c70
80eeeb6ee67b570ee83e254e566ab5ae40191e13
d612d876e075d3811706cc42f6ec102c9ead6cacc80e574f6f8c5f17c6bd43e8
GET /wp-content/plugins/pt-content-views-pro/public/assets/js/cvpro.min.js?ver=5.8.0 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Tue, 28 Jul 2020 23:30:03 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 46186
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
200 OK 2.4 kB URL HTTP/1.1 xcigamesdd.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9
IP
File type ASCII text, with very long lines (6475), with no line terminators
Hash 9939da8da9b306b91ddc5c68ea402d66
4cd4ea5f2dcd09fec713c36cb1c1c31ace0373b5
63b97ebb1748143ca6093d63ccdb14b2748f002df4caddfaa15c1173cb2c4942
GET /wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.13.9 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Sat, 10 Sep 2022 21:42:14 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 2439
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/js/accordion.js?ver=6.0.3
200 OK 206 B URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/js/accordion.js?ver=6.0.3
IP
File type ASCII text, with very long lines (409), with CRLF line terminators
Hash c9fc246cc82759202472df0d2b598db4
1e7c1dac85ee36c0becb07515ad602946efb2e21
7ffd4a4d3620f7b6e868fdb809fd5aa47330241f03b3b991bde3ad5c03317ca2
GET /wp-content/plugins/responsive-accordion-and-collapse/js/accordion.js?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 13:41:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 206
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94
200 OK 3.9 kB URL HTTP/1.1 xcigamesdd.com/wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94
IP
Hash 744d07a5a18516a5eda2c915c57a8d3e
848f74eb379c38dd0a1928f07673804e0f08d5a1
39243a0d7eff0b8436162e5964241b334691314c7dee690b05e696c48f354c14
GET /wp-includes/js/dist/i18n.min.js?ver=ebee46757c6a411e38fd079a7ac71d94 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Sat, 10 Sep 2022 21:42:17 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 3863
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-includes/js/jquery/jquery.form.min.js?ver=4.3.0
200 OK 6.0 kB URL HTTP/1.1 xcigamesdd.com/wp-includes/js/jquery/jquery.form.min.js?ver=4.3.0
IP
File type ASCII text, with very long lines (16109), with no line terminators
Hash e1eac240de23271e5a12f769c9c3e307
8f72405f81d6da160bd92473762be6590da8821f
ef1b6af6826be7419985283ef0c69093e0e5c06cbd499c8ef13d4c07ffc8c5f2
GET /wp-includes/js/jquery/jquery.form.min.js?ver=4.3.0 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Sat, 10 Sep 2022 21:42:19 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 5952
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/easy-affiliate-links/dist/public.js?ver=3.7.0
200 OK 7.2 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/easy-affiliate-links/dist/public.js?ver=3.7.0
IP
File type ASCII text, with very long lines (1004)
Hash 6d6bc1b948a9e8016ed5733b65f0f8d2
9dde6af420a147c905f5b2aaf35753c97f8e322d
f92fbcbd02da631a978569076d1f2c6987b797322747d876ba8e3f9486b56737
GET /wp-content/plugins/easy-affiliate-links/dist/public.js?ver=3.7.0 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Sun, 04 Sep 2022 01:03:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 7150
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/js/accordion-custom.js?ver=6.0.3
200 OK 14 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/responsive-accordion-and-collapse/js/accordion-custom.js?ver=6.0.3
IP
File type ASCII text, with CRLF line terminators
Hash 9c7b2f3263a89dfa926be94a632a9ea9
0e0122f253a7b88f92db5d63f2d4fa984b422b49
dacfba7cd7237777205ffce28936dea4cb0d9dac5c009cf8aeeb3fc78797a923
GET /wp-content/plugins/responsive-accordion-and-collapse/js/accordion-custom.js?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Tue, 11 Oct 2022 13:41:42 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 13615
date: Tue, 25 Oct 2022 12:37:46 GMT
linkmoe.org/js/full-page-script.js
200 OK 759 B URL HTTP/1.1 linkmoe.org/js/full-page-script.js
IP
File type C source, ASCII text, with very long lines (2161)
Hash 54c907e14e23f8ce889d1c1f08c5a08c
d62dc80f03342ba9f129b9ebae6d3a71a4d32812
fe51e89770bbad259e95e979095088225f031c6c2047c7abaa45a05fd70afc18
GET /js/full-page-script.js HTTP/1.1
Host: linkmoe.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=2592000
expires: Thu, 24 Nov 2022 12:37:46 GMT
content-type: application/javascript
last-modified: Tue, 30 Nov 2021 01:45:16 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,User-Agent
content-length: 759
date: Tue, 25 Oct 2022 12:37:46 GMT
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
xcigamesdd.com/wp-content/themes/orbital/assets/js/navigation.js?ver=20190101
200 OK 0 B URL HTTP/1.1 xcigamesdd.com/wp-content/themes/orbital/assets/js/navigation.js?ver=20190101
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wp-content/themes/orbital/assets/js/navigation.js?ver=20190101 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Sat, 29 Jan 2022 15:58:54 GMT
accept-ranges: bytes
content-length: 0
date: Tue, 25 Oct 2022 12:37:46 GMT
vary: Accept-Encoding
xcigamesdd.com/wp-content/themes/orbital/assets/js/main.js?ver=20190101
200 OK 1.4 kB URL HTTP/1.1 xcigamesdd.com/wp-content/themes/orbital/assets/js/main.js?ver=20190101
IP
Hash 2f0b0bb5aa7056365134163018b2c575
3ae8af3913ac9842c2b10fe1b7492a36849dbf33
db0f85bf0e90832fe96638d57f3cfae9b3904a0076366324d97c6b454b4f3d83
GET /wp-content/themes/orbital/assets/js/main.js?ver=20190101 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Sat, 29 Jan 2022 15:58:54 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 1448
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-includes/js/comment-reply.min.js?ver=6.0.3
200 OK 1.3 kB URL HTTP/1.1 xcigamesdd.com/wp-includes/js/comment-reply.min.js?ver=6.0.3
IP
File type ASCII text, with very long lines (2946)
Hash 1cfd4f485ffd20e7ee7693364fef33f9
a8c5d35ad20664ccfe03d7acfcbdb0a1e28d3fd8
b433efd57400d409a207820e22b93662fa48a0737a96eb44a4c6ce3b46ee7403
GET /wp-includes/js/comment-reply.min.js?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Sat, 10 Sep 2022 21:42:13 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 1349
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.4
200 OK 1.1 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.4
IP
File type HTML document, ASCII text, with very long lines (3102)
Hash bef20d56c920050759600f6a69638e38
d29ad33842c8879355e9f3fb8a53a5f7570e9375
ff2622bcaf53c73f4598e54038b16dd1f3e8c0605d5c7f41c33f9c2ddab9adfb
GET /wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js?ver=14.1.4 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Tue, 20 Sep 2022 15:28:52 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 1076
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1664421472
200 OK 3.1 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1664421472
IP
Hash 50d912e2d0b9482f62619f6f29b0d519
be42483c21612c384532ca8e122b7fb8ed8ef54e
504c01b2ee73c18370d0e074a899b55655c1c4c7a18f4ec1b8c2d492b928e8c2
GET /wp-content/plugins/akismet/_inc/akismet-frontend.js?ver=1664421472 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Thu, 29 Sep 2022 03:17:52 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 3067
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-content/themes/orbital/assets/js/social.min.js?ver=20190101
200 OK 2.6 kB URL HTTP/1.1 xcigamesdd.com/wp-content/themes/orbital/assets/js/social.min.js?ver=20190101
IP
File type ASCII text, with very long lines (6521), with no line terminators
Hash e4cd24c4790b9aa939d63faf551e7cea
356cccc76e8254e79ca93e547a1b278c02c14c8f
b388508e87fecdb8b25850685793e09ca2608db1990ad31ced923795e24d16ca
GET /wp-content/themes/orbital/assets/js/social.min.js?ver=20190101 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Sat, 29 Jan 2022 15:58:54 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 2622
date: Tue, 25 Oct 2022 12:37:46 GMT
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f1ae675435a8f16bc0b04ec012c41979
182f87a81464c80b0b25fb524c59592cd40b0ef4
9191ced121d8740b4ed3af75db3033e72c0c44c0b45004abd714583deaa749a4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 12:37:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Tue, 25 Oct 2022 12:33:32 GMT
Cache-Control: max-age=3600
Expires: Tue, 25 Oct 2022 13:14:21 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 f00e3524edcdf61801454f2bb21e71ce.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: zX7HVD_CJtv9OCNY00e2zLfNKCSo8EepoU0FKjSPTcFh3hbfolKqeg==
Age: 255
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash d114ab00b1cfe7f9b4f56c7b3655b55d
641e580d6148329b0c9eb2d49f5f8a30c08f30e9
e5420e919b2c05c148179c7d85a210941be6862b1f65ccfafcfc38d960bf38d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 12:37:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xcigamesdd.com/wp-content/plugins/pt-content-views-pro/public/assets/css/cvpro.min.css?ver=5.8.0
200 OK 20 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/pt-content-views-pro/public/assets/css/cvpro.min.css?ver=5.8.0
IP
File type ASCII text, with very long lines (42471), with CRLF line terminators
Hash e1a90e1a59f0501563ad5915ad7d3861
bb806e4914f278c7e77ce186a5d73fff6b9aff88
0d878b4af92bf67eaaf8fb1d52d4ae908d31d3cd8a6660328acb15dac84b39b3
GET /wp-content/plugins/pt-content-views-pro/public/assets/css/cvpro.min.css?ver=5.8.0 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: text/css
last-modified: Tue, 28 Jul 2020 23:30:03 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 20413
date: Tue, 25 Oct 2022 12:37:46 GMT
xcigamesdd.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
200 OK 12 kB URL HTTP/1.1 xcigamesdd.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.3
IP
File type ASCII text, with very long lines (43771)
Hash 9f76c05d4aec8a23bbb9131800060916
ba854132574f3add765c016ff6cef2a30bddc5e0
c73bcff8e403046219e8f9dfb99e029b8d58099b8c5fb5f6508127702fd1b275
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: text/css
last-modified: Sat, 10 Sep 2022 21:42:12 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 11658
date: Tue, 25 Oct 2022 12:37:46 GMT
www.googletagmanager.com/gtag/js?id=UA-12043064-122
200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-12043064-122
IP
File type ASCII text, with very long lines (1588)
Hash 46bad87737c0b40003d5d1c3b4b445da
74c9e627b48ac315dbb47ad86377cd2661c747f4
fc101aa108587e4d8e91d8b549f201ff48ac893b0399f4fc46decf6511e00753
GET /gtag/js?id=UA-12043064-122 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 25 Oct 2022 12:37:47 GMT
expires: Tue, 25 Oct 2022 12:37:47 GMT
cache-control: private, max-age=900
last-modified: Tue, 25 Oct 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43573
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
200 OK 472 B IP
Hash f1ae675435a8f16bc0b04ec012c41979
182f87a81464c80b0b25fb524c59592cd40b0ef4
9191ced121d8740b4ed3af75db3033e72c0c44c0b45004abd714583deaa749a4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 12:37:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
pl17661227.profitablegatetocontent.com/849ad080ebdaa9ca9dd84f2d9f8c2306/invoke.js
200 OK 9.3 kB URL HTTP/1.1 pl17661227.profitablegatetocontent.com/849ad080ebdaa9ca9dd84f2d9f8c2306/invoke.js
IP
File type Unicode text, UTF-8 text, with very long lines (25102), with no line terminators
Hash a99350cd06ed4c1f340acfd4ee8c45b6
c4d3a3c6a47b8c2d66de48f1c757742cd678d4eb
2f8eb7baf9e26556ced2e744766951b24cc3f857a9a155e511d476b3d1ed8e48
Analyzer Verdict Alert quad9 Sinkholed
GET /849ad080ebdaa9ca9dd84f2d9f8c2306/invoke.js HTTP/1.1
Host: pl17661227.profitablegatetocontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 25 Oct 2022 12:37:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5074d50499b60c68b8e9f653319112c3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
xcigamesdd.com/mario-rabbids-sparks-of-hope/
200 OK 0 B URL HTTP/1.1 xcigamesdd.com/mario-rabbids-sparks-of-hope/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /mario-rabbids-sparks-of-hope/ HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
Cookie: __wpdm_client=c11170dca089cc3d7eb6d01a7f1a1068
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html; charset=UTF-8
x-pingback: http://xcigamesdd.com/xmlrpc.php
link: <https://xcigamesdd.com/wp-json/>; rel="https://api.w.org/", <https://xcigamesdd.com/wp-json/wp/v2/posts/6793>; rel="alternate"; type="application/json", <https://xcigamesdd.com/?p=6793>; rel=shortlink
cache-control: public, max-age=0
expires: Tue, 25 Oct 2022 12:37:45 GMT
x-litespeed-cache: hit
date: Tue, 25 Oct 2022 12:37:46 GMT
vary: Accept-Encoding
ardslediana.com/5/5260642/?oo=1&aab=1
200 OK 1.3 kB URL HTTP/1.1 ardslediana.com/5/5260642/?oo=1&aab=1
IP
File type JSON data\012- , ASCII text, with very long lines (2717), with no line terminators
Hash 6536d8b1184d5b2185c8d6bcff900660
215703f2e92c33423059e563021eb44fd4eccd3c
306ed1e665e7540487728d5197a5eec74e49a8dc82fafa3bf2c6fb466c446833
Analyzer Verdict Alert quad9 Sinkholed
GET /5/5260642/?oo=1&aab=1 HTTP/1.1
Host: ardslediana.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 25 Oct 2022 12:37:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: fc3e5165556c90c2ccfe11894c48ecd2
Link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=2ba257c6ac604d8abd91bcf06d28d02f; expires=Wed, 25 Oct 2023 12:37:47 GMT; path=/
oaidts=1666701467; expires=Wed, 25 Oct 2023 12:37:47 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Content-Encoding: gzip
ocsp.digicert.com/
200 OK 471 B IP
Hash 518ff04fd536958e285cf07aaf4a2786
fa5dad2391c2a9957340bd629f0462db4f412a5c
608c78964412d5dc7025e9cbfaef345d448a29eae0f11257c49a41f274917b9a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4854
Cache-Control: max-age=161395
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 12:37:47 GMT
Etag: "63579918-1d7"
Expires: Thu, 27 Oct 2022 09:27:42 GMT
Last-Modified: Tue, 25 Oct 2022 08:06:48 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
xcigamesdd.com/wp-content/uploads/2020/07/mega.png
200 OK 18 kB URL HTTP/2 xcigamesdd.com/wp-content/uploads/2020/07/mega.png
IP
File type PNG image data, 368 x 90, 8-bit/color RGBA, non-interlaced\012- data
Hash 83e8f8608d41ab78b1576cbfd4b88ecb
39024b7093764cc1bbbd964a70da3aabf1db7bf3
52f170c9a428acc1b5c7873dd2ec43bc9e6705c7fd29980581d09af8c472ee29
GET /wp-content/uploads/2020/07/mega.png HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=10368000,public
expires: Wed, 22 Feb 2023 12:37:46 GMT
content-type: image/png
last-modified: Wed, 29 Jul 2020 00:05:11 GMT
accept-ranges: bytes
content-length: 18354
date: Tue, 25 Oct 2022 12:37:46 GMT
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
ardslediana.com/tag.min.js
200 OK 25 kB URL HTTP/1.1 ardslediana.com/tag.min.js
IP
File type ASCII text, with very long lines (65536), with no line terminators
Hash 4cd2538dbc17cff1463047e19b1d733d
afb7a32233d44bedd103eb9089bf17310229c738
3c9fa100b9f2838ba3d13a3e600c15f324350bea09f10dfeee7a1a925880fb95
Analyzer Verdict Alert quad9 Sinkholed
GET /tag.min.js HTTP/1.1
Host: ardslediana.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 25 Oct 2022 12:37:47 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 24583
Connection: keep-alive
Content-Encoding: gzip
X-Trace-Id: 0af2cba59dd3a074a0ff2a323eacb9a2
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Accept-Ranges: bytes
Last-Modified: Thu, 20 Oct 2022 13:18:30 GMT
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
xcigamesdd.com/wp-content/themes/orbital/assets/fonts/fontawesome-webfont.woff
200 OK 98 kB URL HTTP/1.1 xcigamesdd.com/wp-content/themes/orbital/assets/fonts/fontawesome-webfont.woff
IP
File type Web Open Font Format, TrueType, length 98024, version 4.7\012- data
Hash fee66e712a8a08eef5805a46892932ad
28b782240b3e76db824e12c02754a9731a167527
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07
GET /wp-content/themes/orbital/assets/fonts/fontawesome-webfont.woff HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://xcigamesdd.com/wp-content/themes/orbital/assets/css/main.css?ver=6.0.3
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=10368000
expires: Wed, 22 Feb 2023 12:37:46 GMT
content-type: font/woff
last-modified: Sat, 29 Jan 2022 15:58:55 GMT
accept-ranges: bytes
content-length: 98024
date: Tue, 25 Oct 2022 12:37:46 GMT
vary: Accept-Encoding
xcigamesdd.com/wp-content/uploads/2022/10/MARIO-RABBIDS-SPARKS-OF-HOPE.webp
200 OK 27 kB URL HTTP/2 xcigamesdd.com/wp-content/uploads/2022/10/MARIO-RABBIDS-SPARKS-OF-HOPE.webp
IP
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 432x700, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash b84738f6b98d974a9b91a73060938ff4
1eb87d09c314466df65b2ad0d59f524cade8c69f
8c5d83d7e5c2ef026299cda27b717e67b23f981f34cdb9c261a1590b396dd459
GET /wp-content/uploads/2022/10/MARIO-RABBIDS-SPARKS-OF-HOPE.webp HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=10368000
expires: Wed, 22 Feb 2023 12:37:46 GMT
content-type: image/webp
last-modified: Wed, 19 Oct 2022 00:22:36 GMT
accept-ranges: bytes
content-length: 26832
date: Tue, 25 Oct 2022 12:37:46 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
xcigamesdd.com/wp-content/uploads/2022/01/logoxci.png
200 OK 10 kB URL HTTP/2 xcigamesdd.com/wp-content/uploads/2022/01/logoxci.png
IP
File type PNG image data, 334 x 58, 8-bit/color RGBA, non-interlaced\012- data
Hash 4b646576d6afbe79ad073d2ff3f945b4
a98a2981b600bc08a7e3381696ef999f5ce4c651
82f3f21007e3ae451a7b0183f02388891d264e2da939050aad86a3a08464e37d
GET /wp-content/uploads/2022/01/logoxci.png HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=10368000,public
expires: Wed, 22 Feb 2023 12:37:46 GMT
content-type: image/png
last-modified: Sat, 29 Jan 2022 20:52:16 GMT
accept-ranges: bytes
content-length: 10423
date: Tue, 25 Oct 2022 12:37:46 GMT
vary: Accept-Encoding
X-Firefox-Spdy: h2
ocsp.digicert.com/
200 OK 278 B IP
Hash 8e059d8d49dcce28bdc6706783226b34
6bda2e738ae8ecfb56b819b879d6c15244a37b5f
3df203a12145b66b41035aa23f7fb140f5965eb825156f5f324639867018c9d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6294
Cache-Control: max-age=159962
Content-Type: application/ocsp-response
Date: Tue, 25 Oct 2022 12:37:47 GMT
Etag: "63578ddf-116"
Expires: Thu, 27 Oct 2022 09:03:49 GMT
Last-Modified: Tue, 25 Oct 2022 07:18:55 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
tzegilo.com/stattag.js
200 OK 5.5 kB IP
File type ASCII text, with very long lines (13017), with no line terminators
Hash 41d6e66e6234d0457dfa6d74d9185209
87985c40fe27ec4a1a5f89d96e3225aaf47aad66
ffcba287d8873752a08d23ce2da7e631bb6eb2a953260d028125802d71fbdc1d
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 25 Oct 2022 12:37:47 GMT
content-type: application/javascript
last-modified: Tue, 18 Oct 2022 14:05:58 GMT
etag: W/"634eb2c6-32d9"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5948
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qgYCghlcVlC05xeQi%2FysmlTgqY9xlnKOWs%2By9t5XKAtWDWtHQW4l%2BfZnpmE9BsohCIIaiJpJwHj9pn9TXrlZIn91qLnw2bqCJnk92yrzsydoowjc0VhDhFcO7q2XLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75fb016e9a95fac8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 95a51c34db547f8d13390f1f8045d1d4
9e7ee780add8623169e3da4e59b64a44a67344a6
9607f83a7722f0fb0cfa160af1b8f300d23e363f9385822702217cd6cd67a788
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9607F83A7722F0FB0CFA160AF1B8F300D23E363F9385822702217CD6CD67A788"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1294
Expires: Tue, 25 Oct 2022 12:59:21 GMT
Date: Tue, 25 Oct 2022 12:37:47 GMT
Connection: keep-alive
push.services.mozilla.com/
101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 4k9ZDmTSKLU+eodLRkkVYg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: hohGTa+SggT3vhIGLMwtKP7dNpU=
www.highperformancedisplayformat.com/a91295b86ab6fe2c5666ef59da3743bf/invoke.js
200 OK 9.8 kB URL HTTP/1.1 www.highperformancedisplayformat.com/a91295b86ab6fe2c5666ef59da3743bf/invoke.js
IP
File type exported SGML document, ASCII text, with very long lines (26967), with no line terminators
Hash dcaaa3fa79f25cf149a068ec38372581
ae65ee866638fa5f45141467a3f47c519deff6ca
30e182abb2440e530e2cd85fc065fde8931f1598a9ab85c422ed761831c2630a
Analyzer Verdict Alert quad9 Sinkholed
GET /a91295b86ab6fe2c5666ef59da3743bf/invoke.js HTTP/1.1
Host: www.highperformancedisplayformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 25 Oct 2022 12:37:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e9dc292d1a4da170323043a378e32d8c
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sectigo.com/
200 OK 471 B IP
Hash e4e9602f1062e692c3df5dc1eec489cb
ab47ab5548fed1ea1e145becb03a9885eacf7ddb
036e9d4e5c9e9bc75cbb78389fbcc4a5cdfa3463feddd5db8a11375b8c964af0
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 12:37:48 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 24 Oct 2022 06:25:20 GMT
Expires: Mon, 31 Oct 2022 06:25:19 GMT
Etag: "ab47ab5548fed1ea1e145becb03a9885eacf7ddb"
Cache-Control: max-age=495450,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75fb016eec380b51-OSL
my.rtmark.net/gid.js?userId=2ba257c6ac604d8abd91bcf06d28d02f
200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=2ba257c6ac604d8abd91bcf06d28d02f
IP
File type JSON data\012- , ASCII text
Hash 6728287b7d996f4cd61cd704949988ed
16db65d883213444bcd053c742beadbb5ed2e375
e6760347778b2866463537b4570597db4d7fdafe577d6ca3ddd098b48627bc2d
GET /gid.js?userId=2ba257c6ac604d8abd91bcf06d28d02f HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 12:37:48 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=2ba257c6ac604d8abd91bcf06d28d02f; expires=Wed, 25 Oct 2023 12:37:48 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
www.highperformancedisplayformat.com/e0545ea4e9fad86bbc397bc0cf40db8c/invoke.js
200 OK 9.8 kB URL HTTP/1.1 www.highperformancedisplayformat.com/e0545ea4e9fad86bbc397bc0cf40db8c/invoke.js
IP
File type exported SGML document, ASCII text, with very long lines (26957), with no line terminators
Hash e6d4f98cd6d92e7bd8544682d44bb644
8620379fed185784e5292765bc70c58706c5ebb4
94e85912885d42044e2b5da49f0ed5bd472ab19b63baa7f8760623448badf50a
Analyzer Verdict Alert quad9 Sinkholed
GET /e0545ea4e9fad86bbc397bc0cf40db8c/invoke.js HTTP/1.1
Host: www.highperformancedisplayformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 25 Oct 2022 12:37:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0949e585ab20c4d253fb4d70e07bb9a8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sectigo.com/
200 OK 471 B IP
Hash da275afef2c120cef63dae40154284da
569947d789ce819632a881cb49b16b79ef6353ec
d5efa3c3f1c8e805662f74e42a3fac2993f0c8dd03129f28a9e6930cd98e98e1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 12:37:48 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 25 Oct 2022 01:33:16 GMT
Expires: Tue, 01 Nov 2022 01:33:15 GMT
Etag: "569947d789ce819632a881cb49b16b79ef6353ec"
Cache-Control: max-age=564326,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75fb016fcbb61c0a-OSL
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
200 OK 12 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 900
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Tue, 25 Oct 2022 12:37:48 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.sca1b.amazontrust.com/
200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP
Hash bdc512cc94fbd0212bcf18b9a7fac82d
23d54ba9a701f43629e4a1cd64da839178be40b2
e5d5362490f1f152087e524e4d838a988a87e7b63312f07c074fb80d0dd0aaa2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=90125
Date: Tue, 25 Oct 2022 12:37:48 GMT
Etag: "63568581-1d7"
Expires: Wed, 26 Oct 2022 13:39:53 GMT
Last-Modified: Mon, 24 Oct 2022 12:30:57 GMT
Server: ECS (nyb/1D1F)
X-Cache: Miss from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wrbFonktY4bKue9RmcYesvyiGM0Whh1FPrf9YgBk3Od2EZrok7bgxw==
Age: 4136
arsnivyr.com/27/b10314e887d309db18535b2593bd9514
200 OK 123 kB URL HTTP/2 arsnivyr.com/27/b10314e887d309db18535b2593bd9514
IP
Size 123 kB (122946 bytes)
Hash 5e8cde69204bbbbd537641b2e6247ae5
98463522225a7fa795ecc09685c44140606104f5
c55d936f7717d7975579a1adc721566cc5bcc6486b26c6330308ffc4dac794a2
Analyzer Verdict Alert quad9 Sinkholed
GET /27/b10314e887d309db18535b2593bd9514 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 12:37:48 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Thu, 20 Oct 2022 04:50:21 GMT
expires: Thu, 19 Nov 2082 04:50:21 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
www.highperformancedisplayformat.com/31224abe9de8da03816b59f2882025e3/invoke.js
200 OK 9.8 kB URL HTTP/1.1 www.highperformancedisplayformat.com/31224abe9de8da03816b59f2882025e3/invoke.js
IP
File type exported SGML document, ASCII text, with very long lines (26951), with no line terminators
Hash 4dbbdbb76310ad89f63a25d478f93004
31bf37c087ac5323aa31a86a8c0342d6ffd50f90
aaee94a45f0598a2092025553b004a9170af18ad752b6ce4b5b3f05d76d84f57
Analyzer Verdict Alert quad9 Sinkholed
GET /31224abe9de8da03816b59f2882025e3/invoke.js HTTP/1.1
Host: www.highperformancedisplayformat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 25 Oct 2022 12:37:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e3194e1bbee693875f56fb07a5930308
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 6be3075680e1d68f43df5819703ebbee
652fa984ae9bfd33e20a0e9eda29c62aafdf1132
a329866103984336894f89bd5b795d4edb23c58fbcf239fa1d6ca6f90131810f
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 25 Oct 2022 12:37:48 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-credentials: true
set-cookie: uid_id2=cdcbdefe-a5b4-47ab-a113-78f8c776f7e9:3:1; expires=Fri, 22 Oct 2032 12:37:48 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP
File type ASCII text, with no line terminators
Hash 40fe0ff514b347631ea816f04dc66e42
fd6100fb5538fd075a69af03edea22d2a0b18e0d
6abe3fdf0f85327fd92e089878efa4a90e730560b6596f43b125aec671990122
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 25 Oct 2022 12:37:48 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-credentials: true
set-cookie: uid_id2=3e3d33fe-4e2b-4892-ac42-f967d1fdfb03:1:1; expires=Fri, 22 Oct 2032 12:37:48 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
arsnivyr.com/9?z=5382937&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=2ba257c6ac604d8abd91bcf06d28d02f
204 No Content 0 B URL HTTP/2 arsnivyr.com/9?z=5382937&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=2ba257c6ac604d8abd91bcf06d28d02f
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=5382937&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=2ba257c6ac604d8abd91bcf06d28d02f HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: http://xcigamesdd.com/
Origin: http://xcigamesdd.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx
date: Tue, 25 Oct 2022 12:37:48 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-LTBNRSB0H2>m=2oeaj0&_p=1231982456&gdid=dZTNiMT&cid=447764308.1666701466&ul=en-us&sr=1280x1024&_s=1&sid=1666701465&sct=1&seg=0&dl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&dt=MARIO%20%2B%20RABBIDS%20SPARKS%20OF%20HOPE%20XCI%20NSP%20NSZ%20Download%20%7C%20SwitchXCI&en=page_view&_fv=1&_nsi=1&_ss=2&_ee=1
204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-LTBNRSB0H2>m=2oeaj0&_p=1231982456&gdid=dZTNiMT&cid=447764308.1666701466&ul=en-us&sr=1280x1024&_s=1&sid=1666701465&sct=1&seg=0&dl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&dt=MARIO%20%2B%20RABBIDS%20SPARKS%20OF%20HOPE%20XCI%20NSP%20NSZ%20Download%20%7C%20SwitchXCI&en=page_view&_fv=1&_nsi=1&_ss=2&_ee=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-LTBNRSB0H2>m=2oeaj0&_p=1231982456&gdid=dZTNiMT&cid=447764308.1666701466&ul=en-us&sr=1280x1024&_s=1&sid=1666701465&sct=1&seg=0&dl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&dt=MARIO%20%2B%20RABBIDS%20SPARKS%20OF%20HOPE%20XCI%20NSP%20NSZ%20Download%20%7C%20SwitchXCI&en=page_view&_fv=1&_nsi=1&_ss=2&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: http://xcigamesdd.com
date: Tue, 25 Oct 2022 12:37:48 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 1ba32ecbfae5af0d679b4ec45e0fa468
6a5ea8de933ccfc4c9dc34c2589034ace6f4d333
df165dd24099f02972768440ccfab74386f7b473fce13d1049ccf23b91bf0f79
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF165DD24099F02972768440CCFAB74386F7B473FCE13D1049CCF23B91BF0F79"
Last-Modified: Sun, 23 Oct 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10247
Expires: Tue, 25 Oct 2022 15:28:35 GMT
Date: Tue, 25 Oct 2022 12:37:48 GMT
Connection: keep-alive
arsnivyr.com/11?rnd=1820772576&z=5382937&b=15242990&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=a7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw==&ruid=f3804ba9-6cc6-45ab-be3c-f79ffdc59c2e&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=376
204 No Content 0 B URL HTTP/2 arsnivyr.com/11?rnd=1820772576&z=5382937&b=15242990&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=a7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw==&ruid=f3804ba9-6cc6-45ab-be3c-f79ffdc59c2e&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=376
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /11?rnd=1820772576&z=5382937&b=15242990&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=a7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw==&ruid=f3804ba9-6cc6-45ab-be3c-f79ffdc59c2e&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=376 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-sc
Referer: http://xcigamesdd.com/
Origin: http://xcigamesdd.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 25 Oct 2022 12:37:48 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
arsnivyr.com/11?rnd=1820772576&z=5382937&b=15242990&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=a7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw==&ruid=f3804ba9-6cc6-45ab-be3c-f79ffdc59c2e&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=376
200 OK 0 B URL HTTP/2 arsnivyr.com/11?rnd=1820772576&z=5382937&b=15242990&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=a7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw==&ruid=f3804ba9-6cc6-45ab-be3c-f79ffdc59c2e&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=376
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=1820772576&z=5382937&b=15242990&var=&rqtdbc=1&rcvdbc=1&btp=7&rb=a7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw==&ruid=f3804ba9-6cc6-45ab-be3c-f79ffdc59c2e&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ot=376 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Sc: MbG9N16rcHU-g1I0PoOse8_LUtluVO3qQgSUHyHRatgbdHGa3AqPA-SYLIwHLbbv3M-jABIXK8uWhAqancv13UtzzYQ=
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Cookie: scm=1; OAID=2ba257c6ac604d8abd91bcf06d28d02f; oaidts=1666701468
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 12:37:48 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 7677e2028ac744822d2f38076e12611d
access-control-expose-headers: X-Sc
x-sc:
set-cookie: OAID=2ba257c6ac604d8abd91bcf06d28d02f; expires=Wed, 25 Oct 2023 12:37:48 GMT; secure; SameSite=None
oaidts=1666701468; expires=Wed, 25 Oct 2023 12:37:48 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 106b9e355211fa6408ed42b69f866149
d08169613d3d47447151b173da24d21e784b49e0
8f5ae6a62bd5561c55c5388166a6c659473d9ff9bcecbd3253059daa985d56ee
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8F5AE6A62BD5561C55C5388166A6C659473D9FF9BCECBD3253059DAA985D56EE"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7429
Expires: Tue, 25 Oct 2022 14:41:37 GMT
Date: Tue, 25 Oct 2022 12:37:48 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9cafe1d27c91a3dcc9017fa59a5f6e41
26792d7589e55dabc0d69962658e10f950abaf42
e4274d3e162677152042616f7c5b5df9e3c6af165b7916b8e30bcb6ada111109
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E4274D3E162677152042616F7C5B5DF9E3C6AF165B7916B8E30BCB6ADA111109"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11074
Expires: Tue, 25 Oct 2022 15:42:22 GMT
Date: Tue, 25 Oct 2022 12:37:48 GMT
Connection: keep-alive
insistinestimable.com/watch.855899261303.js?key=31224abe9de8da03816b59f2882025e3&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a%3A2%3A1
307 Temporary Redirect 0 B URL HTTP/1.1 insistinestimable.com/watch.855899261303.js?key=31224abe9de8da03816b59f2882025e3&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a%3A2%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.855899261303.js?key=31224abe9de8da03816b59f2882025e3&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a%3A2%3A1 HTTP/1.1
Host: insistinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Tue, 25 Oct 2022 12:37:48 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://xcigamesdd.com
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Location: https://insistinestimable.com/watch.855899261303.js?key=31224abe9de8da03816b59f2882025e3&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a%3A2%3A1&shu=db0350bb85110d63186eb3aad27af7c0d9c8a4b2b6de3996a0002480196556d1e5e6dceed0270f1c3ab69f444e2979f38b72f79625bfc30114bba3f2563145c423fd5247836a5b96df8ae57bcaff8ebab9ebe0c2&pst=1666701528&rmtc=t
Set-Cookie: u_pl=17632612; expires=Wed, 26 Oct 2022 12:37:48 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzYzMjYxMiwiayI6IjMxMjI0YWJlOWRlOGRhMDM4MTZiNTlmMjg4MjAyNWUzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ3MjUzLCJwaWQiOjE1ODEwNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoieTExNXQwMTN3IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8veGNpZ2FtZXNkZC5jb20vbWFyaW8tcmFiYmlkcy1zcGFya3Mtb2YtaG9wZS8ifX0.BFf9qkP9KhewHAjYzsdZwXCIx64eN7GDTWH019ehio8; expires=Tue, 25 Oct 2022 12:38:48 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9f5614b58cee9a3caa35a8f3d65e9dfd
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 9c323ea08fbfcd6590d7a25544e38943
745897e63fdc93815129945f15b1339cee77dc3c
2526cef5db09ebc4aa0df37e65139deddbaa8a11a16dec82c0382b049b3a516b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2526CEF5DB09EBC4AA0DF37E65139DEDDBAA8A11A16DEC82C0382B049B3A516B"
Last-Modified: Sun, 23 Oct 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10728
Expires: Tue, 25 Oct 2022 15:36:36 GMT
Date: Tue, 25 Oct 2022 12:37:48 GMT
Connection: keep-alive
interstitial-07.com/contents/s/d6/8b/74/1399c81d3d40323a9283c84de7/01611244700873.jpeg
200 OK 32 kB URL HTTP/2 interstitial-07.com/contents/s/d6/8b/74/1399c81d3d40323a9283c84de7/01611244700873.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 256x256, components 3\012- data
Hash d68b741399c81d3d40323a9283c84de7
5a9fed7a055d2cea7b377d097d8a1a4467b84b6c
eafbd070e242221ff6a9f212d233c299858f92a8b9f2718bad4c99986c5f8b64
GET /contents/s/d6/8b/74/1399c81d3d40323a9283c84de7/01611244700873.jpeg HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/?l=cl3tvCFV5t9QRqB&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D2400295693%26z%3D5382937%26b%3D15242990%26c%3D6199011%26var%3D%26d%3Dhttps%253A%252F%252Finvestiremercato.it%252Fpublic%252Fforma_en%252F%253Fbanner%253D%257Bbannerid%257D%2526os%253D%257Bos%257D%2526country%253D%257Bcountry%257D%2526zoneid%253D%257Bzoneid%257D%2526zone_type%253D%257Bzone_type%257D%2526cost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3Da7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw%3D%3D%26bag%3DRDaBHCt6O8nhtqs_MHM0IQTn53eHl-Hd%26ruid%3Df3804ba9-6cc6-45ab-be3c-f79ffdc59c2e%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fxcigamesdd.com%252Fmario-rabbids-sparks-of-hope%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0%26X-Sc%3DMbG9N16rcHU-g1I0PoOse8_LUtluVO3qQgSUHyHRatgbdHGa3AqPA-SYLIwHLbbv3M-jABIXK8uWhAqancv13UtzzYQ%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 12:37:49 GMT
content-type: image/jpeg
content-length: 31939
last-modified: Wed, 28 Sep 2022 19:39:16 GMT
etag: "6334a2e4-7cc3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash cd4b0660453080b151440c1e5db0f645
fd62517a07d200682bcc0abbbd35a8919b831509
2501fda8b10a60747bd934474d382f5e72d92639aa2c7eb61d6e52505be56bf5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2501FDA8B10A60747BD934474D382F5E72D92639AA2C7EB61D6E52505BE56BF5"
Last-Modified: Tue, 25 Oct 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6944
Expires: Tue, 25 Oct 2022 14:33:33 GMT
Date: Tue, 25 Oct 2022 12:37:49 GMT
Connection: keep-alive
insistinestimable.com/watch.855899261303.js?key=31224abe9de8da03816b59f2882025e3&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a%3A2%3A1&shu=db0350bb85110d63186eb3aad27af7c0d9c8a4b2b6de3996a0002480196556d1e5e6dceed0270f1c3ab69f444e2979f38b72f79625bfc30114bba3f2563145c423fd5247836a5b96df8ae57bcaff8ebab9ebe0c2&pst=1666701528&rmtc=t
200 OK 2.1 kB URL HTTP/1.1 insistinestimable.com/watch.855899261303.js?key=31224abe9de8da03816b59f2882025e3&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a%3A2%3A1&shu=db0350bb85110d63186eb3aad27af7c0d9c8a4b2b6de3996a0002480196556d1e5e6dceed0270f1c3ab69f444e2979f38b72f79625bfc30114bba3f2563145c423fd5247836a5b96df8ae57bcaff8ebab9ebe0c2&pst=1666701528&rmtc=t
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (2592)
Hash 5f6b674da782e9b558a7167adcfe1693
7c8c3f8a4fc6406646f00bd3cf19f221c53234f4
9cb78059920502f8274e9342271f874302c1fc1aec8b08ca65ce164a3f8c1c1d
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.855899261303.js?key=31224abe9de8da03816b59f2882025e3&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a%3A2%3A1&shu=db0350bb85110d63186eb3aad27af7c0d9c8a4b2b6de3996a0002480196556d1e5e6dceed0270f1c3ab69f444e2979f38b72f79625bfc30114bba3f2563145c423fd5247836a5b96df8ae57bcaff8ebab9ebe0c2&pst=1666701528&rmtc=t HTTP/1.1
Host: insistinestimable.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Referer: http://xcigamesdd.com/
Connection: keep-alive
Cookie: u_pl=17632612; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzYzMjYxMiwiayI6IjMxMjI0YWJlOWRlOGRhMDM4MTZiNTlmMjg4MjAyNWUzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ3MjUzLCJwaWQiOjE1ODEwNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoieTExNXQwMTN3IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8veGNpZ2FtZXNkZC5jb20vbWFyaW8tcmFiYmlkcy1zcGFya3Mtb2YtaG9wZS8ifX0.BFf9qkP9KhewHAjYzsdZwXCIx64eN7GDTWH019ehio8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 25 Oct 2022 12:37:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://xcigamesdd.com
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a:2:1; expires=Tue, 01 Nov 2022 12:37:49 GMT; secure; SameSite=None
iprc386a43b713faae7dd4be9db762d7b5a9=3570421; expires=Tue, 25 Oct 2022 16:37:49 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
uncs=1; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
pdhtkv32=true; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
uncs32=1; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c414b29e4f723f261a827778399c56a4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 358ecd0ec047d700042e2a62f9847199
7bf4c552f47536fe451dc6ccfb0930c592084ef9
e14317aace5d64e9901867578379dd4dd4252b059070d37722f82ebb2e649d27
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E14317AACE5D64E9901867578379DD4DD4252B059070D37722F82EBB2E649D27"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5106
Expires: Tue, 25 Oct 2022 14:02:55 GMT
Date: Tue, 25 Oct 2022 12:37:49 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 358ecd0ec047d700042e2a62f9847199
7bf4c552f47536fe451dc6ccfb0930c592084ef9
e14317aace5d64e9901867578379dd4dd4252b059070d37722f82ebb2e649d27
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E14317AACE5D64E9901867578379DD4DD4252B059070D37722F82EBB2E649D27"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5106
Expires: Tue, 25 Oct 2022 14:02:55 GMT
Date: Tue, 25 Oct 2022 12:37:49 GMT
Connection: keep-alive
interstitial-07.com/?l=cl3tvCFV5t9QRqB&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D2400295693%26z%3D5382937%26b%3D15242990%26c%3D6199011%26var%3D%26d%3Dhttps%253A%252F%252Finvestiremercato.it%252Fpublic%252Fforma_en%252F%253Fbanner%253D%257Bbannerid%257D%2526os%253D%257Bos%257D%2526country%253D%257Bcountry%257D%2526zoneid%253D%257Bzoneid%257D%2526zone_type%253D%257Bzone_type%257D%2526cost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3Da7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw%3D%3D%26bag%3DRDaBHCt6O8nhtqs_MHM0IQTn53eHl-Hd%26ruid%3Df3804ba9-6cc6-45ab-be3c-f79ffdc59c2e%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fxcigamesdd.com%252Fmario-rabbids-sparks-of-hope%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0%26X-Sc%3DMbG9N16rcHU-g1I0PoOse8_LUtluVO3qQgSUHyHRatgbdHGa3AqPA-SYLIwHLbbv3M-jABIXK8uWhAqancv13UtzzYQ%3D
200 OK 71 kB URL HTTP/2 interstitial-07.com/?l=cl3tvCFV5t9QRqB&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D2400295693%26z%3D5382937%26b%3D15242990%26c%3D6199011%26var%3D%26d%3Dhttps%253A%252F%252Finvestiremercato.it%252Fpublic%252Fforma_en%252F%253Fbanner%253D%257Bbannerid%257D%2526os%253D%257Bos%257D%2526country%253D%257Bcountry%257D%2526zoneid%253D%257Bzoneid%257D%2526zone_type%253D%257Bzone_type%257D%2526cost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3Da7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw%3D%3D%26bag%3DRDaBHCt6O8nhtqs_MHM0IQTn53eHl-Hd%26ruid%3Df3804ba9-6cc6-45ab-be3c-f79ffdc59c2e%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fxcigamesdd.com%252Fmario-rabbids-sparks-of-hope%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0%26X-Sc%3DMbG9N16rcHU-g1I0PoOse8_LUtluVO3qQgSUHyHRatgbdHGa3AqPA-SYLIwHLbbv3M-jABIXK8uWhAqancv13UtzzYQ%3D
IP
Hash 9dd225d31af507a7ed202946901179b1
ea13c9cdc2d386ec84ac5ea22adec03513011fe8
4b778311245ef412ccffa8c750eb68e2ad973a5729b05160f26c63045328b646
GET /?l=cl3tvCFV5t9QRqB&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Farsnivyr.com%2F12%3Frnd%3D2400295693%26z%3D5382937%26b%3D15242990%26c%3D6199011%26var%3D%26d%3Dhttps%253A%252F%252Finvestiremercato.it%252Fpublic%252Fforma_en%252F%253Fbanner%253D%257Bbannerid%257D%2526os%253D%257Bos%257D%2526country%253D%257Bcountry%257D%2526zoneid%253D%257Bzoneid%257D%2526zone_type%253D%257Bzone_type%257D%2526cost%253D%257Bcost%257D%2526clickid%253D%2524%257BSUBID%257D%26cln%3D1%26btp%3D7%26rb%3Da7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw%3D%3D%26bag%3DRDaBHCt6O8nhtqs_MHM0IQTn53eHl-Hd%26ruid%3Df3804ba9-6cc6-45ab-be3c-f79ffdc59c2e%26ng%3D1%26ix%3D0%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttp%253A%252F%252Fxcigamesdd.com%252Fmario-rabbids-sparks-of-hope%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1268%26wiw%3D1280%26wih%3D939%26wfc%3D1%26sah%3D1002%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D0%26X-Sc%3DMbG9N16rcHU-g1I0PoOse8_LUtluVO3qQgSUHyHRatgbdHGa3AqPA-SYLIwHLbbv3M-jABIXK8uWhAqancv13UtzzYQ%3D HTTP/1.1
Host: interstitial-07.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 12:37:48 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.26
set-cookie: reverse=6OHB3m0E3aU6hE8KYr-N6-3IEfPi4ku-J1B3lOA3Vek; expires=Tue, 25-Oct-2022 13:37:48 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg
200 OK 4.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3cf322f19151bcfa374c2e32b9ac986f
e8e69ac951def18bc1e03ecd4fe8a21d3b825b27
54ddfd1876f65e264b9b3209a0e805a3796013b4aacc8e9fd20b49754b4917a0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F075a794f-9140-4676-afb2-493f44932cc3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4206
x-amzn-requestid: 6b02f96a-ea03-4eff-acde-c73925260102
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3E3GPQoAMFpIA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63570552-77cf762d0e54f1f60efe52c3;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:18 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: jcuTYNKiYp8BkDnzo34tidRVmcFlE_xDfPGGgrUKfR67IfwGjFxceA==
via: 1.1 fec77e486350d1bd33f526a760d8b5a4.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:42:36 GMT
age: 53713
etag: "e8e69ac951def18bc1e03ecd4fe8a21d3b825b27"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 358ecd0ec047d700042e2a62f9847199
7bf4c552f47536fe451dc6ccfb0930c592084ef9
e14317aace5d64e9901867578379dd4dd4252b059070d37722f82ebb2e649d27
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E14317AACE5D64E9901867578379DD4DD4252B059070D37722F82EBB2E649D27"
Last-Modified: Mon, 24 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5106
Expires: Tue, 25 Oct 2022 14:02:55 GMT
Date: Tue, 25 Oct 2022 12:37:49 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facb7f3ea-1b51-4cac-a5ab-7201a12df641.jpeg
200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facb7f3ea-1b51-4cac-a5ab-7201a12df641.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8502c90bf679dce29b1c2a87606bbb3e
7940c911dea3882ab8a7ff70240f4edc1b89a56d
ccc5ab3068b7f90276124148a812eb26951a95d7c146bdcf28a69a3d05f76ee2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Facb7f3ea-1b51-4cac-a5ab-7201a12df641.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8735
x-amzn-requestid: 51dfaabc-ee88-465f-8da7-fd6739cf7794
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aZSHjHeLIAMF8mQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-635396fc-1e4ad2d647a7f07a094574be;Sampled=0
x-amzn-remapped-date: Sat, 22 Oct 2022 07:08:44 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dgxcF8hXUOo_WqQwpd0yctMNPuB-IfmSRxD1_TRG7zuV3b5EbpVIig==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 07:24:03 GMT
age: 18826
etag: "7940c911dea3882ab8a7ff70240f4edc1b89a56d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
xcigamesdd.com/wp-content/plugins/download-manager/assets/bootstrap/js/bootstrap.min.js?ver=6.0.3
200 OK 8.0 kB URL HTTP/1.1 xcigamesdd.com/wp-content/plugins/download-manager/assets/bootstrap/js/bootstrap.min.js?ver=6.0.3
IP
Hash 6977b5f01197ed4e914157b59ce56c2a
0c4bc06cb32bae6cdcbd61fde8b6289fa901a0c2
98ed9be1f79f4d1ff9acd3dc22aa64f7e0218d7c4854fc7cb71e70dd341dd7ed
GET /wp-content/plugins/download-manager/assets/bootstrap/js/bootstrap.min.js?ver=6.0.3 HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: public, max-age=31536000,public
expires: Wed, 25 Oct 2023 12:37:46 GMT
content-type: application/javascript
last-modified: Mon, 17 Oct 2022 07:51:05 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding,Accept-Encoding
content-length: 15273
date: Tue, 25 Oct 2022 12:37:46 GMT
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda327ff0-bd82-4034-a53b-e04d5c486276.jpeg
200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda327ff0-bd82-4034-a53b-e04d5c486276.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 531f350512ac7712d932234803aa4602
2fb4599ad3d513a160c1f29fefda27b45852c381
7a4da3420f736c098806676359b8ff80578a2e1e98fc0e20e45e2d6192e1d566
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fda327ff0-bd82-4034-a53b-e04d5c486276.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8090
x-amzn-requestid: a84a2888-e0eb-40d3-8377-9c1ea2af733c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aVb2oH2uoAMFueA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63520cf7-204870ee3f63ced427033eb5;Sampled=0
x-amzn-remapped-date: Fri, 21 Oct 2022 03:07:35 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TkdgdFp1dXipnGokyVpkamtD5qLRUC7aNYJrX_OKkEujnQsplMsgXA==
via: 1.1 1de1880e08f1cae7d1aca174a29a5c1e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 25 Oct 2022 04:35:17 GMT
age: 28952
etag: "2fb4599ad3d513a160c1f29fefda27b45852c381"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1fee370a-a947-4a08-9ba6-18c6c792f716.jpeg
200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1fee370a-a947-4a08-9ba6-18c6c792f716.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d0215d09b407ecfd690d63aee6a30add
d2e9a4cba5fc07d90f30a5bfc7efa91eea784f94
6147a16325e6c63e7e3acfde58a4cfcd04564ddd6df61835e6e563ec6e67aa3f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1fee370a-a947-4a08-9ba6-18c6c792f716.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5662
x-amzn-requestid: cb169868-462c-4083-af25-ca65cb2df563
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3EhH7SoAMFdeg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6357054f-1635cae5575eed4a43607a11;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:15 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 3AVj0cWeDVgo3DVqvDiofHw2sXlQVGFhijv3QOzs0vNruMXzx8pl2Q==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 1508efc4152aa1778ed4adecb328b374.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 21:57:04 GMT
etag: "d2e9a4cba5fc07d90f30a5bfc7efa91eea784f94"
content-type: image/jpeg
age: 52845
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3efe6e3-c81b-4c68-be1b-d80b5437960a.jpeg
200 OK 7.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3efe6e3-c81b-4c68-be1b-d80b5437960a.jpeg
IP
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7b193f4e9431bab7a508d37fc919fadc
43bf0841e171c58eefe2d84af9aecbdf234336e4
a7f3c75aec864524ea1387c71dbbfdf4372f8cf75dbd8a9a1746c77fba931fcd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb3efe6e3-c81b-4c68-be1b-d80b5437960a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7051
x-amzn-requestid: dc139436-6910-4afb-b7d8-51e9816f138c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ah3EsEGUoAMFUYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63570551-117c0a9f7ef4737236c9a614;Sampled=0
x-amzn-remapped-date: Mon, 24 Oct 2022 21:36:17 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 47v-I1ceNRlQeFGaGHSpXsat4jJF8Zrslq2wXsjEfnKHUBkGOiQngA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Mon, 24 Oct 2022 22:42:05 GMT
age: 50144
etag: "43bf0841e171c58eefe2d84af9aecbdf234336e4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
yearlingpreferablyperiods.com/watch.1251509717599.js?key=a91295b86ab6fe2c5666ef59da3743bf&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a%3A2%3A1
307 Temporary Redirect 0 B URL HTTP/1.1 yearlingpreferablyperiods.com/watch.1251509717599.js?key=a91295b86ab6fe2c5666ef59da3743bf&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a%3A2%3A1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1251509717599.js?key=a91295b86ab6fe2c5666ef59da3743bf&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a%3A2%3A1 HTTP/1.1
Host: yearlingpreferablyperiods.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Tue, 25 Oct 2022 12:37:49 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://xcigamesdd.com
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Location: https://yearlingpreferablyperiods.com/watch.1251509717599.js?key=a91295b86ab6fe2c5666ef59da3743bf&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a%3A2%3A1&shu=dc1f0fe96e8177d8ade9be5316fc792832315c4b0040f36f967fdfb089e448a855bbc906f8b711d0269cf33dd6280731189e3badee970d96928dd71d6ae05e6cca4171a75585e4a486f094f527189ee71743fd33e733a499b8954f991b07500de807c8&pst=1666701529&rmtc=t
Set-Cookie: u_pl=17632624; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzYzMjYyNCwiayI6ImE5MTI5NWI4NmFiNmZlMmM1NjY2ZWY1OWRhMzc0M2JmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ3MjUzLCJwaWQiOjE1ODEwNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3d3VnZnNneTYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly94Y2lnYW1lc2RkLmNvbS9tYXJpby1yYWJiaWRzLXNwYXJrcy1vZi1ob3BlLyJ9fQ.j0jg3KYp0AIfsdPvzVs2kx-IAEgxiD1lmvrjBKg47dc; expires=Tue, 25 Oct 2022 12:38:49 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4bcbad56b37da46f06f8ae7dc67504d0
Strict-Transport-Security: max-age=0; includeSubdomains
unphionetor.com/vctx?t=72747
204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 25 Oct 2022 12:37:49 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 2379922b5953afde0396cc03d01b7188
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 77377973060f39d6984a7a5714134173
035d6803a9f97bf62158f78bfecf267f2a97cc49
bd4a3efef5654259b5fb6366e247afdb80b9d945c7efbc4308950704262a6839
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD4A3EFEF5654259B5FB6366E247AFDB80B9D945C7EFBC4308950704262A6839"
Last-Modified: Sun, 23 Oct 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10184
Expires: Tue, 25 Oct 2022 15:27:33 GMT
Date: Tue, 25 Oct 2022 12:37:49 GMT
Connection: keep-alive
r3.o.lencr.org/
200 OK 503 B IP
ASN #20940 Akamai International B.V.
Hash 380e7faa2a3932803d3733d161018673
671bbc32cbc3ea575f244c175a1ca175196a3735
22d6ef29a9d8ea66a602103f9a9cbadf3eae78e38436a8476e75b6925eb6e4bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22D6EF29A9D8EA66A602103F9A9CBADF3EAE78E38436A8476E75B6925EB6E4BB"
Last-Modified: Tue, 25 Oct 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4311
Expires: Tue, 25 Oct 2022 13:49:40 GMT
Date: Tue, 25 Oct 2022 12:37:49 GMT
Connection: keep-alive
arsnivyr.com/11?rnd=1820772576&z=5382937&b=15242990&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=a7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw==&ruid=f3804ba9-6cc6-45ab-be3c-f79ffdc59c2e&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
204 No Content 0 B URL HTTP/2 arsnivyr.com/11?rnd=1820772576&z=5382937&b=15242990&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=a7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw==&ruid=f3804ba9-6cc6-45ab-be3c-f79ffdc59c2e&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /11?rnd=1820772576&z=5382937&b=15242990&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=a7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw==&ruid=f3804ba9-6cc6-45ab-be3c-f79ffdc59c2e&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-sc
Referer: http://xcigamesdd.com/
Origin: http://xcigamesdd.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 25 Oct 2022 12:37:49 GMT
access-control-allow-credentials: true
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
arsnivyr.com/11?rnd=1820772576&z=5382937&b=15242990&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=a7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw==&ruid=f3804ba9-6cc6-45ab-be3c-f79ffdc59c2e&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
200 OK 0 B URL HTTP/2 arsnivyr.com/11?rnd=1820772576&z=5382937&b=15242990&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=a7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw==&ruid=f3804ba9-6cc6-45ab-be3c-f79ffdc59c2e&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /11?rnd=1820772576&z=5382937&b=15242990&var=&rqtdbc=0&rcvdbc=0&btp=7&rb=a7bKBv8V-eomQtQW1dn5kWOdXfx_qALihgD69_5E0ukE8fkYFEooo3yT_wsMXGFjB1RmgDQGOPFDPNb9hCZ1DAklINkzqbgSfIWEeVzXptJYNHlLszJUsoiGRVOWaP-ezq5_7pAQrC14o-16MrmgB3gxiaCMl-0H1v0qHq1-EheEdMU7rMjLLvk__VgJWGfGFiapj0ymUsPDMvUb8VXspM__-3Lj1lOUiN3PhpON86ebOkVeT5XYX7UnjPK7AU3s2blHK437dloKSm7EJ_2zAZTw09GbzEnBCj1N7FN_hceKMXIxwkBOoAcxfOtXQCuVcnFWord76OvB6h3zxToCnXQGDHSx2r2l8X7JCmNzVzJsUeSdLl3P0UErJfUYvzUxLdt4HGXuT1DB0Sb7aVYYXcAvo0WMXUm_vVTCbgfUoxSFB12k0y28o4zqyqNbRjqdDPGowDPj02FeW-BJxqte_RT6SfaN9Mph01LcxnmFUcV3UIkfCYfcXNZwx79hQIA0yZZB_fUyBuBofjmdpliqhiw8FrjegMxEZOVSZCuy48W6zdTFnJQc9Vi1jQ1YXrJjb4i-9uOPgpKG2S_nl-9RmdRh4nktVdfh_H3Vt7olYqnT84L2Jdi4cQw620bL2Jcx6P1EYcCifIHatL1RUBbPE4aqK8fm8zw2nnvssqdGhE65vrK0pJWQDwr_rt25Sh1n3Ns9ThJpXaS2vMaocJJUI8v2M0Fr35eAULdVdnqJDKU_s8S6AFWZXymq6MKMhJGy7QZjYJD27C0dlugzDkLfvJWB-dJjH_OrMZy8Cw==&ruid=f3804ba9-6cc6-45ab-be3c-f79ffdc59c2e&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&ri=1&wvd=0&wvr=1.0000&isions=1 HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Sc: MbG9N16rcHU-g1I0PoOse8_LUtluVO3qQgSUHyHRatgbdHGa3AqPA-SYLIwHLbbv3M-jABIXK8uWhAqancv13UtzzYQ=
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Cookie: scm=1; OAID=2ba257c6ac604d8abd91bcf06d28d02f; oaidts=1666701468
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 12:37:49 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 2eb2953e333e2b3f7757e0d26419bd31
access-control-expose-headers: X-Sc
x-sc:
set-cookie: OAID=2ba257c6ac604d8abd91bcf06d28d02f; expires=Wed, 25 Oct 2023 12:37:49 GMT; secure; SameSite=None
oaidts=1666701468; expires=Wed, 25 Oct 2023 12:37:49 GMT; secure; SameSite=None
oaidvc=1; expires=Wed, 25 Oct 2023 12:37:49 GMT; secure; SameSite=None
CNT=1_v1_7pboAAEAAABaSwAA; expires=Tue, 25 Oct 2022 13:37:49 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
yearlingpreferablyperiods.com/watch.1251509717599.js?key=a91295b86ab6fe2c5666ef59da3743bf&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a%3A2%3A1&shu=dc1f0fe96e8177d8ade9be5316fc792832315c4b0040f36f967fdfb089e448a855bbc906f8b711d0269cf33dd6280731189e3badee970d96928dd71d6ae05e6cca4171a75585e4a486f094f527189ee71743fd33e733a499b8954f991b07500de807c8&pst=1666701529&rmtc=t
200 OK 2.0 kB URL HTTP/1.1 yearlingpreferablyperiods.com/watch.1251509717599.js?key=a91295b86ab6fe2c5666ef59da3743bf&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a%3A2%3A1&shu=dc1f0fe96e8177d8ade9be5316fc792832315c4b0040f36f967fdfb089e448a855bbc906f8b711d0269cf33dd6280731189e3badee970d96928dd71d6ae05e6cca4171a75585e4a486f094f527189ee71743fd33e733a499b8954f991b07500de807c8&pst=1666701529&rmtc=t
IP
File type HTML document, ASCII text, with very long lines (2452)
Hash 0f1e9b0598a7eb2fbc78282e41297c5d
8150ad4f121d9c78131387411e5fb79a65a573b4
a61a5a6225a73f5699775d4d2d63506df50dddea4b2c3843cfa2106998cc9120
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1251509717599.js?key=a91295b86ab6fe2c5666ef59da3743bf&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a%3A2%3A1&shu=dc1f0fe96e8177d8ade9be5316fc792832315c4b0040f36f967fdfb089e448a855bbc906f8b711d0269cf33dd6280731189e3badee970d96928dd71d6ae05e6cca4171a75585e4a486f094f527189ee71743fd33e733a499b8954f991b07500de807c8&pst=1666701529&rmtc=t HTTP/1.1
Host: yearlingpreferablyperiods.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Referer: http://xcigamesdd.com/
Connection: keep-alive
Cookie: u_pl=17632624; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzYzMjYyNCwiayI6ImE5MTI5NWI4NmFiNmZlMmM1NjY2ZWY1OWRhMzc0M2JmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ3MjUzLCJwaWQiOjE1ODEwNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ3d3VnZnNneTYiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly94Y2lnYW1lc2RkLmNvbS9tYXJpby1yYWJiaWRzLXNwYXJrcy1vZi1ob3BlLyJ9fQ.j0jg3KYp0AIfsdPvzVs2kx-IAEgxiD1lmvrjBKg47dc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 25 Oct 2022 12:37:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://xcigamesdd.com
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=aee0e29d-e9f7-4a9d-a0e4-f3d31547bc5a:2:1; expires=Tue, 01 Nov 2022 12:37:49 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
uncs=1; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
pdhtkv5=true; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
uncs5=1; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e3175085c56ca87bd1441e30704c5b5e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
200 OK 25 kB URL HTTP/2 cdn.cloudimagesb.com/cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg
IP
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, baseline, precision 8, 320x50, components 3\012- data
Hash d465d02b90e928dfd9d9846e102a9dac
22f7333777bec813bd9a7b870913a2b79b6d2fe4
e393d4f1c6b5d4973e157f0f10764b92037dc18239500f42b72bed8ecef462fd
GET /cti/43/ff/51/43ff51c07da75eaedd548042d5154cfe/1658930770.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 25 Oct 2022 12:37:49 GMT
content-type: image/jpeg
content-length: 24714
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 14:06:18 GMT
etag: "62e1465a-608a"
expires: Thu, 27 Oct 2022 12:37:49 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-07.com
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Tue, 25 Oct 2022 12:37:49 GMT
access-control-allow-origin: https://interstitial-07.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: c6a4013e3b0f8f3dc213363b3ddd55ac
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
sandwichesinstinctive.com/ntv.json?key=849ad080ebdaa9ca9dd84f2d9f8c2306&vstc=4
200 OK 16 kB URL HTTP/1.1 sandwichesinstinctive.com/ntv.json?key=849ad080ebdaa9ca9dd84f2d9f8c2306&vstc=4
IP
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (16515), with no line terminators
Hash e4df4a5eedddb620edb22e947764efc2
71220a2525cc8cf3820d97ef6d075fe6b81aab53
38e5dba2fc4c4a96b35aad0ff8c532020178e5d5317230f917edb3ff0a32e1b0
Analyzer Verdict Alert quad9 Sinkholed
GET /ntv.json?key=849ad080ebdaa9ca9dd84f2d9f8c2306&vstc=4 HTTP/1.1
Host: sandwichesinstinctive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 25 Oct 2022 12:37:49 GMT
Content-Type: application/json
Content-Length: 16515
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://xcigamesdd.com
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17560728; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
uncs=1; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
pdhtkv49=true; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
uncs49=1; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
nlec849ad080ebdaa9ca9dd84f2d9f8c2306=[2229214,2229213,2229212,2106764]; expires=Tue, 25 Oct 2022 12:37:54 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a3f821d5f6af4b08d68884b8783b0802
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.cloudimagesb.com/cti/f5/37/77/f537776afc5dce31cd540a22c60788d4/1663164661.gif
200 OK 22 kB URL HTTP/2 cdn.cloudimagesb.com/cti/f5/37/77/f537776afc5dce31cd540a22c60788d4/1663164661.gif
IP
ASN #39572 DataWeb Global Group B.V.
File type GIF image data, version 89a, 300 x 250\012- data
Hash 3fbcfacdc5800cb77bf7c5e57fa753c1
c72434155c3959ad1b79ffe93de63f96d4c9895b
80b0e6de82d91d17b735c18d5bb2c2c31e543d1420b9b51857a1668ce69ee658
GET /cti/f5/37/77/f537776afc5dce31cd540a22c60788d4/1663164661.gif HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 25 Oct 2022 12:37:49 GMT
content-type: image/gif
content-length: 22049
server: nginx/1.17.6
last-modified: Wed, 14 Sep 2022 14:11:09 GMT
etag: "6321e0fd-5621"
expires: Thu, 27 Oct 2022 12:37:49 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
withholdsubsequently.com/watch.61960791153.js?key=e0545ea4e9fad86bbc397bc0cf40db8c&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=cdcbdefe-a5b4-47ab-a113-78f8c776f7e9%3A3%3A1
307 Temporary Redirect 0 B URL HTTP/1.1 withholdsubsequently.com/watch.61960791153.js?key=e0545ea4e9fad86bbc397bc0cf40db8c&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=cdcbdefe-a5b4-47ab-a113-78f8c776f7e9%3A3%3A1
IP
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.61960791153.js?key=e0545ea4e9fad86bbc397bc0cf40db8c&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=cdcbdefe-a5b4-47ab-a113-78f8c776f7e9%3A3%3A1 HTTP/1.1
Host: withholdsubsequently.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Tue, 25 Oct 2022 12:37:49 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://xcigamesdd.com
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Location: https://withholdsubsequently.com/watch.61960791153.js?key=e0545ea4e9fad86bbc397bc0cf40db8c&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=cdcbdefe-a5b4-47ab-a113-78f8c776f7e9%3A3%3A1&shu=af874bb1bf82a3767c0ca7243960ca07dd8c4bc8eaf5a005737afb52476edabcd689fec3a048c4cd6eff4762f286777da9363e2aa2714c1acf1cd88e0a0adca40286151465479a0b1ba44f399a78896ad17015b3&pst=1666701529&rmtc=t
Set-Cookie: u_pl=17596898; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzU5Njg5OCwiayI6ImUwNTQ1ZWE0ZTlmYWQ4NmJiYzM5N2JjMGNmNDBkYjhjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ3MjUzLCJwaWQiOjE1ODEwNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNywicHQiOjQsInBrIjoidDh0aW5hZngiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly94Y2lnYW1lc2RkLmNvbS9tYXJpby1yYWJiaWRzLXNwYXJrcy1vZi1ob3BlLyJ9fQ.rtOD6Zfn6PTEeSDbHL2VjfeTtY-bQSuYtqFMMKT7SUs; expires=Tue, 25 Oct 2022 12:38:49 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5e250c3c0d075867d72ab78952276eb1
Strict-Transport-Security: max-age=0; includeSubdomains
sandwichesinstinctive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRSt3h1B3IvKehAUBkFRkEn3zKRnxj0sxhgJxs26q6w3qa6qmZSp7mqquqYnOUUXlj14mIOHVRA6b5INrmHRizeDTBZEgkLmZMDN3bOyeJQeg6Mf%2Bv%2F%2F%2Br3D%2B%2F%2FXrW13Snw4erL4jt6UStG5%2BZpfffmDILhUXZGJG1QH7fDDsHmpavqvdcKa%2F0r1LcHW9VzdD3w%2F8IPqkjSiqwdzJQmZ7neCWsevNeu1YL6Jgfk%2Fts6DpR54%2F5Q8DcknlQfeRUg2RhJ%2FsyjseqbTV9%2BMnaKZNujzvfeT9UTnCeJZ2zUeusnemRraHi8dQCe7U7vQ%2FX%2BFkZwQ78cDRMnemUlE%2FZ2pz0hBJIj4BeT9MYQaQ9IxmL4JyY8JwDiurCKJ717RJqcb%2F7C0ZCek8ugPyHxCKg8vIonvLyg5qF7XymVSJxaDbgE5GEP2xkjdIbLNc5D5IVj2CST%2Fhcw9WkES76xapSF5MZ1dyjFkdwwlhqDWgys%2F6cF1PbjUQ8xPqiwIgpbPGfXbHcYavCWikPsBbXUDGvhhG46V9obI0iGYGoKZLaRmC%2BtyCON%2BgF0rYLkHm02I9%2B4W%2BrxALghyS5BTglwS5BlB3i92ubJ1W9zlyrooOKv1s9ooRjrrbdNdnfVEQrbTU%2FJUuRfvwp93sC5Oqu1mh3K%2F7YuIU9phtMN5u9mt8063zeoNP4SVBaQ9Nx11U07I8985pHJCzsk7iOghrDoEk8%2BAugA0H7XqPujaqNn2sZncHzDZo7GwnNeYjsF1gTSrINvwttUpeXZ6oRfOn0Kwo8v3ntt%2FPHjpdzBTIDUFPpIPCHrq9uiazsnONZ1b8u1qmslYbtLyetczmonz994WG7k2fHnRDr96nZVE2e6%2FJ2y2QhMuk54lXy9IzoVZ0oYJ8v2yvSGiq86uLTiTuHTl6htLy3FqhLVSJ2NQebz6F5ickMrHB9Nn%2BeTPtyDNGMYViN0ROQtIfQiWbsGmM%2FdWExg100Sph9wVI1OPZj%2BVJFBihmlUwP4HR7N%2B295GzzwGmt1EEhfomwJ9VYCqIax7YpSl5ujyT5%2BX8QUiVRlFylR2ImXUZ9PVlulhmX6bkOqLn8LKk2qr0fBp2JkPWi0qWlGz3u6GAae03gzrYUgbyOyE3fj1y78BAAD%2F%2FwEAAP%2F%2FBcbLpXAEAAA%3D
200 OK 7 B URL HTTP/1.1 sandwichesinstinctive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRSt3h1B3IvKehAUBkFRkEn3zKRnxj0sxhgJxs26q6w3qa6qmZSp7mqquqYnOUUXlj14mIOHVRA6b5INrmHRizeDTBZEgkLmZMDN3bOyeJQeg6Mf%2Bv%2F%2F%2Br3D%2B%2F%2FXrW13Snw4erL4jt6UStG5%2BZpfffmDILhUXZGJG1QH7fDDsHmpavqvdcKa%2F0r1LcHW9VzdD3w%2F8IPqkjSiqwdzJQmZ7neCWsevNeu1YL6Jgfk%2Fts6DpR54%2F5Q8DcknlQfeRUg2RhJ%2FsyjseqbTV9%2BMnaKZNujzvfeT9UTnCeJZ2zUeusnemRraHi8dQCe7U7vQ%2FX%2BFkZwQ78cDRMnemUlE%2FZ2pz0hBJIj4BeT9MYQaQ9IxmL4JyY8JwDiurCKJ717RJqcb%2F7C0ZCek8ugPyHxCKg8vIonvLyg5qF7XymVSJxaDbgE5GEP2xkjdIbLNc5D5IVj2CST%2Fhcw9WkES76xapSF5MZ1dyjFkdwwlhqDWgys%2F6cF1PbjUQ8xPqiwIgpbPGfXbHcYavCWikPsBbXUDGvhhG46V9obI0iGYGoKZLaRmC%2BtyCON%2BgF0rYLkHm02I9%2B4W%2BrxALghyS5BTglwS5BlB3i92ubJ1W9zlyrooOKv1s9ooRjrrbdNdnfVEQrbTU%2FJUuRfvwp93sC5Oqu1mh3K%2F7YuIU9phtMN5u9mt8063zeoNP4SVBaQ9Nx11U07I8985pHJCzsk7iOghrDoEk8%2BAugA0H7XqPujaqNn2sZncHzDZo7GwnNeYjsF1gTSrINvwttUpeXZ6oRfOn0Kwo8v3ntt%2FPHjpdzBTIDUFPpIPCHrq9uiazsnONZ1b8u1qmslYbtLyetczmonz994WG7k2fHnRDr96nZVE2e6%2FJ2y2QhMuk54lXy9IzoVZ0oYJ8v2yvSGiq86uLTiTuHTl6htLy3FqhLVSJ2NQebz6F5ickMrHB9Nn%2BeTPtyDNGMYViN0ROQtIfQiWbsGmM%2FdWExg100Sph9wVI1OPZj%2BVJFBihmlUwP4HR7N%2B295GzzwGmt1EEhfomwJ9VYCqIax7YpSl5ujyT5%2BX8QUiVRlFylR2ImXUZ9PVlulhmX6bkOqLn8LKk2qr0fBp2JkPWi0qWlGz3u6GAae03gzrYUgbyOyE3fj1y78BAAD%2F%2FwEAAP%2F%2FBcbLpXAEAAA%3D
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRSt3h1B3IvKehAUBkFRkEn3zKRnxj0sxhgJxs26q6w3qa6qmZSp7mqquqYnOUUXlj14mIOHVRA6b5INrmHRizeDTBZEgkLmZMDN3bOyeJQeg6Mf%2Bv%2F%2F%2Br3D%2B%2F%2FXrW13Snw4erL4jt6UStG5%2BZpfffmDILhUXZGJG1QH7fDDsHmpavqvdcKa%2F0r1LcHW9VzdD3w%2F8IPqkjSiqwdzJQmZ7neCWsevNeu1YL6Jgfk%2Fts6DpR54%2F5Q8DcknlQfeRUg2RhJ%2FsyjseqbTV9%2BMnaKZNujzvfeT9UTnCeJZ2zUeusnemRraHi8dQCe7U7vQ%2FX%2BFkZwQ78cDRMnemUlE%2FZ2pz0hBJIj4BeT9MYQaQ9IxmL4JyY8JwDiurCKJ717RJqcb%2F7C0ZCek8ugPyHxCKg8vIonvLyg5qF7XymVSJxaDbgE5GEP2xkjdIbLNc5D5IVj2CST%2Fhcw9WkES76xapSF5MZ1dyjFkdwwlhqDWgys%2F6cF1PbjUQ8xPqiwIgpbPGfXbHcYavCWikPsBbXUDGvhhG46V9obI0iGYGoKZLaRmC%2BtyCON%2BgF0rYLkHm02I9%2B4W%2BrxALghyS5BTglwS5BlB3i92ubJ1W9zlyrooOKv1s9ooRjrrbdNdnfVEQrbTU%2FJUuRfvwp93sC5Oqu1mh3K%2F7YuIU9phtMN5u9mt8063zeoNP4SVBaQ9Nx11U07I8985pHJCzsk7iOghrDoEk8%2BAugA0H7XqPujaqNn2sZncHzDZo7GwnNeYjsF1gTSrINvwttUpeXZ6oRfOn0Kwo8v3ntt%2FPHjpdzBTIDUFPpIPCHrq9uiazsnONZ1b8u1qmslYbtLyetczmonz994WG7k2fHnRDr96nZVE2e6%2FJ2y2QhMuk54lXy9IzoVZ0oYJ8v2yvSGiq86uLTiTuHTl6htLy3FqhLVSJ2NQebz6F5ickMrHB9Nn%2BeTPtyDNGMYViN0ROQtIfQiWbsGmM%2FdWExg100Sph9wVI1OPZj%2BVJFBihmlUwP4HR7N%2B295GzzwGmt1EEhfomwJ9VYCqIax7YpSl5ujyT5%2BX8QUiVRlFylR2ImXUZ9PVlulhmX6bkOqLn8LKk2qr0fBp2JkPWi0qWlGz3u6GAae03gzrYUgbyOyE3fj1y78BAAD%2F%2FwEAAP%2F%2FBcbLpXAEAAA%3D HTTP/1.1
Host: sandwichesinstinctive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Cookie: u_pl=17560728; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec849ad080ebdaa9ca9dd84f2d9f8c2306=[2229214,2229213,2229212,2106764]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 25 Oct 2022 12:37:49 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 32d1a3fcfd53c95ccf5818e646a9a7f5
Strict-Transport-Security: max-age=0; includeSubdomains
withholdsubsequently.com/watch.61960791153.js?key=e0545ea4e9fad86bbc397bc0cf40db8c&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=cdcbdefe-a5b4-47ab-a113-78f8c776f7e9%3A3%3A1&shu=af874bb1bf82a3767c0ca7243960ca07dd8c4bc8eaf5a005737afb52476edabcd689fec3a048c4cd6eff4762f286777da9363e2aa2714c1acf1cd88e0a0adca40286151465479a0b1ba44f399a78896ad17015b3&pst=1666701529&rmtc=t
200 OK 2.0 kB URL HTTP/1.1 withholdsubsequently.com/watch.61960791153.js?key=e0545ea4e9fad86bbc397bc0cf40db8c&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=cdcbdefe-a5b4-47ab-a113-78f8c776f7e9%3A3%3A1&shu=af874bb1bf82a3767c0ca7243960ca07dd8c4bc8eaf5a005737afb52476edabcd689fec3a048c4cd6eff4762f286777da9363e2aa2714c1acf1cd88e0a0adca40286151465479a0b1ba44f399a78896ad17015b3&pst=1666701529&rmtc=t
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2398)
Hash 9bdd80050715e33f928cd67111ad62b6
b254596f4d34d70c6a7cc467675ee7a8a890e682
7877b1c7be7d52e673c29787ced300fcfed0f29e7871717b0adb44f3ec36db98
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.61960791153.js?key=e0545ea4e9fad86bbc397bc0cf40db8c&kw=%5B%22mario%22%2C%22%2B%22%2C%22rabbids%22%2C%22sparks%22%2C%22of%22%2C%22hope%22%2C%22xci%22%2C%22nsp%22%2C%22nsz%22%2C%22download%22%2C%22switchxci%22%5D&refer=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&tz=0&dev=r&res=12.29&uuid=cdcbdefe-a5b4-47ab-a113-78f8c776f7e9%3A3%3A1&shu=af874bb1bf82a3767c0ca7243960ca07dd8c4bc8eaf5a005737afb52476edabcd689fec3a048c4cd6eff4762f286777da9363e2aa2714c1acf1cd88e0a0adca40286151465479a0b1ba44f399a78896ad17015b3&pst=1666701529&rmtc=t HTTP/1.1
Host: withholdsubsequently.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://xcigamesdd.com
Referer: http://xcigamesdd.com/
Connection: keep-alive
Cookie: u_pl=17596898; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzU5Njg5OCwiayI6ImUwNTQ1ZWE0ZTlmYWQ4NmJiYzM5N2JjMGNmNDBkYjhjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxOTQ3MjUzLCJwaWQiOjE1ODEwNCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNywicHQiOjQsInBrIjoidDh0aW5hZngiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6Nzk5NTQxOTYsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjoxODExMCwib24iOiJMaW51eCIsIm92IjoiVW5rbm93biIsImJpZCI6MTE2NjcwLCJibiI6IkZpcmVmb3giLCJidiI6Ijk2LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly94Y2lnYW1lc2RkLmNvbS9tYXJpby1yYWJiaWRzLXNwYXJrcy1vZi1ob3BlLyJ9fQ.rtOD6Zfn6PTEeSDbHL2VjfeTtY-bQSuYtqFMMKT7SUs
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 25 Oct 2022 12:37:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://xcigamesdd.com
Access-Control-Allow-Origin: http://xcigamesdd.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cdcbdefe-a5b4-47ab-a113-78f8c776f7e9:3:1; expires=Tue, 01 Nov 2022 12:37:49 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
uncs=1; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
pdhtkv27=true; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
uncs27=1; expires=Wed, 26 Oct 2022 12:37:49 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ce4941bd25cec3f0f7afb04937781724
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
sandwichesinstinctive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRStzo4g7kVlPQgKg6AoyKR7ZrZnxj0sxhgJxs26q6w3qa6qmZSp7mqquqYnOUUXZQ8e5uBhFYTOm2SDa1j04s0gkwWRoJA5GXBz96wsHqXH4OiHqv9%2FvXd4%2F%2F36ZNudEh%2BOniy%2BpTelUnT%2BYs2vvvheEFyqrsjEDaqDdvh%2B2LxUNf1XOmHNf6n6hmDrer7uB74f%2BEF1SRrR1YP5EoRM9ztBrePXmvVacLGJgfl%2Fb50HSz3w%2Fil5EpJPKve9C5BsjCT%2BZlHY9UynL78eO0UzbdDne%2B8m64nOE8Szsms8dJO9Mza0PV46gE52p3Kh%2B%2F8SIzkh3o8HiJK9M5GI%2BjtTnZGCSBDx88j7Ywg1hqRjMH0Tkh8TgHFcWUUS37miTU43%2FkFpiU5I5eEfkPmEVB5cQBLfW1ByUL2ulcukTiwG3QJyMIbsjZG6Q2Sbc5D5IVj2EST%2Fhcw%2FXEES76xapSF5MZ1dyjFkdwwlhqDWgyuP9OC6HlzqIeYnVRYEQcvnjPrtDmMN3hJRyP2AtroBDfywDcdKeUNk6RBMDcHMFlKzhXU5hHE%2FwK4VsNyDzSbEe3sLfV4gFwS5JcgpQS4J8owg7xe7XNm6Le5wZV0UnOX6WW4UI531tumuznoiIdvpKXmi9MU7%2F%2BdtrIuTarvZodxv%2ByLilHYY7XDebnbrvNNts3rDD2FlAWnnpqNuygl59juHVE7InLyNiB7CqkMw%2BRSoC0DzUavug66Nmm0fm8m9AZM9GgvLeY3pGFwXSLMKsg1vW52Sp6cbeu7cAwh2dPnuM%2FuPBi%2F8DmYKpKbAB%2FI%2BQU%2FdGl3TOdm5pnNLvl1NMxnLTVpu73pGM3Hu7ptiI9eGLy%2Fa4VevshIoy%2F13hM1WaMJl0rPk6wXJuTBL2jBBvl%2B2N0R01dm1BWcSl65cfW1pOU6NsFbqZAwqj1f%2FApMTUvnwYPotH%2F%2F5Y0gzhnEFYndEzgJSH4KlW7DpTL3VBEbNOFE6h9wVI1OPZo9KEigx62lUwP6nj2b1tr2FnnkENLuJJC7QNwX6qgBVQ1j32ChLzdHlnz4v4wtEqjKKlKnsRMqoz0prT6f%2BltdvE1J9%2FlNYeVJtNRo%2BDTsXg1aLilbUrLe7YcAprTfDehjSBjI7YTd%2B%2FfJvAAAA%2F%2F8BAAD%2F%2F4Dv5ndwBAAA
200 OK 7 B URL HTTP/1.1 sandwichesinstinctive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRStzo4g7kVlPQgKg6AoyKR7ZrZnxj0sxhgJxs26q6w3qa6qmZSp7mqquqYnOUUXZQ8e5uBhFYTOm2SDa1j04s0gkwWRoJA5GXBz96wsHqXH4OiHqv9%2FvXd4%2F%2F36ZNudEh%2BOniy%2BpTelUnT%2BYs2vvvheEFyqrsjEDaqDdvh%2B2LxUNf1XOmHNf6n6hmDrer7uB74f%2BEF1SRrR1YP5EoRM9ztBrePXmvVacLGJgfl%2Fb50HSz3w%2Fil5EpJPKve9C5BsjCT%2BZlHY9UynL78eO0UzbdDne%2B8m64nOE8Szsms8dJO9Mza0PV46gE52p3Kh%2B%2F8SIzkh3o8HiJK9M5GI%2BjtTnZGCSBDx88j7Ywg1hqRjMH0Tkh8TgHFcWUUS37miTU43%2FkFpiU5I5eEfkPmEVB5cQBLfW1ByUL2ulcukTiwG3QJyMIbsjZG6Q2Sbc5D5IVj2EST%2Fhcw%2FXEES76xapSF5MZ1dyjFkdwwlhqDWgyuP9OC6HlzqIeYnVRYEQcvnjPrtDmMN3hJRyP2AtroBDfywDcdKeUNk6RBMDcHMFlKzhXU5hHE%2FwK4VsNyDzSbEe3sLfV4gFwS5JcgpQS4J8owg7xe7XNm6Le5wZV0UnOX6WW4UI531tumuznoiIdvpKXmi9MU7%2F%2BdtrIuTarvZodxv%2ByLilHYY7XDebnbrvNNts3rDD2FlAWnnpqNuygl59juHVE7InLyNiB7CqkMw%2BRSoC0DzUavug66Nmm0fm8m9AZM9GgvLeY3pGFwXSLMKsg1vW52Sp6cbeu7cAwh2dPnuM%2FuPBi%2F8DmYKpKbAB%2FI%2BQU%2FdGl3TOdm5pnNLvl1NMxnLTVpu73pGM3Hu7ptiI9eGLy%2Fa4VevshIoy%2F13hM1WaMJl0rPk6wXJuTBL2jBBvl%2B2N0R01dm1BWcSl65cfW1pOU6NsFbqZAwqj1f%2FApMTUvnwYPotH%2F%2F5Y0gzhnEFYndEzgJSH4KlW7DpTL3VBEbNOFE6h9wVI1OPZo9KEigx62lUwP6nj2b1tr2FnnkENLuJJC7QNwX6qgBVQ1j32ChLzdHlnz4v4wtEqjKKlKnsRMqoz0prT6f%2BltdvE1J9%2FlNYeVJtNRo%2BDTsXg1aLilbUrLe7YcAprTfDehjSBjI7YTd%2B%2FfJvAAAA%2F%2F8BAAD%2F%2F4Dv5ndwBAAA
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRStzo4g7kVlPQgKg6AoyKR7ZrZnxj0sxhgJxs26q6w3qa6qmZSp7mqquqYnOUUXZQ8e5uBhFYTOm2SDa1j04s0gkwWRoJA5GXBz96wsHqXH4OiHqv9%2FvXd4%2F%2F36ZNudEh%2BOniy%2BpTelUnT%2BYs2vvvheEFyqrsjEDaqDdvh%2B2LxUNf1XOmHNf6n6hmDrer7uB74f%2BEF1SRrR1YP5EoRM9ztBrePXmvVacLGJgfl%2Fb50HSz3w%2Fil5EpJPKve9C5BsjCT%2BZlHY9UynL78eO0UzbdDne%2B8m64nOE8Szsms8dJO9Mza0PV46gE52p3Kh%2B%2F8SIzkh3o8HiJK9M5GI%2BjtTnZGCSBDx88j7Ywg1hqRjMH0Tkh8TgHFcWUUS37miTU43%2FkFpiU5I5eEfkPmEVB5cQBLfW1ByUL2ulcukTiwG3QJyMIbsjZG6Q2Sbc5D5IVj2EST%2Fhcw%2FXEES76xapSF5MZ1dyjFkdwwlhqDWgyuP9OC6HlzqIeYnVRYEQcvnjPrtDmMN3hJRyP2AtroBDfywDcdKeUNk6RBMDcHMFlKzhXU5hHE%2FwK4VsNyDzSbEe3sLfV4gFwS5JcgpQS4J8owg7xe7XNm6Le5wZV0UnOX6WW4UI531tumuznoiIdvpKXmi9MU7%2F%2BdtrIuTarvZodxv%2ByLilHYY7XDebnbrvNNts3rDD2FlAWnnpqNuygl59juHVE7InLyNiB7CqkMw%2BRSoC0DzUavug66Nmm0fm8m9AZM9GgvLeY3pGFwXSLMKsg1vW52Sp6cbeu7cAwh2dPnuM%2FuPBi%2F8DmYKpKbAB%2FI%2BQU%2FdGl3TOdm5pnNLvl1NMxnLTVpu73pGM3Hu7ptiI9eGLy%2Fa4VevshIoy%2F13hM1WaMJl0rPk6wXJuTBL2jBBvl%2B2N0R01dm1BWcSl65cfW1pOU6NsFbqZAwqj1f%2FApMTUvnwYPotH%2F%2F5Y0gzhnEFYndEzgJSH4KlW7DpTL3VBEbNOFE6h9wVI1OPZo9KEigx62lUwP6nj2b1tr2FnnkENLuJJC7QNwX6qgBVQ1j32ChLzdHlnz4v4wtEqjKKlKnsRMqoz0prT6f%2BltdvE1J9%2FlNYeVJtNRo%2BDTsXg1aLilbUrLe7YcAprTfDehjSBjI7YTd%2B%2FfJvAAAA%2F%2F8BAAD%2F%2F4Dv5ndwBAAA HTTP/1.1
Host: sandwichesinstinctive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Cookie: u_pl=17560728; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec849ad080ebdaa9ca9dd84f2d9f8c2306=[2229214,2229213,2229212,2106764]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 25 Oct 2022 12:37:49 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d60a71fa298524ed8bb1795488c97e26
Strict-Transport-Security: max-age=0; includeSubdomains
sandwichesinstinctive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRSt3h1B3IvKehAUBkFRkEn3zKRnxj0sxhgJxs26q6w3qa6qmZSp7mqquqYnOUVXZA8e5uBhFYTOm2SDa1j04s0gkwWRoJA5GXBz96wsHqXH4OiHqv9%2FvXd4%2F%2F36ZNudEh%2BOniy%2BpTelUnRuvuZXX3wvCC5VV2TiBtVBO3w%2FbF6qmv4rnbDmv1R9Q7B1PVf3A98P%2FKC6JI3o6sFcCUKm%2B52g1vFrzXotmG9iYP7fW%2BfBUg%2B8f0qehOSTyn3vIiQbI4m%2FWRR2PdPpy6%2FHTtFMG%2FT53rvJeqLzBPGs7BoP3WTvjA1tj5cOoJPdqVzo%2Fr%2FESE6I9%2BMBomTvTCSi%2Fs5UZ6QgEkT8AvL%2BGEKNIekYTN%2BE5McEYBxXVpHEd65ok9ONf1BaohNSefgHZD4hlQcXkcT3FpQcVK9r5TKpE4tBt4AcjCF7Y6TuENnmOcj8ECz7CJL%2FQuYeriCJd1at0pC8mM4u5RiyO4YSQ1DrwZVHenBdDy71EPOTKguCoOVzRv12h7EGb4ko5H5AW92ABn7YhmOlvCGydAimhmBmC6nZwrocwrgfYNcKWO7BZhPivb2FPi%2BQC4LcEuSUIJcEeUaQ94tdrmzdFne4si4KznL9LDeKkc5623RXZz2RkO30lDxR%2BuJd%2BPM21sVJtd3sUO63fRFxSjuMdjhvN7t13um2Wb3hh7CygLTnpqNuygl59juHVE7IOXkbET2EVYdg8ilQF4Dmo1bdB10bNds%2BNpN7AyZ7NBaW8xrTMbgukGYVZBvetjolT0839Nz53yDY0eW7z%2Bw%2FGrzwO5gpkJoCH8j7BD11a3RN52Tnms4t%2BXY1zWQsN2m5vesZzcT5u2%2BKjVwbvrxoh1%2B9ykqgLPffETZboQmXSc%2BSrxck58IsacME%2BX7Z3hDRVWfXFpxJXLpy9bWl5Tg1wlqpkzGoPF79C0xOSOXDg%2Bm3fPznjyHNGMYViN0ROQtIfQiWbsGmM%2FVWExg140TpeeSuGJl6NHtUkkCJWU%2BjAvY%2FfTSrt%2B0t9MwjoNlNJHGBvinQVwWoGsK6x0ZZao4u%2F%2FR5GV8gUpVRpExlJ1JGfVZae1peD6YmT0j1%2BU9h5Um11Wj4NOzMB60WFa2oWW93w4BTWm%2BG9TCkDWR2wm78%2BuXfAAAA%2F%2F8BAAD%2F%2FwP3%2FTlwBAAA
200 OK 7 B URL HTTP/1.1 sandwichesinstinctive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRSt3h1B3IvKehAUBkFRkEn3zKRnxj0sxhgJxs26q6w3qa6qmZSp7mqquqYnOUVXZA8e5uBhFYTOm2SDa1j04s0gkwWRoJA5GXBz96wsHqXH4OiHqv9%2FvXd4%2F%2F36ZNudEh%2BOniy%2BpTelUnRuvuZXX3wvCC5VV2TiBtVBO3w%2FbF6qmv4rnbDmv1R9Q7B1PVf3A98P%2FKC6JI3o6sFcCUKm%2B52g1vFrzXotmG9iYP7fW%2BfBUg%2B8f0qehOSTyn3vIiQbI4m%2FWRR2PdPpy6%2FHTtFMG%2FT53rvJeqLzBPGs7BoP3WTvjA1tj5cOoJPdqVzo%2Fr%2FESE6I9%2BMBomTvTCSi%2Fs5UZ6QgEkT8AvL%2BGEKNIekYTN%2BE5McEYBxXVpHEd65ok9ONf1BaohNSefgHZD4hlQcXkcT3FpQcVK9r5TKpE4tBt4AcjCF7Y6TuENnmOcj8ECz7CJL%2FQuYeriCJd1at0pC8mM4u5RiyO4YSQ1DrwZVHenBdDy71EPOTKguCoOVzRv12h7EGb4ko5H5AW92ABn7YhmOlvCGydAimhmBmC6nZwrocwrgfYNcKWO7BZhPivb2FPi%2BQC4LcEuSUIJcEeUaQ94tdrmzdFne4si4KznL9LDeKkc5623RXZz2RkO30lDxR%2BuJd%2BPM21sVJtd3sUO63fRFxSjuMdjhvN7t13um2Wb3hh7CygLTnpqNuygl59juHVE7IOXkbET2EVYdg8ilQF4Dmo1bdB10bNds%2BNpN7AyZ7NBaW8xrTMbgukGYVZBvetjolT0839Nz53yDY0eW7z%2Bw%2FGrzwO5gpkJoCH8j7BD11a3RN52Tnms4t%2BXY1zWQsN2m5vesZzcT5u2%2BKjVwbvrxoh1%2B9ykqgLPffETZboQmXSc%2BSrxck58IsacME%2BX7Z3hDRVWfXFpxJXLpy9bWl5Tg1wlqpkzGoPF79C0xOSOXDg%2Bm3fPznjyHNGMYViN0ROQtIfQiWbsGmM%2FVWExg140TpeeSuGJl6NHtUkkCJWU%2BjAvY%2FfTSrt%2B0t9MwjoNlNJHGBvinQVwWoGsK6x0ZZao4u%2F%2FR5GV8gUpVRpExlJ1JGfVZae1peD6YmT0j1%2BU9h5Um11Wj4NOzMB60WFa2oWW93w4BTWm%2BG9TCkDWR2wm78%2BuXfAAAA%2F%2F8BAAD%2F%2FwP3%2FTlwBAAA
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSQWgkRRSt3h1B3IvKehAUBkFRkEn3zKRnxj0sxhgJxs26q6w3qa6qmZSp7mqquqYnOUVXZA8e5uBhFYTOm2SDa1j04s0gkwWRoJA5GXBz96wsHqXH4OiHqv9%2FvXd4%2F%2F36ZNudEh%2BOniy%2BpTelUnRuvuZXX3wvCC5VV2TiBtVBO3w%2FbF6qmv4rnbDmv1R9Q7B1PVf3A98P%2FKC6JI3o6sFcCUKm%2B52g1vFrzXotmG9iYP7fW%2BfBUg%2B8f0qehOSTyn3vIiQbI4m%2FWRR2PdPpy6%2FHTtFMG%2FT53rvJeqLzBPGs7BoP3WTvjA1tj5cOoJPdqVzo%2Fr%2FESE6I9%2BMBomTvTCSi%2Fs5UZ6QgEkT8AvL%2BGEKNIekYTN%2BE5McEYBxXVpHEd65ok9ONf1BaohNSefgHZD4hlQcXkcT3FpQcVK9r5TKpE4tBt4AcjCF7Y6TuENnmOcj8ECz7CJL%2FQuYeriCJd1at0pC8mM4u5RiyO4YSQ1DrwZVHenBdDy71EPOTKguCoOVzRv12h7EGb4ko5H5AW92ABn7YhmOlvCGydAimhmBmC6nZwrocwrgfYNcKWO7BZhPivb2FPi%2BQC4LcEuSUIJcEeUaQ94tdrmzdFne4si4KznL9LDeKkc5623RXZz2RkO30lDxR%2BuJd%2BPM21sVJtd3sUO63fRFxSjuMdjhvN7t13um2Wb3hh7CygLTnpqNuygl59juHVE7IOXkbET2EVYdg8ilQF4Dmo1bdB10bNds%2BNpN7AyZ7NBaW8xrTMbgukGYVZBvetjolT0839Nz53yDY0eW7z%2Bw%2FGrzwO5gpkJoCH8j7BD11a3RN52Tnms4t%2BXY1zWQsN2m5vesZzcT5u2%2BKjVwbvrxoh1%2B9ykqgLPffETZboQmXSc%2BSrxck58IsacME%2BX7Z3hDRVWfXFpxJXLpy9bWl5Tg1wlqpkzGoPF79C0xOSOXDg%2Bm3fPznjyHNGMYViN0ROQtIfQiWbsGmM%2FVWExg140TpeeSuGJl6NHtUkkCJWU%2BjAvY%2FfTSrt%2B0t9MwjoNlNJHGBvinQVwWoGsK6x0ZZao4u%2F%2FR5GV8gUpVRpExlJ1JGfVZae1peD6YmT0j1%2BU9h5Um11Wj4NOzMB60WFa2oWW93w4BTWm%2BG9TCkDWR2wm78%2BuXfAAAA%2F%2F8BAAD%2F%2FwP3%2FTlwBAAA HTTP/1.1
Host: sandwichesinstinctive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Cookie: u_pl=17560728; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec849ad080ebdaa9ca9dd84f2d9f8c2306=[2229214,2229213,2229212,2106764]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 25 Oct 2022 12:37:49 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8bfbab9715d84739d1126772becde892
Strict-Transport-Security: max-age=0; includeSubdomains
sandwichesinstinctive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3p0f%2FHAPoqwHQWEQFAWZdM9M5o97WIwxEoybdVdZb1JdVTMpU93VVHVNT3KKLsgePMzBwyoInW%2BSDa4h6MWbQSYLIgEhfTLg5u5ZWTxKzwZHH%2FR77%2BvvO3zvvfp0250RH46eLr6jN6VSdG6%2B5ldf%2FiAIrlRXZOyG1WGn9WGreaVqBq91WzX%2Flepbgq3rubof%2BH7gB9UlaURPD%2BdKEjLZ7wa1rl9r1mvBfBND819snQdLPfDBGXkakheVB95lSDZBHH27KOx6qpNX34ycoqk2GPC99%2BP1WGcxolnbMx568d65GtqeLB1Cx7tTu9CDf4ShLIj30yHCeO%2FcJMLBztRnqCBihPwSssEEQk0g6QRM34bkJwRgHNdWEUf3rmmT0Y3HLC3ZglQe%2FQGZFaTy8DLi6GBByWH1plYulTq2GPZyyOEEsj9B4o6Qbl6AzI7A0k8g%2BS9k7tEK4mhn1SoNyfPp7FJOIHsTKDECtR5c%2BUkPrufBJR4iflplQRC0fc6o3%2Bky1uBtEba4H9B2L6CB3%2BrAsdLeCGkyAlMjMLOFxGxhXY5g3I%2Bwazks92DTgnjvbmHAc2SCILMEGSXIJEGWEmSDfJcrW7f5Pa6sC4PzWj%2BvjXys0%2F423dVpX8RkOzkjT5V78S79eRfr4rTaaXYp9zu%2BCDmlXUa7nHeavTrv9jqs3vBbsDKHtBemo27Kgjz%2FvUMiC3JB3kVIj2DVEZh8BtQFoNm4XfdB18bNjo%2FN%2BGDIZJ9GwnJeYzoC1zmStIJ0w9tWZ%2BTZ6YWqL34GwY6v3n9u%2F%2F%2FBS7%2BDmRyJyfGRfEDQV3fGN3RGdm7ozJLvVpNURnKTlte7mdJUXLz%2FttjItOHLi3b09eusJMp2%2Fz1h0xUacxn3LflmQXIuzJI2TJAflu0tEV53dm3BmdglK9ffWFqOEiOslTqegMqT1b%2FAZEEqHx9On%2BWTxQGkmcC4HJE7JucBqY%2FAki3YZObeagKjZpowqSBz%2BdjUw9lPJQmUmGEa5rD%2FwuGs37Z30Df%2FA01vI45yDEyOgcpB1QjWPTFOE3N89ecvyvgSoaqMQ2UqO6Ey6vOCvHDxrEwPy%2FTb401beVptNxo%2BbXXng3abinbYrHd6rYBTWm%2B26q0WbSC1Bbv161d%2FAwAA%2F%2F8BAAD%2F%2F6XbT1ZwBAAA
200 OK 7 B URL HTTP/1.1 sandwichesinstinctive.com/ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3p0f%2FHAPoqwHQWEQFAWZdM9M5o97WIwxEoybdVdZb1JdVTMpU93VVHVNT3KKLsgePMzBwyoInW%2BSDa4h6MWbQSYLIgEhfTLg5u5ZWTxKzwZHH%2FR77%2BvvO3zvvfp0250RH46eLr6jN6VSdG6%2B5ldf%2FiAIrlRXZOyG1WGn9WGreaVqBq91WzX%2Flepbgq3rubof%2BH7gB9UlaURPD%2BdKEjLZ7wa1rl9r1mvBfBND819snQdLPfDBGXkakheVB95lSDZBHH27KOx6qpNX34ycoqk2GPC99%2BP1WGcxolnbMx568d65GtqeLB1Cx7tTu9CDf4ShLIj30yHCeO%2FcJMLBztRnqCBihPwSssEEQk0g6QRM34bkJwRgHNdWEUf3rmmT0Y3HLC3ZglQe%2FQGZFaTy8DLi6GBByWH1plYulTq2GPZyyOEEsj9B4o6Qbl6AzI7A0k8g%2BS9k7tEK4mhn1SoNyfPp7FJOIHsTKDECtR5c%2BUkPrufBJR4iflplQRC0fc6o3%2Bky1uBtEba4H9B2L6CB3%2BrAsdLeCGkyAlMjMLOFxGxhXY5g3I%2Bwazks92DTgnjvbmHAc2SCILMEGSXIJEGWEmSDfJcrW7f5Pa6sC4PzWj%2BvjXys0%2F423dVpX8RkOzkjT5V78S79eRfr4rTaaXYp9zu%2BCDmlXUa7nHeavTrv9jqs3vBbsDKHtBemo27Kgjz%2FvUMiC3JB3kVIj2DVEZh8BtQFoNm4XfdB18bNjo%2FN%2BGDIZJ9GwnJeYzoC1zmStIJ0w9tWZ%2BTZ6YWqL34GwY6v3n9u%2F%2F%2FBS7%2BDmRyJyfGRfEDQV3fGN3RGdm7ozJLvVpNURnKTlte7mdJUXLz%2FttjItOHLi3b09eusJMp2%2Fz1h0xUacxn3LflmQXIuzJI2TJAflu0tEV53dm3BmdglK9ffWFqOEiOslTqegMqT1b%2FAZEEqHx9On%2BWTxQGkmcC4HJE7JucBqY%2FAki3YZObeagKjZpowqSBz%2BdjUw9lPJQmUmGEa5rD%2FwuGs37Z30Df%2FA01vI45yDEyOgcpB1QjWPTFOE3N89ecvyvgSoaqMQ2UqO6Ey6vOCvHDxrEwPy%2FTb401beVptNxo%2BbXXng3abinbYrHd6rYBTWm%2B26q0WbSC1Bbv161d%2FAwAA%2F%2F8BAAD%2F%2F6XbT1ZwBAAA
IP
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RST2gkxReu3p0f%2FHAPoqwHQWEQFAWZdM9M5o97WIwxEoybdVdZb1JdVTMpU93VVHVNT3KKLsgePMzBwyoInW%2BSDa4h6MWbQSYLIgEhfTLg5u5ZWTxKzwZHH%2FR77%2BvvO3zvvfp0250RH46eLr6jN6VSdG6%2B5ldf%2FiAIrlRXZOyG1WGn9WGreaVqBq91WzX%2Flepbgq3rubof%2BH7gB9UlaURPD%2BdKEjLZ7wa1rl9r1mvBfBND819snQdLPfDBGXkakheVB95lSDZBHH27KOx6qpNX34ycoqk2GPC99%2BP1WGcxolnbMx568d65GtqeLB1Cx7tTu9CDf4ShLIj30yHCeO%2FcJMLBztRnqCBihPwSssEEQk0g6QRM34bkJwRgHNdWEUf3rmmT0Y3HLC3ZglQe%2FQGZFaTy8DLi6GBByWH1plYulTq2GPZyyOEEsj9B4o6Qbl6AzI7A0k8g%2BS9k7tEK4mhn1SoNyfPp7FJOIHsTKDECtR5c%2BUkPrufBJR4iflplQRC0fc6o3%2Bky1uBtEba4H9B2L6CB3%2BrAsdLeCGkyAlMjMLOFxGxhXY5g3I%2Bwazks92DTgnjvbmHAc2SCILMEGSXIJEGWEmSDfJcrW7f5Pa6sC4PzWj%2BvjXys0%2F423dVpX8RkOzkjT5V78S79eRfr4rTaaXYp9zu%2BCDmlXUa7nHeavTrv9jqs3vBbsDKHtBemo27Kgjz%2FvUMiC3JB3kVIj2DVEZh8BtQFoNm4XfdB18bNjo%2FN%2BGDIZJ9GwnJeYzoC1zmStIJ0w9tWZ%2BTZ6YWqL34GwY6v3n9u%2F%2F%2FBS7%2BDmRyJyfGRfEDQV3fGN3RGdm7ozJLvVpNURnKTlte7mdJUXLz%2FttjItOHLi3b09eusJMp2%2Fz1h0xUacxn3LflmQXIuzJI2TJAflu0tEV53dm3BmdglK9ffWFqOEiOslTqegMqT1b%2FAZEEqHx9On%2BWTxQGkmcC4HJE7JucBqY%2FAki3YZObeagKjZpowqSBz%2BdjUw9lPJQmUmGEa5rD%2FwuGs37Z30Df%2FA01vI45yDEyOgcpB1QjWPTFOE3N89ecvyvgSoaqMQ2UqO6Ey6vOCvHDxrEwPy%2FTb401beVptNxo%2BbXXng3abinbYrHd6rYBTWm%2B26q0WbSC1Bbv161d%2FAwAA%2F%2F8BAAD%2F%2F6XbT1ZwBAAA HTTP/1.1
Host: sandwichesinstinctive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Cookie: u_pl=17560728; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; nlec849ad080ebdaa9ca9dd84f2d9f8c2306=[2229214,2229213,2229212,2106764]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 25 Oct 2022 12:37:49 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c534ec003932604aaba90def3eb88702
Strict-Transport-Security: max-age=0; includeSubdomains
sandwichesinstinctive.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js
200 OK 29 kB URL HTTP/1.1 sandwichesinstinctive.com/65/aa/28/65aa283021630dfd9030555c4c61a78c.js
IP
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash a7994c1102efc7cc5ac64f88a1d35591
2eafc16b4f3be3a14833f0bb24968212a08aeb91
3cd95fe65065e669eec25f5966228ed460b694974a81c8a63382d78e94acfd8f
Analyzer Verdict Alert quad9 Sinkholed
GET /65/aa/28/65aa283021630dfd9030555c4c61a78c.js HTTP/1.1
Host: sandwichesinstinctive.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Tue, 25 Oct 2022 12:37:49 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ed89ff2d3c3536c981e5ba3b934c4b38
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/f5/51/11/f55111e6670fcf4ab6741d5148b8f46e/1627917035.png
200 OK 30 kB URL HTTP/2 cdn.cloudimagesb.com/cti/f5/51/11/f55111e6670fcf4ab6741d5148b8f46e/1627917035.png
IP
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 468 x 60, 8-bit/color RGB, non-interlaced\012- data
Hash 2f616bbffea93fdb5908173cc0df570d
c62417c0dc7503f1ca8852ceac347d0a074e5ff1
0aa6af37608faee30dfafd1221c7f96e2952cebb8dd52bd5401f79a5cf6b744f
GET /cti/f5/51/11/f55111e6670fcf4ab6741d5148b8f46e/1627917035.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 25 Oct 2022 12:37:49 GMT
content-type: image/png
content-length: 30301
server: nginx/1.17.6
last-modified: Mon, 02 Aug 2021 15:10:47 GMT
etag: "61080af7-765d"
expires: Thu, 27 Oct 2022 12:37:49 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 25 Oct 2022 10:41:09 GMT
expires: Tue, 25 Oct 2022 12:41:09 GMT
cache-control: public, max-age=7200
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
age: 7000
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
200 OK 28 kB URL HTTP/1.1 addresseepaper.com/sfp.js
IP
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Date: Tue, 25 Oct 2022 12:37:50 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: 705f2e761d5abfd60a0dab2d5347a6b9
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Tue, 25 Oct 2022 12:37:49 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MxLyVXn3Ln9wD5CKHqrzLpCSPuzmXiDPztH1qHVP93bswO1qN%2F4tx3eJpg6Pw0iVYsdPWOyCgfY7XudFgbOGLwsyY%2FZQ9LWQdQNYvT8CjJpKh1t4FSgvgLsG8P21I9uxak9iBKg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75fb017afc818e32-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
lowhardboiledadjoin.com/pixel/purst?dl=0&th=0&sc=0&rs=3461&rd=3461&fd=363&bv=22.8.v.2&tmpl=136
200 OK 0 B URL HTTP/1.1 lowhardboiledadjoin.com/pixel/purst?dl=0&th=0&sc=0&rs=3461&rd=3461&fd=363&bv=22.8.v.2&tmpl=136
IP
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=3461&rd=3461&fd=363&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: lowhardboiledadjoin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 25 Oct 2022 12:37:50 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
xcigamesdd.com/koko-analytics-collect.php?p=6793&nv=1&up=1&r=&rqp=o4b57luk0zq
200 OK 43 B URL HTTP/1.1 xcigamesdd.com/koko-analytics-collect.php?p=6793&nv=1&up=1&r=&rqp=o4b57luk0zq
IP
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /koko-analytics-collect.php?p=6793&nv=1&up=1&r=&rqp=o4b57luk0zq HTTP/1.1
Host: xcigamesdd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/mario-rabbids-sparks-of-hope/
Cookie: _ga_LTBNRSB0H2=GS1.1.1666701465.1.0.1666701465.0.0.0; _ga=GA1.2.447764308.1666701466; dom3ic8zudi28v8lr6fgphwffqoz0j6c=3e3d33fe-4e2b-4892-ac42-f967d1fdfb03%3A1%3A1; m5a4xojbcp2nx3gptmm633qal3gzmadn=sandwichesinstinctive.com; _gid=GA1.2.125473047.1666701468; _gat_gtag_UA_12043064_122=1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: image/gif
x-content-type-options: nosniff
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
tk: N
content-length: 43
date: Tue, 25 Oct 2022 12:37:49 GMT
vary: Accept-Encoding
unseenreport.com/pxf.gif?uuid=3e3d33fe-4e2b-4892-ac42-f967d1fdfb03&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=65aa283021630dfd9030555c4c61a78c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=3e3d33fe-4e2b-4892-ac42-f967d1fdfb03&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=65aa283021630dfd9030555c4c61a78c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12
IP
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=3e3d33fe-4e2b-4892-ac42-f967d1fdfb03&eb=afa55bd8bbaeee6cbf2f0b21fb513961&te=9e4947f35751465411fd1a4f5c358c78&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.29&b_frame=0&pk=65aa283021630dfd9030555c4c61a78c&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=12 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://xcigamesdd.com/
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 25 Oct 2022 12:37:50 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b1bd4f315400b9eacc9938501c83596e
Strict-Transport-Security: max-age=0; includeSubdomains
unphionetor.com/fv.js?t=72747&cb=151168340
200 OK 0 B URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=151168340
IP
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=151168340 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-07.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 12:37:49 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: d4b7d5604f28e63e76e369750601fa0b
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
arsnivyr.com/9?z=5382937&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=2ba257c6ac604d8abd91bcf06d28d02f
200 OK 0 B URL HTTP/2 arsnivyr.com/9?z=5382937&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=2ba257c6ac604d8abd91bcf06d28d02f
IP
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=5382937&ng=1&ix=0&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=http%3A%2F%2Fxcigamesdd.com%2Fmario-rabbids-sparks-of-hope%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1268&wiw=1280&wih=939&wfc=1&sah=1002&drf=&hil=1&ist=0&oaid=2ba257c6ac604d8abd91bcf06d28d02f HTTP/1.1
Host: arsnivyr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 427
Origin: http://xcigamesdd.com
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 25 Oct 2022 12:37:48 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: http://xcigamesdd.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 5470c200a8c39d6a503ed9bf2dd41431
access-control-expose-headers: X-Sc
x-sc: MbG9N16rcHU-g1I0PoOse8_LUtluVO3qQgSUHyHRatgbdHGa3AqPA-SYLIwHLbbv3M-jABIXK8uWhAqancv13UtzzYQ=
set-cookie: scm=1; expires=Wed, 25 Oct 2023 12:37:48 GMT; secure; SameSite=None
OAID=2ba257c6ac604d8abd91bcf06d28d02f; expires=Wed, 25 Oct 2023 12:37:48 GMT; secure; SameSite=None
oaidts=1666701468; expires=Wed, 25 Oct 2023 12:37:48 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Rubik
200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Rubik
IP
GET /css?family=Rubik HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://xcigamesdd.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 25 Oct 2022 12:37:47 GMT
date: Tue, 25 Oct 2022 12:37:47 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
107.6.168.100
34.117.237.239
139.45.197.236
104.21.84.149
23.36.76.226
52.58.42.92