c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
3.73.127.68308 Permanent Redirect 164 B URL HTTP/1.1 c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
IP 3.73.127.68:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f23c4815ecaef1588f16ac735c0e15d6
026bf8cdd5076014b6fc822878e0086eb44da556
43a81fb3d47b34e7d42d6b8444f592ed9251b8e57db8f67d32419aa40b1480d0
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/casino-reg?cid=1998118021&pid=186259&sip=0 HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 308 Permanent Redirect
Server: nginx
Date: Tue, 20 Dec 2022 15:59:14 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 048cda18c6dbe7c4e4b106f5e1104b0a
1bd6f3367ccf446263b00ad8c1ece15a4164730b
66a680d9b8e454db94e14d2c4a466891e538b2d83ccee0dc65be62163992b4e0
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66A680D9B8E454DB94E14D2C4A466891E538B2D83CCEE0DC65BE62163992B4E0"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10873
Expires: Tue, 20 Dec 2022 19:00:27 GMT
Date: Tue, 20 Dec 2022 15:59:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b8fbcd7ca1a893d05677318a8a198e7a
0851654c21f6e3741887e7deab8098c1dc56f33c
edbade5913ace2fcbb932922e9af69acb2e8759474a2eeaec216307247fea361
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EDBADE5913ACE2FCBB932922E9AF69ACB2E8759474A2EEAEC216307247FEA361"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11546
Expires: Tue, 20 Dec 2022 19:11:40 GMT
Date: Tue, 20 Dec 2022 15:59:14 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Tue, 20 Dec 2022 15:45:47 GMT
content-type: application/json
age: 807
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f4b32de26d9af2cba6afcdcf716d3fb8
644ead4436a8f2fc1f0dd25e4484b64f6ed63347
525123034cb53d750d5ebd487015911452d2cd3c34301e6628f2f52f3f0bfc88
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "525123034CB53D750D5EBD487015911452D2CD3C34301E6628F2F52F3F0BFC88"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11680
Expires: Tue, 20 Dec 2022 19:13:54 GMT
Date: Tue, 20 Dec 2022 15:59:14 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: VbScC1ct5rzjhCLKM1HOsdTo3UKBN5IxL848ym0dQuPD6pqYpbbcQG2nW5xeqcUh1SDHrNBpcBY=
x-amz-request-id: J5YFVB7QFZQQPBK4
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Tue, 20 Dec 2022 15:29:29 GMT
age: 1785
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:14 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5f62ec98f20ea4121f6dc0cc3d782292
cfff360d28f5535ce59348ed23ea5d48a118074e
625c87445a153dbd9d04fc92f48d60615a4816840ee784e17ec573d18677dde1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "625C87445A153DBD9D04FC92F48D60615A4816840EE784E17EC573D18677DDE1"
Last-Modified: Tue, 20 Dec 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13335
Expires: Tue, 20 Dec 2022 19:41:29 GMT
Date: Tue, 20 Dec 2022 15:59:14 GMT
Connection: keep-alive
cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
54.230.111.107200 OK 23 kB URL HTTP/1.1 cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
IP 54.230.111.107:0
File type C source, ASCII text, with very long lines (539)
Hash bfcc64224f8c6e43e026afb16bd0f4f8
4b1a0dbd96c3047a917ba024690ffc4d544b8b00
c87358a7c76c044147379c9415f96488045b936666093c83fd0e57e08316548e
GET /js/11DAF087E87A3DFD/scarab-v2.js HTTP/1.1
Host: cdn.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Timing-Allow-Origin: *
Date: Tue, 20 Dec 2022 15:10:36 GMT
Cache-Control: max-age=3600,public
ETag: "aa53180343ab25d32aa7294158ca3216--gzip"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GtXhiqFa2ApQvDaDfoYpXJJcrvcP3U1C-My5qoHvDTrAgFxkFvm6QQ==
Age: 2936
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 33b3e9caf6728c5b916ec1ffee5ce0b3
06dccffaf379bc6709ca42d408ae530d8a14ef83
2ed45ebc478006d7657cd42f5779635c871a5919efa7a6d7ed3a3fa344089360
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
172.217.21.168200 OK 57 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
IP 172.217.21.168:0
File type Unicode text, UTF-8 text, with very long lines (13906)
Hash d1aa4409dbb0f555b6960f799b4c3e49
929965cf5f1b25be42e36f6611839f1550448b73
c65bf4db9cb7f3713891395c1630a03df7d338ea08229ce3a27ce8372916f170
GET /gtm.js?id=GTM-5PMSX62 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Tue, 20 Dec 2022 15:59:14 GMT
expires: Tue, 20 Dec 2022 15:59:14 GMT
cache-control: private, max-age=900
last-modified: Tue, 20 Dec 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 56874
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.scarabresearch.com/wpjs/wploader.js?ts=2763
54.230.111.21200 OK 11 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wploader.js?ts=2763
IP 54.230.111.21:0
File type Unicode text, UTF-8 text, with very long lines (26064)
Hash bec6f8f2e57372c466a7d7bd40a1aea2
b09faed28b596d58ec259541dacf4bae483c36d9
3276d4fddd87990d2353ac98603ed5fdea4906d1ad1278e089e29b5a58215754
GET /wpjs/wploader.js?ts=2763 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 10 Oct 2022 11:09:48 GMT
x-amz-version-id: DzVXMgBeksdrQfAKjc.ckmkVhMlLjwqT
Server: AmazonS3
Content-Encoding: gzip
Date: Tue, 20 Dec 2022 02:44:59 GMT
Cache-Control: max-age=86400
ETag: W/"1bb200ba7add3c5d4bfb6f3822bfe5af"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: FBBh6B-X4l7F9-R_F8sTlwwL4yL9vMkJJSMPP2_niJauRmKay4XGlw==
Age: 47657
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Tue, 20 Dec 2022 15:33:24 GMT
age: 1551
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1049/static/css/main.687ea28c.chunk.css
172.67.160.69200 OK 545 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1049/static/css/main.687ea28c.chunk.css
IP 172.67.160.69:0
Hash 77ecad52bbf259a0f8148efb03dfec0d
36de72220d12f6592ffcf62248d49167023196e5
51f888418ad7b07df6af83cdc13c8ed51237ea1b6954fc6df9f25424b345129f
GET /spa-static/1.4.1049/static/css/main.687ea28c.chunk.css HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 15:59:14 GMT
content-type: text/css
last-modified: Mon, 19 Dec 2022 15:51:25 GMT
vary: Accept-Encoding
etag: W/"63a0887d-54"
expires: Tue, 20 Dec 2022 16:37:16 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 12118
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=riSnEjsJ1xUN2t9nXmkNit1dvlCecraSfATKfaiIL9WlxnLVOB0UK%2BC%2FwN23PYf8LxVT%2B3nmIqVbW2MqcrCfHMo9HXnRCFckid%2F55nbPJC3JQeSqIKiYitnid8cuG4Ikp480"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c995860b6eb4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
static.scarabresearch.com/wpjs/wpes6.js?ts=2763
54.230.111.21200 OK 32 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wpes6.js?ts=2763
IP 54.230.111.21:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 3cf68a7b8e4b97aac9b2500809c2d9f4
38a8e6ad80f21132226a6d1f16f86d7253aa3589
f2e3898ea70eb5cf6ace1080a7ce7f35cb780eabc4c2f918d785f55a10144195
GET /wpjs/wpes6.js?ts=2763 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 10 Oct 2022 11:09:51 GMT
x-amz-version-id: B7kEOPd3f.UUaahYeIIXT30URW6wDjD.
Server: AmazonS3
Content-Encoding: gzip
Date: Mon, 19 Dec 2022 19:05:37 GMT
Cache-Control: max-age=86400
ETag: W/"aea14a7926cfb79f14472c23a4b1543b"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: LqDN_7E5_s7XMRRJj-9sq1KPi7uKpQrMJLaLU8mVEdB6nMofDofVMg==
Age: 75219
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d0c2b6760f2b58f445446dd2276d5af4
aeedf417b1ebde86ce837ca02ba934abb938b1a4
8fe72d0ce839150559da5ddf46bf87d26b6b9cbe34d09641b29a53be24997c81
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 985
Cache-Control: max-age=149041
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:15 GMT
Etag: "63a17b2b-1d7"
Expires: Thu, 22 Dec 2022 09:23:16 GMT
Last-Modified: Tue, 20 Dec 2022 09:06:51 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4817b81ef8edd224f655ec0203f639ac
99daacd43e1634623125fde39e1ba3d12eb99e46
80b8da6e967445dcb5db8bc6e57470b8b235be28bce7a3bed7f4a66bf9249b32
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "80B8DA6E967445DCB5DB8BC6E57470B8B235BE28BCE7A3BED7F4A66BF9249B32"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6530
Expires: Tue, 20 Dec 2022 17:48:05 GMT
Date: Tue, 20 Dec 2022 15:59:15 GMT
Connection: keep-alive
my.rtmark.net/p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01
IP 139.45.195.8:0
Hash 6425f508eacb60db81c6d0b38ae56a58
d27caed071b054a15ab2291a11a4bfe12e097d7a
e94404dcfeb2d07ed1a6c0ad4230d5bc5754c0c965736d4ebc3224af415094d0
GET /p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:15 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dc42e8888911b1f352cc281c26b44e1e
6b4d3cec2daaec21b6af172283cdfd398394c251
22d9f36ba4e1b3932f8e0a1349f144054e5b9765282a2083d96cc91760520923
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5373
Cache-Control: max-age=105943
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:15 GMT
Etag: "63a0c1ad-1d7"
Expires: Wed, 21 Dec 2022 21:24:58 GMT
Last-Modified: Mon, 19 Dec 2022 19:55:25 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Tue, 20 Dec 2022 14:41:08 GMT
expires: Tue, 20 Dec 2022 16:41:08 GMT
cache-control: public, max-age=7200
age: 4687
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 8b26cd4609e2025e51e90573a0fbd6f7
efc2006ae5297ad5ae5e064188b9fba73f6b868f
e288b6a1e220f5fb781cfbb0b739b36c6acfdceccff8f0278fc151c241b0b50b
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: iZ/9eIJulbbe3bpEo5YgHP9homdcbJw/Z1sEeM6AZpPDpC9cWK2Vb8rZNztwPQlTJs8OZE9+T85adK3wZ3/EFg==
content-length: 27298
x-fb-trip-id: 1904183273
date: Tue, 20 Dec 2022 15:59:15 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 33a09b1eeba4f0911d59d4b718b06978
ebd75bb44f79284a39258ea8358a85b24a25103a
900298a5e2a3f8257b1a979118b46e31803d7ca17bbc9a548a1b853e821b3243
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 15:59:15 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sat, 24 Dec 2022 13:13:11 GMT
ETag: "ebd75bb44f79284a39258ea8358a85b24a25103a"
Last-Modified: Tue, 20 Dec 2022 13:13:12 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3528
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77c995898ddcb50c-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash dc42e8888911b1f352cc281c26b44e1e
6b4d3cec2daaec21b6af172283cdfd398394c251
22d9f36ba4e1b3932f8e0a1349f144054e5b9765282a2083d96cc91760520923
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5373
Cache-Control: max-age=105943
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:15 GMT
Etag: "63a0c1ad-1d7"
Expires: Wed, 21 Dec 2022 21:24:58 GMT
Last-Modified: Mon, 19 Dec 2022 19:55:25 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 48be0455eb8a5b14151ab06b5e6fc620
6afca43529d57134c7b4a6b13578aa7a22ad5f05
8479e210c43d1f8cbe4c514f8903e3973ab5b82e0e0095526984ec1eaffbadca
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 673
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Tue, 20 Dec 2022 15:59:15 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7010997051768963072; Domain=.rockmostbet.com; Path=/; Expires=Thu, 18 Dec 2025 18:26:18 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 3
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 36602f03012523202fd8eb9174a4c9ca
471b04d5a9aa358a2b1a8535fd6da389a24eb88e
ed666e56d6dcdb0387124b61f367573509e2f44d742306fb3c4789aebe468fbd
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 760
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Tue, 20 Dec 2022 15:59:15 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7010997051768963072; Domain=.rockmostbet.com; Path=/; Expires=Thu, 18 Dec 2025 18:26:18 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 3
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/partners/sport_logo.png
3.73.127.68404 Not Found 175 kB URL HTTP/2 c4adbk4m41qwkxamst.com/partners/sport_logo.png
IP 3.73.127.68:0
Size 175 kB (175449 bytes)
Hash b33f9e31ca2d00cc6b81322bad74e0b6
ae6674e7ff3d1897759e7e6b4c7c2e732a07bc57
720b68731c38a58eca54de3a31b0c26a03a4ee64b86edd5c8a08c00739944e89
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/sport_logo.png HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Cookie: theme=desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Tue, 20 Dec 2022 15:59:14 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
push.services.mozilla.com/
35.160.97.225101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.160.97.225:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LusAUPY/yftG+plzo6E98g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: s2hU6qDxoVs84SP00m6MFORXbT8=
mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A864147801%3Arqn%3A1%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C194%2C37%2C0%2C304%2C0%2C%2C391%2C2%2C%2C%2C%2C966%3Aco%3A0%3Ans%3A1671551957557%3Anp%3ATGludXggeDg2XzY0%3Arqnl%3A1%3Ast%3A1671551959%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)mtb(0)rqnt(1)aw(1)pe(1)efid(1)ti(2)
87.250.250.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A864147801%3Arqn%3A1%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C194%2C37%2C0%2C304%2C0%2C%2C391%2C2%2C%2C%2C%2C966%3Aco%3A0%3Ans%3A1671551957557%3Anp%3ATGludXggeDg2XzY0%3Arqnl%3A1%3Ast%3A1671551959%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)mtb(0)rqnt(1)aw(1)pe(1)efid(1)ti(2)
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash e54fe5deb285ff6753fe8bf86b07ffcb
a9de8386669b1d420b9572c07015f0a7a034421c
a1a3445e2baf7b395cd847ed2c5f6a317af3f03eb7ae46919cd9bc7ac8e69953
GET /watch/37954615?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A864147801%3Arqn%3A1%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C194%2C37%2C0%2C304%2C0%2C%2C391%2C2%2C%2C%2C%2C966%3Aco%3A0%3Ans%3A1671551957557%3Anp%3ATGludXggeDg2XzY0%3Arqnl%3A1%3Ast%3A1671551959%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)mtb(0)rqnt(1)aw(1)pe(1)efid(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/37954615/1?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A864147801%3Arqn%3A1%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C194%2C37%2C0%2C304%2C0%2C%2C391%2C2%2C%2C%2C%2C966%3Aco%3A0%3Ans%3A1671551957557%3Anp%3ATGludXggeDg2XzY0%3Arqnl%3A1%3Ast%3A1671551959%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29mtb%280%29rqnt%281%29aw%281%29pe%281%29efid%281%29ti%282%29
date: Tue, 20 Dec 2022 15:59:15 GMT
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
set-cookie: yabs-sid=2654016501671551955; Path=/; SameSite=None; Secure
i=AT/MCCJ0/Z5TtFASZ6avqLPPzm9plCRZGbu8o2ALF21A4v0tNg09ZVTtYDa2HdVUIDgPtjxDNdqZHh6Rz9A+NUhPcKw=; Expires=Fri, 17-Dec-2032 15:59:14 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=9920755361671551955; Expires=Wed, 20-Dec-2023 15:59:15 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=9920755361671551955; Expires=Wed, 20-Dec-2023 15:59:15 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1703087955.yc.1671551955#1703087955.yrts.1671551955#1703087955.yrtsi.1671551955; Expires=Wed, 20-Dec-2023 15:59:15 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 15:59:15 GMT
last-modified: Tue, 20-Dec-2022 15:59:15 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&rl=&if=false&ts=1671551959185&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1671551959184.713097835&it=1671551958917&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&rl=&if=false&ts=1671551959185&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1671551959184.713097835&it=1671551958917&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&rl=&if=false&ts=1671551959185&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1671551959184.713097835&it=1671551958917&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Tue, 20 Dec 2022 15:59:15 GMT
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 15:59:15 GMT
access-control-allow-origin: *
etag: "63a043d3-2b"
expires: Tue, 20 Dec 2022 16:59:15 GMT
accept-ranges: bytes
last-modified: Mon, 19 Dec 2022 13:58:27 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 4a594d1dd3e4c426da0d80fbf158c5cf
a361e57cd07ba187ffb5bf215aa970e6641d4f88
9bdfe7fb58fe01be68477f65090c989f4f5fdd83de2aa0ffeafb31b3b413a482
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 829
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Tue, 20 Dec 2022 15:59:15 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7010997051768963072; Domain=.rockmostbet.com; Path=/; Expires=Thu, 18 Dec 2025 18:26:18 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 1
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 0b3a38d8057f8c59aa4db5a405d1004c
3c25e79903c1854f482800c6649da26764730a90
910fbf0b154d2cb38f02f87065f7e94f0aa98a11ffd1c87b04eecf80975d4a51
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:15 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
c4adbk4m41qwkxamst.com/connection/websocket
3.73.127.68101 Switching Protocols 0 B URL HTTP/1.1 c4adbk4m41qwkxamst.com/connection/websocket
IP 3.73.127.68:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /connection/websocket HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://c4adbk4m41qwkxamst.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 0Ys7yGL/oOFz1h0iG4nHhA==
Connection: keep-alive, Upgrade
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551959.0.0.0; _ga=GA1.2.1497915956.1671551959; cid=1998118021; prid=most_partner.1998118021; pid=186259; sip=0; PHPSESSID=m58ohuhivjn042qjqlil960g0p; lunetics_locale=bn; tz=Europe%2FOslo; rst-uid=7010997051768963072; _gid=GA1.2.651430779.1671551959; _gaclientid=1497915956.1671551959; _gasessionid=20221220|02130263; _gahitid=1671551958905; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671551959540559322; _ym_d=1671551959; _fbp=fb.1.1671551959184.713097835; _ym_isad=2
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Tue, 20 Dec 2022 15:59:15 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: sfPrpMTu20Lfz/j7Lsyzr9e3wqE=
my.rtmark.net/img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:15 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=096ed23334b54c419558001bf70fa120; expires=Wed, 20 Dec 2023 15:59:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=818679901&cid=1497915956.1671551959&ul=en-us&sr=1280x1024&_s=1&sid=1671551958&sct=1&seg=0&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&dt=&en=page_view&_fv=2&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=818679901&cid=1497915956.1671551959&ul=en-us&sr=1280x1024&_s=1&sid=1671551958&sct=1&seg=0&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&dt=&en=page_view&_fv=2&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=818679901&cid=1497915956.1671551959&ul=en-us&sr=1280x1024&_s=1&sid=1671551958&sct=1&seg=0&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&dt=&en=page_view&_fv=2&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
date: Tue, 20 Dec 2022 15:59:15 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
142.250.74.132200 OK 577 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
IP 142.250.74.132:0
File type ASCII text, with very long lines (909), with no line terminators
Hash 7bdc8d0be4e82a7ccce2f89b12a2323d
f14de96794dc2b2ade651994004aa411926b3e55
ed2a3f8a54d06e0cec43dffdb36721b860c683c0f4f290c8b93400ea6ccbdd0c
GET /recaptcha/api.js?onload=onloadcallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Tue, 20 Dec 2022 15:59:15 GMT
date: Tue, 20 Dec 2022 15:59:15 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 577
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8e84fec7bfc86706d3809cd65d2b9e09
60f334b1ca82534c2e203b4c432f92c126ec5f32
65c0aa10dfcf71d2064ab2b9b5d52101ae0863677293fc913e077bfb5edc2618
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65C0AA10DFCF71D2064AB2B9B5D52101AE0863677293FC913E077BFB5EDC2618"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10420
Expires: Tue, 20 Dec 2022 18:52:56 GMT
Date: Tue, 20 Dec 2022 15:59:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8e84fec7bfc86706d3809cd65d2b9e09
60f334b1ca82534c2e203b4c432f92c126ec5f32
65c0aa10dfcf71d2064ab2b9b5d52101ae0863677293fc913e077bfb5edc2618
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65C0AA10DFCF71D2064AB2B9B5D52101AE0863677293FC913E077BFB5EDC2618"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10420
Expires: Tue, 20 Dec 2022 18:52:56 GMT
Date: Tue, 20 Dec 2022 15:59:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8e84fec7bfc86706d3809cd65d2b9e09
60f334b1ca82534c2e203b4c432f92c126ec5f32
65c0aa10dfcf71d2064ab2b9b5d52101ae0863677293fc913e077bfb5edc2618
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65C0AA10DFCF71D2064AB2B9B5D52101AE0863677293FC913E077BFB5EDC2618"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10420
Expires: Tue, 20 Dec 2022 18:52:56 GMT
Date: Tue, 20 Dec 2022 15:59:16 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 4f05977a009dd740d1f82894bb649d6f
a6e1a419deff5fc86ffa4fc7991435ec1578233a
6cc36a336c232d9d1823ea0bec9acaf4744f0f1b9648cdd21ce44d294e9cb576
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/test_cookie_set?testcookie=0z7e3x15tv7j6njy2mmagj
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=0z7e3x15tv7j6njy2mmagj
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=0z7e3x15tv7j6njy2mmagj HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://c4adbk4m41qwkxamst.com/
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: e80d998135bf4b8793b7dafe25f03725
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Tue, 20 Dec 2022 15:59:15 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=dzwzutzfdrnklpkknw5a5s
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=dzwzutzfdrnklpkknw5a5s
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=dzwzutzfdrnklpkknw5a5s HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://c4adbk4m41qwkxamst.com/
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 9cc30ef61d764519835bae293a72add6
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Tue, 20 Dec 2022 15:59:15 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/metrika_match.html
87.250.250.119200 OK 696 B URL HTTP/2 mc.yandex.ru/metrika/metrika_match.html
IP 87.250.250.119:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (540)
Hash 784e2d6c9868e5d3aca06efb9fc6bdd2
9496aba69de55c6b74b1494d0479772a28a7f29c
cf75bbfd28015ee0303483f2224ef09129135c7487ddb6537f999b6095619698
GET /metrika/metrika_match.html HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 696
date: Tue, 20 Dec 2022 15:59:16 GMT
access-control-allow-origin: *
etag: "63a043d3-2b8"
expires: Tue, 20 Dec 2022 16:59:16 GMT
last-modified: Mon, 19 Dec 2022 13:58:27 GMT
cache-control: max-age=3600
content-encoding: br
content-type: text/html
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=0z7e3x15tv7j6njy2mmagj
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=0z7e3x15tv7j6njy2mmagj
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=0z7e3x15tv7j6njy2mmagj HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: e4495611cb8b4e77afac1de6ba5bc429
set-cookie: test_cooke_0z7e3x15tv7j6njy2mmagj=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Tue, 20 Dec 2022 15:59:15 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=dzwzutzfdrnklpkknw5a5s
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=dzwzutzfdrnklpkknw5a5s
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=dzwzutzfdrnklpkknw5a5s HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 52a5740702b24249b51c73b176f38fad
set-cookie: test_cooke_dzwzutzfdrnklpkknw5a5s=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Tue, 20 Dec 2022 15:59:15 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=0z7e3x15tv7j6njy2mmagj
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=0z7e3x15tv7j6njy2mmagj
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_get?testcookie=0z7e3x15tv7j6njy2mmagj HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://c4adbk4m41qwkxamst.com/
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: fba2ad0c9b7349caab350eb719c446fb
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Tue, 20 Dec 2022 15:59:15 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=dzwzutzfdrnklpkknw5a5s
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=dzwzutzfdrnklpkknw5a5s
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_get?testcookie=dzwzutzfdrnklpkknw5a5s HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://c4adbk4m41qwkxamst.com/
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: d80c1266816448308a184479edf2485e
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Tue, 20 Dec 2022 15:59:15 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=0z7e3x15tv7j6njy2mmagj
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=0z7e3x15tv7j6njy2mmagj
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash e5b21ef9d336c6fe5ab6050fb9ab9d1f
3ce3fe564d8af003fe58f2d082571e7cba1a217c
0fb430e2fdf26d7e3ee13660211ba451888eb9d8a6c1de1731a8fd1121418823
GET /multiauth/test_cookie_get?testcookie=0z7e3x15tv7j6njy2mmagj HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Cookie: test_cooke_0z7e3x15tv7j6njy2mmagj=1; test_cooke_dzwzutzfdrnklpkknw5a5s=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 0cec1577cb544d41b7c7765a41098e03
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Tue, 20 Dec 2022 15:59:15 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.globalsign.com/gsrsaovsslca2018
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp.globalsign.com/gsrsaovsslca2018
IP 104.18.21.226:0
Hash a528dcd662d14be41997cc9dfa522a1c
63fb24fa9bbcf11fdf844a124ba8f4215ab5c8cc
5b4eb853c21ec366a11b69e4c9aa70f7ccb61aa65993d6876efbefe975f99b23
POST /gsrsaovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 15:59:16 GMT
Content-Type: application/ocsp-response
Content-Length: 1432
Connection: keep-alive
Expires: Sat, 24 Dec 2022 14:21:25 GMT
ETag: "63fb24fa9bbcf11fdf844a124ba8f4215ab5c8cc"
Last-Modified: Tue, 20 Dec 2022 14:21:26 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1925
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77c9958e1baab50c-OSL
c4adbk4m41qwkxamst.com/api/v2/translations?locales[]=bn&domains[]=messages&fallback=1
3.73.127.68200 OK 776 kB URL HTTP/2 c4adbk4m41qwkxamst.com/api/v2/translations?locales[]=bn&domains[]=messages&fallback=1
IP 3.73.127.68:0
Size 776 kB (775620 bytes)
Hash 2807646b511b1a2744982174bf955486
98d4582a94491693395ea67a0c859cbac623a531
cc29730f7a5ffe0077e1e86683941a4b274ee879a712ab122b766ad405e87c25
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=bn&domains[]=messages&fallback=1 HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Connection: keep-alive
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551959.0.0.0; _ga=GA1.2.1497915956.1671551959; cid=1998118021; prid=most_partner.1998118021; pid=186259; sip=0; PHPSESSID=m58ohuhivjn042qjqlil960g0p; lunetics_locale=bn; tz=Europe%2FOslo; rst-uid=7010997051768963072; _gid=GA1.2.651430779.1671551959; _gaclientid=1497915956.1671551959; _gasessionid=20221220|02130263; _gahitid=1671551958905; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671551959540559322; _ym_d=1671551959; _fbp=fb.1.1671551959184.713097835; _ym_isad=2; _ym_visorc=b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:16 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"d5247f81f2c9c7272a01930c98fcd758"
x-request-id: 92c150b70e4dbcfe703321052527f00c
vary: Accept-Encoding, Accept-Language
expires: Tue, 20 Dec 2022 15:59:16 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
mostauthor.com/multiauth/ping
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://c4adbk4m41qwkxamst.com/
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 6f289ad9c309468187816f4fd84fe511
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Tue, 20 Dec 2022 15:59:15 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
adfstat.yandex.ru/metrica?id=610988002
87.250.250.145200 OK 15 B URL HTTP/1.1 adfstat.yandex.ru/metrica?id=610988002
IP 87.250.250.145:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 0c776997933eb60833b37beaf43814c8
bff63526eb02853c6b414ccfb4d00ac9ca283930
3d23d39a30bb7323f8ccfd64c52cf286138fba4f83e78f7edcf66703b7c23aaa
GET /metrica?id=610988002 HTTP/1.1
Host: adfstat.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mc.yandex.ru/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 15:59:16 GMT
Content-Type: application/json
Content-Length: 15
Connection: close
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=10, immutable
mostauthor.com/multiauth/ping
185.26.99.196401 Unauthorized 35 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 0d996c3fba12286419cc5490ecc262f2
8d763a6d6dc7b73504e259d6755a91215cc90a77
89ee31619ad837c48dfe0eeb3bd1e65d8c372d8b73c1f1e345c6dd91aca7f25f
GET /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Cookie: test_cooke_0z7e3x15tv7j6njy2mmagj=1; test_cooke_dzwzutzfdrnklpkknw5a5s=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 401 Unauthorized
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: f5ae522a00fb423bbb33e49001cec262
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 35
date: Tue, 20 Dec 2022 15:59:15 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 384a2b2f97397ee2741922068da5bdcd
256bcaf0f153a739623feb917ad1c8745b7a3651
541c129fcb8391e0516ad5f1ee19da5c060ce54cabedfdc7cb65d2af2b4410e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 95181902ad63c207f21a6e84780a7cf6
c7c93eab9ab4e7fdba0c874ce3b9336cd2356646
3fea1d64a4b16da52435b3a9766c1db7b11dcf7cd063add81c9d47427e24db83
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 95181902ad63c207f21a6e84780a7cf6
c7c93eab9ab4e7fdba0c874ce3b9336cd2356646
3fea1d64a4b16da52435b3a9766c1db7b11dcf7cd063add81c9d47427e24db83
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=1497915956.1671551959&jid=1521345648&uid=0&gjid=810817439&_gid=651430779.1671551959&_u=YADAAEABAAAAACAEK~&z=462002541
74.125.205.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=1497915956.1671551959&jid=1521345648&uid=0&gjid=810817439&_gid=651430779.1671551959&_u=YADAAEABAAAAACAEK~&z=462002541
IP 74.125.205.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=1497915956.1671551959&jid=1521345648&uid=0&gjid=810817439&_gid=651430779.1671551959&_u=YADAAEABAAAAACAEK~&z=462002541 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 20 Dec 2022 15:59:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=1497915956.1671551959&jid=2108437186&uid=0&gjid=1693352011&_gid=651430779.1671551959&_u=YADAAEAAAAAAACAEK~&z=10297134
74.125.205.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=1497915956.1671551959&jid=2108437186&uid=0&gjid=1693352011&_gid=651430779.1671551959&_u=YADAAEAAAAAAACAEK~&z=10297134
IP 74.125.205.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=1497915956.1671551959&jid=2108437186&uid=0&gjid=1693352011&_gid=651430779.1671551959&_u=YADAAEAAAAAAACAEK~&z=10297134 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 20 Dec 2022 15:59:16 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 384a2b2f97397ee2741922068da5bdcd
256bcaf0f153a739623feb917ad1c8745b7a3651
541c129fcb8391e0516ad5f1ee19da5c060ce54cabedfdc7cb65d2af2b4410e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9280942f48b6d8af0882ac1f9a684dae
1998f517eb03d75b98b81b8fcc3de69b57faaad9
43e916ba35470cee4a823db0332214b20948fedd09350f83aa0376d902a4926b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&hittoken=1671551955_e11f1eee089c3a16ea851d0dc60b217c207ad90f2e481723e83c846ebfe55d50&browser-info=pa%3A1%3Aar%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A452127416%3Arqn%3A3%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671551957557%3Aadb%3A2%3Ast%3A1671551959&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)mtb(96)rqnt(3)aw(1)pe(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_Agent%22%3A%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%5D%7D%7D
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&hittoken=1671551955_e11f1eee089c3a16ea851d0dc60b217c207ad90f2e481723e83c846ebfe55d50&browser-info=pa%3A1%3Aar%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A452127416%3Arqn%3A3%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671551957557%3Aadb%3A2%3Ast%3A1671551959&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)mtb(96)rqnt(3)aw(1)pe(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_Agent%22%3A%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%5D%7D%7D
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&hittoken=1671551955_e11f1eee089c3a16ea851d0dc60b217c207ad90f2e481723e83c846ebfe55d50&browser-info=pa%3A1%3Aar%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A452127416%3Arqn%3A3%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671551957557%3Aadb%3A2%3Ast%3A1671551959&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)mtb(96)rqnt(3)aw(1)pe(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_Agent%22%3A%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%5D%7D%7D HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 15:59:16 GMT
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 15:59:16 GMT
last-modified: Tue, 20-Dec-2022 15:59:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&hittoken=1671551955_e11f1eee089c3a16ea851d0dc60b217c207ad90f2e481723e83c846ebfe55d50&browser-info=pa%3A1%3Aar%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A281626510%3Arqn%3A2%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1671%2C1671%2C11%2C%3Aco%3A0%3Ans%3A1671551957557%3Aadb%3A2%3Ast%3A1671551959&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)mtb(96)rqnt(2)aw(1)pe(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_ID%22%3A%220%22%7D%7D
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&hittoken=1671551955_e11f1eee089c3a16ea851d0dc60b217c207ad90f2e481723e83c846ebfe55d50&browser-info=pa%3A1%3Aar%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A281626510%3Arqn%3A2%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1671%2C1671%2C11%2C%3Aco%3A0%3Ans%3A1671551957557%3Aadb%3A2%3Ast%3A1671551959&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)mtb(96)rqnt(2)aw(1)pe(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_ID%22%3A%220%22%7D%7D
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&hittoken=1671551955_e11f1eee089c3a16ea851d0dc60b217c207ad90f2e481723e83c846ebfe55d50&browser-info=pa%3A1%3Aar%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A281626510%3Arqn%3A2%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1671%2C1671%2C11%2C%3Aco%3A0%3Ans%3A1671551957557%3Aadb%3A2%3Ast%3A1671551959&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)mtb(96)rqnt(2)aw(1)pe(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_ID%22%3A%220%22%7D%7D HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 15:59:16 GMT
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 15:59:16 GMT
last-modified: Tue, 20-Dec-2022 15:59:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&hittoken=1671551955_e11f1eee089c3a16ea851d0dc60b217c207ad90f2e481723e83c846ebfe55d50&browser-info=pa%3A1%3Aar%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A576914489%3Arqn%3A5%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671551957557%3Aadb%3A2%3Ast%3A1671551959&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)mtb(96)rqnt(5)aw(1)pe(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Client_ID%22%3A%22undefined%22%7D%7D
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&hittoken=1671551955_e11f1eee089c3a16ea851d0dc60b217c207ad90f2e481723e83c846ebfe55d50&browser-info=pa%3A1%3Aar%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A576914489%3Arqn%3A5%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671551957557%3Aadb%3A2%3Ast%3A1671551959&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)mtb(96)rqnt(5)aw(1)pe(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Client_ID%22%3A%22undefined%22%7D%7D
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&hittoken=1671551955_e11f1eee089c3a16ea851d0dc60b217c207ad90f2e481723e83c846ebfe55d50&browser-info=pa%3A1%3Aar%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A576914489%3Arqn%3A5%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671551957557%3Aadb%3A2%3Ast%3A1671551959&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)mtb(96)rqnt(5)aw(1)pe(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Client_ID%22%3A%22undefined%22%7D%7D HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 15:59:16 GMT
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 15:59:16 GMT
last-modified: Tue, 20-Dec-2022 15:59:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&hittoken=1671551955_e11f1eee089c3a16ea851d0dc60b217c207ad90f2e481723e83c846ebfe55d50&browser-info=pa%3A1%3Aar%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A308063277%3Arqn%3A4%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671551957557%3Aadb%3A2%3Ast%3A1671551959&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)mtb(96)rqnt(4)aw(1)pe(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Referrer%22%3A%5B%22%22%5D%7D%7D
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&hittoken=1671551955_e11f1eee089c3a16ea851d0dc60b217c207ad90f2e481723e83c846ebfe55d50&browser-info=pa%3A1%3Aar%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A308063277%3Arqn%3A4%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671551957557%3Aadb%3A2%3Ast%3A1671551959&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)mtb(96)rqnt(4)aw(1)pe(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Referrer%22%3A%5B%22%22%5D%7D%7D
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&charset=utf-8&hittoken=1671551955_e11f1eee089c3a16ea851d0dc60b217c207ad90f2e481723e83c846ebfe55d50&browser-info=pa%3A1%3Aar%3A1%3Avf%3Asm0eap24hzlr84c06srfr%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A951%3Acn%3A1%3Adp%3A0%3Als%3A913809328059%3Ahid%3A610988002%3Az%3A0%3Ai%3A20221220155919%3Aet%3A1671551959%3Ac%3A1%3Arn%3A308063277%3Arqn%3A4%3Au%3A1671551959540559322%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671551957557%3Aadb%3A2%3Ast%3A1671551959&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)mtb(96)rqnt(4)aw(1)pe(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Referrer%22%3A%5B%22%22%5D%7D%7D HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 20 Dec 2022 15:59:16 GMT
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 20-Dec-2022 15:59:16 GMT
last-modified: Tue, 20-Dec-2022 15:59:16 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9d5518b05926e5fc608ad00c4abf3e01
273178a68589773d7c28a2360e64685937a5caa6
c0401c937edee3f05e3e41ab2b09af061962bcfa8471f2d0a0d91c3fe732843d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 9a9af2118010ae661f610ae8da3ee787
bf78736bd82ac18bc4bc3f353704e7a3ef157e0d
70d83ac09464b9b81cca5c4673bb0aea7d2bb9837353391af1f62a83c0ec1485
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Tue, 20 Dec 2022 15:59:16 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Mon, 19 Dec 2022 20:15:46 GMT
Expires: Tue, 20 Dec 2022 20:15:46 GMT
ETag: "bf78736bd82ac18bc4bc3f353704e7a3ef157e0d"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
code.jivosite.com/widget/3bcOoG4MqH
92.223.126.57200 OK 5.9 kB URL HTTP/2 code.jivosite.com/widget/3bcOoG4MqH
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (17132), with no line terminators
Hash 4ed53ed60dda87c7abf086e975902e89
deb873d181986c70c9a14847d95e6e138b2961e7
ce6183de5dc076e11536a3416e73bcd953c4d3978a76279a83bb37206f032e32
GET /widget/3bcOoG4MqH HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:16 GMT
content-type: application/javascript
content-length: 5938
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: br
etag: "63a04995-1732"
expires: Tue, 20 Dec 2022 14:51:35 GMT
last-modified: Mon, 19 Dec 2022 11:23:01 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-20T14:52:00+00:00
x-id: am3-up-gc94
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 0dc23a845daadd984dd46924d80efb81
8b6ac466ee633c3a3a2eff65bd60dcb6097e5c75
3f3ebc1214709374a862beef3041aec51861f5fa7377f12710853bf31c772c58
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10232
Expires: Tue, 20 Dec 2022 18:49:48 GMT
Date: Tue, 20 Dec 2022 15:59:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10232
Expires: Tue, 20 Dec 2022 18:49:48 GMT
Date: Tue, 20 Dec 2022 15:59:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10232
Expires: Tue, 20 Dec 2022 18:49:48 GMT
Date: Tue, 20 Dec 2022 15:59:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10232
Expires: Tue, 20 Dec 2022 18:49:48 GMT
Date: Tue, 20 Dec 2022 15:59:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 746409a88b1342fe7b570306c302c71e
e08a7bf55e08a498f2eed6a35b90107fc0bdb303
9352308fd047bafceddfaf2a9a6eab650593f16ff5632330a4bf745750704650
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9352308FD047BAFCEDDFAF2A9A6EAB650593F16FF5632330A4BF745750704650"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10232
Expires: Tue, 20 Dec 2022 18:49:48 GMT
Date: Tue, 20 Dec 2022 15:59:16 GMT
Connection: keep-alive
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Dec 2022 19:33:56 GMT
expires: Thu, 14 Dec 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 505520
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg
34.120.237.76200 OK 8.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c7ac0b5738bab6b4ed770c26ca922250
e56fd4ee2f5354a54a6271db2be528f98eecd3d7
5997d5be6bbeb189ef08af2f6c6dd5bb0cfa70ad7b40daab8712efe5adc2c6e1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d762722-a130-4c65-99b1-2f6fb91155e5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8450
x-amzn-requestid: a9f11c68-8327-46ba-9075-e316a2f9fdbb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dabr3FoSIAMFdtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0d97e-61b788f5675fe0e815e1e967;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 21:37:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: _nupdrdRDG-S085FRNoJgzDQVg9Ngb_nYDR5C1AkkterWy8vlXBxGw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 ac463f3377446e4c603deca30feb744a.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 21:45:54 GMT
age: 65602
etag: "e56fd4ee2f5354a54a6271db2be528f98eecd3d7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2f35059-99cc-477d-9e68-c3a035d125df.jpeg
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2f35059-99cc-477d-9e68-c3a035d125df.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bba7c67bdc57d1fe2870ebd4ee9fd5c9
127850560e258665ca8074757c1b66f680d2bd78
9edd765e65644edfe4221352225cb89ebe98fa451d9528b8b614d594a20e100d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb2f35059-99cc-477d-9e68-c3a035d125df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9265
x-amzn-requestid: d84f905b-7faf-409a-b188-4b8cf06b9e4f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: da4KJGx9oAMFrQg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a1070d-43152d9651bcb4a15ffe1cfa;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 00:51:25 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: uGYoskcC2ev3JFxsBZGglmBiCCWmjo5Xg2zqe5925zArdzRk5QtuTQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 c5c7edc18be1805f007e0576da02e554.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 01:14:29 GMT
etag: "127850560e258665ca8074757c1b66f680d2bd78"
content-type: image/jpeg
age: 53087
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e977b0b-6e7d-42dd-9743-5064708ab1e0.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e977b0b-6e7d-42dd-9743-5064708ab1e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b5da803c751be159f0f5b3c2f65bd2b6
39139480cfc2ed0781b51745bfaabed4490aa0db
920ee464843101c638327866fbfcc9c7f00fc19b7cdbc8948fbe53d2b6fb4ed3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1e977b0b-6e7d-42dd-9743-5064708ab1e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7876
x-amzn-requestid: 668c95f2-a1b1-4abd-9f4e-23d05c4998a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: da270EFlIAMFR5A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a10518-56d6db4f4cff1b4e08b87046;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 00:43:04 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: U9cES2VDr79vF5gBfhG-5ZyHa8WVqEti4ZGHsBerkxIkeSWsPhC-jA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 ea699166e6ec77aa410ff505b0a8ce18.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 01:06:15 GMT
age: 53581
etag: "39139480cfc2ed0781b51745bfaabed4490aa0db"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bfd0e913579b4ff2f511223d70cb01fb
497e0ffef816e100e6ddc221ec17d5f389c1142a
bee68ae1a938a5111a32dab4ec4f6964994e6c39143eac9ab94d6c5e29999372
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2ded193-0301-4ad3-a888-72c52212ad95.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5185
x-amzn-requestid: 3087af97-3f2d-4848-b297-eba8d84f10c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dT10YHv8oAMF2sg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639e3682-7527022d4bd9c15518fe75cc;Sampled=0
x-amzn-remapped-date: Sat, 17 Dec 2022 21:37:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: _WKAnv-iFrsEA9lFq4adBmRVdSk9-FQVF_cFCDhpM1_LMDdt_vPwhQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 21:39:07 GMT
age: 66009
etag: "497e0ffef816e100e6ddc221ec17d5f389c1142a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7b99ff1-3a90-4792-98d7-d8a29855c0b3.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7b99ff1-3a90-4792-98d7-d8a29855c0b3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 49a98c00b1949e152b5f31c588a76a63
1315068dfd111f24e39d14434c719ef10328bfbf
6f67099495261e1114eeca46d2afd3c0bc6921fbc20a6e3e78c4af5d1c9edbc2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe7b99ff1-3a90-4792-98d7-d8a29855c0b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9593
x-amzn-requestid: 3a50abdf-4974-4f53-bdc6-5c15a84fea65
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: da6rNHYQoAMFdzg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a10b14-40a012f068ef226f07b54875;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 01:08:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: vr3KPzYtoXK8ovd6YeEi1sRG-q4ukS9YoGtJeT44Wu5E-yvDTfP5Fg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 3236f234d59c0fda99b416088c283260.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 01:28:13 GMT
age: 52263
etag: "1315068dfd111f24e39d14434c719ef10328bfbf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82b028aa-d0e3-4082-a385-1385bc5c6e06.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82b028aa-d0e3-4082-a385-1385bc5c6e06.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 045f016fb66e6e0d1da1fb742d9b19a7
8f98bf2cedfccfce71464a733e2fd37482fd71c2
593cf38d1c2c315ff23fcda60e41141caa0266874f36a0c517554ca01ea51f12
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82b028aa-d0e3-4082-a385-1385bc5c6e06.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9216
x-amzn-requestid: 460a95bf-5724-4bea-b6c1-f6ce263da5e7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dabq8FXboAMFwCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0d979-70340469247cdcf952a98c3e;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 21:36:57 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: utr-CdnBX5-MjBHX3PW6rdC06JzmIvfrj9FOrQtOUDd91_Fo4wVzGg==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 a3b5bb90516201e5ddd137696b7b0f50.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 21:45:55 GMT
age: 65601
etag: "8f98bf2cedfccfce71464a733e2fd37482fd71c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
node-sber1-az1-6.jivosite.com/widget/status/561276/3bcOoG4MqH?rnd=0.00390922388582382
188.72.107.240200 OK 3.3 kB URL HTTP/2 node-sber1-az1-6.jivosite.com/widget/status/561276/3bcOoG4MqH?rnd=0.00390922388582382
IP 188.72.107.240:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (2811), with no line terminators
Hash 867515c51676b09e26f5ff836b9dd383
b8093e4429331f4c9b886fa2b856ef123c6ce921
79ae24bf7be8889f3b6018d2155fb23bef37c9c38561a7d632b58ee2de34e446
GET /widget/status/561276/3bcOoG4MqH?rnd=0.00390922388582382 HTTP/1.1
Host: node-sber1-az1-6.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-max-age: 1728000
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: X-Geoip, X-Botmode
cache-control: no-cache, no-store, must-revalidate
content-security-policy: frame-ancestors 'none';
content-type: application/json; charset=utf-8
pragma: no-cache
server: foxy/2.0.1
x-botmode: no
x-frame-options: DENY
x-geoip: NO;03;Oslo (Alna District)
content-length: 3317
date: Tue, 20 Dec 2022 15:59:17 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash be7309a6dfa8db252ac8fd6073aac94c
38033b2600be25b208ab0eef5bc88eba0f6f50aa
28592dab98ba5b84b973c7db59360406a6490b505bf1c6dd4f1b54dabf509622
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash be7309a6dfa8db252ac8fd6073aac94c
38033b2600be25b208ab0eef5bc88eba0f6f50aa
28592dab98ba5b84b973c7db59360406a6490b505bf1c6dd4f1b54dabf509622
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=1497915956.1671551959&jid=1521345648&_u=YADAAEABAAAAACAEK~&z=999295989
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=1497915956.1671551959&jid=1521345648&_u=YADAAEABAAAAACAEK~&z=999295989
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=1497915956.1671551959&jid=1521345648&_u=YADAAEABAAAAACAEK~&z=999295989 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 20 Dec 2022 15:59:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=1497915956.1671551959&jid=2108437186&_u=YADAAEAAAAAAACAEK~&z=1089800287
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=1497915956.1671551959&jid=2108437186&_u=YADAAEAAAAAAACAEK~&z=1089800287
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=1497915956.1671551959&jid=2108437186&_u=YADAAEAAAAAAACAEK~&z=1089800287 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Tue, 20 Dec 2022 15:59:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash be7309a6dfa8db252ac8fd6073aac94c
38033b2600be25b208ab0eef5bc88eba0f6f50aa
28592dab98ba5b84b973c7db59360406a6490b505bf1c6dd4f1b54dabf509622
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 20 Dec 2022 15:59:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.227200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Dec 2022 07:08:09 GMT
expires: Sat, 16 Dec 2023 07:08:09 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
age: 377468
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/auth/providers
3.73.127.68200 OK 16 kB URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/auth/providers
IP 3.73.127.68:0
Hash 3f94fd30d87cd50f9c513498f30662c4
e466fb71a0da41ec649e221cac3b36a7153b0e2c
4995ae1073dba2ce716b59d7443567be9b7785793ecdf48f37bab3ee833f3a3a
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/auth/providers HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551959.0.0.0; _ga=GA1.2.1497915956.1671551959; cid=1998118021; prid=most_partner.1998118021; pid=186259; sip=0; PHPSESSID=m58ohuhivjn042qjqlil960g0p; lunetics_locale=bn; tz=Europe%2FOslo; rst-uid=7010997051768963072; _gid=GA1.2.651430779.1671551959; _gaclientid=1497915956.1671551959; _gasessionid=20221220|02130263; _gahitid=1671551958905; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671551959540559322; _ym_d=1671551959; _fbp=fb.1.1671551959184.713097835; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:17 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 824a70d2db54274145f55c4145deb3cd
vary: Accept-Encoding, Accept-Language
expires: Tue, 20 Dec 2022 15:59:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/currencies.json
3.73.127.68200 OK 893 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/currencies.json
IP 3.73.127.68:0
Hash 5f166eb824525fd6498eb6f011b4f9e9
2277f4752dab7f2745b1c3ec3d703e2af5bc410a
fc275c7957a16e0792210cbcbc3a3f31071534df693544cf5dbda28bc38bf5a1
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currencies.json HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551959.0.0.0; _ga=GA1.2.1497915956.1671551959; cid=1998118021; prid=most_partner.1998118021; pid=186259; sip=0; PHPSESSID=m58ohuhivjn042qjqlil960g0p; lunetics_locale=bn; tz=Europe%2FOslo; rst-uid=7010997051768963072; _gid=GA1.2.651430779.1671551959; _gaclientid=1497915956.1671551959; _gasessionid=20221220|02130263; _gahitid=1671551958905; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671551959540559322; _ym_d=1671551959; _fbp=fb.1.1671551959184.713097835; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:17 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"57f7d77bcb8a4fd24d8998583bfd2da5"
x-request-id: ad97295d9e44690b7c82501437b85eab
vary: Accept-Encoding, Accept-Language
expires: Tue, 20 Dec 2022 15:59:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15340, version 1.0\012- data
Hash 19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Dec 2022 04:50:10 GMT
expires: Thu, 14 Dec 2023 04:50:10 GMT
cache-control: public, max-age=31536000
age: 558547
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Dec 2022 16:40:43 GMT
expires: Fri, 15 Dec 2023 16:40:43 GMT
cache-control: public, max-age=31536000
age: 429514
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/favicon.png
3.73.127.68200 OK 2.8 kB URL HTTP/2 c4adbk4m41qwkxamst.com/favicon.png
IP 3.73.127.68:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash f8cbfde8f3484f7a5f02189742f0f110
3eb0cec3e65d6cb0cc2744b5fa57ded1afb6e4d4
70504d4dc047aeac702b31e9290e9f5553e901d07d3844269cd966042988159a
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.png HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551959.0.0.0; _ga=GA1.2.1497915956.1671551959; cid=1998118021; prid=most_partner.1998118021; pid=186259; sip=0; PHPSESSID=m58ohuhivjn042qjqlil960g0p; lunetics_locale=bn; tz=Europe%2FOslo; rst-uid=7010997051768963072; _gid=GA1.2.651430779.1671551959; _gaclientid=1497915956.1671551959; _gasessionid=20221220|02130263; _gahitid=1671551958905; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671551959540559322; _ym_d=1671551959; _fbp=fb.1.1671551959184.713097835; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:18 GMT
content-type: image/png
content-length: 2810
last-modified: Mon, 19 Dec 2022 15:44:43 GMT
etag: "63a086eb-afa"
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c833b718e42d116288621b045549895e
10f8ecd3ad76a2135e9ef59d41e0390e6bb58d97
0641f930ea19fd67169ac6f07126bce394c5402224e7b8f83dec20a83a695b59
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0641F930EA19FD67169AC6F07126BCE394C5402224E7B8F83DEC20A83A695B59"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4720
Expires: Tue, 20 Dec 2022 17:18:01 GMT
Date: Tue, 20 Dec 2022 15:59:21 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c833b718e42d116288621b045549895e
10f8ecd3ad76a2135e9ef59d41e0390e6bb58d97
0641f930ea19fd67169ac6f07126bce394c5402224e7b8f83dec20a83a695b59
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0641F930EA19FD67169AC6F07126BCE394C5402224E7B8F83DEC20A83A695B59"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4720
Expires: Tue, 20 Dec 2022 17:18:01 GMT
Date: Tue, 20 Dec 2022 15:59:21 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash f2c02efb7ccc853bb0da3cf4486b969e
6ec41b33b2e73c1d3a9a5d550553cbcddcee4a7a
0e475cfe86a1cb74372eb0f70f2e336e7c669b554804868b8b1510a68446dca2
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 20 Dec 2022 15:59:22 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sat, 24 Dec 2022 13:19:27 GMT
ETag: "6ec41b33b2e73c1d3a9a5d550553cbcddcee4a7a"
Last-Modified: Tue, 20 Dec 2022 13:19:28 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3028
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77c995b419a0b505-OSL
code.jivo.ru/js/bundle_ru_RU.js?rand=1671452957
92.223.124.24200 OK 312 kB URL HTTP/2 code.jivo.ru/js/bundle_ru_RU.js?rand=1671452957
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type Unicode text, UTF-8 text, with very long lines (61072), with no line terminators
Size 312 kB (311868 bytes)
Hash 913b4b2623f54a943566465f42ba401a
cac41c82a0675da861adba6de1835230833d94d7
83a5f3fe3390271c11826d46057477d78fd96444186b16597b7e5d644db2d621
GET /js/bundle_ru_RU.js?rand=1671452957 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:22 GMT
content-type: application/javascript
content-length: 311868
access-control-allow-origin: *
cache-control: max-age=86400
content-encoding: br
etag: "63a049f1-4c23c"
last-modified: Mon, 19 Dec 2022 11:24:33 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-20T12:29:04+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/css/1ee7aca/widget.css
92.223.124.24200 OK 55 kB URL HTTP/2 code.jivo.ru/css/1ee7aca/widget.css
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 2a8c7b6821e589309e1a689f95d9ca0e
0a2cf97f65c48500d66f1a6c2034310a6b39798a
c3d96df0e3dd4d4c16011d37e6bc20b823905c6be10a06f780ed36abb9131176
GET /css/1ee7aca/widget.css HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:22 GMT
content-type: text/css
content-length: 54730
cache-control: max-age=864000
content-encoding: br
etag: "63a049d9-d5ca"
expires: Fri, 30 Dec 2022 12:33:01 GMT
last-modified: Mon, 19 Dec 2022 11:24:09 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-20T12:33:02+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/css/1ee7aca/omnichannelMenu.widget.css
92.223.124.24200 OK 947 B URL HTTP/2 code.jivo.ru/css/1ee7aca/omnichannelMenu.widget.css
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (3072), with no line terminators
Hash 05f6b83c60b8c8d00aefba61015fe4bc
2986e6a7bf8ed66185dee5158e19e5bea68dbc8a
6ed475e8933e6af121f7abcea690a1ba8b0a92e4586af95864d05b5e5fec3a55
GET /css/1ee7aca/omnichannelMenu.widget.css HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:23 GMT
content-type: text/css
content-length: 947
cache-control: max-age=864000
content-encoding: gzip
etag: "63a049d9-3b3"
expires: Fri, 30 Dec 2022 12:29:56 GMT
last-modified: Mon, 19 Dec 2022 11:24:09 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-20T12:29:56+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/js/1ee7aca/omnichannelMenu.js
92.223.124.24200 OK 3.1 kB URL HTTP/2 code.jivo.ru/js/1ee7aca/omnichannelMenu.js
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (11729), with no line terminators
Hash 47f92d2acf0837b5a7a4924f151584e1
ddf7ff3f1d91759498d3ec47a95f8c195cbf48bb
7e6c06dabd582d75c198523608dac639056177c9f2f09ab84d2964b3a3ba57d3
GET /js/1ee7aca/omnichannelMenu.js HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:23 GMT
content-type: application/javascript
content-length: 3110
access-control-allow-origin: *
cache-control: max-age=86400
content-encoding: br
etag: "63a049d9-c26"
last-modified: Mon, 19 Dec 2022 11:24:09 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-20T12:32:16+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/sounds/agent_message.mp3
92.223.124.24206 Partial Content 3.8 kB URL HTTP/2 code.jivo.ru/sounds/agent_message.mp3
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Hash 8e9a165c4cb185ffd0b2658fa088e43b
195873e5e8bbb2f5ecc32d95f90d6fb75817a649
ff81aad05612f90cf97c238f219765884e5cbf49351d8dc96a4a063c598c3f43
GET /sounds/agent_message.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Tue, 20 Dec 2022 15:59:23 GMT
content-type: audio/mpeg
content-length: 3760
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "63a04962-eb0"
expires: Thu, 19 Jan 2023 12:30:53 GMT
last-modified: Mon, 19 Dec 2022 11:22:10 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-20T12:30:53+00:00
x-id: fr5-up-gc15
content-range: bytes 0-3759/3760
X-Firefox-Spdy: h2
code.jivo.ru/sounds/notification.mp3
92.223.124.24206 Partial Content 5.8 kB URL HTTP/2 code.jivo.ru/sounds/notification.mp3
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash 9aa341af370c4e59155717260ba0f282
0c1216ecead8d1409557c843d96202c063f3f252
1112436abea08c851302bba4d4e37a27e25e5ec26b20474667a3369d41154bab
GET /sounds/notification.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Tue, 20 Dec 2022 15:59:23 GMT
content-type: audio/mpeg
content-length: 5808
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "63a04962-16b0"
expires: Thu, 19 Jan 2023 12:33:09 GMT
last-modified: Mon, 19 Dec 2022 11:22:10 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-20T12:33:09+00:00
x-id: fr5-up-gc15
content-range: bytes 0-5807/5808
X-Firefox-Spdy: h2
code.jivo.ru/sounds/outgoing_message.mp3
92.223.124.24206 Partial Content 5.0 kB URL HTTP/2 code.jivo.ru/sounds/outgoing_message.mp3
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Hash 7bf3e4962a5ecf1f8cbcc2ff3428f531
f75c694461a643d2e096ae8d0f6c1a9d19602eee
d44244617bf21df7a137694fa762d5cab3b82cb9fae8f33de5917977b02b2a11
GET /sounds/outgoing_message.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Tue, 20 Dec 2022 15:59:23 GMT
content-type: audio/mpeg
content-length: 5014
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "63a04962-1396"
expires: Thu, 19 Jan 2023 12:29:33 GMT
last-modified: Mon, 19 Dec 2022 11:22:10 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-20T12:29:33+00:00
x-id: fr5-up-gc15
content-range: bytes 0-5013/5014
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff347c084-6390-44ad-bc9f-386638feccf3.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff347c084-6390-44ad-bc9f-386638feccf3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 42198886593c55b1ced896711cf7e9e7
376a27f2ac0455a961ff6db195af04ac226bed25
fc25aab43d42aae8794b2a4deebc9ae74d2e974125f8c0a43cc22adbb6fc5dad
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff347c084-6390-44ad-bc9f-386638feccf3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 12146
x-amzn-requestid: 47b7682c-6442-468a-b8a7-1835f72cf5ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dYbuzEHkoAMFhXQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a00cc4-7a217e2f45edc30e1ea08187;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 07:03:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1pWLX3AeS7V6RqgUZunNGVWJPIf0Ow0BKlana-KGtuDH9tpdSfL1OQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 05:09:39 GMT
age: 38984
etag: "376a27f2ac0455a961ff6db195af04ac226bed25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 6f02dad06d21cf0f433ab0d21fe4d89a
c41ba480aa20f5036135626ed28faee1905458a4
76582c049c2eb1882e19f0f83caee545abeebe347702bd415eb44af4e4e6239b
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 913
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Tue, 20 Dec 2022 15:59:23 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7010997051768963072; Domain=.rockmostbet.com; Path=/; Expires=Thu, 18 Dec 2025 18:26:18 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 2
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/currency-specific-settings/RUB.json
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/currency-specific-settings/RUB.json
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currency-specific-settings/RUB.json HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551959.0.0.0; _ga=GA1.2.1497915956.1671551959; cid=1998118021; prid=most_partner.1998118021; pid=186259; sip=0; PHPSESSID=m58ohuhivjn042qjqlil960g0p; lunetics_locale=bn; tz=Europe%2FOslo; rst-uid=7010997051768963072; _gid=GA1.2.651430779.1671551959; _gaclientid=1497915956.1671551959; _gasessionid=20221220|02130263; _gahitid=1671551958905; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671551959540559322; _ym_d=1671551959; _fbp=fb.1.1671551959184.713097835; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:16 GMT
content-type: application/json
cache-control: max-age=3600, private
etag: W/"280a952a362a82095d1a79d423866721"
x-request-id: 027e7ffa7d5f15be1bae5e6f9c51a332
vary: Accept-Encoding, Accept-Language
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&prev_url=&lang=en&uli=false
34.117.30.199200 OK 0 B URL HTTP/2 webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&prev_url=&lang=en&uli=false
IP 34.117.30.199:0
GET /customer/799213038/campaigns?url=https:%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1998118021%26pid%3D186259%26sip%3D0&prev_url=&lang=en&uli=false HTTP/1.1
Host: webchannel-content.eservice.emarsys.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 15:59:21 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: *
content-type: application/json
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/logo
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/logo
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/logo HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551958.0.0.0; _ga=GA1.1.1497915956.1671551959; cid=1998118021; prid=most_partner.1998118021; pid=186259; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:15 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"9687b0680da4998a35aa6ed4dda7acec"
x-request-id: fc9a8cb8fb12a08aa2daba24e99f114b
vary: Accept-Encoding, Accept-Language
expires: Tue, 20 Dec 2022 15:59:15 GMT
set-cookie: PHPSESSID=m58ohuhivjn042qjqlil960g0p; expires=Thu, 19-Jan-2023 15:59:15 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=bn; expires=Wed, 21-Dec-2022 15:59:15 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Tue, 27-Dec-2022 15:59:15 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/websocket/credentials
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/websocket/credentials
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/websocket/credentials HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551958.0.0.0; _ga=GA1.1.1497915956.1671551959
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:15 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 32c21919007532df36ada2477e1a5a00
vary: Accept-Encoding, Accept-Language
expires: Tue, 20 Dec 2022 15:59:15 GMT
set-cookie: PHPSESSID=qekdblt7nggk4hiiqgnrd1k5v2; expires=Thu, 19-Jan-2023 15:59:15 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=bn; expires=Wed, 21-Dec-2022 15:59:15 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Tue, 27-Dec-2022 15:59:15 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/countries.json
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/countries.json
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/countries.json HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551958.0.0.0; _ga=GA1.1.1497915956.1671551959; cid=1998118021; prid=most_partner.1998118021; pid=186259; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:15 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"78582a9e33c6ad6d6380d40d30aa817b"
x-request-id: 59216616e9d030535fe1539f1bef0c18
vary: Accept-Encoding, Accept-Language
expires: Tue, 20 Dec 2022 15:59:15 GMT
set-cookie: PHPSESSID=troc8hcdnf0c31fl2o4tdi051k; expires=Thu, 19-Jan-2023 15:59:15 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=bn; expires=Wed, 21-Dec-2022 15:59:15 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Tue, 27-Dec-2022 15:59:15 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
code.jivosite.com/script/widget/config/3bcOoG4MqH
92.223.126.57200 OK 0 B URL HTTP/2 code.jivosite.com/script/widget/config/3bcOoG4MqH
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
GET /script/widget/config/3bcOoG4MqH HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:16 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: gzip
expires: Tue, 20 Dec 2022 17:06:40 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-20T15:06:41+00:00
x-id: am3-up-gc94
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v2/translations?locales[]=bn&domains[]=promo&domains[]=validators&fallback=1
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v2/translations?locales[]=bn&domains[]=promo&domains[]=validators&fallback=1
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=bn&domains[]=promo&domains[]=validators&fallback=1 HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Connection: keep-alive
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551959.0.0.0; _ga=GA1.2.1497915956.1671551959; cid=1998118021; prid=most_partner.1998118021; pid=186259; sip=0; PHPSESSID=m58ohuhivjn042qjqlil960g0p; lunetics_locale=bn; tz=Europe%2FOslo; rst-uid=7010997051768963072; _gid=GA1.2.651430779.1671551959; _gaclientid=1497915956.1671551959; _gasessionid=20221220|02130263; _gahitid=1671551958905; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671551959540559322; _ym_d=1671551959; _fbp=fb.1.1671551959184.713097835; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:16 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"2b205d11930452350258bd9a7bad1423"
x-request-id: f3885c370c84b263dfc3265e373ae5e1
vary: Accept-Encoding, Accept-Language
expires: Tue, 20 Dec 2022 15:59:16 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1049/static/js/main.09c48c9b.chunk.js
172.67.160.69200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1049/static/js/main.09c48c9b.chunk.js
IP 172.67.160.69:0
GET /spa-static/1.4.1049/static/js/main.09c48c9b.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 20 Dec 2022 15:59:14 GMT
content-type: application/javascript
last-modified: Mon, 19 Dec 2022 15:51:25 GMT
vary: Accept-Encoding
etag: W/"63a0887d-5ca3d"
expires: Tue, 20 Dec 2022 16:37:16 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 12118
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S40KEhOACHt3uPez9TZ6ZMVMUCsK4HuWo1iKYchmPvkP62jm1PZKtzDfeQGkbBEZDhn6%2Bbnkw1iu%2Fhtjj6TiK3BzdnfYZuQvM4dWR9SFYcFPOmG2hjSHjj44GEfRNytevdOl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77c99585fb69b4f9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/favicon.ico
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/favicon.ico
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551958.0.0.0; _ga=GA1.1.1497915956.1671551959
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:15 GMT
content-type: image/x-icon
last-modified: Mon, 19 Dec 2022 15:44:43 GMT
vary: Accept-Encoding
etag: W/"63a086eb-1536"
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/recaptcha__en.js
216.58.211.3200 OK 0 B URL HTTP/2 www.gstatic.com/recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/recaptcha__en.js
IP 216.58.211.3:0
GET /recaptcha/releases/5qcenVbrhOy8zihcc2aHOWD4/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 164706
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 19 Dec 2022 15:07:57 GMT
expires: Tue, 19 Dec 2023 15:07:57 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 15 Dec 2022 05:24:10 GMT
content-type: text/javascript
age: 89479
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/settings
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/settings
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/settings HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551958.0.0.0; _ga=GA1.1.1497915956.1671551959
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:15 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: c82c75d279b05b1f9554d7f864bb2f4d
vary: Accept-Encoding, Accept-Language
expires: Tue, 20 Dec 2022 15:59:15 GMT
set-cookie: PHPSESSID=i30fs5djft609k3uchkvb0t6ie; expires=Thu, 19-Jan-2023 15:59:15 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=bn; expires=Wed, 21-Dec-2022 15:59:15 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Tue, 27-Dec-2022 15:59:15 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/logo
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/logo
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/logo HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551959.0.0.0; _ga=GA1.2.1497915956.1671551959; cid=1998118021; prid=most_partner.1998118021; pid=186259; sip=0; PHPSESSID=m58ohuhivjn042qjqlil960g0p; lunetics_locale=bn; tz=Europe%2FOslo; rst-uid=7010997051768963072; _gid=GA1.2.651430779.1671551959; _gaclientid=1497915956.1671551959; _gasessionid=20221220|02130263; _gahitid=1671551958905; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671551959540559322; _ym_d=1671551959; _fbp=fb.1.1671551959184.713097835; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"9687b0680da4998a35aa6ed4dda7acec"
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:16 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"9687b0680da4998a35aa6ed4dda7acec"
x-request-id: 2eed7578d86ee07122c5a7a6200130e0
vary: Accept-Encoding, Accept-Language
expires: Tue, 20 Dec 2022 15:59:15 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese
IP 142.250.74.106:0
GET /css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://front.cdn-mb.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 20 Dec 2022 15:59:16 GMT
date: Tue, 20 Dec 2022 15:59:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/casino-reg?cid=1998118021&pid=186259&sip=0 HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:14 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/currency-specific-settings/BDT.json
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/currency-specific-settings/BDT.json
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currency-specific-settings/BDT.json HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551959.0.0.0; _ga=GA1.2.1497915956.1671551959; cid=1998118021; prid=most_partner.1998118021; pid=186259; sip=0; PHPSESSID=m58ohuhivjn042qjqlil960g0p; lunetics_locale=bn; tz=Europe%2FOslo; rst-uid=7010997051768963072; _gid=GA1.2.651430779.1671551959; _gaclientid=1497915956.1671551959; _gasessionid=20221220|02130263; _gahitid=1671551958905; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671551959540559322; _ym_d=1671551959; _fbp=fb.1.1671551959184.713097835; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:15 GMT
content-type: application/json
cache-control: max-age=3600, private
etag: W/"f62f3a14a21eec1626541cbc2e78a9c1"
x-request-id: 697e92c24979cd715eb3d235c4360a16
vary: Accept-Encoding, Accept-Language
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/footer_links
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/footer_links
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/footer_links HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1049
x-client-session: iii0fiwk5eeycr7mi6en
x-client-device-id: gaqd9a4s2mkq8fd0nxsn
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1998118021&pid=186259&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671551958.1.0.1671551959.0.0.0; _ga=GA1.2.1497915956.1671551959; cid=1998118021; prid=most_partner.1998118021; pid=186259; sip=0; PHPSESSID=m58ohuhivjn042qjqlil960g0p; lunetics_locale=bn; tz=Europe%2FOslo; rst-uid=7010997051768963072; _gid=GA1.2.651430779.1671551959; _gaclientid=1497915956.1671551959; _gasessionid=20221220|02130263; _gahitid=1671551958905; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671551959540559322; _ym_d=1671551959; _fbp=fb.1.1671551959184.713097835; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 20 Dec 2022 15:59:16 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 0fe54bbfcaec34672321912806b1f68c
vary: Accept-Encoding, Accept-Language
expires: Tue, 20 Dec 2022 15:59:16 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2