e35r3i92lj7qmst.com/Fh5s?sub1=478588&sub2=136
3.74.215.203301 Moved Permanently 0 B URL HTTP/1.1 e35r3i92lj7qmst.com/Fh5s?sub1=478588&sub2=136
IP 3.74.215.203:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Fh5s?sub1=478588&sub2=136 HTTP/1.1
Host: e35r3i92lj7qmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
content-length: 0
location: https://e35r3i92lj7qmst.com/Fh5s?sub1=478588&sub2=136
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 035772439731bbe3992c865f68e4b977
53fe2d0f678772b6b3e935aaca4d1ef82767e48f
9880ae6537e30af38e8d7ed612a5a44a54037d86686c63ef7eeebcc62cbda05f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9880AE6537E30AF38E8D7ED612A5A44A54037D86686C63EF7EEEBCC62CBDA05F"
Last-Modified: Sat, 01 Apr 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13949
Expires: Sat, 01 Apr 2023 21:13:12 GMT
Date: Sat, 01 Apr 2023 17:20:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b3c6ad41618caef9613685a8f786def7
ce6e1256460e0d28da63f797e14a77c1477d0779
ce87c093a66e4a2adfba7794f5db0428a0986b7e74690b773cbd7708ccca3f0e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CE87C093A66E4A2ADFBA7794F5DB0428A0986B7E74690B773CBD7708CCCA3F0E"
Last-Modified: Sat, 01 Apr 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7415
Expires: Sat, 01 Apr 2023 19:24:18 GMT
Date: Sat, 01 Apr 2023 17:20:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ed282214b024a7895d90e229e92bb1cc
1f447aa59287ce2b45860a1a909d005a41305f77
a35ae9f89cbc77ed5fe849acdc2701592799c335f2674776d69c25bca0a00c2e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Type, Alert, Retry-After, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 01 Apr 2023 16:28:29 GMT
content-type: application/json
age: 3134
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 374c9e295a804e605c402f48ae7e2446
967394b36ecdff2dd32842f878887f061024c6b3
7652dfcb9e2d620ce1d033be8ecc53166d2881154c15decd60899415e5ac2706
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7652DFCB9E2D620CE1D033BE8ECC53166D2881154C15DECD60899415E5AC2706"
Last-Modified: Thu, 30 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10556
Expires: Sat, 01 Apr 2023 20:16:39 GMT
Date: Sat, 01 Apr 2023 17:20:43 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: jai55EmoYz6BAKkSBzvOs8Ob42ungyGCNfWkihiQhaJURHVIkORExduyZlQyjB1nrOsitvqLLjw=
x-amz-request-id: HT3QF6TZ2KZVHAHK
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 01 Apr 2023 17:12:40 GMT
age: 484
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 17:20:44 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dd8be9573417f6ad837cade0dff4ad27
87057d97e081d2f3e1238356d7cf05640a38556a
1fa36dcf7231e36211dddec3c552d1d2370d6eb2dfd485fa0710e2af8351a9b1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1FA36DCF7231E36211DDDEC3C552D1D2370D6EB2DFD485FA0710E2AF8351A9B1"
Last-Modified: Sat, 01 Apr 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21591
Expires: Sat, 01 Apr 2023 23:20:35 GMT
Date: Sat, 01 Apr 2023 17:20:44 GMT
Connection: keep-alive
e35r3i92lj7qmst.com/Fh5s?sub1=478588&sub2=136
3.74.215.203302 Found 0 B URL HTTP/1.1 e35r3i92lj7qmst.com/Fh5s?sub1=478588&sub2=136
IP 3.74.215.203:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /Fh5s?sub1=478588&sub2=136 HTTP/1.1
Host: e35r3i92lj7qmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Sat, 01 Apr 2023 17:20:44 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: TID=2555547805; expires=Mon, 01-May-2023 17:20:44 GMT; Max-Age=2592000; path=/; domain=e35r3i92lj7qmst.com; HttpOnly
Location: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Content-Type, Expires, Cache-Control, Content-Length, Retry-After, Last-Modified, Pragma, ETag, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 01 Apr 2023 17:14:41 GMT
age: 363
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 91bbcaa5a41c1d939cacffb1b322decc
dbe3985516d8172f29fbb8e997287834d556e842
9d1095c228784acb28b43b615c4951be7a7f2c6d9c9ef3ffd49347d825b3f28d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9D1095C228784ACB28B43B615C4951BE7A7F2C6D9C9EF3FFD49347D825B3F28D"
Last-Modified: Fri, 31 Mar 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21554
Expires: Sat, 01 Apr 2023 23:19:58 GMT
Date: Sat, 01 Apr 2023 17:20:44 GMT
Connection: keep-alive
w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
52.59.224.62200 OK 6.5 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
IP 52.59.224.62:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (13010), with no line terminators
Hash 00bdf14c31c472b56dd46bf89ad143c5
702ebedd89ad8fe124119763d1c0464d9ba1ec8c
309a5e4f2dd61fd3b09b55d61c60a93baa2f3d75bbefbb085b0fd1ce33f57806
Analyzer Verdict Alert quad9 Sinkholed
GET /?registration=1&cid=2555547805&pid=114444&sip=0 HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 6fa0c0763a28dec230b96d4248edf345
b706ac54bb44a20b70f92857bc59af4063e7c09c
fa53224d11289a05229412401b747b3fe0e4323df51fbe0dafc634198617a115
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FA53224D11289A05229412401B747B3FE0E4323DF51FBE0DAFC634198617A115"
Last-Modified: Sat, 01 Apr 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5305
Expires: Sat, 01 Apr 2023 18:49:09 GMT
Date: Sat, 01 Apr 2023 17:20:44 GMT
Connection: keep-alive
cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
54.230.111.92200 OK 23 kB URL HTTP/1.1 cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
IP 54.230.111.92:0
File type C source, ASCII text, with very long lines (539)
Hash 868c9f8f1623a7fda2f7f056d4d5f778
d368215e8823818e8a908d8196c3fe64521d26db
ceed6c3740935d3751ee58848d5e8961a1dd9de4c13961362b8614ae43cd02ff
GET /js/11DAF087E87A3DFD/scarab-v2.js HTTP/1.1
Host: cdn.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Timing-Allow-Origin: *
Content-Encoding: gzip
Date: Sat, 01 Apr 2023 17:08:49 GMT
Cache-Control: max-age=3600,public
ETag: "188afbd5e4ff636f65b6ceaca02c9937--gzip"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: O8ryiWLJHay6McjrNyeGZwie40pZvkfXvqXn7Uj8QOtchZlDRuS0CQ==
Age: 737
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 952513ca42adae3d5d739d3fdb9bf121
ae098b91f1a9bb5f99398e76ac5512550b822093
93b1f9965338820e21ec3694037f6f599863f3d8a0faa7f1492ac64077161ddb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 17:20:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
142.250.74.168200 OK 59 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (16468)
Hash 7fe85376799b302e7178694c54aa5eaa
194b900291c3120ae5a678285adfa41ea980cf90
ac99173b50627b03af786ff78de564b7870b8eec984a976ff795a3e447dd5ea4
GET /gtm.js?id=GTM-5PMSX62 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 01 Apr 2023 17:20:44 GMT
expires: Sat, 01 Apr 2023 17:20:44 GMT
cache-control: private, max-age=900
last-modified: Sat, 01 Apr 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 58843
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.scarabresearch.com/wpjs/wploader.js?ts=2778
54.230.111.36200 OK 11 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wploader.js?ts=2778
IP 54.230.111.36:0
File type Unicode text, UTF-8 text, with very long lines (26064)
Hash 30ae0eb58743610387bdbbf48fc2d2a2
d46c66ce3e554f399bf8d4787a061dfe2c2b8142
607f312b633a0bb76268e5b3c31c8acb570425b289cb74e5b49ef161cc107202
GET /wpjs/wploader.js?ts=2778 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 30 Mar 2023 08:29:09 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: mNQkO3bscWhzs7mAKfWxZiL3NcD2TySi
Server: AmazonS3
Content-Encoding: gzip
Date: Sat, 01 Apr 2023 08:29:23 GMT
Cache-Control: max-age=86400
ETag: W/"61d4dafd237686d1f5677511918ccbdf"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: H3WNRUqtF6JcCr-awlDQ0Y4Et450BBKzUy6_CMk5-9fgrJK-lIKrwQ==
Age: 31882
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 5b6731341a66be32757ea461f5bd605a
f9a017cd1195d1eafb3839a899baf75f2e71958f
4bda8352f303d3fb71b8c4b2ecc9fbe75dcfc91dd2232260afb1e37ebbf139fb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 17:20:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.scarabresearch.com/wpjs/wpes6.js?ts=2778
54.230.111.36200 OK 32 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wpes6.js?ts=2778
IP 54.230.111.36:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash e75db59aab4bf4013fb48ba45ec4f800
f220d102782953dea02c0d5983e7dc7269ba0f58
233e57a09ca91b19eba0f6e11ad6389a48aecddfcc13cdc4c0fb03762984003d
GET /wpjs/wpes6.js?ts=2778 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 01 Apr 2023 08:29:23 GMT
Last-Modified: Thu, 30 Mar 2023 08:29:12 GMT
ETag: W/"2b440b4ab7de4e9e934269b174746c21"
x-amz-server-side-encryption: AES256
Cache-Control: max-age=86400
x-amz-version-id: SnusFxEtHtvg3pwydD7XsRhodxFvQ3kT
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 9bAMNBx1GSZGJIK_qs4t_y_WQZXnjD0PqMkAA7Wnjz5ybpZuF0SGPw==
Age: 31882
push.services.mozilla.com/
52.43.157.124101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.43.157.124:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: UiAS0LxGNsfQDrzapMaOfQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: o2wwvwiVD+fymkG5oQAPVnllu5I=
rstat.rockmostbet.com/lib.js
162.55.5.93200 OK 237 kB URL HTTP/2 rstat.rockmostbet.com/lib.js
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (29927), with LF, NEL line terminators
Size 237 kB (236698 bytes)
Hash 29d29992c3987d38d7e68f3d0e097d7e
036b1d34b23dd6c2c343b5056ee48cee3a23dca0
067bb4792f93398de4734ef18cfef6cfbd9372b147498144992a73ceae822f80
GET /lib.js HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript
date: Sat, 01 Apr 2023 17:20:45 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7047981123732766720; Domain=.rockmostbet.com; Path=/; Expires=Sun, 01 Feb 2026 08:40:57 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 0
x-xss-protection: 1
content-length: 236698
X-Firefox-Spdy: h2
my.rtmark.net/p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01
IP 139.45.195.8:0
Hash 6425f508eacb60db81c6d0b38ae56a58
d27caed071b054a15ab2291a11a4bfe12e097d7a
e94404dcfeb2d07ed1a6c0ad4230d5bc5754c0c965736d4ebc3224af415094d0
GET /p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 17:20:45 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1120/static/js/30.5fd210c0.chunk.js
104.21.9.158200 OK 219 kB URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1120/static/js/30.5fd210c0.chunk.js
IP 104.21.9.158:0
File type ASCII text, with very long lines (65461)
Size 219 kB (218642 bytes)
Hash ba151ba6a26f2256d090c781402e48d4
e063a06242015e61b3edebc91260f63e0f7e0806
18cb0000e196ab1dc62960d7d90a39f94ce0f0d8c45ebbfd1188f5dd4a802297
GET /spa-static/1.4.1120/static/js/30.5fd210c0.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Apr 2023 17:20:44 GMT
content-type: application/javascript
last-modified: Sat, 01 Apr 2023 14:53:20 GMT
vary: Accept-Encoding
etag: W/"64284560-7ad37"
expires: Sat, 01 Apr 2023 18:57:20 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 8604
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PiemzTABora3ddeOhk%2BgvkJgGaRxnoZ8te%2FINliaRxb2xnLl%2BR2DK2B5WyncLUGVwwx8miPZ3WYj%2FS4VLaeuwlKe4AaDEVEJjvx7ZEd78sXokVomEqUpLBrEkOe3Rw5Ur7%2FL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b1281279a0eb4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
w84j4767dd2lowdmst.com/api/v1/websocket/credentials
52.59.224.62200 OK 240 B URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/websocket/credentials
IP 52.59.224.62:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 8936723c868de6ee9842e9398ffc3c34
020d84eb90df1c83c4fab3cbeffd3e16a8954bb9
6347025b91f938f10e8c3c2df20cb0dcfcc6668d2cefae2ceec61fe283f0903a
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/websocket/credentials HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:45 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
X-Request-Id: 51a186a03afd6c68afa64053849a8a20
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:45 GMT
Vary: Accept-Encoding, Accept-Language
Set-Cookie: PHPSESSID=qhb2hea9lf6j3gh6k44qf9et82; expires=Mon, 01-May-2023 17:20:45 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=en; expires=Sun, 02-Apr-2023 17:20:45 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sat, 08-Apr-2023 17:20:45 GMT; Max-Age=604800; path=/; secure
Content-Encoding: gzip
w84j4767dd2lowdmst.com/api/v1/user/split-test/stage
52.59.224.62401 Unauthorized 44 B URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/user/split-test/stage
IP 52.59.224.62:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 934f4f06637d43541338ea58b7239068
5a71648da070af7a98ec6691578cdd5b326ebc73
2b3d6859bd99b05cbb655fe69f0c822864c9280040ae32971ba5a5c9aff2d2ab
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/user/split-test/stage HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369643.0.0.0; _ga=GA1.1.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 401 Unauthorized
Server: nginx
Date: Sat, 01 Apr 2023 17:20:45 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
WWW-Authenticate: Bearer
Cache-Control: max-age=0, must-revalidate, private
X-Request-Id: bc5fcc24914737d72749f601216c6379
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:45 GMT
Vary: Accept-Language
Set-Cookie: PHPSESSID=rcsiimvhfcj3pjdm9v38fmf42r; expires=Mon, 01-May-2023 17:20:45 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=en; expires=Sun, 02-Apr-2023 17:20:45 GMT; Max-Age=86400; path=/; secure
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 511fd58fb190c95c7624b31ff7ebbcaa
8ece9b858f9fb4612d845985ca937f01dc231a26
dd980b4b0ff0c040f91162f096d40abb60dfacc9f5e233f7bcdb49a48c499b23
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 669
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sat, 01 Apr 2023 17:20:45 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7047981123732766720; Domain=.rockmostbet.com; Path=/; Expires=Sun, 01 Feb 2026 08:40:57 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 4
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 4de301a878c06cac7d200167a62f202d
af76f73e48a85319a15f087abc18c53dc4797cc2
3afd46afc0771f9f9c8d49fcd2ef4f2aa1ebe786fe731697e51be5caed3400c0
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 756
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sat, 01 Apr 2023 17:20:45 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7047981123732766720; Domain=.rockmostbet.com; Path=/; Expires=Sun, 01 Feb 2026 08:40:57 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 4
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash e21a9f25898e13aa0c85ad47dd0fd000
3f6c3154b7fdc2b10862fffaa466afccc751d909
660639a0cc76fbb72ebac3b469f749a3f7763b8d0c10b01252e62d8ec24554cd
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 01 Apr 2023 17:20:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 31 Mar 2023 20:42:46 GMT
Expires: Sat, 01 Apr 2023 20:42:46 GMT
ETag: "3f6c3154b7fdc2b10862fffaa466afccc751d909"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
w84j4767dd2lowdmst.com/api/v1/logo
52.59.224.62200 OK 132 B URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/logo
IP 52.59.224.62:0
File type JSON data\012- , ASCII text, with very long lines (341), with no line terminators
Hash 6140058726d784c58e82ac5aff80777c
a0d472bb6ec2dcb486d67d1c74f6f6079b6ef50c
8239107ee4deacf08092063a6c8314fc7e7081187b0cc44d8aac9493623a6817
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/logo HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369643.0.0.0; _ga=GA1.1.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:45 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
ETag: W/"5546a5a27804074e5475940a8d76607a"
X-Request-Id: b583b773b1ebf97e18fae6386646ca52
Vary: Accept-Encoding, Accept-Language
Expires: Sat, 01 Apr 2023 17:20:45 GMT
Set-Cookie: PHPSESSID=cjdhj4stgtvttuhg6k9i5ufii0; expires=Mon, 01-May-2023 17:20:45 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=en; expires=Sun, 02-Apr-2023 17:20:45 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sat, 08-Apr-2023 17:20:45 GMT; Max-Age=604800; path=/; secure
Content-Encoding: gzip
w84j4767dd2lowdmst.com/api/v1/countries.json
52.59.224.62200 OK 4.6 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/countries.json
IP 52.59.224.62:0
File type JSON data\012- , ASCII text, with very long lines (23293), with no line terminators
Hash 088f7b360ea27fc30f7e968787a0523d
7f2273a1f6924f316bfa27102fc6a3d9ccb18131
3f85f57649c182f08d01a212f83c744c2e6102931313981c2097f6502d0d8208
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/countries.json HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
Cache-Control: no-cache
Pragma: no-cache
Expires: 0
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369643.0.0.0; _ga=GA1.1.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:45 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
ETag: W/"967a2a098600c8243329615dd6fb7e48"
X-Request-Id: 59b9e48aae5ae1b3faaa9ca7a383acd8
Vary: Accept-Encoding, Accept-Language
Expires: Sat, 01 Apr 2023 17:20:45 GMT
Set-Cookie: PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; expires=Mon, 01-May-2023 17:20:45 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=en; expires=Sun, 02-Apr-2023 17:20:45 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sat, 08-Apr-2023 17:20:45 GMT; Max-Age=604800; path=/; secure
Content-Encoding: gzip
track.abdsp.com/pixel?auth=d799av&event=visit&uid=undefined&affId=114444&site=w84j4767dd2lowdmst.com&ln=en-US
88.214.206.85200 OK 0 B URL HTTP/1.1 track.abdsp.com/pixel?auth=d799av&event=visit&uid=undefined&affId=114444&site=w84j4767dd2lowdmst.com&ln=en-US
IP 88.214.206.85:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pixel?auth=d799av&event=visit&uid=undefined&affId=114444&site=w84j4767dd2lowdmst.com&ln=en-US HTTP/1.1
Host: track.abdsp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sat, 01 Apr 2023 17:20:45 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, max-age=0, must-revalidate, proxy-revalidate, no-store
Pragma: no-cache
Expires: Sat, 01 Jan 2000 00:00:00 GMT
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 741a2f47aab81a2c7ed0fadaa1fa74e3
be34e0df4a5f272589a017ce77ece974d890f27c
4ea1737c8246072ea1072314ae684c1f7e518a81a5200c46374e47378bfb6b63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 17:20:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
142.250.74.4200 OK 582 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
IP 142.250.74.4:0
File type ASCII text, with very long lines (909), with no line terminators
Hash a50e58c3954c2e5ccdf56dcacf553b45
6f77e286a8038a8f320f09f13485d65317dc7aa2
647ad0424477758217e9d47abe70cc1eba785c5727b96dce21f254741c8f73eb
GET /recaptcha/api.js?onload=onloadcallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 01 Apr 2023 17:20:45 GMT
date: Sat, 01 Apr 2023 17:20:45 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 582
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 04d4e5d2536a7167aad777668f7b21c4
c19a0650d19b5c856567b546c2e60929e724d56f
5d5d1cd73f3631acdf20ca1fe52ce7e617db171aa656e27fd33b64e65e3f8dec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D5D1CD73F3631ACDF20CA1FE52CE7E617DB171AA656E27FD33B64E65E3F8DEC"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11859
Expires: Sat, 01 Apr 2023 20:38:24 GMT
Date: Sat, 01 Apr 2023 17:20:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 04d4e5d2536a7167aad777668f7b21c4
c19a0650d19b5c856567b546c2e60929e724d56f
5d5d1cd73f3631acdf20ca1fe52ce7e617db171aa656e27fd33b64e65e3f8dec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D5D1CD73F3631ACDF20CA1FE52CE7E617DB171AA656E27FD33B64E65E3F8DEC"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11859
Expires: Sat, 01 Apr 2023 20:38:24 GMT
Date: Sat, 01 Apr 2023 17:20:45 GMT
Connection: keep-alive
w84j4767dd2lowdmst.com/connection/websocket
52.59.224.62101 Switching Protocols 0 B URL HTTP/1.1 w84j4767dd2lowdmst.com/connection/websocket
IP 52.59.224.62:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /connection/websocket HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://w84j4767dd2lowdmst.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ROhC7xa0V4T8lVVl4e47pQ==
Connection: keep-alive, Upgrade
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369643.0.0.0; _ga=GA1.1.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Sat, 01 Apr 2023 17:20:45 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: p0EW7WVljXvjUcXstN1CoJbQPEg=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 04d4e5d2536a7167aad777668f7b21c4
c19a0650d19b5c856567b546c2e60929e724d56f
5d5d1cd73f3631acdf20ca1fe52ce7e617db171aa656e27fd33b64e65e3f8dec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D5D1CD73F3631ACDF20CA1FE52CE7E617DB171AA656E27FD33B64E65E3F8DEC"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11918
Expires: Sat, 01 Apr 2023 20:39:23 GMT
Date: Sat, 01 Apr 2023 17:20:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 04d4e5d2536a7167aad777668f7b21c4
c19a0650d19b5c856567b546c2e60929e724d56f
5d5d1cd73f3631acdf20ca1fe52ce7e617db171aa656e27fd33b64e65e3f8dec
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D5D1CD73F3631ACDF20CA1FE52CE7E617DB171AA656E27FD33B64E65E3F8DEC"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11760
Expires: Sat, 01 Apr 2023 20:36:45 GMT
Date: Sat, 01 Apr 2023 17:20:45 GMT
Connection: keep-alive
mostauthor.com/multiauth/test_cookie_set?testcookie=fm99akfbcdbbxav471kt0v
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=fm99akfbcdbbxav471kt0v
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=fm99akfbcdbbxav471kt0v HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://w84j4767dd2lowdmst.com/
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: bd7fbf1e06124053bc90fdfea5fa1d25
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sat, 01 Apr 2023 17:20:45 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 02ddc021542aadb090aa31099f7b9267
cb2091bff4ad6c225faa4c0c02182217bcdc502c
dcca0f6c051c27f611b9e51981fb34bd0c82a317c2e3ae3412ec6de80c596d24
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 17:20:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/test_cookie_set?testcookie=xlaat0w25qr2jfy1n7oewc
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=xlaat0w25qr2jfy1n7oewc
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=xlaat0w25qr2jfy1n7oewc HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://w84j4767dd2lowdmst.com/
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 98ad4b99d2dc457aa5df49892d4bbf5a
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sat, 01 Apr 2023 17:20:45 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=fm99akfbcdbbxav471kt0v
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=fm99akfbcdbbxav471kt0v
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=fm99akfbcdbbxav471kt0v HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 833594b09db74b85a110a53cf1e55ab9
set-cookie: test_cooke_fm99akfbcdbbxav471kt0v=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Sat, 01 Apr 2023 17:20:45 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
w84j4767dd2lowdmst.com/api/v2/translations?locales[]=en&domains[]=messages&fallback=1
52.59.224.62200 OK 294 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v2/translations?locales[]=en&domains[]=messages&fallback=1
IP 52.59.224.62:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size 294 kB (293950 bytes)
Hash 25f1cc8358831241bb4e9d6711533029
15da94791dcf6d711592d42be53feace6bdb7809
9330a22b59ad51ffd1d660ff4ebf3c3b680268c6eda749b9bb3ddb4a7a033720
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=en&domains[]=messages&fallback=1 HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Connection: keep-alive
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369643.0.0.0; _ga=GA1.1.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:45 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
ETag: W/"340ab4d9b829da63fbd8b9a8799eccee"
X-Request-Id: 73f8c26e3b67a8ce5ad2d8c53442ef2e
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:45 GMT
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
mostauthor.com/multiauth/test_cookie_set?testcookie=xlaat0w25qr2jfy1n7oewc
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=xlaat0w25qr2jfy1n7oewc
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=xlaat0w25qr2jfy1n7oewc HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 8e774ed6060749aab4a2be96e3a58ffa
set-cookie: test_cooke_xlaat0w25qr2jfy1n7oewc=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Sat, 01 Apr 2023 17:20:45 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
w84j4767dd2lowdmst.com/api/v1/currency-specific-settings/NOK.json
52.59.224.62200 OK 208 B URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/currency-specific-settings/NOK.json
IP 52.59.224.62:0
File type JSON data\012- , ASCII text, with very long lines (596), with no line terminators
Hash 6afc8d0c934f81a198e7eada2f662787
1e7091c00676bdbdbe4a4f9959e62078678d01a7
26309c013ba68ffad5776b1bcb0cd306cf20fbf60d3d3cde76486b6d26efd157
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currency-specific-settings/NOK.json HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369643.0.0.0; _ga=GA1.1.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:45 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600, private
ETag: W/"129d6f3f2f8d52873649f410c669f702"
X-Request-Id: ce737f208be42df9f85f7614ef587000
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
w84j4767dd2lowdmst.com/favicon.ico
52.59.224.62200 OK 2.2 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/favicon.ico
IP 52.59.224.62:0
File type MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash d9548b0e716644b556583da932add748
91eedfd375551e028fb2153aeca6edd86b29295b
37c59f2e668888ac1893928c0f1b8d3b62b40ecc15bd01efd067df2ca85f48fb
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369643.0.0.0; _ga=GA1.1.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:45 GMT
Content-Type: image/x-icon
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 01 Apr 2023 14:46:18 GMT
Vary: Accept-Encoding
ETag: W/"642843ba-1536"
Content-Encoding: gzip
www.google-analytics.com/analytics.js
142.250.74.78200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.78:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 01 Apr 2023 16:05:12 GMT
expires: Sat, 01 Apr 2023 18:05:12 GMT
cache-control: public, max-age=7200
age: 4533
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ff36ec2657d8ee3b0f78d0a8b2bc9c96
7ce770b27771a2417292364a24af2d65bb9085a5
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 17:20:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
192.229.221.95200 OK 471 B IP 192.229.221.95:0
Hash 9853c6bd1370fa44bf517feb5d20e864
f2568c83695493db33ce87e1f366cdea7fad69d3
03a6a549b771c00c306505408546cdfe97db5e4f5e053488f4da90ac2d4967ff
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5371
Cache-Control: max-age=138122
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 17:20:45 GMT
Etag: "6427cb7c-1d7"
Expires: Mon, 03 Apr 2023 07:42:47 GMT
Last-Modified: Sat, 01 Apr 2023 06:13:16 GMT
Server: ECAcc (ska/F7A5)
X-Cache: HIT
Content-Length: 471
my.rtmark.net/img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 17:20:45 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=de958706b0284ef18c7ca3e59e903e69; expires=Sun, 31 Mar 2024 17:20:45 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 532d8a4c331c5321c2ea7e79b968159b
e03af67db286d044df72e88a845d7a3240081868
c9a15d6a443d1d956102d27d984a07ba3ad889109a8b1f98c32dc45d7b035def
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 17:20:45 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Wed, 05 Apr 2023 15:13:48 GMT
ETag: "e03af67db286d044df72e88a845d7a3240081868"
Last-Modified: Sat, 01 Apr 2023 15:13:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1820
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b12812f5eaf0b69-OSL
www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__en.js
142.250.74.35200 OK 166 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (582)
Size 166 kB (166464 bytes)
Hash b81d6636c3ad72c63e532e5180eaf7f9
ddcd059999fff6218e98af62dbe3fa9c885a0de8
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef
GET /recaptcha/releases/NZrMWHVy58-S9gVvad9HVGxk/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 166464
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 08:50:01 GMT
expires: Wed, 27 Mar 2024 08:50:01 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 28 Mar 2023 00:02:54 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 376244
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-9Q6VE8VYRH>m=45je33t0&_p=2110259696&cid=467681347.1680369643&ul=en-us&sr=1280x1024&_s=1&sid=1680369643&sct=1&seg=0&dl=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&dt=mostbet_title&en=page_view&_fv=2&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-9Q6VE8VYRH>m=45je33t0&_p=2110259696&cid=467681347.1680369643&ul=en-us&sr=1280x1024&_s=1&sid=1680369643&sct=1&seg=0&dl=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&dt=mostbet_title&en=page_view&_fv=2&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-9Q6VE8VYRH>m=45je33t0&_p=2110259696&cid=467681347.1680369643&ul=en-us&sr=1280x1024&_s=1&sid=1680369643&sct=1&seg=0&dl=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&dt=mostbet_title&en=page_view&_fv=2&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://w84j4767dd2lowdmst.com
date: Sat, 01 Apr 2023 17:20:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 365aae6343eff591f54a3c34d27aec3e
2bc5ea6839376a39280e12bfb05f63b2c5e89834
61e7999166900e42dddb75dfc42c4a04de2a5e628aafebb7efae5e535f90d39b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 17:20:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
157.240.205.11200 OK 471 B URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.205.11:0
Hash 9853c6bd1370fa44bf517feb5d20e864
f2568c83695493db33ce87e1f366cdea7fad69d3
03a6a549b771c00c306505408546cdfe97db5e4f5e053488f4da90ac2d4967ff
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 7+f+LC267QOF55uvt+UCwpGQyf/oiY8zf84ML76IhvRPfxdS1xvVJA4ie/Htz5B2FPxM87Twh2SeuCaiezxzYA==
content-length: 27909
x-fb-trip-id: 1679558926
date: Sat, 01 Apr 2023 17:20:45 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-9Q6VE8VYRH>m=45je33t0&_p=2110259696&cid=467681347.1680369643&ul=en-us&sr=1280x1024&sid=1680369643&sct=1&seg=0&dl=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&dt=mostbet_title&_s=2
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-9Q6VE8VYRH>m=45je33t0&_p=2110259696&cid=467681347.1680369643&ul=en-us&sr=1280x1024&sid=1680369643&sct=1&seg=0&dl=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&dt=mostbet_title&_s=2
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-9Q6VE8VYRH>m=45je33t0&_p=2110259696&cid=467681347.1680369643&ul=en-us&sr=1280x1024&sid=1680369643&sct=1&seg=0&dl=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&dt=mostbet_title&_s=2 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 32
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
access-control-allow-origin: https://w84j4767dd2lowdmst.com
date: Sat, 01 Apr 2023 17:20:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ff1d01e68831d80a4f75d7db3970972
1a9e1f3fa7389cccb0e91cff2616767e1616113e
fd74cb98e8809df139d3f187b78b0513a394231cb2660663ee250bc11b8e3e24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD74CB98E8809DF139D3F187B78B0513A394231CB2660663EE250BC11B8E3E24"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15204
Expires: Sat, 01 Apr 2023 21:34:10 GMT
Date: Sat, 01 Apr 2023 17:20:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ff1d01e68831d80a4f75d7db3970972
1a9e1f3fa7389cccb0e91cff2616767e1616113e
fd74cb98e8809df139d3f187b78b0513a394231cb2660663ee250bc11b8e3e24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD74CB98E8809DF139D3F187B78B0513A394231CB2660663EE250BC11B8E3E24"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15204
Expires: Sat, 01 Apr 2023 21:34:10 GMT
Date: Sat, 01 Apr 2023 17:20:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ff1d01e68831d80a4f75d7db3970972
1a9e1f3fa7389cccb0e91cff2616767e1616113e
fd74cb98e8809df139d3f187b78b0513a394231cb2660663ee250bc11b8e3e24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD74CB98E8809DF139D3F187B78B0513A394231CB2660663EE250BC11B8E3E24"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15204
Expires: Sat, 01 Apr 2023 21:34:10 GMT
Date: Sat, 01 Apr 2023 17:20:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ff1d01e68831d80a4f75d7db3970972
1a9e1f3fa7389cccb0e91cff2616767e1616113e
fd74cb98e8809df139d3f187b78b0513a394231cb2660663ee250bc11b8e3e24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD74CB98E8809DF139D3F187B78B0513A394231CB2660663EE250BC11B8E3E24"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15204
Expires: Sat, 01 Apr 2023 21:34:10 GMT
Date: Sat, 01 Apr 2023 17:20:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8ff1d01e68831d80a4f75d7db3970972
1a9e1f3fa7389cccb0e91cff2616767e1616113e
fd74cb98e8809df139d3f187b78b0513a394231cb2660663ee250bc11b8e3e24
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD74CB98E8809DF139D3F187B78B0513A394231CB2660663EE250BC11B8E3E24"
Last-Modified: Fri, 31 Mar 2023 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15204
Expires: Sat, 01 Apr 2023 21:34:10 GMT
Date: Sat, 01 Apr 2023 17:20:46 GMT
Connection: keep-alive
mc.yandex.ru/metrika/tag.js
87.250.251.119200 OK 74 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.251.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash a9326ffae8343d00c2908794734a004a
234737cf0fabcd62477257fde669fabbe343b2c1
7559265023cf9727da205b2d7f850814a5e7d7b98ed9eb50e279c6eddcdda1dd
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 74025
date: Sat, 01 Apr 2023 17:20:46 GMT
access-control-allow-origin: *
etag: "64241f95-12129"
expires: Sat, 01 Apr 2023 18:20:46 GMT
last-modified: Wed, 29 Mar 2023 14:23:01 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: application/javascript
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95196399-f417-4284-9902-cf35b1e83360.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95196399-f417-4284-9902-cf35b1e83360.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash deb930830ac86ec8ace6a232f67810ba
d084bf4331446c35236019010b2bcf82d45dad1c
bb81782bf590d601110ec8fb891f701e0f5084bda46370d30345bd81403a33ab
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F95196399-f417-4284-9902-cf35b1e83360.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5830
x-amzn-requestid: 0897bf26-6156-48d3-ba67-596cc326dddc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CqnHHG0JoAMF87w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6427522d-6f380d901d9d6b737ec19d6d;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:35:41 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: UfN2iRmDUhddBZW6qGy3q2-HCqb6Kx3iDENnirUkIoCJ6BW6zdWVtw==
via: 1.1 8f251d23da31b683c3c9d6fad6ca944c.cloudfront.net (CloudFront), 1.1 b4085435efbe95a420f374958bd145be.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 22:44:32 GMT
etag: "d084bf4331446c35236019010b2bcf82d45dad1c"
content-type: image/jpeg
age: 66974
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fb8174c-0fbe-4857-bc0b-3e50751be490.jpeg
34.120.237.76200 OK 3.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fb8174c-0fbe-4857-bc0b-3e50751be490.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ddcef2c96778d9fdee670e187a43ab32
e8c98891a1ffdbb6d30cf8746e067d56fe65d964
4e6fb506079b1daab0b1913a31c6252452f133af9276e18d25fe6fb622ce54ec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6fb8174c-0fbe-4857-bc0b-3e50751be490.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3800
x-amzn-requestid: a182fb32-649a-4228-a591-080aae8c053a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm9VEY2oAMFf5g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751ee-3a1abb584aa61a954dbd52c1;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: ycsh7rNJt9blXZVpFbbdBDu5pZbGDfGIPLt5k0Ff9-fvWTX86Ndz6A==
via: 1.1 88a7ff956a5b49ec3a35abfc0027af12.cloudfront.net (CloudFront), 1.1 6a6653dfb47ccc5082f2a5b9d0d168ce.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:45:01 GMT
age: 70545
etag: "e8c98891a1ffdbb6d30cf8746e067d56fe65d964"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24171d10-56ac-40e7-9d10-77b9e948da6e.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24171d10-56ac-40e7-9d10-77b9e948da6e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c193cd4520e8ee5d17cd1f3faadc1c73
b46effcb93e0ad066474ec1f67bcd54020615caf
bc824341b884278e7e69ae3bb87484ad914e5909544959ebc8f8661a545cb929
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24171d10-56ac-40e7-9d10-77b9e948da6e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10128
x-amzn-requestid: bdd46a1d-4b43-4450-be32-3e3947d2fcd7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm9VELdIAMFmmg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751ee-346e92d143f6fcf46db741c8;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:38 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: jidQVHgb6EK_fyGj4wYgdWEBeth8CIB5szPrwrgmirz4Q9tSYpRrsw==
via: 1.1 c28e01aa413e9ea602538ccda1511062.cloudfront.net (CloudFront), 1.1 b838ef1ff22a4a994af82d5178c30e1c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:47:06 GMT
age: 70420
etag: "b46effcb93e0ad066474ec1f67bcd54020615caf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 613b90b49678a72443e992713b7eb711
f4216e9b06d9cb62aadfafce434789a3cc5d1fe2
7cb101a12e824bf26552b2aaeb00df0e3f239c254168b9dee65192b484f1b61e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfa5d643-243c-4157-97e2-d929d9b82514.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4697
x-amzn-requestid: 800eecdb-6883-4266-a476-7e3ce7985d3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ClVE3HmcoAMF9cg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64253552-6ee0d63805e7a9631efa30fd;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Thu, 30 Mar 2023 07:08:02 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: f6eh434UX0ff2-bARUFXdDr0W1Z78rO5MItrz39fdCpqpIVuftr4yw==
via: 1.1 304b956e2039e07753fa39109152d594.cloudfront.net (CloudFront), 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 07:33:34 GMT
age: 35232
etag: "f4216e9b06d9cb62aadfafce434789a3cc5d1fe2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 800c2662fd6ab8829a02b7d63084c38d
0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239
76545e9f75dc558fdb7b54550934c7775318fb4150a9309f60e65d982d2e576e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F808d12ec-c97a-4c49-976e-6025ea897112.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5950
x-amzn-requestid: 5d5a94f5-db2f-4c4c-9c9f-08c14b0ccd80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Cqm7NG2NIAMF-sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-642751e1-57c957f442c42fe148e66831;Sampled=0;lineage=69363f46:0
x-amzn-remapped-date: Fri, 31 Mar 2023 21:34:25 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: KkjS04mCLqFET4v9-sePYK-zcztrds608GECT1Fxz3BEpslgxnpLOg==
via: 1.1 f193acd25f2604e189bfbfaf539aaa06.cloudfront.net (CloudFront), 1.1 2241406ac19fffc8f35d6ddef8e22f56.cloudfront.net (CloudFront), 1.1 google
date: Fri, 31 Mar 2023 21:37:17 GMT
age: 71009
etag: "0917d2c376f8d2af2a436a33ce2bfe1cbdb8b239"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da174e6ccc9451c5071ba10eeb97f6f6
c38827a9ac1218768839877263e1f2984fbdc454
76da406c8ae8cd6ca8471928f3aec3876aed2c21bc10edc0fbdaef5c100c1030
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff94a70cc-7556-4fae-8603-14d3b253f74c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9859
x-amzn-requestid: c00efe5b-7fdb-445a-a924-75ddd461b72b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: COQPtHizoAMF7-Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641bfa64-3eb90ae703b78e8a06130540;Sampled=0
x-amzn-remapped-date: Thu, 23 Mar 2023 07:06:12 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: wlc65ytdELa_faMSddEDHZNsbtF1_CgMOho3W3BvkaOSrFyAkKUagg==
via: 1.1 02f1a759e4ec9fab6fc17c080dd851dc.cloudfront.net (CloudFront), 1.1 60b744e5b364d04abea9fa6686121242.cloudfront.net (CloudFront), 1.1 google
date: Sat, 01 Apr 2023 10:47:01 GMT
age: 23625
etag: "c38827a9ac1218768839877263e1f2984fbdc454"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 01 Apr 2023 17:20:46 GMT
access-control-allow-origin: *
etag: "64241f95-2b"
expires: Sat, 01 Apr 2023 18:20:46 GMT
accept-ranges: bytes
last-modified: Wed, 29 Mar 2023 14:23:01 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&rl=&if=false&ts=1680369644243&sw=1280&sh=1024&v=2.9.100&r=stable&a=tmgoogletagmanager&ec=0&o=30&cs_est=true&fbp=fb.1.1680369644242.1941975596&it=1680369643954&coo=false&rqm=GET
157.240.205.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&rl=&if=false&ts=1680369644243&sw=1280&sh=1024&v=2.9.100&r=stable&a=tmgoogletagmanager&ec=0&o=30&cs_est=true&fbp=fb.1.1680369644242.1941975596&it=1680369643954&coo=false&rqm=GET
IP 157.240.205.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&rl=&if=false&ts=1680369644243&sw=1280&sh=1024&v=2.9.100&r=stable&a=tmgoogletagmanager&ec=0&o=30&cs_est=true&fbp=fb.1.1680369644242.1941975596&it=1680369643954&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sat, 01 Apr 2023 17:20:46 GMT
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A2215%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172044%3Aet%3A1680369644%3Ac%3A1%3Arn%3A223431999%3Arqn%3A1%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C236%2C25%2C13%2C694%2C0%2C%2C464%2C2%2C%2C%2C%2C1440%3Aco%3A0%3Ans%3A1680369641393%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1680369644%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
87.250.251.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A2215%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172044%3Aet%3A1680369644%3Ac%3A1%3Arn%3A223431999%3Arqn%3A1%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C236%2C25%2C13%2C694%2C0%2C%2C464%2C2%2C%2C%2C%2C1440%3Aco%3A0%3Ans%3A1680369641393%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1680369644%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 87.250.251.119:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch/37954615?wmode=7&page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A2215%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172044%3Aet%3A1680369644%3Ac%3A1%3Arn%3A223431999%3Arqn%3A1%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C236%2C25%2C13%2C694%2C0%2C%2C464%2C2%2C%2C%2C%2C1440%3Aco%3A0%3Ans%3A1680369641393%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1680369644%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/37954615/1?wmode=7&page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A2215%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172044%3Aet%3A1680369644%3Ac%3A1%3Arn%3A223431999%3Arqn%3A1%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C236%2C25%2C13%2C694%2C0%2C%2C464%2C2%2C%2C%2C%2C1440%3Aco%3A0%3Ans%3A1680369641393%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1680369644%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Sat, 01 Apr 2023 17:20:46 GMT
access-control-allow-origin: https://w84j4767dd2lowdmst.com
set-cookie: yabs-sid=2491803491680369646; Path=/; SameSite=None; Secure
i=Wz080S2DkDUv+zNS1gbPesJw4w/ZbGjF/rMLbd7T26fgubSfQSP3eoTaL2OX4yi8bMXyiT7pXyAfBS1ibgnz9eKkzGE=; Expires=Tue, 29-Mar-2033 17:20:41 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=9326962901680369646; Expires=Tue, 29-Mar-2033 17:20:41 GMT; Domain=.yandex.ru; Path=/; Secure; SameSite=None
yuidss=9326962901680369646; Expires=Sun, 31-Mar-2024 17:20:46 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1711905646.yc.1680369646#1711905646.yrts.1680369646#1711905646.yrtsi.1680369646; Expires=Sun, 31-Mar-2024 17:20:46 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 01-Apr-2023 17:20:46 GMT
last-modified: Sat, 01-Apr-2023 17:20:46 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=xlaat0w25qr2jfy1n7oewc
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=xlaat0w25qr2jfy1n7oewc
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_get?testcookie=xlaat0w25qr2jfy1n7oewc HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://w84j4767dd2lowdmst.com/
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 019e154190d940909ca3c746d15b0197
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sat, 01 Apr 2023 17:20:46 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=fm99akfbcdbbxav471kt0v
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=fm99akfbcdbbxav471kt0v
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash caf33483167cc6a28994a501b478f8df
8b80faf52bdfda242a8a7c2d2cff45a26c43d031
070bf1d4556043cf533cca3e374c72481fb31525f9254c46a37031fb35f69f0e
GET /multiauth/test_cookie_get?testcookie=fm99akfbcdbbxav471kt0v HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Cookie: test_cooke_fm99akfbcdbbxav471kt0v=1; test_cooke_xlaat0w25qr2jfy1n7oewc=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 1339f87210684426b8ed05236a44e316
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Sat, 01 Apr 2023 17:20:46 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=xlaat0w25qr2jfy1n7oewc
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=xlaat0w25qr2jfy1n7oewc
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash caf33483167cc6a28994a501b478f8df
8b80faf52bdfda242a8a7c2d2cff45a26c43d031
070bf1d4556043cf533cca3e374c72481fb31525f9254c46a37031fb35f69f0e
GET /multiauth/test_cookie_get?testcookie=xlaat0w25qr2jfy1n7oewc HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Cookie: test_cooke_fm99akfbcdbbxav471kt0v=1; test_cooke_xlaat0w25qr2jfy1n7oewc=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 230d59020e2348f1ba74dfa941eafba0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Sat, 01 Apr 2023 17:20:46 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?wmode=7&page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A2215%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172044%3Aet%3A1680369644%3Ac%3A1%3Arn%3A223431999%3Arqn%3A1%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C236%2C25%2C13%2C694%2C0%2C%2C464%2C2%2C%2C%2C%2C1440%3Aco%3A0%3Ans%3A1680369641393%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1680369644%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
87.250.251.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?wmode=7&page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A2215%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172044%3Aet%3A1680369644%3Ac%3A1%3Arn%3A223431999%3Arqn%3A1%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C236%2C25%2C13%2C694%2C0%2C%2C464%2C2%2C%2C%2C%2C1440%3Aco%3A0%3Ans%3A1680369641393%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1680369644%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 87.250.251.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash be6da0412fec7d05491940bb43eaddbf
d411ff680288f40b0ea1fc84aeafe0d56a77aad7
eeebe74173df685d56412b4dafd36d5c69bb36b9e80099f88818a50f057df726
GET /watch/37954615/1?wmode=7&page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afp%3A2215%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172044%3Aet%3A1680369644%3Ac%3A1%3Arn%3A223431999%3Arqn%3A1%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C236%2C25%2C13%2C694%2C0%2C%2C464%2C2%2C%2C%2C%2C1440%3Aco%3A0%3Ans%3A1680369641393%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1680369644%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://w84j4767dd2lowdmst.com
Referer: https://w84j4767dd2lowdmst.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Sat, 01 Apr 2023 17:20:46 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 01-Apr-2023 17:20:46 GMT
last-modified: Sat, 01-Apr-2023 17:20:46 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4eec701fec69b73ab6ff1af2c178806f
5de0d4c444297364831a311b4c13954aa31976b0
fda1ec0d2c39aafdb994d336b4d8b5d819fcd064a64b43649598609dac04f512
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 17:20:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 4eec701fec69b73ab6ff1af2c178806f
5de0d4c444297364831a311b4c13954aa31976b0
fda1ec0d2c39aafdb994d336b4d8b5d819fcd064a64b43649598609dac04f512
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 17:20:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-79409907-1&cid=467681347.1680369643&jid=124360828&uid=0&gjid=1331644596&_gid=649329921.1680369644&_u=YADAAEAAAAAAACAEK~&z=101811625
108.177.14.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-79409907-1&cid=467681347.1680369643&jid=124360828&uid=0&gjid=1331644596&_gid=649329921.1680369644&_u=YADAAEAAAAAAACAEK~&z=101811625
IP 108.177.14.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-79409907-1&cid=467681347.1680369643&jid=124360828&uid=0&gjid=1331644596&_gid=649329921.1680369644&_u=YADAAEAAAAAAACAEK~&z=101811625 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://w84j4767dd2lowdmst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 01 Apr 2023 17:20:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-79409907-1&cid=467681347.1680369643&jid=294101653&uid=0&gjid=1536413869&_gid=649329921.1680369644&_u=YADAAEABAAAAACAEK~&z=129933612
108.177.14.154200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-79409907-1&cid=467681347.1680369643&jid=294101653&uid=0&gjid=1536413869&_gid=649329921.1680369644&_u=YADAAEABAAAAACAEK~&z=129933612
IP 108.177.14.154:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-79409907-1&cid=467681347.1680369643&jid=294101653&uid=0&gjid=1536413869&_gid=649329921.1680369644&_u=YADAAEABAAAAACAEK~&z=129933612 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://w84j4767dd2lowdmst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 01 Apr 2023 17:20:46 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 7.4 kB IP 142.250.74.131:0
Hash bd6697a7d3eeaa3d3ecd8d1bcf16ced0
a868aafd2599aae1192811dc6d67fb4e5815f425
cfd10478f1c9dd35dbfa3c8e3abcf43dc9ce51e5f0b3d77b1e3caa07447b5ba6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 17:20:46 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
w84j4767dd2lowdmst.com/api/v1/footer_links
52.59.224.62200 OK 15 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/footer_links
IP 52.59.224.62:0
Hash 3f4f61b1959cd1a5a2b9cfeab914aff1
3bc901f9d04d6d3398c569bd47eb48906edea709
cde4256c4bdcdaf8cd5e36f60177205c3230b456a2b389c516972d7710d9672f
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/footer_links HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369643.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:46 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
X-Request-Id: b557ba4ddc720299ab735c16c9cadf86
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:46 GMT
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash d3ed1eb52bb2d98bbae4c42acc893644
10acd576616f3832022825cd9e2435a429a694ee
e1ac40a2ace4d03d17d934f8e710a89bd9f5588f6a2c0692365cf19e7433521c
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 01 Apr 2023 17:20:46 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 01 Apr 2023 07:11:32 GMT
Expires: Sun, 02 Apr 2023 07:11:32 GMT
ETag: "10acd576616f3832022825cd9e2435a429a694ee"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
code.jivosite.com/widget/Y1lPjvCuT3
5.101.71.73200 OK 7.2 kB URL HTTP/2 code.jivosite.com/widget/Y1lPjvCuT3
IP 5.101.71.73:0
ASN #34665 Petersburg Internet Network ltd.
File type ASCII text, with very long lines (2635), with no line terminators
Hash 950df8cc0bf57968e666aab461127d52
d37a8ab3cb6ac0cbb442e717045fa44994407846
7bc026a0a610639808889da98ca350603c5bc6f89aeed5bf04ec4625cfcdad9c
GET /widget/Y1lPjvCuT3 HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 17:20:46 GMT
content-type: application/javascript
content-length: 6029
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: br
etag: "641b0447-178d"
expires: Mon, 27 Mar 2023 10:53:34 GMT
last-modified: Wed, 22 Mar 2023 13:36:07 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2023-04-01T16:58:25+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
w84j4767dd2lowdmst.com/api/v1/apk/check_version.json
52.59.224.62200 OK 106 B URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/apk/check_version.json
IP 52.59.224.62:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 8e7eb3475c6dc1ce689106d94ae5e0ed
aa0ec322e6b5fc8b9b26c5a51b58b473dce5e9d4
a28709d8e7d6db00c89570dde61c44d9260d64951aeaf7c5c0c3b77b2dba7419
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/apk/check_version.json HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369643.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:46 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
ETag: W/"a5ec35be7d438d1071834c00e6031444"
X-Request-Id: 58b7938dd17a12358207fe07aab5959c
Vary: Accept-Encoding, Accept-Language
Expires: Sat, 01 Apr 2023 17:20:47 GMT
Content-Encoding: gzip
w84j4767dd2lowdmst.com/api/v1/locale
52.59.224.62200 OK 811 B URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/locale
IP 52.59.224.62:0
Hash cea91b48ee82ec14fa1730ab48f57686
1566d666366d2a40c4570e4ecd34567f05c4e511
b6cf41e63dc4a80c5a30b74cbb676eb7be54bcae2d245f36e9da830b552691c2
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/locale HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369643.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=604800, private
X-Request-Id: f0fa72dd6bfd5437c9cce9226a723564
pragma: no-cache
expires: -1
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
w84j4767dd2lowdmst.com/api/v3/payment_logo
52.59.224.62200 OK 26 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v3/payment_logo
IP 52.59.224.62:0
Hash ce83e12cf93f5cde798190cd741a9cff
f17c9c5e54449a0a09f0c6507ee7dbd9308249fb
b024d4d6400918ffc113078f7b9df2cc058b82c1411857f418750434276ba819
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v3/payment_logo HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369643.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:46 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
X-Request-Id: 08f4d4de9cf143fc9b7708e32da16e51
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:47 GMT
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
w84j4767dd2lowdmst.com/api/v1/odd_formats.json
52.59.224.62200 OK 2.6 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/odd_formats.json
IP 52.59.224.62:0
Hash a3e59647e90e002ddbcc8f8c8a6ce7e2
3b3c7446e814923680ab135e262af82c788a23e6
8b9b3ee90333f5096a36842d60693f4ebbd4e729ea55237f3b269c4ea713c013
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/odd_formats.json HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369643.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:46 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
ETag: W/"751efdf4b505164ea99e90c8c65245c8"
X-Request-Id: ba4c01ab46741aa119661288c081c5b5
Vary: Accept-Encoding, Accept-Language
Expires: Sat, 01 Apr 2023 17:20:47 GMT
Set-Cookie: _odd_format=decimal; expires=Mon, 01-Apr-2024 17:20:47 GMT; Max-Age=31622400; path=/; secure
Content-Encoding: gzip
w84j4767dd2lowdmst.com/api/v2/slider?section=
52.59.224.62200 OK 1.8 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v2/slider?section=
IP 52.59.224.62:0
Hash 0f688bf4e824e9598c9506a1ebeb40e0
9032f16cc02c8f1328da019dabcbb61b1c496848
59e38e7707314d960d8a1a854ce6e353813e1beb3e06ac3c4cef8ca40c03acbc
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/slider?section= HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369643.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:46 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
X-Request-Id: 426ac4f2961c2be971686be96102ae72
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:47 GMT
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
w84j4767dd2lowdmst.com/api/v1/timezones
52.59.224.62200 OK 5.5 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/timezones
IP 52.59.224.62:0
File type JSON data\012- , ASCII text, with very long lines (30482), with no line terminators
Hash f8706a77c5db49ed3eee18a34aea18ad
8e379aa59256743cf87d2c34d77b7e5ee29f5b58
21ed026874f999cf674f759f0310eb5d09a49df1c64f84ddf58500a99d57d17c
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/timezones HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369643.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
ETag: W/"5ab100e0e44603123a80624d12da29cb"
X-Request-Id: 95c327cafe1bbd645b1797668117e499
Vary: Accept-Encoding, Accept-Language
Expires: Sat, 01 Apr 2023 17:20:47 GMT
Content-Encoding: gzip
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 366 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
Hash a1524feb8980ea354dd7b3796719e792
00b304dc712e375f031828f587cf8e2c3e01983f
1a0c2477290f6e8a9be1bfa9d4c1e1ef0a41c3806ce29283e0ab8223925846a8
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 975
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sat, 01 Apr 2023 17:20:47 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7047981123732766720; Domain=.rockmostbet.com; Path=/; Expires=Sun, 01 Feb 2026 08:40:57 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 8
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 6.0 kB URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
Hash 83a859a23f8b8f4ce8c377f47857b231
9296951dc2fd5bc20826be9bc60598751cba35fd
193db702b62bbdb432f8219417ad717e301b0826b8d6f90dac5a0715000ce8eb
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 973
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sat, 01 Apr 2023 17:20:47 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7047981123732766720; Domain=.rockmostbet.com; Path=/; Expires=Sun, 01 Feb 2026 08:40:57 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 10
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
w84j4767dd2lowdmst.com/api/v1/auth/providers
52.59.224.62200 OK 614 B URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/auth/providers
IP 52.59.224.62:0
Hash 0458b09352f5e6fc71eea9b7c26ab271
642642ade25c67abbd0c80dad61659fb6297aa66
b82e017a26a7bedde257afd3ac66fcf144dd597bd4c1eeaaa067e66950a3f395
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/auth/providers HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369644.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
X-Request-Id: e9c5603e38fde3c4df17b6800881c767
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:47 GMT
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
w84j4767dd2lowdmst.com/api/v1/currencies.json
52.59.224.62200 OK 222 B URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/currencies.json
IP 52.59.224.62:0
File type JSON data\012- , ASCII text, with very long lines (748), with no line terminators
Hash 66cee3ed35fddf3670e49c61caf12844
62163fe9a0fe6453446a6002630b2e3b2fe13318
76194a09da7c6cb5b52ffb76da8e271640d0803878998348361a9576c109b955
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currencies.json HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369644.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
ETag: W/"57f7d77bcb8a4fd24d8998583bfd2da5"
X-Request-Id: 66488fef00f9a413089784cfa925b18a
Vary: Accept-Encoding, Accept-Language
Expires: Sat, 01 Apr 2023 17:20:47 GMT
Content-Encoding: gzip
w84j4767dd2lowdmst.com/api/v1/bonus/first_deposit/info
52.59.224.62200 OK 1.7 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/bonus/first_deposit/info
IP 52.59.224.62:0
Hash 77a6770e5334b73db2dfa557d7e04c65
7dff474d8393e4e918691087a2b4c30d5f475191
3cf8021ba2f3cb87667c74141f4320846d357b1db2c5f40084cf3f5bc6d2264c
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/bonus/first_deposit/info HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369644.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
X-Request-Id: 2e889a1c08b2222927adbcfcd84a4162
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:47 GMT
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
w84j4767dd2lowdmst.com/api/v1/allsports/sports?ss=all
52.59.224.62200 OK 2.6 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/allsports/sports?ss=all
IP 52.59.224.62:0
Hash ded8960a688ef7d8fa903ebabd2c0107
1be074cbb0759fbb8c6f142ef997e3a1f8a77cc8
a16e29acbe30387e63cc64d67bd7a9d3d24743874d42158698bfb9c718fbbe0b
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/allsports/sports?ss=all HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369644.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
X-Request-Id: 0585df53daae2bdb71d67dadd848042e
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:47 GMT
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
code.jivosite.com/script/widget/config/Y1lPjvCuT3
5.101.71.73200 OK 1.8 kB URL HTTP/2 code.jivosite.com/script/widget/config/Y1lPjvCuT3
IP 5.101.71.73:0
ASN #34665 Petersburg Internet Network ltd.
Hash d4e642233ef3da6f775bd76feebeffaf
ae153c0afa08cdbaedfab56385bd47d1dc489666
31fac124930917bd2a9bf4aaa2028114ef0007ec33ee5b23fd1125af4f6e4702
GET /script/widget/config/Y1lPjvCuT3 HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 17:20:47 GMT
content-type: application/x-javascript
content-length: 1602
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: gzip
expires: Sat, 01 Apr 2023 19:01:24 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2023-04-01T17:01:24+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
w84j4767dd2lowdmst.com/api/v1/coupon/preview.json
52.59.224.62200 OK 3.8 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/coupon/preview.json
IP 52.59.224.62:0
Hash 78d52ea15d68fddf1caaad9c77f04dcc
11246577b4bcba034d7aaecda0d8d2d82cc73160
46e261334fd667560f7de28c35711c6432a9a39850c89159ec2c9e8b3084d7e2
Analyzer Verdict Alert quad9 Sinkholed
POST /api/v1/coupon/preview.json HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
Content-Type: application/json;charset=utf-8
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Content-Length: 97
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369644.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
X-Request-Id: 90ca9239a5ef90c478e5d11adbf2a6ed
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:47 GMT
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
w84j4767dd2lowdmst.com/api/v1/casino/games?page=1&itemsOnPage=6&platform=desktop¤cy=NOK&productTypes[]=live_casino&productTypes[]=live_games
52.59.224.62200 OK 1.3 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/casino/games?page=1&itemsOnPage=6&platform=desktop¤cy=NOK&productTypes[]=live_casino&productTypes[]=live_games
IP 52.59.224.62:0
File type JSON data\012- , ASCII text, with very long lines (6421), with no line terminators
Hash 12b629ac30122bb23f0445031920a4de
b916e6e50dc89a8ec364c2eec409e3a3de164c39
5e108f8d9c0d61dbcbb19e9b183eb42143b4bdd5a3617c3919c8ae8822f8fe59
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/casino/games?page=1&itemsOnPage=6&platform=desktop¤cy=NOK&productTypes[]=live_casino&productTypes[]=live_games HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369644.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
X-Request-Id: 7e3753dea3fce12193f6b4c939d6c39a
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:47 GMT
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
w84j4767dd2lowdmst.com/api/v1/casino/games/top?page=1&itemsOnPage=6&platform=desktop¤cy=NOK
52.59.224.62200 OK 2.0 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/casino/games/top?page=1&itemsOnPage=6&platform=desktop¤cy=NOK
IP 52.59.224.62:0
File type JSON data\012- , ASCII text, with very long lines (11436), with no line terminators
Hash c2fe5d349d2c64b148b068d62ac0ad26
0877cd848cc9fa75f04ef4d912cb2c3a3d48b047
58736de85f09dfbffed8f6026855c8a78444ba7c055135e7807642f9b6177a1e
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/casino/games/top?page=1&itemsOnPage=6&platform=desktop¤cy=NOK HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369644.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
X-Request-Id: 9cc5dc6e61b0789179efa722afc500dd
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:47 GMT
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
w84j4767dd2lowdmst.com/api/v3/user/line/top-list?is_spa=1
52.59.224.62200 OK 41 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v3/user/line/top-list?is_spa=1
IP 52.59.224.62:0
Hash 461d16eb8c7c4fc3761f2d84866917ec
4264eaaea8ee5946e1ed5589981be70d2c7ceb58
6db433cddce5f80d22d113575d169fc0ccf7605d8cf10c16ccaf3d110f0746ba
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v3/user/line/top-list?is_spa=1 HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369644.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
X-Request-Id: b4c9da3ed06c55feeb33bd7e29271c37
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:47 GMT
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
w84j4767dd2lowdmst.com/api/v1/casino/games?page=1&itemsOnPage=6&platform=desktop¤cy=NOK
52.59.224.62200 OK 5.4 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/casino/games?page=1&itemsOnPage=6&platform=desktop¤cy=NOK
IP 52.59.224.62:0
Hash 214c146cb1570ff377b4446a4410f150
b8452a26ffa6369a913b6e5480bf55f773071434
166528b147e914db90e41548538e0c4b66337510159ade9dd93afa0f04960ff1
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/casino/games?page=1&itemsOnPage=6&platform=desktop¤cy=NOK HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369644.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
X-Request-Id: 8c9482eb62a8ced63a9a67e223502f26
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:47 GMT
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 8.3 kB URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
Hash c71b6222781c12dbcee50281db54a42e
be583c2ba0ee77fa57bb01f283a986881573d80e
c7cd5dbe4ff6e1a0aae1734ebc79d749511b24a5bdb6a288ed3ad237d36372e3
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 984
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sat, 01 Apr 2023 17:20:47 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7047981123732766720; Domain=.rockmostbet.com; Path=/; Expires=Sun, 01 Feb 2026 08:40:57 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 1
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
mostauthor.com/multiauth/ping
185.26.99.196200 OK 488 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash c287f34b93d8f4edaa96429e0a728dfe
4722f8f1e549900875989391a0a502e661f784e4
774d0c96b9fa9e6a352c936942cc172c818da9f4062a4111be6fec458e2d0cea
OPTIONS /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://w84j4767dd2lowdmst.com/
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 607caf1a03444a528b571a16a878402c
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sat, 01 Apr 2023 17:20:47 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/ping
185.26.99.196401 Unauthorized 35 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 0d996c3fba12286419cc5490ecc262f2
8d763a6d6dc7b73504e259d6755a91215cc90a77
89ee31619ad837c48dfe0eeb3bd1e65d8c372d8b73c1f1e345c6dd91aca7f25f
GET /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Cookie: test_cooke_fm99akfbcdbbxav471kt0v=1; test_cooke_xlaat0w25qr2jfy1n7oewc=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 401 Unauthorized
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: d5d4fd76426045e7b7ffed3a2977dd17
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 35
date: Sat, 01 Apr 2023 17:20:47 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 2.9 kB IP 142.250.74.131:0
Hash 97fa28c5318b1190cf7164ee9a4854ac
82a66b779f5599ddb0dede7b42c484cb4e631883
669ba98f20b1c4092168c5c383394a1fc62c72953504a7591e2b9a77e3b1c18b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 17:20:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c805a5c8d88d63e317a631e82533b14
c9c70d6d8c42c5690e57e1d3b0b6331a8b1ec1a7
4957e91e8473ee4aaf83db07185ba4a0eab8f9b5687d566e65cb5f4028071183
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 17:20:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-79409907-1&cid=467681347.1680369643&jid=124360828&_u=YADAAEAAAAAAACAEK~&z=1502228701
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-79409907-1&cid=467681347.1680369643&jid=124360828&_u=YADAAEAAAAAAACAEK~&z=1502228701
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-79409907-1&cid=467681347.1680369643&jid=124360828&_u=YADAAEAAAAAAACAEK~&z=1502228701 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 17:20:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-79409907-1&cid=467681347.1680369643&jid=294101653&_u=YADAAEABAAAAACAEK~&z=1193673449
142.250.74.163200 OK 11 kB URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-79409907-1&cid=467681347.1680369643&jid=294101653&_u=YADAAEABAAAAACAEK~&z=1193673449
IP 142.250.74.163:0
Hash 3c5c9e5348a285cea82b87ffdf3d52c0
36318603e6e83ae71c9756e718e6aea19ff83893
cc3424d7f92e8cc3993c801bce5f7901a3b0933a685da3885653d9191cef12a1
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-79409907-1&cid=467681347.1680369643&jid=294101653&_u=YADAAEABAAAAACAEK~&z=1193673449 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 01 Apr 2023 17:20:47 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c805a5c8d88d63e317a631e82533b14
c9c70d6d8c42c5690e57e1d3b0b6331a8b1ec1a7
4957e91e8473ee4aaf83db07185ba4a0eab8f9b5687d566e65cb5f4028071183
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 01 Apr 2023 17:20:47 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
w84j4767dd2lowdmst.com/upload/images/payment_logo_image/DEFOLT/2_visa.svg
52.59.224.62200 OK 15 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/upload/images/payment_logo_image/DEFOLT/2_visa.svg
IP 52.59.224.62:0
Hash 606bfbf9775c87f70a3a2bf6f29bfa84
21da3a7e7f1a4ef2a5dccf00dcb52ee0560ec892
81004b2f1fcdf4113cb725b56197e2991331a98e7ecc51630cc08a2837cfa41a
Analyzer Verdict Alert quad9 Sinkholed
GET /upload/images/payment_logo_image/DEFOLT/2_visa.svg HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369645.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
content-security-policy: block-all-mixed-content
etag: W/"c907d248716371bd5cb5c9be824251fb"
last-modified: Fri, 17 Mar 2023 13:16:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, Origin, Accept-Encoding
x-amz-request-id: 1751D2054817BBA4
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
Expires: Sun, 02 Apr 2023 17:20:47 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
w84j4767dd2lowdmst.com/upload/images/payment_logo_image/DEFOLT/1_mastercard.svg
52.59.224.62200 OK 1.9 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/upload/images/payment_logo_image/DEFOLT/1_mastercard.svg
IP 52.59.224.62:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (4610), with no line terminators
Hash 39dd0c11507460538f70fff0811f6a43
86abe418dbb681578cb7a0e247f94f803bfff57e
375173b93345a1e624fe1222ee1dca56a24db1e248c4636ca2e33b70c0b0f243
Analyzer Verdict Alert quad9 Sinkholed
GET /upload/images/payment_logo_image/DEFOLT/1_mastercard.svg HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369645.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
content-security-policy: block-all-mixed-content
etag: W/"aded41f85ede679a8a11c618afce1f2b"
last-modified: Fri, 17 Mar 2023 13:16:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, Origin, Accept-Encoding
x-amz-request-id: 1751D2F938C5FF86
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
Expires: Sun, 02 Apr 2023 17:20:47 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
w84j4767dd2lowdmst.com/upload/images/payment_logo_image/DEFOLT/3_maestro.svg
52.59.224.62200 OK 18 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/upload/images/payment_logo_image/DEFOLT/3_maestro.svg
IP 52.59.224.62:0
Hash 01d724b5ce5e7d72e757af353c89268b
47493421e6e23d3e38f00300db6269282a387287
4dfccf04eeb313b673ea4025325fcc395c6d9de42f299c1e77484151723812ec
Analyzer Verdict Alert quad9 Sinkholed
GET /upload/images/payment_logo_image/DEFOLT/3_maestro.svg HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369645.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
content-security-policy: block-all-mixed-content
etag: W/"883970d0986d7dc47b0430516831c5db"
last-modified: Fri, 17 Mar 2023 13:16:56 GMT
strict-transport-security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, Origin, Accept-Encoding
x-amz-request-id: 1751CDFCABF6C3E8
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
Expires: Sun, 02 Apr 2023 17:20:47 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
w84j4767dd2lowdmst.com/upload/images/payment_logo_image/DEFOLT/5_ecopayz.svg
52.59.224.62200 OK 1.1 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/upload/images/payment_logo_image/DEFOLT/5_ecopayz.svg
IP 52.59.224.62:0
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2496), with no line terminators
Hash ccdbbfab11f9bc5518d9a358bc4ab146
c68e8211b99f0454d4cc95004c4c35d8f254a778
178fe07112eb953f7e89770f4bdcbd9a056efbbcf6d8da6d12849c25ca8b9836
Analyzer Verdict Alert quad9 Sinkholed
GET /upload/images/payment_logo_image/DEFOLT/5_ecopayz.svg HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369645.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
content-security-policy: block-all-mixed-content
etag: W/"2a17dba48c046ae7a6d965d714c31698"
last-modified: Fri, 17 Mar 2023 13:16:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, Origin, Accept-Encoding
x-amz-request-id: 1751D2CB3A2ED0A6
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
Expires: Sun, 02 Apr 2023 17:20:47 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
w84j4767dd2lowdmst.com/upload/images/payment_logo_image/DEFOLT/4_webmoney.svg
52.59.224.62200 OK 2.2 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/upload/images/payment_logo_image/DEFOLT/4_webmoney.svg
IP 52.59.224.62:0
Hash a65df2519969b304d3c9b0e88a1d26a8
ffa2ed3f8ef58646fbfbacdc14a3532cceacac39
8b5111c13079ef7742e2761a7f025ee33931c1c83942cd20137a1d4030180ad7
Analyzer Verdict Alert quad9 Sinkholed
GET /upload/images/payment_logo_image/DEFOLT/4_webmoney.svg HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369645.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
content-security-policy: block-all-mixed-content
etag: W/"e9c6c3d3c8c2dfef14a136c1ec598009"
last-modified: Fri, 17 Mar 2023 13:16:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, Origin, Accept-Encoding
x-amz-request-id: 1751D2D69B6B74F7
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
Expires: Sun, 02 Apr 2023 17:20:47 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
w84j4767dd2lowdmst.com/upload/images/payment_logo_image/DEFOLT/6_bitcoin.svg
52.59.224.62200 OK 4.8 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/upload/images/payment_logo_image/DEFOLT/6_bitcoin.svg
IP 52.59.224.62:0
Hash d9477fac2dd7164cdbbfec539a89cced
8ffefe490e9365e1b8c2686704b7ed14e677baf3
ebd0a18e99183af067922d9d7993d8980d02d1ab008cfa3582ae5df3108622a7
Analyzer Verdict Alert quad9 Sinkholed
GET /upload/images/payment_logo_image/DEFOLT/6_bitcoin.svg HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369645.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:47 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
content-security-policy: block-all-mixed-content
etag: W/"b39c5d29fc49b5828cec77f8c68d7b8f"
last-modified: Fri, 17 Mar 2023 13:16:57 GMT
strict-transport-security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, Origin, Accept-Encoding
x-amz-request-id: 1751D2AEFBFC3539
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
Expires: Sun, 02 Apr 2023 17:20:47 GMT
Cache-Control: max-age=86400
Content-Encoding: gzip
w84j4767dd2lowdmst.com/cdn/uploads/casino/game/36915/game_1663860131.png
52.59.224.62200 OK 33 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/cdn/uploads/casino/game/36915/game_1663860131.png
IP 52.59.224.62:0
Hash a3c4914628b044a996288a2d3f804d31
ad789b0bedc614282dcce30ce258798d11f35890
90bd5e1d02fb20e973acd17a49b5e65f4bc2ecb6d156e439ebb3957e6d780b3c
Analyzer Verdict Alert quad9 Sinkholed
GET /cdn/uploads/casino/game/36915/game_1663860131.png HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369645.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:48 GMT
Content-Type: image/png
Content-Length: 32564
Connection: keep-alive
last-modified: Thu, 22 Sep 2022 15:22:12 GMT
etag: "632c7da4-7f34"
expires: Sat, 01 Apr 2023 18:20:48 GMT
cache-control: max-age=3600
vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 8513
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ybWUddum1%2BdEkRrIp5rEsJTzPmljUSdBGOftvryY9Rd78%2FoHhA0YjcmBfJtty6XXHD8yDf2xWOuILKxt7pmuPDaIkDY1DIxf%2FV%2BO10kOPHOb3rG7xL%2Bj%2FZJOgxAkuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7b10b0a9cb603639-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Accept-Ranges: bytes
w84j4767dd2lowdmst.com/cdn/uploads/casino/game/34273/game_1654166154.jpg
52.59.224.62200 OK 122 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/cdn/uploads/casino/game/34273/game_1654166154.jpg
IP 52.59.224.62:0
Size 122 kB (121674 bytes)
Hash 2563761735b41467dfcee041790012ed
8e85c60fc34308da7d9935fd033fecd038aa4a01
6af2bf1ce146c2af102071ce412d6f9cb906f4ad3cfad8a70ae1024e81519560
Analyzer Verdict Alert quad9 Sinkholed
GET /cdn/uploads/casino/game/34273/game_1654166154.jpg HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369645.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:48 GMT
Content-Type: image/jpeg
Content-Length: 119262
Connection: keep-alive
last-modified: Thu, 02 Jun 2022 10:35:55 GMT
etag: "6298928b-1d1de"
expires: Sat, 01 Apr 2023 18:20:48 GMT
cache-control: max-age=3600
vary: Accept-Encoding
CF-Cache-Status: HIT
Age: 6253
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ii%2FNNOfVytV2Ns2%2BL4f%2BlSEQxmWOpjGDeSTc9HeOFN%2B%2FjlSh%2FT8IkpBm81F%2FmojUO9R7iEkWyN%2B%2FPsMq15dUco%2FOvbQi4alEhelRjVgxKDSXlXdXVQm%2FW2PYIAwSmg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
CF-RAY: 7b10b0eadc372bc9-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Accept-Ranges: bytes
node-sber1-az1-6.jivosite.com/widget/status/561276/Y1lPjvCuT3?rnd=0.6271493201051591
188.72.107.240200 OK 4.0 kB URL HTTP/2 node-sber1-az1-6.jivosite.com/widget/status/561276/Y1lPjvCuT3?rnd=0.6271493201051591
IP 188.72.107.240:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (3995), with no line terminators
Hash 4d2fa46de395719ed7549196066c0c0b
cc68798fb0ce8cd09be0c4d038de922736fa020d
bbb62be4f2dbd0ee0feac09f1494fdc3636437f01a819852e8ae3aeb922d40cb
GET /widget/status/561276/Y1lPjvCuT3?rnd=0.6271493201051591 HTTP/1.1
Host: node-sber1-az1-6.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-max-age: 1728000
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-expose-headers: X-Geoip, X-Botmode
cache-control: no-cache, no-store, must-revalidate
content-security-policy: frame-ancestors 'none';
content-type: application/json; charset=utf-8
pragma: no-cache
server: foxy/2.0.1
x-botmode: no
x-frame-options: DENY
x-geoip: NO;03;Oslo (Alna District)
content-length: 4009
date: Sat, 01 Apr 2023 17:20:48 GMT
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&hittoken=1680369646_756a05af6cd66b7398ea978726197862a5d4f651a007d9bc0afec32cc16c92cc&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172045%3Aet%3A1680369645%3Ac%3A1%3Arn%3A643859907%3Arqn%3A2%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3972%2C3972%2C15%2C%3Aco%3A0%3Ans%3A1680369641393%3Aadb%3A2%3Ast%3A1680369646&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(2)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&hittoken=1680369646_756a05af6cd66b7398ea978726197862a5d4f651a007d9bc0afec32cc16c92cc&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172045%3Aet%3A1680369645%3Ac%3A1%3Arn%3A643859907%3Arqn%3A2%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3972%2C3972%2C15%2C%3Aco%3A0%3Ans%3A1680369641393%3Aadb%3A2%3Ast%3A1680369646&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&hittoken=1680369646_756a05af6cd66b7398ea978726197862a5d4f651a007d9bc0afec32cc16c92cc&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172045%3Aet%3A1680369645%3Ac%3A1%3Arn%3A643859907%3Arqn%3A2%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3972%2C3972%2C15%2C%3Aco%3A0%3Ans%3A1680369641393%3Aadb%3A2%3Ast%3A1680369646&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 69
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 01 Apr 2023 17:20:48 GMT
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 01-Apr-2023 17:20:48 GMT
last-modified: Sat, 01-Apr-2023 17:20:48 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&hittoken=1680369646_756a05af6cd66b7398ea978726197862a5d4f651a007d9bc0afec32cc16c92cc&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172045%3Aet%3A1680369645%3Ac%3A1%3Arn%3A42510317%3Arqn%3A3%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1680369641393%3Anp%3ATGludXggeDg2XzY0%3Aadb%3A2%3Ast%3A1680369646&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(3)aw(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&hittoken=1680369646_756a05af6cd66b7398ea978726197862a5d4f651a007d9bc0afec32cc16c92cc&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172045%3Aet%3A1680369645%3Ac%3A1%3Arn%3A42510317%3Arqn%3A3%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1680369641393%3Anp%3ATGludXggeDg2XzY0%3Aadb%3A2%3Ast%3A1680369646&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&hittoken=1680369646_756a05af6cd66b7398ea978726197862a5d4f651a007d9bc0afec32cc16c92cc&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172045%3Aet%3A1680369645%3Ac%3A1%3Arn%3A42510317%3Arqn%3A3%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1680369641393%3Anp%3ATGludXggeDg2XzY0%3Aadb%3A2%3Ast%3A1680369646&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 187
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 01 Apr 2023 17:20:48 GMT
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 01-Apr-2023 17:20:48 GMT
last-modified: Sat, 01-Apr-2023 17:20:48 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&hittoken=1680369646_756a05af6cd66b7398ea978726197862a5d4f651a007d9bc0afec32cc16c92cc&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172045%3Aet%3A1680369645%3Ac%3A1%3Arn%3A409252374%3Arqn%3A5%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1680369641393%3Aadb%3A2%3Ast%3A1680369646&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(5)aw(1)ti(2)
87.250.251.119200 OK 451 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&hittoken=1680369646_756a05af6cd66b7398ea978726197862a5d4f651a007d9bc0afec32cc16c92cc&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172045%3Aet%3A1680369645%3Ac%3A1%3Arn%3A409252374%3Arqn%3A5%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1680369641393%3Aadb%3A2%3Ast%3A1680369646&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(5)aw(1)ti(2)
IP 87.250.251.119:0
Hash 8335df6d532fef596e104d47818a4a03
caf887e5467f97f24e987f61f1a48a0f00eb82e1
ea95bd7e33f338d1c423c9c54015a0cf665dc6811105bd25192c59b988838a8e
POST /watch/37954615/1?page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&hittoken=1680369646_756a05af6cd66b7398ea978726197862a5d4f651a007d9bc0afec32cc16c92cc&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172045%3Aet%3A1680369645%3Ac%3A1%3Arn%3A409252374%3Arqn%3A5%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1680369641393%3Aadb%3A2%3Ast%3A1680369646&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(5)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 79
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 01 Apr 2023 17:20:48 GMT
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 01-Apr-2023 17:20:48 GMT
last-modified: Sat, 01-Apr-2023 17:20:48 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&hittoken=1680369646_756a05af6cd66b7398ea978726197862a5d4f651a007d9bc0afec32cc16c92cc&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172045%3Aet%3A1680369645%3Ac%3A1%3Arn%3A140024410%3Arqn%3A4%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1680369641393%3Aadb%3A2%3Ast%3A1680369646&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(4)aw(1)ti(2)
87.250.251.119200 OK 3.7 kB URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&hittoken=1680369646_756a05af6cd66b7398ea978726197862a5d4f651a007d9bc0afec32cc16c92cc&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172045%3Aet%3A1680369645%3Ac%3A1%3Arn%3A140024410%3Arqn%3A4%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1680369641393%3Aadb%3A2%3Ast%3A1680369646&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP 87.250.251.119:0
Hash 1c1ef8e5113a7fb9de8389bf8e2193d9
b826c5456dc6e31510536c60bd6b19082a6cfa94
b5960bc8de6b5096fe7fc7754460b3413d62941baa48598a5a750d097cbd89c2
POST /watch/37954615/1?page-url=https%3A%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&charset=utf-8&hittoken=1680369646_756a05af6cd66b7398ea978726197862a5d4f651a007d9bc0afec32cc16c92cc&browser-info=pa%3A1%3Aar%3A1%3Avf%3A3ue65zhww2f2brt35wtqzj%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A991%3Acn%3A1%3Adp%3A0%3Als%3A1454443375709%3Ahid%3A415844028%3Az%3A0%3Ai%3A20230401172045%3Aet%3A1680369645%3Ac%3A1%3Arn%3A140024410%3Arqn%3A4%3Au%3A1680369644296939135%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1680369641393%3Aadb%3A2%3Ast%3A1680369646&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 75
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 01 Apr 2023 17:20:48 GMT
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 01-Apr-2023 17:20:48 GMT
last-modified: Sat, 01-Apr-2023 17:20:48 GMT
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
w84j4767dd2lowdmst.com/favicon.png
52.59.224.62200 OK 2.8 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/favicon.png
IP 52.59.224.62:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash f8cbfde8f3484f7a5f02189742f0f110
3eb0cec3e65d6cb0cc2744b5fa57ded1afb6e4d4
70504d4dc047aeac702b31e9290e9f5553e901d07d3844269cd966042988159a
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.png HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369645.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal; multiAuthThirdPartyEnabled=true; _ym_visorc=b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:48 GMT
Content-Type: image/png
Content-Length: 2810
Connection: keep-alive
Last-Modified: Sat, 01 Apr 2023 14:46:18 GMT
ETag: "642843ba-afa"
Accept-Ranges: bytes
w84j4767dd2lowdmst.com/api/v2/translations?locales[]=en&domains[]=validators&fallback=1
52.59.224.62200 OK 7.9 kB URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v2/translations?locales[]=en&domains[]=validators&fallback=1
IP 52.59.224.62:0
File type JSON data\012- , ASCII text, with very long lines (35092), with no line terminators
Hash 853b72c15d488a1ad358251a42eced86
ddb7b9c110cde6c561591febb615ca895268e9ae
728b1225533eb6fb745b3ccd0b00ac599a6717dba3c90b3569b517a93b4a9aad
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=en&domains[]=validators&fallback=1 HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Connection: keep-alive
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369645.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal; multiAuthThirdPartyEnabled=true; _ym_visorc=b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:48 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
ETag: W/"72a0b56e30dfceccba69588777b72079"
X-Request-Id: 61cee41ae44fc70faff34320887932ad
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:49 GMT
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
code.jivosite.com/script/widget/config/TWlRM6tTTH
5.101.71.73200 OK 6.5 kB URL HTTP/2 code.jivosite.com/script/widget/config/TWlRM6tTTH
IP 5.101.71.73:0
ASN #34665 Petersburg Internet Network ltd.
Hash e3fe0677c7eb70cd05af1a495cb47584
69e3e363956f0327059dc13d62a27b34dbb1244a
7c8a817a9a6470bd847f3baba7720f7c22d5f7b77008c67432d254efec777077
GET /script/widget/config/TWlRM6tTTH HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 17:20:49 GMT
content-type: application/x-javascript
content-length: 1498
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: gzip
expires: Sat, 01 Apr 2023 19:20:49 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: MISS
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
node-sber1-az1-6.jivosite.com/widget/status/561276/TWlRM6tTTH?rnd=0.6836181701864646
188.72.107.240200 OK 714 B URL HTTP/2 node-sber1-az1-6.jivosite.com/widget/status/561276/TWlRM6tTTH?rnd=0.6836181701864646
IP 188.72.107.240:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (692), with no line terminators
Hash 1c5ee78a69918c3af8ed2e62dda27147
3edecd41c724662081b46e45f341b7e0c5a8e8cf
42b377b64732c7f60acfdf6fb249c4016a757fe4c175fce05f1f27e75fe35681
GET /widget/status/561276/TWlRM6tTTH?rnd=0.6836181701864646 HTTP/1.1
Host: node-sber1-az1-6.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-max-age: 1728000
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-expose-headers: X-Geoip, X-Botmode
cache-control: no-cache, no-store, must-revalidate
content-security-policy: frame-ancestors 'none';
content-type: application/json; charset=utf-8
pragma: no-cache
server: foxy/2.0.1
x-botmode: no
x-frame-options: DENY
x-geoip: NO;03;Oslo (Alna District)
content-length: 714
date: Sat, 01 Apr 2023 17:20:49 GMT
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 71181317a3251fcd3787e4991813db01
1b45cd2618a64eb94918b16aa4db522c9fac2bd6
3905051a2024ad808c5d87af52284d1878dc2c0bcd5e0edf44bc8f1bc1b740ba
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 01 Apr 2023 17:20:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 05 Apr 2023 15:33:41 GMT
ETag: "1b45cd2618a64eb94918b16aa4db522c9fac2bd6"
Last-Modified: Sat, 01 Apr 2023 15:33:42 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1961
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7b1281452df5b52d-OSL
code.jivo.ru/js/bundle_no.js?rand=1679575045
5.101.71.73200 OK 270 kB URL HTTP/2 code.jivo.ru/js/bundle_no.js?rand=1679575045
IP 5.101.71.73:0
ASN #34665 Petersburg Internet Network ltd.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (1571)
Size 270 kB (269585 bytes)
Hash 5f0e705e0ddbcf017a631a686db308af
4ba75ebbf50e8a40af9d4ffea55f824eb0abb591
8169328b29428aee5c779313a7e8847eae95be12f37bb91dcb807ec7663b453a
GET /js/bundle_no.js?rand=1679575045 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 17:20:49 GMT
content-type: application/javascript
content-length: 268591
access-control-allow-origin: *
cache-control: max-age=86400
content-encoding: br
etag: "641b0492-4192f"
last-modified: Wed, 22 Mar 2023 13:37:22 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2023-04-01T13:02:46+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
w84j4767dd2lowdmst.com/api/v1/bonus/first_deposit/info?currency=NOK
52.59.224.62200 OK 72 B URL HTTP/1.1 w84j4767dd2lowdmst.com/api/v1/bonus/first_deposit/info?currency=NOK
IP 52.59.224.62:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b718488b69af88f38ba82bb87435ca26
2ff3461e38f3169580e5be42ded9297d30e07645
38d1d42585198de411657269d62350138ce6386a60708c025c38ae4ee91ffc30
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/bonus/first_deposit/info?currency=NOK HTTP/1.1
Host: w84j4767dd2lowdmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1120
x-client-session: bqa0f3mk346c5ru2ife1
x-client-device-id: e06jsdms1iw7pyqcpl8f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/?registration=1&cid=2555547805&pid=114444&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1680369643.1.0.1680369645.0.0.0; _ga=GA1.2.467681347.1680369643; cid=2555547805; prid=most_partner.2555547805; pid=114444; sip=0; PHPSESSID=nqnm4ivq90aj20l49ejh9hvjsn; lunetics_locale=en; tz=Europe%2FOslo; rst-uid=7047981123732766720; _gid=GA1.2.649329921.1680369644; _gaclientid=467681347.1680369643; _gasessionid=20230401|09890215; _gahitid=1680369643806; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1680369644296939135; _ym_d=1680369644; _fbp=fb.1.1680369644242.1941975596; _ym_isad=2; registration-saved-type=1; _odd_format=decimal; multiAuthThirdPartyEnabled=true; _ym_visorc=b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 01 Apr 2023 17:20:50 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=0, must-revalidate, private
X-Request-Id: 3090c3fc795fa38c072912133681b21b
pragma: no-cache
Expires: Sat, 01 Apr 2023 17:20:50 GMT
Vary: Accept-Encoding, Accept-Language
Content-Encoding: gzip
code.jivo.ru/css/510a715/widget.css
5.101.71.73200 OK 54 kB URL HTTP/2 code.jivo.ru/css/510a715/widget.css
IP 5.101.71.73:0
ASN #34665 Petersburg Internet Network ltd.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with no line terminators
Hash 6ac2da3c229c1a3f8b43502057185e50
7dbe0c36a0d11120949b894d80a6c27aae144894
ce503a51c0b0df40ac2ea85819c98adab80bd510846d55851afdfaa88715f1f5
GET /css/510a715/widget.css HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 01 Apr 2023 17:20:50 GMT
content-type: text/css
content-length: 53740
cache-control: max-age=864000
content-encoding: br
etag: "641b047e-d1ec"
expires: Sun, 02 Apr 2023 12:37:48 GMT
last-modified: Wed, 22 Mar 2023 13:37:02 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2023-03-23T12:37:48+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 799 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4ac81b4e4dfa8f21948f8fcb317fe7c2
a04c047997390cd1b44edd0905803adc7f3694a3
9ccf95a6e5c23f7109224cc6e1edab590419ca3d5944e124436b1304bf9abd01
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F77998E41189024F4B8DF2D858D4DD1D43153582C7C836055EAF0EFAA086A868"
Last-Modified: Thu, 30 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8489
Expires: Sat, 01 Apr 2023 19:42:20 GMT
Date: Sat, 01 Apr 2023 17:20:51 GMT
Connection: keep-alive
webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&prev_url=&lang=en&uli=false
34.111.52.132200 OK 513 B URL HTTP/2 webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&prev_url=&lang=en&uli=false
IP 34.111.52.132:0
Hash 2295d9ead8e24f431de4ee500693fbc8
ffc0a534a0c963eb9b7713c68e5c098aeb387660
4329cfe429d5f1f989ff253c5ceaa0f88a455d4513d21c18cf98deea336b1a39
GET /customer/799213038/campaigns?url=https:%2F%2Fw84j4767dd2lowdmst.com%2F%3Fregistration%3D1%26cid%3D2555547805%26pid%3D114444%26sip%3D0&prev_url=&lang=en&uli=false HTTP/1.1
Host: webchannel-content.eservice.emarsys.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Apr 2023 17:20:51 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: *
content-type: application/json
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
code.jivo.ru/sounds/agent_message.mp3
5.101.71.73206 Partial Content 4.1 kB URL HTTP/2 code.jivo.ru/sounds/agent_message.mp3
IP 5.101.71.73:0
ASN #34665 Petersburg Internet Network ltd.
Hash 528c79acc61741d97a2f9c3f130b5acb
e48a5c198963c4b1a2020294aee5fdea9bb23cae
0c7f2e6ab6b2afeea69f8600be7dd050a6a4c6c574bf1425fc940996e579ad43
GET /sounds/agent_message.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Sat, 01 Apr 2023 17:20:51 GMT
content-type: audio/mpeg
content-length: 3760
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "64104f13-eb0"
expires: Sat, 15 Apr 2023 13:37:36 GMT
last-modified: Tue, 14 Mar 2023 10:40:19 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2023-03-16T13:37:36+00:00
x-id: fr5-up-gc15
content-range: bytes 0-3759/3760
X-Firefox-Spdy: h2
code.jivo.ru/sounds/notification.mp3
5.101.71.73206 Partial Content 5.8 kB URL HTTP/2 code.jivo.ru/sounds/notification.mp3
IP 5.101.71.73:0
ASN #34665 Petersburg Internet Network ltd.
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash 9aa341af370c4e59155717260ba0f282
0c1216ecead8d1409557c843d96202c063f3f252
1112436abea08c851302bba4d4e37a27e25e5ec26b20474667a3369d41154bab
GET /sounds/notification.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Sat, 01 Apr 2023 17:20:51 GMT
content-type: audio/mpeg
content-length: 5808
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "64104f13-16b0"
expires: Sat, 15 Apr 2023 13:39:00 GMT
last-modified: Tue, 14 Mar 2023 10:40:19 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2023-03-16T13:39:00+00:00
x-id: fr5-up-gc15
content-range: bytes 0-5807/5808
X-Firefox-Spdy: h2
code.jivo.ru/sounds/outgoing_message.mp3
5.101.71.73206 Partial Content 5.2 kB URL HTTP/2 code.jivo.ru/sounds/outgoing_message.mp3
IP 5.101.71.73:0
ASN #34665 Petersburg Internet Network ltd.
Hash 4c368018a90c7df2c733d4ca17bff897
ff1ea5f978b4dab9e3938b52a8177295c36a005d
e1fd34701b7aa2950e05fd9b030315dd6b5f52cd92b9960c9a9420607562f864
GET /sounds/outgoing_message.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Sat, 01 Apr 2023 17:20:51 GMT
content-type: audio/mpeg
content-length: 5014
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "64104f13-1396"
expires: Sat, 15 Apr 2023 13:37:21 GMT
last-modified: Tue, 14 Mar 2023 10:40:19 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2023-03-16T13:37:21+00:00
x-id: fr5-up-gc15
content-range: bytes 0-5013/5014
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:35 GMT
expires: Wed, 27 Mar 2024 10:31:35 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
age: 370157
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:31:03 GMT
expires: Wed, 27 Mar 2024 10:31:03 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
age: 370189
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
142.250.74.35200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15340, version 1.0\012- data
Hash 19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 28 Mar 2023 10:53:57 GMT
expires: Wed, 27 Mar 2024 10:53:57 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
age: 368815
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
vi-sber1-3.jivosite.com/TWlRM6tTTH?136ba6d583543064
46.243.227.203101 Switching Protocols 0 B URL HTTP/1.1 vi-sber1-3.jivosite.com/TWlRM6tTTH?136ba6d583543064
IP 46.243.227.203:0
ASN #208677 Cloud technology Limited (Ltd.)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /TWlRM6tTTH?136ba6d583543064 HTTP/1.1
Host: vi-sber1-3.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://w84j4767dd2lowdmst.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8OvgyYt/q4fH0VCg0D/GHQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Access-Control-Allow-Origin: https://w84j4767dd2lowdmst.com
Sec-WebSocket-Accept: hEtBlanijBkeAbYi+g/OBqzlykk=
Server: hand/2.8
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash e5c5cbe97e7232ced3325b2480cdfc6e
28cf31cae35d4e4efd3951050f83f1e92631159e
05c9df6395410607f55137e92410d34a82db5e9c74b9657dfdb86ea50cb8a2e0
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 892
Origin: https://w84j4767dd2lowdmst.com
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://w84j4767dd2lowdmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sat, 01 Apr 2023 17:20:52 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7047981123732766720; Domain=.rockmostbet.com; Path=/; Expires=Sun, 01 Feb 2026 08:40:57 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 1
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1120/static/js/main.76137675.chunk.js
104.21.9.158200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1120/static/js/main.76137675.chunk.js
IP 104.21.9.158:0
GET /spa-static/1.4.1120/static/js/main.76137675.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Apr 2023 17:20:44 GMT
content-type: application/javascript
last-modified: Sat, 01 Apr 2023 14:53:20 GMT
vary: Accept-Encoding
etag: W/"64284560-60e11"
expires: Sat, 01 Apr 2023 18:57:20 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 8604
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=acnOaT%2FBg2Aiu6kz3PimgA1gjHMMOPen%2BYWaMTq%2Bwv4DwIMwljpSIZXeoivyRT4NUyqkLQD19PdUtEawJN8ZVP4jA7y8II%2Fc5I%2BJJ6%2B3QZH1cvz3pYLoEsmFGw6EUWKtSwyI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b1281279a0ab4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
connect.facebook.net/signals/config/2109311049329438?v=2.9.100&r=stable
157.240.205.11200 OK 0 B URL HTTP/2 connect.facebook.net/signals/config/2109311049329438?v=2.9.100&r=stable
IP 157.240.205.11:0
GET /signals/config/2109311049329438?v=2.9.100&r=stable HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
origin-agent-cluster: ?0
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: T2Ar9KLtkitOyHuElsssRYSXFiv2orJDv9UQWJEsKxyo9AfeOFvDYifkFRUSimMlumJ6SYf9TqepOSZdl6PfYw==
content-length: 110280
x-fb-trip-id: 1679558926
date: Sat, 01 Apr 2023 17:20:46 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
front.cdn-mst.com/spa-static/image/sport_logo.png
104.21.92.171404 Not Found 0 B URL HTTP/2 front.cdn-mst.com/spa-static/image/sport_logo.png
IP 104.21.92.171:0
GET /spa-static/image/sport_logo.png HTTP/1.1
Host: front.cdn-mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Sat, 01 Apr 2023 17:20:45 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 166
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uVxPTORyr83hmhzor5HLuAa2Dqnl6%2BISxvjz9BYk6NziTZ35rqoQam3VwYzEpyY6KDj0Ca8nT1sLNeSUTPR9bKD1hgt84xocTpu%2FMyxsr6kSz4W7cKVOJ5ez88hvmEGGmQKffw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b1281298e0bb4ff-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1120/static/css/main.2d6cd3b3.chunk.css
104.21.9.158200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1120/static/css/main.2d6cd3b3.chunk.css
IP 104.21.9.158:0
GET /spa-static/1.4.1120/static/css/main.2d6cd3b3.chunk.css HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://w84j4767dd2lowdmst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 01 Apr 2023 17:20:44 GMT
content-type: text/css
last-modified: Sat, 01 Apr 2023 14:53:20 GMT
vary: Accept-Encoding
etag: W/"64284560-54"
expires: Sat, 01 Apr 2023 18:57:20 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 8604
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xoVqWn44TxzOSKHJVc1Py3VECUhWkGOYCr%2ByTbMs1u9nCRe5hf4CZANdpgjPvT8ih6KW%2FtaY53t%2Bb8CVyK7aHHcu2tw6nYjjuM%2B93oLzNZDKiWRjrQGyJeqvns6P5m8beorV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7b1281279a06b4f1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2