m2stjd2jmst.com/anZS/0/e30ab52fc886ecf38b751dea38ea1b0d/2737
3.120.229.53308 Permanent Redirect 164 B URL HTTP/1.1 m2stjd2jmst.com/anZS/0/e30ab52fc886ecf38b751dea38ea1b0d/2737
IP 3.120.229.53:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f23c4815ecaef1588f16ac735c0e15d6
026bf8cdd5076014b6fc822878e0086eb44da556
43a81fb3d47b34e7d42d6b8444f592ed9251b8e57db8f67d32419aa40b1480d0
GET /anZS/0/e30ab52fc886ecf38b751dea38ea1b0d/2737 HTTP/1.1
Host: m2stjd2jmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 308 Permanent Redirect
Server: nginx
Date: Fri, 09 Dec 2022 13:24:32 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://m2stjd2jmst.com/anZS/0/e30ab52fc886ecf38b751dea38ea1b0d/2737
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 7181eff9c60e83eb0004ece591e47dca
0fd8cd0c9d10b0547938982e57d2c43e2d98679f
89c5c0e2d6890798644174a8e31976aec03a1b3deb03812afbb520e5ed68f522
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "89C5C0E2D6890798644174A8E31976AEC03A1B3DEB03812AFBB520E5ED68F522"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9708
Expires: Fri, 09 Dec 2022 16:06:20 GMT
Date: Fri, 09 Dec 2022 13:24:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4062
Expires: Fri, 09 Dec 2022 14:32:14 GMT
Date: Fri, 09 Dec 2022 13:24:32 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 13:07:50 GMT
content-type: application/json
age: 1002
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9479
Expires: Fri, 09 Dec 2022 16:02:31 GMT
Date: Fri, 09 Dec 2022 13:24:32 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: qWQtjRlYf4MqHj4Qy2FuhQUsYPMCjZygG2/qmk5WUDsiYTum2bS5Kt2SZR52D3n/VqtFoEyD7Ag=
x-amz-request-id: V00CCPCDJPHX54J9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 12:50:15 GMT
age: 2057
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:32 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 561f147079feb7253a67b194932ce879
82d81fdf79350f5b7b74bafdaebaf81486ec1907
e6a27a8feed3c9b1fe376b5639099bc5ddab2dc3307c2c8adf515a0f3071bf6a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E6A27A8FEED3C9B1FE376B5639099BC5DDAB2DC3307C2C8ADF515A0F3071BF6A"
Last-Modified: Wed, 07 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 09 Dec 2022 19:24:32 GMT
Date: Fri, 09 Dec 2022 13:24:32 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Cache-Control, Backoff, Content-Length, Content-Type, Last-Modified, ETag, Expires, Retry-After, Pragma
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 13:07:45 GMT
age: 1007
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash afb4e43c966ab1efafb3afaca11893e7
4b4c0fed45b0d760ca6eb54d131fbc05c9bdb389
d50543d974eadfd1bfa0dfaf57b4a5613afd7b499f0ceb4005790e1f9f26ce48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D50543D974EADFD1BFA0DFAF57B4A5613AFD7B499F0CEB4005790E1F9F26CE48"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21571
Expires: Fri, 09 Dec 2022 19:24:03 GMT
Date: Fri, 09 Dec 2022 13:24:32 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4929
Cache-Control: max-age=162271
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:33 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 10:29:04 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
54.230.111.107200 OK 23 kB URL HTTP/1.1 cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
IP 54.230.111.107:0
File type C source, ASCII text, with very long lines (539)
Hash bfcc64224f8c6e43e026afb16bd0f4f8
4b1a0dbd96c3047a917ba024690ffc4d544b8b00
c87358a7c76c044147379c9415f96488045b936666093c83fd0e57e08316548e
GET /js/11DAF087E87A3DFD/scarab-v2.js HTTP/1.1
Host: cdn.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Timing-Allow-Origin: *
Date: Fri, 09 Dec 2022 12:39:45 GMT
Cache-Control: max-age=3600,public
ETag: "aa53180343ab25d32aa7294158ca3216--gzip"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5J2JBrdot5S7WhyXaGjzzCLv0buSt5lfkV2AOa5rpbwd8yzn8KrGDg==
Age: 2707
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 0550b679b1788f64c1e15ee2143a4ffb
d23cddf89f3293ee970ad264925171f8b61b56f9
a819be56520533d84733d01c60cfb667871f8929d91101d9300eb04f7eda0e9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4611
Cache-Control: max-age=171295
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:33 GMT
Etag: "63931f2d-117"
Expires: Sun, 11 Dec 2022 12:59:28 GMT
Last-Modified: Fri, 09 Dec 2022 11:42:37 GMT
Server: ECS (ska/F6FC)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 0550b679b1788f64c1e15ee2143a4ffb
d23cddf89f3293ee970ad264925171f8b61b56f9
a819be56520533d84733d01c60cfb667871f8929d91101d9300eb04f7eda0e9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5358
Cache-Control: max-age=172042
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:33 GMT
Etag: "63931f2d-117"
Expires: Sun, 11 Dec 2022 13:11:55 GMT
Last-Modified: Fri, 09 Dec 2022 11:42:37 GMT
Server: ECS (amb/6BC8)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 0550b679b1788f64c1e15ee2143a4ffb
d23cddf89f3293ee970ad264925171f8b61b56f9
a819be56520533d84733d01c60cfb667871f8929d91101d9300eb04f7eda0e9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1668
Cache-Control: max-age=168352
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:33 GMT
Etag: "63931f2d-117"
Expires: Sun, 11 Dec 2022 12:10:25 GMT
Last-Modified: Fri, 09 Dec 2022 11:42:37 GMT
Server: ECS (amb/6BA8)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.scarabresearch.com/wpjs/wploader.js?ts=2762
54.230.111.36200 OK 11 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wploader.js?ts=2762
IP 54.230.111.36:0
File type Unicode text, UTF-8 text, with very long lines (26064)
Hash a61a11b68eb9d2c14577a3797c3b2072
616a8af15e90f11df757d10bd1d1dd157f504418
6fc417292979650196d07058181a579091acdabd17051f881e070e7b015fec0f
GET /wpjs/wploader.js?ts=2762 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Fri, 09 Dec 2022 02:44:58 GMT
Last-Modified: Mon, 10 Oct 2022 11:09:48 GMT
ETag: W/"1bb200ba7add3c5d4bfb6f3822bfe5af"
Cache-Control: max-age=86400
x-amz-version-id: DzVXMgBeksdrQfAKjc.ckmkVhMlLjwqT
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: B93m_jyXjBN9r1105sFGefvPL8bCtzZBs_xa_698DLgk9jk-0TxusQ==
Age: 38376
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 0550b679b1788f64c1e15ee2143a4ffb
d23cddf89f3293ee970ad264925171f8b61b56f9
a819be56520533d84733d01c60cfb667871f8929d91101d9300eb04f7eda0e9b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5358
Cache-Control: max-age=172042
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:33 GMT
Etag: "63931f2d-117"
Expires: Sun, 11 Dec 2022 13:11:55 GMT
Last-Modified: Fri, 09 Dec 2022 11:42:37 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
static.scarabresearch.com/wpjs/wpes6.js?ts=2762
54.230.111.36200 OK 32 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wpes6.js?ts=2762
IP 54.230.111.36:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 0bc0c36310b932ac481fae7ae4ceb5dc
61b3b94b74bd8d8dcaf7503734eedc7b4372b8b4
e646c7dd42505dbf7bce4abc6382a83aa751035788b942d38f4c55545211a1ce
GET /wpjs/wpes6.js?ts=2762 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 10 Oct 2022 11:09:51 GMT
x-amz-version-id: B7kEOPd3f.UUaahYeIIXT30URW6wDjD.
Server: AmazonS3
Content-Encoding: gzip
Date: Fri, 09 Dec 2022 02:56:26 GMT
Cache-Control: max-age=86400
ETag: W/"aea14a7926cfb79f14472c23a4b1543b"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: IjF62-PBBWH67ky3bjbB8TJme2TtBeEnMPIa2Nsk1DXijfsrz21xzQ==
Age: 37688
www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
172.217.21.168200 OK 471 B URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
IP 172.217.21.168:0
Hash 795e67bdfadc3c890a663080413b56b7
fdefde3befb6aceac3c337c34c8d738f5091908c
8375b55cfc13989b0cf96293b7bead2ce5811a993b3445da1776ca7015c36985
GET /gtm.js?id=GTM-5PMSX62 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 13:24:33 GMT
expires: Fri, 09 Dec 2022 13:24:33 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Dec 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 56887
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rstat.rockmostbet.com/public/rstat_pixel_spa.js
162.55.5.93200 OK 10 kB URL HTTP/2 rstat.rockmostbet.com/public/rstat_pixel_spa.js
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
Hash beb651622fc41f7197af6c07dc886f25
e59eece7a131b2940fbd0a02fcc74bc39a130d17
f05d3b023d47c83cbf67e7031a8657aab2f282563eb84480c341c44e80097ac1
GET /public/rstat_pixel_spa.js HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/javascript
etag: "rlhpsr806"
last-modified: Thu, 17 Nov 2022 11:41:15 GMT
server: Caddy
x-content-type-options: nosniff
content-length: 10374
date: Fri, 09 Dec 2022 13:24:33 GMT
X-Firefox-Spdy: h2
push.services.mozilla.com/
52.41.252.32101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.252.32:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: kZfGlVDdzYiVbPmt8hORUA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: YQzIxdx7iCLWH4KS7v5fguSV2kY=
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 27f907a256adb2c2f78f02a5f9b10c99
3411bd289f7e48859cde22993e8bd795ac9b19b2
907bff5886c7b9a138f540090f7e0010621667c24aa02c3fd075f083d0a3b683
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "907BFF5886C7B9A138F540090F7E0010621667C24AA02C3FD075F083D0A3B683"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5559
Expires: Fri, 09 Dec 2022 14:57:12 GMT
Date: Fri, 09 Dec 2022 13:24:33 GMT
Connection: keep-alive
my.rtmark.net/p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01
IP 139.45.195.8:0
Hash 6425f508eacb60db81c6d0b38ae56a58
d27caed071b054a15ab2291a11a4bfe12e097d7a
e94404dcfeb2d07ed1a6c0ad4230d5bc5754c0c965736d4ebc3224af415094d0
GET /p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:33 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 615fddb7dcff0826f0a7dd4140f370b6
06d26c99fcf20516839a656c4c5b023088eb4eaa
f561bef7be5b58a820d37e40135c8bc83511ae9298e6317bf1761f7cc24941bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2345
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:33 GMT
Last-Modified: Fri, 09 Dec 2022 12:45:28 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 16 kB IP 142.250.74.131:0
Hash 930e5b41c4c1d3dcc107c519f32bd4cc
e8c7399800914a888756e6f0ee393873a71fdc54
f94c7820227086b355f0477b33db03bc1aac13a0848d9adb5aa755d94fc6ce32
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: uXMjeymaHn187s0EAJSL5tbMR+RPWe4tLp38nNhkH/b+bWPm4i9GroNCuYPOuGgrfwWPtlnVl5oAvavqR/MP7Q==
content-length: 27340
x-fb-trip-id: 1904183273
date: Fri, 09 Dec 2022 13:24:33 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/favicon.ico
52.57.124.47200 OK 2.8 kB URL HTTP/2 3rt7sgssxw0yj8wmst.com/favicon.ico
IP 52.57.124.47:0
Hash 923f26acb4a30b207e6cacdb9a85031b
1299a5f3585c51257adb6dcc867b63ebc9475766
ccc955eedde3b179bc476d264798d52f7cc23720e53cb32f8271118f6b477054
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670592272.1.0.1670592272.0.0.0; _ga=GA1.1.820029146.1670592273
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:33 GMT
content-type: image/x-icon
last-modified: Thu, 08 Dec 2022 12:49:16 GMT
vary: Accept-Encoding
etag: W/"6391dd4c-1536"
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/partners/sport_logo.png
52.57.124.47404 Not Found 111 kB URL HTTP/2 3rt7sgssxw0yj8wmst.com/partners/sport_logo.png
IP 52.57.124.47:0
Size 111 kB (110884 bytes)
Hash 8535e8da13bd4d2c71a12ad365d68abc
ab3843e689d0ce1c1cd71146ddbef72cd1ee4011
b216685ba9a84f420fbdef018c2fbd34c85480dc342e2a0f24c901dc826f2ee9
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/sport_logo.png HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
Cookie: theme=desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Fri, 09 Dec 2022 13:24:33 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash c12c8a6638284b73f17e030bb4d85d93
32449c2dca4d7012d3d2fd03ac5b81db6d30b2dd
fd5a821199e8ade7ee4f12b0f62ce8f07722ac24e583c68ab8d3a711096714bc
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 13:24:33 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Tue, 13 Dec 2022 09:03:48 GMT
ETag: "32449c2dca4d7012d3d2fd03ac5b81db6d30b2dd"
Last-Modified: Fri, 09 Dec 2022 09:03:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3021
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776e0fcf4fecb4f3-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 615fddb7dcff0826f0a7dd4140f370b6
06d26c99fcf20516839a656c4c5b023088eb4eaa
f561bef7be5b58a820d37e40135c8bc83511ae9298e6317bf1761f7cc24941bf
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2345
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:33 GMT
Last-Modified: Fri, 09 Dec 2022 12:45:28 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471
front.cdn-mb.com/spa-static/1.4.1041/static/js/30.59896c48.chunk.js
104.21.9.158200 OK 153 kB URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1041/static/js/30.59896c48.chunk.js
IP 104.21.9.158:0
File type ASCII text, with very long lines (65461)
Size 153 kB (152670 bytes)
Hash a3ebd814157bb180b677f450c7e94622
acd5841f9e3e4f23c1a52677276b250d4bd63cc3
17a858201191bf15c5d88906b7c86bba02e1cb977bedf43409cc7657c27e9ddf
GET /spa-static/1.4.1041/static/js/30.59896c48.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:24:33 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 12:55:47 GMT
vary: Accept-Encoding
etag: W/"6391ded3-7ac62"
expires: Fri, 09 Dec 2022 13:43:40 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 13253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2SXq1OBRcGD%2BazOZBq35IDXgZ%2FZ8HJAKE98%2Bjg9m920kYIQkSfDB0Hq1s%2FdwXFktxgXaRDFWFN%2FFILK4Fvwd2OoGwFosa4q4pk7hcelN0bgVN1BSSO2e%2FBUEyxxGoMA2eCoC"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776e0fcc1e271c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 337e97e19b954f4c485f472987e4b3dc
adc26f407a1d50334100ba109c4ee9ce87c0a129
3f32846cab9c4031c503467615482ef5d6f38cb17cda7488210e7d2088c31097
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 672
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Fri, 09 Dec 2022 13:24:33 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7006971855466659840; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 3
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 14 kB URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
Hash 02aa65432489a4cbe75681272ab301a7
5ad53b1c7a81d101cc17954146413a45a3e7cb6b
3fea57f25f9c63d116fe1a9a0afe9c85221aa0ceeeb3c809f5d8135d25829cad
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 759
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Fri, 09 Dec 2022 13:24:33 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7006971855466659840; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 2
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/tag.js
87.250.250.119200 OK 74 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.250.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (598)
Hash 1a5da2d1a98a493b4c8afe8b03c8c406
8a359aebaeb96faf18be6ab782a56db7d47de607
fe720067e49fb7bbc23b61b978352d26dee95d035f69bde667df72e1ecf7e346
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73711
date: Fri, 09 Dec 2022 13:24:33 GMT
access-control-allow-origin: *
etag: "6392ed22-11fef"
expires: Fri, 09 Dec 2022 14:24:33 GMT
last-modified: Fri, 09 Dec 2022 11:09:06 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/connection/websocket
52.57.124.47101 Switching Protocols 0 B URL HTTP/1.1 3rt7sgssxw0yj8wmst.com/connection/websocket
IP 52.57.124.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /connection/websocket HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://3rt7sgssxw0yj8wmst.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JLC9Jtnh9bMPIWSw4aBkoA==
Connection: keep-alive, Upgrade
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670592272.1.0.1670592272.0.0.0; _ga=GA1.2.820029146.1670592273; rst-uid=7006971855466659840; cid=1953031031; prid=most_partner.1953031031; pid=27480; sip=0; PHPSESSID=sduumtgjtau6fcbcivl0o80gs5; lunetics_locale=az; tz=Europe%2FOslo; _gid=GA1.2.708235892.1670592273; _gaclientid=820029146.1670592273; _gasessionid=20221209|01233840; _gahitid=1670592272967; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Fri, 09 Dec 2022 13:24:33 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: qDR8k0ROUBtoJ9SNaR6mCUIy2H0=
mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132433%3Aet%3A1670592273%3Ac%3A1%3Arn%3A717406827%3Arqn%3A1%3Au%3A1670592273216938539%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C238%2C77%2C1%2C669%2C0%2C%2C486%2C2%2C%2C%2C%2C1483%3Aco%3A0%3Ans%3A1670592271141%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670592273%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
87.250.250.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132433%3Aet%3A1670592273%3Ac%3A1%3Arn%3A717406827%3Arqn%3A1%3Au%3A1670592273216938539%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C238%2C77%2C1%2C669%2C0%2C%2C486%2C2%2C%2C%2C%2C1483%3Aco%3A0%3Ans%3A1670592271141%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670592273%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 6cac3cc4381e422c2b9ebe8d892ccf29
53f2378fcc0f17922c20bfa8b12d0959a873ff2a
3a0669bdc4f5d6a06c11769dbb6da42148d7858b09a9b0dd14ec12473f24f655
GET /watch/37954615?wmode=7&page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132433%3Aet%3A1670592273%3Ac%3A1%3Arn%3A717406827%3Arqn%3A1%3Au%3A1670592273216938539%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C238%2C77%2C1%2C669%2C0%2C%2C486%2C2%2C%2C%2C%2C1483%3Aco%3A0%3Ans%3A1670592271141%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670592273%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/37954615/1?wmode=7&page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132433%3Aet%3A1670592273%3Ac%3A1%3Arn%3A717406827%3Arqn%3A1%3Au%3A1670592273216938539%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C238%2C77%2C1%2C669%2C0%2C%2C486%2C2%2C%2C%2C%2C1483%3Aco%3A0%3Ans%3A1670592271141%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670592273%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Fri, 09 Dec 2022 13:24:34 GMT
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
set-cookie: yabs-sid=936326191670592274; Path=/; SameSite=None; Secure
i=tUHwE3oU2pSXpdTbk8dzjVZfvibP7iT+b3Ofb54aHWcTxl8FbSv4QPtGZ4fDUkvf+mC6Fxaku3VmQB0UnKerOaznWGg=; Expires=Mon, 06-Dec-2032 13:24:34 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=175967321670592274; Expires=Sat, 09-Dec-2023 13:24:34 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=175967321670592274; Expires=Sat, 09-Dec-2023 13:24:34 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1702128274.yc.1670592274#1702128274.yrts.1670592274#1702128274.yrtsi.1670592274; Expires=Sat, 09-Dec-2023 13:24:34 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 09-Dec-2022 13:24:34 GMT
last-modified: Fri, 09-Dec-2022 13:24:34 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1041/static/js/main.b3594b32.chunk.js
104.21.9.158200 OK 80 kB URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1041/static/js/main.b3594b32.chunk.js
IP 104.21.9.158:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1ebc897a1a3e33b27c69c80f89dcaf4f
5e97cc19b3c04a60fc44fe804453b266e573a685
ad457e7608de156a2cc303f3af416f6db0642682aeccdc128a1a07f22d781f5d
GET /spa-static/1.4.1041/static/js/main.b3594b32.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:24:33 GMT
content-type: application/javascript
last-modified: Thu, 08 Dec 2022 12:55:47 GMT
vary: Accept-Encoding
etag: W/"6391ded3-5bcb7"
expires: Fri, 09 Dec 2022 13:43:40 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 13253
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nFrQ8l83knUI8IExfvX9pWHvq0MFkuanCArrR6jLJxaYhQwJsOuMQqy5xj%2Br2mBplkR4rkONe37l9PE7lBVI0UhZxrzGblq%2FG%2BZWqVUq0XoiLmDlJoRXbrgbE%2FRhtLRgnAmB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776e0fcbfdfc1c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 09 Dec 2022 13:24:34 GMT
access-control-allow-origin: *
etag: "6392ed22-2b"
expires: Fri, 09 Dec 2022 14:24:34 GMT
accept-ranges: bytes
last-modified: Fri, 09 Dec 2022 11:09:06 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&rl=&if=false&ts=1670592273261&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670592273260.487751967&it=1670592272939&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&rl=&if=false&ts=1670592273261&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670592273260.487751967&it=1670592272939&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&rl=&if=false&ts=1670592273261&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670592273260.487751967&it=1670592272939&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 09 Dec 2022 13:24:34 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 23f0fed6cb9af080a75d8b899ae5bd84
2c02a8cb4a6e70d8ba58696fd709838656d443c3
b1102b6924fcffe1f07a07385010a47aa142435d4efc79b338e50f8258a4d5da
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=1678874387&cid=820029146.1670592273&ul=en-us&sr=1280x1024&_s=1&sid=1670592272&sct=1&seg=0&dl=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&dt=&en=page_view&_fv=2&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=1678874387&cid=820029146.1670592273&ul=en-us&sr=1280x1024&_s=1&sid=1670592272&sct=1&seg=0&dl=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&dt=&en=page_view&_fv=2&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=1678874387&cid=820029146.1670592273&ul=en-us&sr=1280x1024&_s=1&sid=1670592272&sct=1&seg=0&dl=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&dt=&en=page_view&_fv=2&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
date: Fri, 09 Dec 2022 13:24:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
216.58.207.228200 OK 578 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
IP 216.58.207.228:0
File type ASCII text, with very long lines (909), with no line terminators
Hash 3e76aebafdd4150fa61a56cdc3f82f57
49417a42da96934c362d8cb10a54c163d5acfa86
c90ef1d881a67c453f7f446700ace6cb440f23a7cc4534151c5ed07556353324
GET /recaptcha/api.js?onload=onloadcallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Fri, 09 Dec 2022 13:24:34 GMT
date: Fri, 09 Dec 2022 13:24:34 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 578
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 2511971bf50f2b9347294534461be9e4
3b7a7f40a2648911648963ffd2f1bed919c3ec71
a2f6b802143418e7ec4e5c61945b42410e6ffa7da7594185d95d2276c990f80a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2F6B802143418E7EC4E5C61945B42410E6FFA7DA7594185D95D2276C990F80A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18841
Expires: Fri, 09 Dec 2022 18:38:35 GMT
Date: Fri, 09 Dec 2022 13:24:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 2511971bf50f2b9347294534461be9e4
3b7a7f40a2648911648963ffd2f1bed919c3ec71
a2f6b802143418e7ec4e5c61945b42410e6ffa7da7594185d95d2276c990f80a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2F6B802143418E7EC4E5C61945B42410E6FFA7DA7594185D95D2276C990F80A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18841
Expires: Fri, 09 Dec 2022 18:38:35 GMT
Date: Fri, 09 Dec 2022 13:24:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 2511971bf50f2b9347294534461be9e4
3b7a7f40a2648911648963ffd2f1bed919c3ec71
a2f6b802143418e7ec4e5c61945b42410e6ffa7da7594185d95d2276c990f80a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2F6B802143418E7EC4E5C61945B42410E6FFA7DA7594185D95D2276C990F80A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18841
Expires: Fri, 09 Dec 2022 18:38:35 GMT
Date: Fri, 09 Dec 2022 13:24:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 30c9a57c2c999c2ec9ef477fa4024dcd
bdef39ec5a53f81fcce8bdf2c0186fa09d501575
d3e1e8310b13dd0bab394398a90a4b0c6b38208047474bbf64c289f501cc87b5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3E1E8310B13DD0BAB394398A90A4B0C6B38208047474BBF64C289F501CC87B5"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6048
Expires: Fri, 09 Dec 2022 15:05:22 GMT
Date: Fri, 09 Dec 2022 13:24:34 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8585fe73b51c643ee300c3df9313bfe1
c184ce0c12fbfc0f17a81ad0e0bdaad5503bceb1
807b590f961c83886bbd27c879dfbf03a3336005cdabbba42d4d63bdcb11bf51
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/test_cookie_set?testcookie=wp9pdr0l52lb88qgjvnbbq
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=wp9pdr0l52lb88qgjvnbbq
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=wp9pdr0l52lb88qgjvnbbq HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://3rt7sgssxw0yj8wmst.com/
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 3635095ad3664dbc9c3f782d504b9449
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Fri, 09 Dec 2022 13:24:33 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=uzjrtoawjzj4cuez6yv9dq
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=uzjrtoawjzj4cuez6yv9dq
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=uzjrtoawjzj4cuez6yv9dq HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://3rt7sgssxw0yj8wmst.com/
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: fc0d40b340364b9d92c27d472b65b9f1
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Fri, 09 Dec 2022 13:24:33 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=wp9pdr0l52lb88qgjvnbbq
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=wp9pdr0l52lb88qgjvnbbq
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=wp9pdr0l52lb88qgjvnbbq HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 35dcb206d6f94c458fa7a77e8c29bfde
set-cookie: test_cooke_wp9pdr0l52lb88qgjvnbbq=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Fri, 09 Dec 2022 13:24:33 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=uzjrtoawjzj4cuez6yv9dq
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=uzjrtoawjzj4cuez6yv9dq
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=uzjrtoawjzj4cuez6yv9dq HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: f7f6ba6ff2664985b4ec4fd143693575
set-cookie: test_cooke_uzjrtoawjzj4cuez6yv9dq=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Fri, 09 Dec 2022 13:24:33 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2196
Expires: Fri, 09 Dec 2022 14:01:10 GMT
Date: Fri, 09 Dec 2022 13:24:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2196
Expires: Fri, 09 Dec 2022 14:01:10 GMT
Date: Fri, 09 Dec 2022 13:24:34 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash 48c90992f0837a58e0a36118a27dae6a
3d238fed35e6d247bddbba92864e6b92e6aed9b6
cacc53ed285e96dcd5ba7609823922a253bc0623999b8716f430632d2c0e7dac
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CACC53ED285E96DCD5BA7609823922A253BC0623999B8716F430632D2C0E7DAC"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2196
Expires: Fri, 09 Dec 2022 14:01:10 GMT
Date: Fri, 09 Dec 2022 13:24:34 GMT
Connection: keep-alive
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.35200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 13:40:02 GMT
expires: Thu, 07 Dec 2023 13:40:02 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 171872
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/countries.json
52.57.124.47200 OK 11 kB URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/countries.json
IP 52.57.124.47:0
Hash 1e89d222071b563e6c40af1cdbbb8ba7
c39c899cc84ec603a6fe0a199010c7d4ca339bad
bcef837dbf2cb4f9b208f839bcd26da176e381d0a7f51c6adaf2088a72056df6
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/countries.json HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670592272.1.0.1670592272.0.0.0; _ga=GA1.1.820029146.1670592273; rst-uid=7006971855466659840; cid=1953031031; prid=most_partner.1953031031; pid=27480; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:33 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Fri, 16 Dec 2022 13:24:33 GMT
set-cookie: PHPSESSID=sduumtgjtau6fcbcivl0o80gs5; expires=Sun, 08-Jan-2023 13:24:33 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=az; expires=Sat, 10-Dec-2022 13:24:33 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Fri, 16-Dec-2022 13:24:33 GMT; Max-Age=604800; path=/; secure
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oV7bB5Tek01MFi9x2tr_Wix13-UGlQPIt042XM0ALNUvVFYnu5DRcg==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:38:26 GMT
age: 35168
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 09204b5e-8af5-4d4b-8186-628443866e0f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctlz5EISoAMFdWw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee9b2-357cd4f921c592e1319098dd;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:05:22 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 3KZwQ5HqXa_-tUyDHA5m-65OprogFpFgbbKpEJ65k-Yy3lwoCg8M5w==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:13:15 GMT
age: 22279
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43fdc85bfd574fa803f0bcdc216ef622
27f558d5cdc150a50f080c054423500666b63d74
fafd2a81cddacdb4e5fd7c9963a784e6e56d06ac98f0bd4124fd74fa3ba015e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5382e616-602f-4e00-bed7-d95c66a5000d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5245
x-amzn-requestid: 9770ebcd-fb1e-4b81-bb87-1e98ef024741
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cy-E8HugoAMFsKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63911085-54eb7a48323113d52329abf5;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 22:15:33 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: d2DHUS5fGT4uoPPdjDXmHUOQVF93ULtO4zSHRmrx7KMu3lO0y0K9ag==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 01:23:35 GMT
age: 43259
etag: "27f558d5cdc150a50f080c054423500666b63d74"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06514ce96ae21cb01f526a5febdcbeb4
ebb97e5b97f394e8c67098f55581d5329ce819a2
4099a2fb6ddc4feaa30f357a180d64aeb7c9fc73f115fc762d5fe5c221d2e89e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2654f7a6-bd8b-4c13-9c46-9b7582ba979a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5169
x-amzn-requestid: 277a1b04-4e19-4313-8aac-5f9ab9076305
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEdkFGrIAMFvHg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb456-5b21edd57297665012d536cc;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: swNGUcNy2i0w9UGe-EJhwslE01TzTC3rrDhLhVVxHyhWMGSC1uq0mA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:46:15 GMT
age: 31099
etag: "ebb97e5b97f394e8c67098f55581d5329ce819a2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8f6ab0debac98d11413e20fa98ba8286
e63543ba0f3a685edf4d8fee3f587efd5417015f
fe6bc081b1963c61a3af1ab7b7b1213ae5bc7b962c5474d8f6fe123547d5d309
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=820029146.1670592273&jid=602927684&uid=0&gjid=676224200&_gid=708235892.1670592273&_u=YADAAEAAAAAAACAEK~&z=1651079419
64.233.164.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=820029146.1670592273&jid=602927684&uid=0&gjid=676224200&_gid=708235892.1670592273&_u=YADAAEAAAAAAACAEK~&z=1651079419
IP 64.233.164.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=820029146.1670592273&jid=602927684&uid=0&gjid=676224200&_gid=708235892.1670592273&_u=YADAAEAAAAAAACAEK~&z=1651079419 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 09 Dec 2022 13:24:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=820029146.1670592273&jid=1323493827&uid=0&gjid=983798083&_gid=708235892.1670592273&_u=YADAAEABAAAAACAEK~&z=1270465664
64.233.164.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=820029146.1670592273&jid=1323493827&uid=0&gjid=983798083&_gid=708235892.1670592273&_u=YADAAEABAAAAACAEK~&z=1270465664
IP 64.233.164.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=820029146.1670592273&jid=1323493827&uid=0&gjid=983798083&_gid=708235892.1670592273&_u=YADAAEABAAAAACAEK~&z=1270465664 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 09 Dec 2022 13:24:34 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=wp9pdr0l52lb88qgjvnbbq
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=wp9pdr0l52lb88qgjvnbbq
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_get?testcookie=wp9pdr0l52lb88qgjvnbbq HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://3rt7sgssxw0yj8wmst.com/
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: b68285e94dad409c8284f1723735e3fa
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Fri, 09 Dec 2022 13:24:34 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=uzjrtoawjzj4cuez6yv9dq
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=uzjrtoawjzj4cuez6yv9dq
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_get?testcookie=uzjrtoawjzj4cuez6yv9dq HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://3rt7sgssxw0yj8wmst.com/
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: f2d70628d3124384a1b675324205a704
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Fri, 09 Dec 2022 13:24:34 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=wp9pdr0l52lb88qgjvnbbq
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=wp9pdr0l52lb88qgjvnbbq
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash e5b21ef9d336c6fe5ab6050fb9ab9d1f
3ce3fe564d8af003fe58f2d082571e7cba1a217c
0fb430e2fdf26d7e3ee13660211ba451888eb9d8a6c1de1731a8fd1121418823
GET /multiauth/test_cookie_get?testcookie=wp9pdr0l52lb88qgjvnbbq HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Cookie: test_cooke_wp9pdr0l52lb88qgjvnbbq=1; test_cooke_uzjrtoawjzj4cuez6yv9dq=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 00732c71a3bd4495aafa6665554d5417
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Fri, 09 Dec 2022 13:24:34 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=uzjrtoawjzj4cuez6yv9dq
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=uzjrtoawjzj4cuez6yv9dq
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash e5b21ef9d336c6fe5ab6050fb9ab9d1f
3ce3fe564d8af003fe58f2d082571e7cba1a217c
0fb430e2fdf26d7e3ee13660211ba451888eb9d8a6c1de1731a8fd1121418823
GET /multiauth/test_cookie_get?testcookie=uzjrtoawjzj4cuez6yv9dq HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Cookie: test_cooke_wp9pdr0l52lb88qgjvnbbq=1; test_cooke_uzjrtoawjzj4cuez6yv9dq=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 75f7d5dcb98b42b4bd1f0d9c6cd0f24c
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Fri, 09 Dec 2022 13:24:34 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2556512b197b09798af71bea10bb4bbb
23b647aca5f8294ae82fa8cc7e2215ebe3347b60
3b5bd592342d978bcf8919d1a1e2f87295e2e4af5b5b266e6017b7a25725d08d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 24 kB IP 142.250.74.131:0
Hash 56b1c1acd742b68b5247d8f1ee380ec8
5200e7f67614615304adc20797ec3ef2c4b8820c
3355e0cf5bb981e414a1dab06cef1d71ce1d5b50314614dbb21c5aaddb7b9438
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/ping
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://3rt7sgssxw0yj8wmst.com/
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 879b98a1427a4b7fb4856164227cdf35
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Fri, 09 Dec 2022 13:24:34 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/ping
185.26.99.196401 Unauthorized 35 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 0d996c3fba12286419cc5490ecc262f2
8d763a6d6dc7b73504e259d6755a91215cc90a77
89ee31619ad837c48dfe0eeb3bd1e65d8c372d8b73c1f1e345c6dd91aca7f25f
GET /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Cookie: test_cooke_wp9pdr0l52lb88qgjvnbbq=1; test_cooke_uzjrtoawjzj4cuez6yv9dq=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 401 Unauthorized
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 69d8e0090118408794ced8ca525e4d46
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 35
date: Fri, 09 Dec 2022 13:24:34 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 4e3dc85fd71bdb106039966a96cdd02b
53d3487232ddcac30b53c224c94e63571633e5af
d0a3a292876b50c590a3fa6c04d3471a6fb726c54f57e75c21f2e1bd45424ace
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:34 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 19:33:56 GMT
expires: Thu, 07 Dec 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 150638
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 8124d7dd73cde9bc9fbfef64f644b126
0759a0739ec53bd2ca8e84a93917759e989920ec
40c9c7dff4d2e1a1d1695742723dd5116f1af9ac22e8ca24724c16ee96e8145f
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Fri, 09 Dec 2022 13:24:34 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Thu, 08 Dec 2022 20:30:29 GMT
Expires: Fri, 09 Dec 2022 20:30:29 GMT
ETag: "0759a0739ec53bd2ca8e84a93917759e989920ec"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
code.jivosite.com/widget/l6Xq8In3Ej
92.223.126.57200 OK 5.9 kB URL HTTP/2 code.jivosite.com/widget/l6Xq8In3Ej
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (17132), with no line terminators
Hash f88bf78ceff3088d5b4f809243458aba
6794345bcc1b8c8fe5e0260fef772a20f9d85bc1
3c0287f6671fdb5e77a5947ff94af0f95e3c9984195d2e0d2dbe95345a403eaa
GET /widget/l6Xq8In3Ej HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:35 GMT
content-type: application/javascript
content-length: 5938
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: br
etag: "63904393-1732"
expires: Thu, 08 Dec 2022 13:57:03 GMT
last-modified: Wed, 07 Dec 2022 07:41:07 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-09T12:04:07+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=820029146.1670592273&jid=602927684&_u=YADAAEAAAAAAACAEK~&z=216249370
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=820029146.1670592273&jid=602927684&_u=YADAAEAAAAAAACAEK~&z=216249370
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=820029146.1670592273&jid=602927684&_u=YADAAEAAAAAAACAEK~&z=216249370 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:24:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=820029146.1670592273&jid=1323493827&_u=YADAAEABAAAAACAEK~&z=1901488805
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=820029146.1670592273&jid=1323493827&_u=YADAAEABAAAAACAEK~&z=1901488805
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=820029146.1670592273&jid=1323493827&_u=YADAAEABAAAAACAEK~&z=1901488805 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Fri, 09 Dec 2022 13:24:35 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 32d90ff0cc366730c3633c1201b4c058
f4175292b607197a15085e14bf69df301dff6706
b4b2f80fbe9b02f3d54dc35a3738c31a4d7cb5a5e528fcbce50263d8c458231a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 13:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash a81be0a18740773bccecfca0d4b216fd
d4ae1cf883ae1b8aa060255efbf7a6b47d05bfbf
2a2fe2b53997996e6ffab05cb862d7a9d378df1839041128f41e22e66a18c90a
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 987
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Fri, 09 Dec 2022 13:24:35 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7006971855466659840; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 1
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese
142.250.74.74200 OK 16 kB URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese
IP 142.250.74.74:0
Hash 37a379ba23b47aedcae4a51a9ca251d9
400ec3211a924b912f6259c1991de5b3295e852d
14980068b6e1d733e6cd5bce41b7af6ca62afe3698147976c18b51e0987c0c84
GET /css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://front.cdn-mb.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 13:24:34 GMT
date: Fri, 09 Dec 2022 13:24:34 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&hittoken=1670592274_4807e87ecb36b47c9d1d148bbd2f3664904a5ccbbe928319ef0b96878483f604&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A2270%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132434%3Aet%3A1670592274%3Ac%3A1%3Arn%3A576588221%3Arqn%3A2%3Au%3A1670592273216938539%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3221%2C3221%2C%2C%3Aco%3A0%3Aeu%3A1%3Ans%3A1670592271141%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670592274&t=gdpr(14)mc(ci-1)clc(0-0-0)rqnt(2)aw(1)ecs(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&hittoken=1670592274_4807e87ecb36b47c9d1d148bbd2f3664904a5ccbbe928319ef0b96878483f604&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A2270%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132434%3Aet%3A1670592274%3Ac%3A1%3Arn%3A576588221%3Arqn%3A2%3Au%3A1670592273216938539%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3221%2C3221%2C%2C%3Aco%3A0%3Aeu%3A1%3Ans%3A1670592271141%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670592274&t=gdpr(14)mc(ci-1)clc(0-0-0)rqnt(2)aw(1)ecs(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&hittoken=1670592274_4807e87ecb36b47c9d1d148bbd2f3664904a5ccbbe928319ef0b96878483f604&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afp%3A2270%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132434%3Aet%3A1670592274%3Ac%3A1%3Arn%3A576588221%3Arqn%3A2%3Au%3A1670592273216938539%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3221%2C3221%2C%2C%3Aco%3A0%3Aeu%3A1%3Ans%3A1670592271141%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670592274&t=gdpr(14)mc(ci-1)clc(0-0-0)rqnt(2)aw(1)ecs(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 69
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 09 Dec 2022 13:24:35 GMT
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 09-Dec-2022 13:24:35 GMT
last-modified: Fri, 09-Dec-2022 13:24:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&hittoken=1670592274_4807e87ecb36b47c9d1d148bbd2f3664904a5ccbbe928319ef0b96878483f604&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132434%3Aet%3A1670592274%3Ac%3A1%3Arn%3A707455483%3Arqn%3A4%3Au%3A1670592273216938539%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670592271141%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670592274&t=gdpr(14)mc(ci-1-p-2)clc(0-0-0)rqnt(4)aw(1)ecs(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&hittoken=1670592274_4807e87ecb36b47c9d1d148bbd2f3664904a5ccbbe928319ef0b96878483f604&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132434%3Aet%3A1670592274%3Ac%3A1%3Arn%3A707455483%3Arqn%3A4%3Au%3A1670592273216938539%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670592271141%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670592274&t=gdpr(14)mc(ci-1-p-2)clc(0-0-0)rqnt(4)aw(1)ecs(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&hittoken=1670592274_4807e87ecb36b47c9d1d148bbd2f3664904a5ccbbe928319ef0b96878483f604&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132434%3Aet%3A1670592274%3Ac%3A1%3Arn%3A707455483%3Arqn%3A4%3Au%3A1670592273216938539%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670592271141%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670592274&t=gdpr(14)mc(ci-1-p-2)clc(0-0-0)rqnt(4)aw(1)ecs(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 75
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 09 Dec 2022 13:24:35 GMT
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 09-Dec-2022 13:24:35 GMT
last-modified: Fri, 09-Dec-2022 13:24:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&hittoken=1670592274_4807e87ecb36b47c9d1d148bbd2f3664904a5ccbbe928319ef0b96878483f604&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132434%3Aet%3A1670592274%3Ac%3A1%3Arn%3A147823433%3Arqn%3A3%3Au%3A1670592273216938539%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670592271141%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670592274&t=gdpr(14)mc(ci-1-p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&hittoken=1670592274_4807e87ecb36b47c9d1d148bbd2f3664904a5ccbbe928319ef0b96878483f604&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132434%3Aet%3A1670592274%3Ac%3A1%3Arn%3A147823433%3Arqn%3A3%3Au%3A1670592273216938539%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670592271141%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670592274&t=gdpr(14)mc(ci-1-p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&hittoken=1670592274_4807e87ecb36b47c9d1d148bbd2f3664904a5ccbbe928319ef0b96878483f604&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132434%3Aet%3A1670592274%3Ac%3A1%3Arn%3A147823433%3Arqn%3A3%3Au%3A1670592273216938539%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670592271141%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670592274&t=gdpr(14)mc(ci-1-p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 187
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 09 Dec 2022 13:24:35 GMT
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 09-Dec-2022 13:24:35 GMT
last-modified: Fri, 09-Dec-2022 13:24:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&hittoken=1670592274_4807e87ecb36b47c9d1d148bbd2f3664904a5ccbbe928319ef0b96878483f604&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132434%3Aet%3A1670592274%3Ac%3A1%3Arn%3A399630561%3Arqn%3A5%3Au%3A1670592273216938539%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670592271141%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670592274&t=gdpr(14)mc(ci-1-p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&hittoken=1670592274_4807e87ecb36b47c9d1d148bbd2f3664904a5ccbbe928319ef0b96878483f604&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132434%3Aet%3A1670592274%3Ac%3A1%3Arn%3A399630561%3Arqn%3A5%3Au%3A1670592273216938539%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670592271141%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670592274&t=gdpr(14)mc(ci-1-p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&charset=utf-8&hittoken=1670592274_4807e87ecb36b47c9d1d148bbd2f3664904a5ccbbe928319ef0b96878483f604&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A942%3Acn%3A1%3Adp%3A0%3Als%3A36812335124%3Ahid%3A911680427%3Az%3A0%3Ai%3A20221209132434%3Aet%3A1670592274%3Ac%3A1%3Arn%3A399630561%3Arqn%3A5%3Au%3A1670592273216938539%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670592271141%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670592274&t=gdpr(14)mc(ci-1-p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 79
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 09 Dec 2022 13:24:35 GMT
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 09-Dec-2022 13:24:35 GMT
last-modified: Fri, 09-Dec-2022 13:24:35 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.227200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Dec 2022 06:30:11 GMT
expires: Sat, 09 Dec 2023 06:30:11 GMT
cache-control: public, max-age=31536000
age: 24864
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 21:48:03 GMT
expires: Fri, 08 Dec 2023 21:48:03 GMT
cache-control: public, max-age=31536000
age: 56192
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
216.58.207.227200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 11936, version 1.0\012- data
Hash 15d8ede0a816bc7a9838207747c6620c
f6e2e75f1277c66e282553ae6a22661e51f472b8
dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11936
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 09 Dec 2022 09:38:03 GMT
expires: Sat, 09 Dec 2023 09:38:03 GMT
cache-control: public, max-age=31536000
age: 13592
last-modified: Mon, 16 Oct 2017 17:33:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
216.58.207.227200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15340, version 1.0\012- data
Hash 19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 04:50:10 GMT
expires: Thu, 07 Dec 2023 04:50:10 GMT
cache-control: public, max-age=31536000
age: 203665
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 16:40:43 GMT
expires: Fri, 08 Dec 2023 16:40:43 GMT
cache-control: public, max-age=31536000
age: 74632
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
216.58.207.227200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 11804, version 1.0\012- data
Hash 16aedbf057fbb3da342211de2d071f11
fdee07631b40b264208caa8714faaa5b991d987b
7566a2f09ff8534334b7a44f72a1afaba6bdbb782209be8804636ee8b963c75f
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11804
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Dec 2022 16:40:43 GMT
expires: Fri, 08 Dec 2023 16:40:43 GMT
cache-control: public, max-age=31536000
age: 74632
last-modified: Mon, 16 Oct 2017 17:32:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2
216.58.207.227200 OK 25 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 25036, version 1.0\012- data
Hash 9dd150fb7229e143e0f71ba1fe8c8f63
664abfc4941054600213dda51a3d6f0d05b3c312
cffe139366b3882387dddbd10d59e7d9aa29345793fdbf51ddde809ca6a0bec2
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 25036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 05:36:53 GMT
expires: Tue, 05 Dec 2023 05:36:53 GMT
cache-control: public, max-age=31536000
age: 373662
last-modified: Mon, 11 Jul 2022 18:59:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/favicon.png
52.57.124.47200 OK 2.8 kB URL HTTP/2 3rt7sgssxw0yj8wmst.com/favicon.png
IP 52.57.124.47:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash f8cbfde8f3484f7a5f02189742f0f110
3eb0cec3e65d6cb0cc2744b5fa57ded1afb6e4d4
70504d4dc047aeac702b31e9290e9f5553e901d07d3844269cd966042988159a
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.png HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670592272.1.0.1670592274.0.0.0; _ga=GA1.2.820029146.1670592273; rst-uid=7006971855466659840; cid=1953031031; prid=most_partner.1953031031; pid=27480; sip=0; PHPSESSID=sduumtgjtau6fcbcivl0o80gs5; lunetics_locale=az; tz=Europe%2FOslo; _gid=GA1.2.708235892.1670592273; _gaclientid=820029146.1670592273; _gasessionid=20221209|01233840; _gahitid=1670592272967; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670592273216938539; _ym_d=1670592273; _fbp=fb.1.1670592273260.487751967; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:36 GMT
content-type: image/png
content-length: 2810
last-modified: Thu, 08 Dec 2022 12:49:16 GMT
etag: "6391dd4c-afa"
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash b1469c4d40acabde2bdb4303c7bfdaaf
5384a5f5c3566b8a36d5da62232ac95abc48ff58
b3b36d34bf0809115c0c8d991f94130ab9f919226bb66b3a20db439457ac4ca2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3B36D34BF0809115C0C8D991F94130AB9F919226BB66B3A20DB439457AC4CA2"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4046
Expires: Fri, 09 Dec 2022 14:32:05 GMT
Date: Fri, 09 Dec 2022 13:24:39 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.249200 OK 503 B IP 23.36.76.249:0
ASN #20940 Akamai International B.V.
Hash b1469c4d40acabde2bdb4303c7bfdaaf
5384a5f5c3566b8a36d5da62232ac95abc48ff58
b3b36d34bf0809115c0c8d991f94130ab9f919226bb66b3a20db439457ac4ca2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3B36D34BF0809115C0C8D991F94130AB9F919226BB66B3A20DB439457AC4CA2"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4046
Expires: Fri, 09 Dec 2022 14:32:05 GMT
Date: Fri, 09 Dec 2022 13:24:39 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 6414023744dd9ac939798cdf1662c300
20aa8cab62de4622c08c423ce9ef323acae0d616
26f1e69716644ebb5c6acd2651fbd00fc6a3da6af414f69402d913db52d79d98
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 13:24:40 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Tue, 13 Dec 2022 11:02:17 GMT
ETag: "20aa8cab62de4622c08c423ce9ef323acae0d616"
Last-Modified: Fri, 09 Dec 2022 11:02:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1988
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 776e0ff9ffe4b4f9-OSL
code.jivo.ru/js/bundle_ru_RU.js?rand=1670420181
92.223.124.24200 OK 312 kB URL HTTP/2 code.jivo.ru/js/bundle_ru_RU.js?rand=1670420181
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type Unicode text, UTF-8 text, with very long lines (61072), with no line terminators
Size 312 kB (311784 bytes)
Hash 734e0a5d3929a1042360d6cc3e1c8f10
ba8621436e5b8555b61c11cfbceaa0e993db75dc
c72db38407047b2fc1f41b0c65b39faecaf73c3762402c8047919caf94796332
GET /js/bundle_ru_RU.js?rand=1670420181 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:40 GMT
content-type: application/javascript
content-length: 311784
access-control-allow-origin: *
cache-control: max-age=86400
content-encoding: br
etag: "639043ed-4c1e8"
last-modified: Wed, 07 Dec 2022 07:42:37 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-08T13:36:35+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/css/46b708d/widget.css
92.223.124.24200 OK 55 kB URL HTTP/2 code.jivo.ru/css/46b708d/widget.css
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (65536), with no line terminators
Hash cc6d9451d7f28ab59d3b1f7c08249cbd
1b557f40d36622d71127aabc45e2252a50102b49
dc9a2a5b966fc62a5947f084df3b98748cd9c7625ce84d0890f3261247e8ffb9
GET /css/46b708d/widget.css HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:40 GMT
content-type: text/css
content-length: 54820
cache-control: max-age=864000
content-encoding: br
etag: "639043d5-d624"
expires: Sat, 17 Dec 2022 13:36:35 GMT
last-modified: Wed, 07 Dec 2022 07:42:13 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-07T13:36:35+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/css/46b708d/omnichannelMenu.widget.css
92.223.124.24200 OK 946 B URL HTTP/2 code.jivo.ru/css/46b708d/omnichannelMenu.widget.css
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (3072), with no line terminators
Hash 49fba42db04b3bcbe39108bc21f0b5bd
94b678bee9dbec6c1ed70d07dcd8022d371161ab
60ced3ce9fede691eeef4557e3df1ba51dc15a7e0067d8f91ea0b8ee57d4e358
GET /css/46b708d/omnichannelMenu.widget.css HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:41 GMT
content-type: text/css
content-length: 946
cache-control: max-age=864000
content-encoding: gzip
etag: "639043d5-3b2"
expires: Sat, 17 Dec 2022 13:36:45 GMT
last-modified: Wed, 07 Dec 2022 07:42:13 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-07T13:36:45+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/js/46b708d/omnichannelMenu.js
92.223.124.24200 OK 3.1 kB URL HTTP/2 code.jivo.ru/js/46b708d/omnichannelMenu.js
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (11729), with no line terminators
Hash 17d6c4b02bd6dfea3095aeb77244ecde
5c10464977b920e77d9940d57638bfb4460e28a6
efc52e8fccb01399531c62f4a6b3c7a13bf0b6b64fb4b1bf381d1e4e5cf907b0
GET /js/46b708d/omnichannelMenu.js HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:41 GMT
content-type: application/javascript
content-length: 3115
access-control-allow-origin: *
cache-control: max-age=86400
content-encoding: br
etag: "639043d5-c2b"
last-modified: Wed, 07 Dec 2022 07:42:13 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-08T13:36:46+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f25ad59-b8ed-49ea-9611-21f63c20c8fb.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f25ad59-b8ed-49ea-9611-21f63c20c8fb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash eb00a2a503a690cee3e4dd729b5bc9bd
cfb1e5bcab2148a777889680e6e36b9d7e8917ec
7e4583ae78ab597639f53669ac2d67d1ebd26be3278c2fc3fc95af934178c116
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9f25ad59-b8ed-49ea-9611-21f63c20c8fb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 7960
x-amzn-requestid: beadd240-39d0-407d-a890-6a095657cac3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctEd8HC0oAMFUag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638eb459-44d4f63c62f58684782ef14a;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 03:17:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: yL-FrFYh-3PuCZCpCHYg--ebTS7wMmMQ7IE2mgimDVsKWFEtKC2gVQ==
via: 1.1 74aa91fe819001bcedd882694f52b436.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 06:08:38 GMT
age: 26163
etag: "cfb1e5bcab2148a777889680e6e36b9d7e8917ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
code.jivo.ru/sounds/agent_message.mp3
92.223.124.24206 Partial Content 3.8 kB URL HTTP/2 code.jivo.ru/sounds/agent_message.mp3
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Hash 8e9a165c4cb185ffd0b2658fa088e43b
195873e5e8bbb2f5ecc32d95f90d6fb75817a649
ff81aad05612f90cf97c238f219765884e5cbf49351d8dc96a4a063c598c3f43
GET /sounds/agent_message.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Fri, 09 Dec 2022 13:24:41 GMT
content-type: audio/mpeg
content-length: 3760
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "6384b5cb-eb0"
expires: Mon, 02 Jan 2023 12:18:35 GMT
last-modified: Mon, 28 Nov 2022 13:21:15 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-03T12:18:35+00:00
x-id: fr5-up-gc15
content-range: bytes 0-3759/3760
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/currencies.json
52.57.124.47200 OK 6.0 kB URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/currencies.json
IP 52.57.124.47:0
Hash a24b13c4e6bb19930f0f4e5d6cf912a0
88fa9005887325c19cd0772ccac4eb4242a29c3c
d7788c94642e80a6971eb6478ac7403af11d6ffdb4c28a834b930a1b45114125
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currencies.json HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670592272.1.0.1670592274.0.0.0; _ga=GA1.2.820029146.1670592273; rst-uid=7006971855466659840; cid=1953031031; prid=most_partner.1953031031; pid=27480; sip=0; PHPSESSID=sduumtgjtau6fcbcivl0o80gs5; lunetics_locale=az; tz=Europe%2FOslo; _gid=GA1.2.708235892.1670592273; _gaclientid=820029146.1670592273; _gasessionid=20221209|01233840; _gahitid=1670592272967; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670592273216938539; _ym_d=1670592273; _fbp=fb.1.1670592273260.487751967; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:35 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Fri, 16 Dec 2022 13:24:35 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
code.jivo.ru/sounds/outgoing_message.mp3
92.223.124.24206 Partial Content 5.0 kB URL HTTP/2 code.jivo.ru/sounds/outgoing_message.mp3
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Hash 7bf3e4962a5ecf1f8cbcc2ff3428f531
f75c694461a643d2e096ae8d0f6c1a9d19602eee
d44244617bf21df7a137694fa762d5cab3b82cb9fae8f33de5917977b02b2a11
GET /sounds/outgoing_message.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Fri, 09 Dec 2022 13:24:41 GMT
content-type: audio/mpeg
content-length: 5014
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "6384b5cb-1396"
expires: Mon, 02 Jan 2023 12:18:35 GMT
last-modified: Mon, 28 Nov 2022 13:21:15 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-03T12:18:35+00:00
x-id: fr5-up-gc15
content-range: bytes 0-5013/5014
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash c592104d30a59cb1a5422cd24352fbf7
8ff57c7fadd512fdcb8768cd685b5b94dbf33d99
9547af4af33962ddfca7f81f3c1f64aa5e96ee3a761738e4707826fdb575604a
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 870
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Fri, 09 Dec 2022 13:24:41 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7006971855466659840; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 31
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
52.57.124.47200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
IP 52.57.124.47:0
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/casino-reg?cid=1953031031&pid=27480&sip=0 HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:32 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/logo
52.57.124.47200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/logo
IP 52.57.124.47:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/logo HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670592272.1.0.1670592272.0.0.0; _ga=GA1.2.820029146.1670592273; rst-uid=7006971855466659840; cid=1953031031; prid=most_partner.1953031031; pid=27480; sip=0; PHPSESSID=sduumtgjtau6fcbcivl0o80gs5; lunetics_locale=az; tz=Europe%2FOslo; _gid=GA1.2.708235892.1670592273; _gaclientid=820029146.1670592273; _gasessionid=20221209|01233840; _gahitid=1670592272967; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"9fae6e123baa3436bdbe37f62d18440c"
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:33 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"9fae6e123baa3436bdbe37f62d18440c"
x-request-id: 7b0183ab0e959b8bd1c596135567e91e
vary: Accept-Encoding, Accept-Language
expires: Fri, 09 Dec 2022 13:24:34 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v2/translations?locales[]=az&domains[]=promo&domains[]=validators&fallback=1
52.57.124.47200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v2/translations?locales[]=az&domains[]=promo&domains[]=validators&fallback=1
IP 52.57.124.47:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=az&domains[]=promo&domains[]=validators&fallback=1 HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
Connection: keep-alive
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670592272.1.0.1670592272.0.0.0; _ga=GA1.2.820029146.1670592273; rst-uid=7006971855466659840; cid=1953031031; prid=most_partner.1953031031; pid=27480; sip=0; PHPSESSID=sduumtgjtau6fcbcivl0o80gs5; lunetics_locale=az; tz=Europe%2FOslo; _gid=GA1.2.708235892.1670592273; _gaclientid=820029146.1670592273; _gasessionid=20221209|01233840; _gahitid=1670592272967; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670592273216938539; _ym_d=1670592273; _fbp=fb.1.1670592273260.487751967; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:35 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Fri, 16 Dec 2022 13:24:35 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v2/translations?locales[]=az&domains[]=messages&fallback=1
52.57.124.47200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v2/translations?locales[]=az&domains[]=messages&fallback=1
IP 52.57.124.47:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=az&domains[]=messages&fallback=1 HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
Connection: keep-alive
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670592272.1.0.1670592272.0.0.0; _ga=GA1.2.820029146.1670592273; rst-uid=7006971855466659840; cid=1953031031; prid=most_partner.1953031031; pid=27480; sip=0; PHPSESSID=sduumtgjtau6fcbcivl0o80gs5; lunetics_locale=az; tz=Europe%2FOslo; _gid=GA1.2.708235892.1670592273; _gaclientid=820029146.1670592273; _gasessionid=20221209|01233840; _gahitid=1670592272967; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670592273216938539; _ym_d=1670592273; _fbp=fb.1.1670592273260.487751967
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Fri, 16 Dec 2022 13:24:34 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/logo
52.57.124.47200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/logo
IP 52.57.124.47:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/logo HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670592272.1.0.1670592272.0.0.0; _ga=GA1.1.820029146.1670592273; rst-uid=7006971855466659840; cid=1953031031; prid=most_partner.1953031031; pid=27480; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:33 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"9fae6e123baa3436bdbe37f62d18440c"
x-request-id: d20b98dfd29b05a5c1e9e0a1183f68fe
vary: Accept-Encoding, Accept-Language
expires: Fri, 09 Dec 2022 13:24:33 GMT
set-cookie: PHPSESSID=m3rdrmdk14pmat8ve2bv4rvgpi; expires=Sun, 08-Jan-2023 13:24:33 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=az; expires=Sat, 10-Dec-2022 13:24:33 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Fri, 16-Dec-2022 13:24:33 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/currency-specific-settings/AZN.json
52.57.124.47200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/currency-specific-settings/AZN.json
IP 52.57.124.47:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currency-specific-settings/AZN.json HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670592272.1.0.1670592272.0.0.0; _ga=GA1.2.820029146.1670592273; rst-uid=7006971855466659840; cid=1953031031; prid=most_partner.1953031031; pid=27480; sip=0; PHPSESSID=sduumtgjtau6fcbcivl0o80gs5; lunetics_locale=az; tz=Europe%2FOslo; _gid=GA1.2.708235892.1670592273; _gaclientid=820029146.1670592273; _gasessionid=20221209|01233840; _gahitid=1670592272967; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670592273216938539; _ym_d=1670592273; _fbp=fb.1.1670592273260.487751967; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:34 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Fri, 16 Dec 2022 13:24:34 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/auth/providers
52.57.124.47200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/auth/providers
IP 52.57.124.47:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/auth/providers HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670592272.1.0.1670592274.0.0.0; _ga=GA1.2.820029146.1670592273; rst-uid=7006971855466659840; cid=1953031031; prid=most_partner.1953031031; pid=27480; sip=0; PHPSESSID=sduumtgjtau6fcbcivl0o80gs5; lunetics_locale=az; tz=Europe%2FOslo; _gid=GA1.2.708235892.1670592273; _gaclientid=820029146.1670592273; _gasessionid=20221209|01233840; _gahitid=1670592272967; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670592273216938539; _ym_d=1670592273; _fbp=fb.1.1670592273260.487751967; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:35 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 5d371c197dc8a9a1cf6820f84659e791
vary: Accept-Encoding, Accept-Language
expires: Fri, 09 Dec 2022 13:24:35 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&prev_url=&lang=en&uli=false
34.117.30.199200 OK 0 B URL HTTP/2 webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&prev_url=&lang=en&uli=false
IP 34.117.30.199:0
GET /customer/799213038/campaigns?url=https:%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1953031031%26pid%3D27480%26sip%3D0&prev_url=&lang=en&uli=false HTTP/1.1
Host: webchannel-content.eservice.emarsys.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:24:39 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: *
content-type: application/json
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
m2stjd2jmst.com/anZS/0/e30ab52fc886ecf38b751dea38ea1b0d/2737
3.120.229.53302 Found 0 B URL HTTP/2 m2stjd2jmst.com/anZS/0/e30ab52fc886ecf38b751dea38ea1b0d/2737
IP 3.120.229.53:0
GET /anZS/0/e30ab52fc886ecf38b751dea38ea1b0d/2737 HTTP/1.1
Host: m2stjd2jmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Fri, 09 Dec 2022 13:24:32 GMT
content-type: text/html; charset=UTF-8
set-cookie: TID=1953031031; expires=Mon, 09-Jan-2023 13:24:32 GMT; Max-Age=2678400; path=/; domain=m2stjd2jmst.com; HttpOnly
location: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1041/static/css/main.687ea28c.chunk.css
104.21.9.158200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1041/static/css/main.687ea28c.chunk.css
IP 104.21.9.158:0
GET /spa-static/1.4.1041/static/css/main.687ea28c.chunk.css HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 13:24:33 GMT
content-type: text/css
last-modified: Thu, 08 Dec 2022 12:55:47 GMT
vary: Accept-Encoding
etag: W/"6391ded3-54"
expires: Fri, 09 Dec 2022 17:15:13 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 560
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VsQJESPrDg1TrWcuNatYc74bQVYAXmQC2%2BTbR3%2FAqr8ydeousJQYV2NE4kY%2BCr4JfOFMexpI0dxAdgySmiT2XKjauCCmuf%2FwYHaulg32Pw3fJXIfTWfiEbA%2Bh1QumCfZJFsO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 776e0fcc0e0e1c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/websocket/credentials
52.57.124.47200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/websocket/credentials
IP 52.57.124.47:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/websocket/credentials HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670592272.1.0.1670592272.0.0.0; _ga=GA1.1.820029146.1670592273
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:33 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: caa9590625d276613912e7f350d8ee97
vary: Accept-Encoding, Accept-Language
expires: Fri, 09 Dec 2022 13:24:33 GMT
set-cookie: PHPSESSID=7dsavmase4v3n6h5gur0brqqng; expires=Sun, 08-Jan-2023 13:24:33 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=az; expires=Sat, 10-Dec-2022 13:24:33 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Fri, 16-Dec-2022 13:24:33 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/footer_links
52.57.124.47200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/footer_links
IP 52.57.124.47:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/footer_links HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670592272.1.0.1670592272.0.0.0; _ga=GA1.2.820029146.1670592273; rst-uid=7006971855466659840; cid=1953031031; prid=most_partner.1953031031; pid=27480; sip=0; PHPSESSID=sduumtgjtau6fcbcivl0o80gs5; lunetics_locale=az; tz=Europe%2FOslo; _gid=GA1.2.708235892.1670592273; _gaclientid=820029146.1670592273; _gasessionid=20221209|01233840; _gahitid=1670592272967; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670592273216938539; _ym_d=1670592273; _fbp=fb.1.1670592273260.487751967; _ym_isad=2; _ym_visorc=b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:34 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 80649f0c8dc6641257169850741a3c0c
vary: Accept-Encoding, Accept-Language
expires: Fri, 09 Dec 2022 13:24:34 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/settings
52.57.124.47200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/settings
IP 52.57.124.47:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/settings HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1041
x-client-session: 9yw0f1mk06g2orwtiie6
x-client-device-id: is01v51m331xethp7ids
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg?cid=1953031031&pid=27480&sip=0
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670592272.1.0.1670592272.0.0.0; _ga=GA1.1.820029146.1670592273
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 13:24:33 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 85b41944a66fc3fe95a05bd21fd0ecb3
vary: Accept-Encoding, Accept-Language
expires: Fri, 09 Dec 2022 13:24:33 GMT
set-cookie: PHPSESSID=grdhl6jj3964i2ds7lpg781l1r; expires=Sun, 08-Jan-2023 13:24:33 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=az; expires=Sat, 10-Dec-2022 13:24:33 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Fri, 16-Dec-2022 13:24:33 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2