fp9jz3vp7mb.com/78uS/0/158137649/12230/94471
35.157.175.206308 Permanent Redirect 164 B URL HTTP/1.1 fp9jz3vp7mb.com/78uS/0/158137649/12230/94471
IP 35.157.175.206:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f23c4815ecaef1588f16ac735c0e15d6
026bf8cdd5076014b6fc822878e0086eb44da556
43a81fb3d47b34e7d42d6b8444f592ed9251b8e57db8f67d32419aa40b1480d0
GET /78uS/0/158137649/12230/94471 HTTP/1.1
Host: fp9jz3vp7mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 308 Permanent Redirect
Server: nginx
Date: Sun, 06 Nov 2022 11:07:46 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://fp9jz3vp7mb.com/78uS/0/158137649/12230/94471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8286265a56e3e10efd41b41618a54071
5f10ac9a050e15f5598674dc7ee3865b325d01a8
2da2fa0b2b86ccc4029d0baa4e9c5b21a6433228b84b451b72b1d318561d4ef2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2DA2FA0B2B86CCC4029D0BAA4E9C5B21A6433228B84B451B72B1D318561D4EF2"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8956
Expires: Sun, 06 Nov 2022 13:37:03 GMT
Date: Sun, 06 Nov 2022 11:07:47 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 72c64df35304c35cd95e4ed6e101e795
a39287987854d644a8da295da536fb31de8b44c1
a9bf0da57e0f108b376781ede4b9762ae1b0d088910d26fb7be98c2d03e69092
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5657
Cache-Control: max-age=86254
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:47 GMT
Etag: "63662d58-1d7"
Expires: Mon, 07 Nov 2022 11:05:21 GMT
Last-Modified: Sat, 05 Nov 2022 09:31:04 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 72c64df35304c35cd95e4ed6e101e795
a39287987854d644a8da295da536fb31de8b44c1
a9bf0da57e0f108b376781ede4b9762ae1b0d088910d26fb7be98c2d03e69092
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5657
Cache-Control: max-age=86254
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:47 GMT
Etag: "63662d58-1d7"
Expires: Mon, 07 Nov 2022 11:05:21 GMT
Last-Modified: Sat, 05 Nov 2022 09:31:04 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9f3527f898221f8ba6b5015f6decc100
ead93baa0e9d3a6297be3377dc3a624e5a3f509a
73a068f907cc50dd60af18d545b4264dd44bc4b9f40bf9adfceea157fdc33099
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73A068F907CC50DD60AF18D545B4264DD44BC4B9F40BF9ADFCEEA157FDC33099"
Last-Modified: Thu, 03 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2613
Expires: Sun, 06 Nov 2022 11:51:20 GMT
Date: Sun, 06 Nov 2022 11:07:47 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4736bac84ca28f2b1e961159fb4ea098
1319612979f53896fcfeacd4215c2715d4951e4c
5e81213e111ddf68c7f884f72b4e06fc4dc95eb902c3cf0762236b2418840dba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
Alt-Used: 0
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 06 Nov 2022 10:43:13 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1474
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: uiFekk3PYMVc7E9twvhbbXsjL+qJVdfjcxRxDaWPg4xTGadFcu8nvGgDWdDp40wODPZJmjCzAms=
x-amz-request-id: EG6GXAWNYQC2KRG7
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 06 Nov 2022 10:47:36 GMT
age: 1211
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:47 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bb42127819cfb60804c5ffd2ad1d26ff
cb6da4982acacbfe1aaf835b0edd830fcc9aa128
1f202c7dba41255c4290758da10cb0a9d7533045d23e9eae36b11ce4557103f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1F202C7DBA41255C4290758DA10CB0A9D7533045D23E9EAE36B11CE4557103F5"
Last-Modified: Fri, 04 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21556
Expires: Sun, 06 Nov 2022 17:07:03 GMT
Date: Sun, 06 Nov 2022 11:07:47 GMT
Connection: keep-alive
fp9jz3vp7mb.com/78uS/0/158137649/12230/94471
35.157.175.206302 Found 503 B URL HTTP/2 fp9jz3vp7mb.com/78uS/0/158137649/12230/94471
IP 35.157.175.206:0
Hash 59325051b78346498cd3d34f17ec92b2
dbac5c700db8f52f85225d646f50be6e8d957126
ad5054d4a404c4042204f66b3f2b28124f00582e8b046fc962a664808e8b485e
GET /78uS/0/158137649/12230/94471 HTTP/1.1
Host: fp9jz3vp7mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Sun, 06 Nov 2022 11:07:47 GMT
content-type: text/html; charset=UTF-8
set-cookie: TID=1764855829; expires=Tue, 06-Dec-2022 11:07:47 GMT; Max-Age=2592000; path=/; domain=fp9jz3vp7mb.com; HttpOnly
location: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d862f992e9902530594e7aca425f129b
25b414fe833d30b52928535d659a1ee281b82e3a
0c6286152fe8bb5fdf1505f2001d530a65ee53aa6d9601bbb1eecb683036071d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5070
Cache-Control: max-age=170614
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:47 GMT
Etag: "6367792b-1d7"
Expires: Tue, 08 Nov 2022 10:31:21 GMT
Last-Modified: Sun, 06 Nov 2022 09:06:51 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 0ebfacc25ab9b9a64d3511d18a6060c2
69992be57175b24bbd95d4d9cbf22e5696330887
aedec32b3d60a18a5472c8811e7c296cf3624db7846ec4db10fe5f2cd2f3a0df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 457
Cache-Control: max-age=85346
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:48 GMT
Etag: "63663e1d-117"
Expires: Mon, 07 Nov 2022 10:50:14 GMT
Last-Modified: Sat, 05 Nov 2022 10:42:37 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
54.230.111.92200 OK 23 kB URL HTTP/1.1 cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
IP 54.230.111.92:0
File type C source, ASCII text, with very long lines (539)
Hash bfcc64224f8c6e43e026afb16bd0f4f8
4b1a0dbd96c3047a917ba024690ffc4d544b8b00
c87358a7c76c044147379c9415f96488045b936666093c83fd0e57e08316548e
GET /js/11DAF087E87A3DFD/scarab-v2.js HTTP/1.1
Host: cdn.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Timing-Allow-Origin: *
Date: Sun, 06 Nov 2022 10:47:49 GMT
Cache-Control: max-age=3600,public
ETag: "aa53180343ab25d32aa7294158ca3216--gzip"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 4LH7Q4hkdFknPa5urXNl2laTwfTOhYRz4y7EhOoY7xqEcIWquyInCw==
Age: 1574
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 0ebfacc25ab9b9a64d3511d18a6060c2
69992be57175b24bbd95d4d9cbf22e5696330887
aedec32b3d60a18a5472c8811e7c296cf3624db7846ec4db10fe5f2cd2f3a0df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 457
Cache-Control: max-age=85346
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:48 GMT
Etag: "63663e1d-117"
Expires: Mon, 07 Nov 2022 10:50:14 GMT
Last-Modified: Sat, 05 Nov 2022 10:42:37 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 0ebfacc25ab9b9a64d3511d18a6060c2
69992be57175b24bbd95d4d9cbf22e5696330887
aedec32b3d60a18a5472c8811e7c296cf3624db7846ec4db10fe5f2cd2f3a0df
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3525
Cache-Control: max-age=88414
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:48 GMT
Etag: "63663e1d-117"
Expires: Mon, 07 Nov 2022 11:41:22 GMT
Last-Modified: Sat, 05 Nov 2022 10:42:37 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
front.cdn-mb.com/spa-static/1.4.1000/static/css/main.687ea28c.chunk.css
104.21.9.158200 OK 353 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1000/static/css/main.687ea28c.chunk.css
IP 104.21.9.158:0
Hash 4e9a44aa041f705163e1b984fe1733cf
436622beaa398a2f44b46291994ba46bc92327e7
1a6ae35bab7df2fa9b1af3cdd653705595882c231421a6adc5a4ce1b3b02f957
GET /spa-static/1.4.1000/static/css/main.687ea28c.chunk.css HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 06 Nov 2022 11:07:48 GMT
content-type: text/css
last-modified: Thu, 03 Nov 2022 10:33:47 GMT
vary: Accept-Encoding
etag: W/"6363990b-54"
expires: Sun, 06 Nov 2022 14:56:30 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 678
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fygEhFmT%2FUvLrQKe6TLLUIX9iDOl7MJfqAGdbmsCo0o1APSCoUk3X8GRolMJlUAldMerH61qXgDKi4yVyK6%2BoxpBRyKTmOUWN3R9XG9XEZhxXqnef5P4D7rhyQ4%2BKxQDgvNE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 765d5e198d35b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash e13e65ad7f6f12300b12d6cd6936d621
575faf606b5c5e39e0fbbef59998bcd3625aa141
10787f99c02b63d52b9b74fcec9497108d67c56c4a9436e0e3c9a7129d727dda
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.scarabresearch.com/wpjs/wploader.js?ts=2757
54.230.111.9200 OK 11 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wploader.js?ts=2757
IP 54.230.111.9:0
File type Unicode text, UTF-8 text, with very long lines (26064)
Hash ad1bbe9d7613a5547413ffefc14bca0c
790a2e3c3e412a0735fad92fb7fa93ec84ec04bd
0e3526e4b842abf28d653892339340ffd21b378b0efc7ac8886b3aeb14fdcb9f
GET /wpjs/wploader.js?ts=2757 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 10 Oct 2022 11:09:48 GMT
x-amz-version-id: DzVXMgBeksdrQfAKjc.ckmkVhMlLjwqT
Server: AmazonS3
Content-Encoding: gzip
Date: Sun, 06 Nov 2022 05:21:48 GMT
Cache-Control: max-age=86400
ETag: W/"1bb200ba7add3c5d4bfb6f3822bfe5af"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 3lMcm81LbWyHjf2zlSFXz4EZCdGyPXk7uRuvXbXeV-toVnxlm0Z01g==
Age: 20761
3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
35.159.51.213200 OK 16 kB URL HTTP/2 3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
IP 35.159.51.213:0
Hash 37608ae2115693193f5001ec24a6be9a
4dc6bddf15eebc8dd36549a5274c6b43ffc2d45b
3e8956db46c13f980a2d5c472ab33decdd99cc71a5a09cc85ffccc2625570f0d
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/casino-reg?cid=1764855829&pid=14628&sip=0 HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:47 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
142.250.74.168200 OK 55 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (13413)
Hash 5aa6601bc418190b21743b2a9485318b
2e6365c28e2d2d75e9875406630df543ff8c4ca8
fb2f5fbfc7731b9eb3d582d4cdf92a2afeb9edbda97e5212dad3941f25bcc27b
GET /gtm.js?id=GTM-5PMSX62 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 06 Nov 2022 11:07:48 GMT
expires: Sun, 06 Nov 2022 11:07:48 GMT
cache-control: private, max-age=900
last-modified: Sun, 06 Nov 2022 09:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 55290
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
static.scarabresearch.com/wpjs/wpes6.js?ts=2757
54.230.111.9200 OK 32 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wpes6.js?ts=2757
IP 54.230.111.9:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash d136b04f0db664d369fe5572a282e25e
cc217f749818ef0131b2d3bb633a2c50a84a8cf1
fc130657a0a2cd16a7a7433ca95f51b254da4db885301d066930db2e4563bb6c
GET /wpjs/wpes6.js?ts=2757 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 10 Oct 2022 11:09:51 GMT
x-amz-version-id: B7kEOPd3f.UUaahYeIIXT30URW6wDjD.
Server: AmazonS3
Content-Encoding: gzip
Date: Sun, 06 Nov 2022 04:38:02 GMT
Cache-Control: max-age=86400
ETag: W/"aea14a7926cfb79f14472c23a4b1543b"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 784cb0c259a6d79800d037bda4e7de86.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: V_HHxZvaVn3EZHNTBGyzupVZSjPqMvFevtH5BBqwtnC_vGhhPgl7_w==
Age: 23387
push.services.mozilla.com/
54.189.139.67101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.189.139.67:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: lFv5vPQiGzbb6gLKhMMigA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: mgeZEO3CM1KcUd+07gLX6eq8rXQ=
rstat.rockmostbet.com/lib.js
162.55.5.93200 OK 237 kB URL HTTP/2 rstat.rockmostbet.com/lib.js
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (29927), with LF, NEL line terminators
Size 237 kB (236698 bytes)
Hash 9ec2c677deb316e2b5952daa482862e3
7332bac5f3272450fbda5e973d4bf4a314d89c0c
77927e532dd73ffa1083d28a43651e36c463314cb02b8d1a6143618d85d10121
GET /lib.js HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript
date: Sun, 06 Nov 2022 11:07:48 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=6994978640312139776; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 0
x-xss-protection: 1
content-length: 236698
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 5045ec89a20e83c691ae603757910dec
b612170342afe43341439d66261b392faa0fffa9
403c5c2ba46ade0ab034fddcc1497ecbae7d4182f05845a77e1a87426b4e04db
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 659
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sun, 06 Nov 2022 11:07:48 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=6994978640312139776; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 7
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/partners/sport_logo.png
35.159.51.213404 Not Found 12 kB URL HTTP/2 3vsmdh0yz31vwcemst.com/partners/sport_logo.png
IP 35.159.51.213:0
Hash 9cb63f98ac52e3e81073632837f407f0
05df7256757873cc30dbfed108a154febf400095
52b0bd2459f3e4bcabf37a8ed084be78befdf3698889e8501ac2cdee164b5ece
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/sport_logo.png HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
Cookie: theme=desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sun, 06 Nov 2022 11:07:48 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 06 Nov 2022 10:41:09 GMT
expires: Sun, 06 Nov 2022 12:41:09 GMT
cache-control: public, max-age=7200
age: 1599
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 498a93ef6474e78f5c7b8ec391786b1c
2fdbd636d3ec6c2476c2ac34697ba171eecdb768
ab9705c42b3e1f2c2cc005974f4dd27f75c27a053bd29e81d2a99824200dcef7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6283
Cache-Control: max-age=151294
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:48 GMT
Etag: "636728f7-1d7"
Expires: Tue, 08 Nov 2022 05:09:22 GMT
Last-Modified: Sun, 06 Nov 2022 03:24:39 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 43 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
Hash 59f4c496806746aad22687977e0f3556
d1d98ed53e7fa581f37644d28a7c11cfec9dba94
ecaf55db8a7e096ad3233bac7ba6b52650d52ab2bca01007ee13286a31c14cb6
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: oiRx+mRzJedUcFmXjp4KV1Ij6uYdw69HIckTjkMnwXiSQClpwhkMMkJp7owDOb4O2oT/PMjOeiuL0FlYeOy4vg==
content-length: 27337
x-fb-trip-id: 1904183273
date: Sun, 06 Nov 2022 11:07:48 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 48dea9f70f26292574467e6e4199f9d7
71639ad4f4c098aaf97c764a68458b9d214e0294
21ca9e43bd5d879ab38e87b7276acc1c2d7a03c34149f2220d4e79f1f3ea1781
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2022 11:07:48 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Thu, 10 Nov 2022 06:46:32 GMT
ETag: "71639ad4f4c098aaf97c764a68458b9d214e0294"
Last-Modified: Sun, 06 Nov 2022 06:46:33 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3198
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 765d5e1d88a8b4ff-OSL
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 498a93ef6474e78f5c7b8ec391786b1c
2fdbd636d3ec6c2476c2ac34697ba171eecdb768
ab9705c42b3e1f2c2cc005974f4dd27f75c27a053bd29e81d2a99824200dcef7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6283
Cache-Control: max-age=151294
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:48 GMT
Etag: "636728f7-1d7"
Expires: Tue, 08 Nov 2022 05:09:22 GMT
Last-Modified: Sun, 06 Nov 2022 03:24:39 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
172.64.155.188200 OK 61 kB IP 172.64.155.188:0
Hash 206254b1b12c79c085f03b8e6315fec4
b7dfc322044683f365d6b2e2634804ba907cab08
3575630006b434cce1f8e50a7b95a337b044382d301b2c46fd57ac0a3cdb1b4f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 06 Nov 2022 11:07:48 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 03 Nov 2022 18:25:20 GMT
Expires: Thu, 10 Nov 2022 18:25:19 GMT
Etag: "c5588f7f402a41c39405d7459367eadb893fafaf"
Cache-Control: max-age=371250,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 765d5e1cfca4b4eb-OSL
mc.yandex.ru/metrika/tag.js
93.158.134.119200 OK 74 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 93.158.134.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (587)
Hash b8652e33f5bd5ff280922739cb5b55f1
a1b0a76e7ed8cf5a87eba6b2bd3413d9c1cc3963
bb6e49dc63f5bae83b1b3303951f9aca12e41bc314db2e7d0315f4dc7396edb6
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73490
date: Sun, 06 Nov 2022 11:07:48 GMT
access-control-allow-origin: *
etag: "63575841-11f12"
expires: Sun, 06 Nov 2022 12:07:48 GMT
last-modified: Tue, 25 Oct 2022 06:30:09 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
my.rtmark.net/p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01
139.45.195.8200 OK 14 kB URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01
IP 139.45.195.8:0
Hash f30231e286b90add3a024b153d4364a5
16fbe2c474d5f4a1d6deefb6454c46283a7914ed
644cc167fc18d3b3920066b2b0a2c39177fd452c3e43170276e304c6502a8950
GET /p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:48 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v1/websocket/credentials
35.159.51.213200 OK 274 B URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v1/websocket/credentials
IP 35.159.51.213:0
Hash ed0a5336e62e4f696a69e1e1bf25dfdc
10ef3acb4b29509849868a470e206a27bbd5ef4f
186d589454ab0cd1e430640ea9164659b99881d3fbca3123a590d218cdeba2e1
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/websocket/credentials HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1000
x-client-session: u530f28kl29rtrcpite8
x-client-device-id: oeu0r2wt4wd1jwdnr56f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
Cookie: theme=desktop; rst-uid=6994978640312139776
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:48 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: e2f62a77d7e6c3c859f456a4332bcce7
vary: Accept-Encoding, Accept-Language
expires: Sun, 06 Nov 2022 11:07:48 GMT
set-cookie: PHPSESSID=srhn4b89g98o7f5sagq9rq9e0c; expires=Tue, 06-Dec-2022 11:07:48 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=bn; expires=Mon, 07-Nov-2022 11:07:48 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sun, 13-Nov-2022 11:07:48 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 6b72bfaacba486284aa2ecb4bcd8ebba
89fa4ef09e60380fc432c73b7919a29f26117088
fed14b27362ffe0dfbe0b1696e8dab5f6bba3e08b76bec620e75f0f3f213f69b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
3vsmdh0yz31vwcemst.com/connection/websocket
35.159.51.213101 Switching Protocols 0 B URL HTTP/1.1 3vsmdh0yz31vwcemst.com/connection/websocket
IP 35.159.51.213:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /connection/websocket HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://3vsmdh0yz31vwcemst.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: dYUdgNkSyVa55/7yd2vWyw==
Connection: keep-alive, Upgrade
Cookie: theme=desktop; rst-uid=6994978640312139776; cid=1764855829; prid=most_partner.1764855829; pid=14628; sip=0; _ga=GA1.2.956072864.1667732867; _gid=GA1.2.1188264543.1667732867; _gaclientid=956072864.1667732867; _gasessionid=20221106|00580832; _gahitid=1667732866865; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=re5j6di7857mv40qpvekthkkf8; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=166773286733532740; _ym_d=1667732867; _fbp=fb.1.1667732867313.2075892323
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Sun, 06 Nov 2022 11:07:49 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: I2Yny/+x0RWCgDsIq5t4+JPTkEc=
www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
142.250.74.164200 OK 580 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
IP 142.250.74.164:0
File type ASCII text, with very long lines (909), with no line terminators
Hash 276ef225d39b0e3f26a2572dd924d06e
e41deb7f1fe92b465616f95d277e60c69c27f0ae
4f2a71182dd3a60389408a49f7e6c03e0a107deabe0f7662325d4ef2a452ed25
GET /recaptcha/api.js?onload=onloadcallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 06 Nov 2022 11:07:49 GMT
date: Sun, 06 Nov 2022 11:07:49 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 580
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 319c5fce418f38ca0af491f1f0ee8ec0
7a460cb1c18604413ff04daa406d5b2aacd2882a
3350c02c29bcdcb4e17f91c85b78587ad60da9c8e12801ecc6f37cfcf84cf5a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3350C02C29BCDCB4E17F91C85B78587AD60DA9C8E12801ECC6F37CFCF84CF5A3"
Last-Modified: Sat, 05 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2089
Expires: Sun, 06 Nov 2022 11:42:38 GMT
Date: Sun, 06 Nov 2022 11:07:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 319c5fce418f38ca0af491f1f0ee8ec0
7a460cb1c18604413ff04daa406d5b2aacd2882a
3350c02c29bcdcb4e17f91c85b78587ad60da9c8e12801ecc6f37cfcf84cf5a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3350C02C29BCDCB4E17F91C85B78587AD60DA9C8E12801ECC6F37CFCF84CF5A3"
Last-Modified: Sat, 05 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2089
Expires: Sun, 06 Nov 2022 11:42:38 GMT
Date: Sun, 06 Nov 2022 11:07:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 319c5fce418f38ca0af491f1f0ee8ec0
7a460cb1c18604413ff04daa406d5b2aacd2882a
3350c02c29bcdcb4e17f91c85b78587ad60da9c8e12801ecc6f37cfcf84cf5a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3350C02C29BCDCB4E17F91C85B78587AD60DA9C8E12801ECC6F37CFCF84CF5A3"
Last-Modified: Sat, 05 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2089
Expires: Sun, 06 Nov 2022 11:42:38 GMT
Date: Sun, 06 Nov 2022 11:07:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 319c5fce418f38ca0af491f1f0ee8ec0
7a460cb1c18604413ff04daa406d5b2aacd2882a
3350c02c29bcdcb4e17f91c85b78587ad60da9c8e12801ecc6f37cfcf84cf5a3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3350C02C29BCDCB4E17F91C85B78587AD60DA9C8E12801ECC6F37CFCF84CF5A3"
Last-Modified: Sat, 05 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2089
Expires: Sun, 06 Nov 2022 11:42:38 GMT
Date: Sun, 06 Nov 2022 11:07:49 GMT
Connection: keep-alive
3vsmdh0yz31vwcemst.com/upload/spa/olympics.json?1667732866813
35.159.51.213200 OK 57 B URL HTTP/2 3vsmdh0yz31vwcemst.com/upload/spa/olympics.json?1667732866813
IP 35.159.51.213:0
File type JSON data\012- , ASCII text
Hash 699fcb5ccd2812be5fae82a0ed8ef47a
70e5f4f043975eef8a9d06550eede41376223939
7c03f40b758772a98f1d037b61244ba8cf2edcf81f35817b7a15fbd727600a82
Analyzer Verdict Alert quad9 Sinkholed
GET /upload/spa/olympics.json?1667732866813 HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1000
x-client-session: u530f28kl29rtrcpite8
x-client-device-id: oeu0r2wt4wd1jwdnr56f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
Cookie: theme=desktop; rst-uid=6994978640312139776; cid=1764855829; prid=most_partner.1764855829; pid=14628; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:48 GMT
content-type: application/json
last-modified: Sat, 05 Feb 2022 09:22:40 GMT
vary: Accept-Encoding
etag: W/"61fe41e0-2d"
expires: Sun, 13 Nov 2022 11:07:48 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=669b51gb2drk7ntxkgsb98
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=669b51gb2drk7ntxkgsb98
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=669b51gb2drk7ntxkgsb98 HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://3vsmdh0yz31vwcemst.com/
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: dc7e71c62616483eb07a944e1f2d69dc
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sun, 06 Nov 2022 11:07:49 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash d2b4c49a0fb79e3d3bc40d2a28b27120
3f53633851cf851451354ccfd2931f2ec7a9e40f
a8a4ca2c09bae5cc3375077e531b357e2c1724693433a085ad038e3e6adfd96b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/test_cookie_set?testcookie=8ye1wcmw96y6qexid3w2r
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=8ye1wcmw96y6qexid3w2r
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=8ye1wcmw96y6qexid3w2r HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1000
x-client-session: u530f28kl29rtrcpite8
x-client-device-id: oeu0r2wt4wd1jwdnr56f
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 0533f3d38e1744b8af89f0c71cfe94aa
set-cookie: test_cooke_8ye1wcmw96y6qexid3w2r=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Sun, 06 Nov 2022 11:07:49 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=669b51gb2drk7ntxkgsb98
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=669b51gb2drk7ntxkgsb98
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=669b51gb2drk7ntxkgsb98 HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1000
x-client-session: u530f28kl29rtrcpite8
x-client-device-id: oeu0r2wt4wd1jwdnr56f
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 8ef3f705c4324fb699b60924594bb20f
set-cookie: test_cooke_669b51gb2drk7ntxkgsb98=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Sun, 06 Nov 2022 11:07:49 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:49 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=f1945c90b3984ddfadf716af7da5e418; expires=Mon, 06 Nov 2023 11:07:49 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v1/currency-specific-settings/BDT.json
35.159.51.213200 OK 220 B URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v1/currency-specific-settings/BDT.json
IP 35.159.51.213:0
File type JSON data\012- , ASCII text, with very long lines (608), with no line terminators
Hash d031731b734d6376d9d35f1477d09b28
d62276becb2e5e1bac920cf5157fbd386703a7d9
38f25b3d98506b8c5944d6e0a352436c51b45176952e54c5c9eb646649b92da2
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currency-specific-settings/BDT.json HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1000
x-client-session: u530f28kl29rtrcpite8
x-client-device-id: oeu0r2wt4wd1jwdnr56f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
Cookie: theme=desktop; rst-uid=6994978640312139776; cid=1764855829; prid=most_partner.1764855829; pid=14628; sip=0; _ga=GA1.2.956072864.1667732867; _gid=GA1.2.1188264543.1667732867; _gaclientid=956072864.1667732867; _gasessionid=20221106|00580832; _gahitid=1667732866865; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=re5j6di7857mv40qpvekthkkf8; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=166773286733532740; _ym_d=1667732867; _fbp=fb.1.1667732867313.2075892323
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:49 GMT
content-type: application/json
cache-control: max-age=3600, private
etag: W/"f62f3a14a21eec1626541cbc2e78a9c1"
x-request-id: a54818556a216aafbcaa012cfed6c887
vary: Accept-Encoding, Accept-Language
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=8ye1wcmw96y6qexid3w2r
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=8ye1wcmw96y6qexid3w2r
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash caf33483167cc6a28994a501b478f8df
8b80faf52bdfda242a8a7c2d2cff45a26c43d031
070bf1d4556043cf533cca3e374c72481fb31525f9254c46a37031fb35f69f0e
GET /multiauth/test_cookie_get?testcookie=8ye1wcmw96y6qexid3w2r HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1000
x-client-session: u530f28kl29rtrcpite8
x-client-device-id: oeu0r2wt4wd1jwdnr56f
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Cookie: test_cooke_8ye1wcmw96y6qexid3w2r=1; test_cooke_669b51gb2drk7ntxkgsb98=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: a414a5fa02e241e99b0e62f653efaba6
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Sun, 06 Nov 2022 11:07:49 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v2/translations?locales[]=bn&domains[]=messages&fallback=1
35.159.51.213200 OK 725 kB URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v2/translations?locales[]=bn&domains[]=messages&fallback=1
IP 35.159.51.213:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size 725 kB (724871 bytes)
Hash 4f1d9b7918ef25c49701cc6ce588317a
f4128e8e9a7df59602f439152d868a7db75f0bd2
a390c5c9ace338dca917aea149359a9d72296a81c970ee66b00a83bca76e1051
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=bn&domains[]=messages&fallback=1 HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
Connection: keep-alive
Cookie: theme=desktop; rst-uid=6994978640312139776; cid=1764855829; prid=most_partner.1764855829; pid=14628; sip=0; _ga=GA1.2.956072864.1667732867; _gid=GA1.2.1188264543.1667732867; _gaclientid=956072864.1667732867; _gasessionid=20221106|00580832; _gahitid=1667732866865; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=re5j6di7857mv40qpvekthkkf8; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=166773286733532740; _ym_d=1667732867
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:49 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"ab9cacf48b4068e9d168fafe21390d78"
x-request-id: 9eca5bf6d5990ca6622d734eea9de7ed
vary: Accept-Encoding, Accept-Language
expires: Sun, 06 Nov 2022 11:07:49 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11143
Expires: Sun, 06 Nov 2022 14:13:32 GMT
Date: Sun, 06 Nov 2022 11:07:49 GMT
Connection: keep-alive
mostauthor.com/multiauth/test_cookie_get?testcookie=669b51gb2drk7ntxkgsb98
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=669b51gb2drk7ntxkgsb98
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash caf33483167cc6a28994a501b478f8df
8b80faf52bdfda242a8a7c2d2cff45a26c43d031
070bf1d4556043cf533cca3e374c72481fb31525f9254c46a37031fb35f69f0e
GET /multiauth/test_cookie_get?testcookie=669b51gb2drk7ntxkgsb98 HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1000
x-client-session: u530f28kl29rtrcpite8
x-client-device-id: oeu0r2wt4wd1jwdnr56f
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Cookie: test_cooke_8ye1wcmw96y6qexid3w2r=1; test_cooke_669b51gb2drk7ntxkgsb98=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: d2eb90b2b8694d088302fdb405384f57
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Sun, 06 Nov 2022 11:07:49 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11143
Expires: Sun, 06 Nov 2022 14:13:32 GMT
Date: Sun, 06 Nov 2022 11:07:49 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3bf1a5e65cd048b761eac5cb0b52048a
f64cface851717dee160a5c6fad975cc34fe4cd2
8b849bbe5d73c02bd82c39e5970ef02d46bf36ccfed31b51db437d85d12c004b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8B849BBE5D73C02BD82C39E5970EF02D46BF36CCFED31B51DB437D85D12C004B"
Last-Modified: Sat, 05 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11143
Expires: Sun, 06 Nov 2022 14:13:32 GMT
Date: Sun, 06 Nov 2022 11:07:49 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78f88d98-b52b-4ad1-8cfc-e60fd17b46e0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78f88d98-b52b-4ad1-8cfc-e60fd17b46e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b370c4e3b01be9fbbc3e310e6958cd55
cc22e90a0b476215f2fd864d84c9b00dded100a6
f54d90c5854b6f140b63dad3aa92bd858b8f360b8c77d50fdf344e813e9385c5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78f88d98-b52b-4ad1-8cfc-e60fd17b46e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11535
x-amzn-requestid: 0a1d9895-e2e3-4070-921a-736d8c6f254e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJatPGwjoAMFx8Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d7ee-101a7f3a2b834d0b411c9de0;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:38:54 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: gjEERXiPH4yDHtW87u7qRDYz1A2DKKlkYXKVC3F9VshnRvhh2wSaSQ==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 b36bf2c460ac693ce304817aed073112.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 22:08:57 GMT
age: 46732
etag: "cc22e90a0b476215f2fd864d84c9b00dded100a6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg
IP 34.120.237.76:0
Hash a4bdc143b550c96c6a52c09d06cb6f8a
1151b590529d5e2f6720ac520ba09503100c90e9
51370af7c8eeb10f84e993aeb81898a80e290dcc5d0bedf30cde981da9f05a54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc6fadd94-b1a4-4bdc-bcf4-b6bade4840a0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10462
x-amzn-requestid: 43480a38-fd89-4c47-b8c4-e6ba90b1321c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aMF6oEz_oAMF8Hg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-634e5043-6617fd2e59cab00135301cdd;Sampled=0
x-amzn-remapped-date: Tue, 18 Oct 2022 07:05:39 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 3fDf4aoep5tTAusisXhIdAf0A6SbpM5fYtYaiXtNSb0-VRJo5nu8Vg==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 09:11:34 GMT
age: 6975
etag: "f052e1f8b2bf4a8eeecfa5b82e27ada1b7719a0c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8df47f1e-c13a-452f-b0e2-28c141dbb191.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8df47f1e-c13a-452f-b0e2-28c141dbb191.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b18a8c9f5539ce33476f843f5811e01d
11d1f2ce72d2aa6686c79f777cd0bdb4ddeb681b
fc20e507eedccb52078979f2132434b11b9d50d917cab512d8e0c99515b1236c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8df47f1e-c13a-452f-b0e2-28c141dbb191.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7573
x-amzn-requestid: d56e7b27-f2cb-4cd3-9f67-ba18d1bfe270
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bDkhGHmjoAMFxxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6364813a-3a1c18b13c41f38673890b00;Sampled=0
x-amzn-remapped-date: Fri, 04 Nov 2022 03:04:26 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: c-u9tBFoIve3sEwtbUvIFZoPu6eudy3ZFQi8j2m9mTPNEarihTvddw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Sun, 06 Nov 2022 03:24:54 GMT
age: 27775
etag: "11d1f2ce72d2aa6686c79f777cd0bdb4ddeb681b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff56714e2-704b-4327-92b2-54e71d0c4d40.webp
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff56714e2-704b-4327-92b2-54e71d0c4d40.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dcc79e66d1e21452efb26d26650f6739
1f727a7ea032082658944cf4041686446fb6b5f2
af1fe8de442a365a108d5c03f0d3ae8b0beb1abb4f267a46979f9c885ee026c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff56714e2-704b-4327-92b2-54e71d0c4d40.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8961
x-amzn-requestid: 3a50374d-d90e-452e-bb89-82ca14c94b52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJarpGtqIAMFkPg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d7e3-55c356475fb64e6625a338c7;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:38:44 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: OR8zISm84Iz0FL3Km-aQOHSnjROX2-S_lKloAhMAThT17igEWRbxkA==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 21:44:20 GMT
age: 48209
etag: "1f727a7ea032082658944cf4041686446fb6b5f2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 06 Nov 2022 11:07:49 GMT
access-control-allow-origin: *
etag: "63575841-2b"
expires: Sun, 06 Nov 2022 12:07:49 GMT
accept-ranges: bytes
last-modified: Tue, 25 Oct 2022 06:30:09 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4dd82c6-5260-42a1-b9dd-3fadf975bc74.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4dd82c6-5260-42a1-b9dd-3fadf975bc74.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 551796a02f4aaaa3665290e79bf3ce07
6bf2e0fabc3fa8140c81b72424dcf9d31180bf6b
43f8a845006da27ad3aaa6f898ed2f6de13ee3819f548f939c110e9f900c52ad
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc4dd82c6-5260-42a1-b9dd-3fadf975bc74.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7950
x-amzn-requestid: 706197c6-9e07-439f-8043-a44dc764cd77
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJabbEsaIAMFQgg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d77c-22c4d5632b6a8d013c858293;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:37:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: YdHmfpuc0HZXIGhCLmwIKVLieweFwvLF4NIJ0Rct3YROJ27JeuwcWg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 b13f158bdf9805ca47e07c0c35870c12.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 22:24:06 GMT
age: 45823
etag: "6bf2e0fabc3fa8140c81b72424dcf9d31180bf6b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3420191-fa21-4db2-9043-c0adac7b0820.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3420191-fa21-4db2-9043-c0adac7b0820.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 39ac4f41f6bbdba85b2afeb7b011db5f
8e7a2be19b5c7682e86aec81907f6026d14d7313
fbd813af4eb335e1aefa6fb78b672bf89f8606ef688c98d3bd38ffdb77abfba3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3420191-fa21-4db2-9043-c0adac7b0820.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8160
x-amzn-requestid: 31cf0571-0ef2-4c99-a6be-afd806b7f449
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bJaroFHhoAMF26g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6366d7e3-269b7bcc1bcb8bdc4aa51dc9;Sampled=0
x-amzn-remapped-date: Sat, 05 Nov 2022 21:38:43 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: K34CTk465OjihLQjLdqM1DqCxBF3lOA1D0DUaHWBj38krob66WwMzA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Sat, 05 Nov 2022 21:44:20 GMT
age: 48209
etag: "8e7a2be19b5c7682e86aec81907f6026d14d7313"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?wmode=7&page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110747%3Aet%3A1667732867%3Ac%3A1%3Arn%3A272539504%3Arqn%3A1%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C244%2C31%2C0%2C742%2C0%2C%2C612%2C3%2C%2C%2C%2C1661%3Ans%3A1667732864877%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1667732867%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
93.158.134.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?wmode=7&page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110747%3Aet%3A1667732867%3Ac%3A1%3Arn%3A272539504%3Arqn%3A1%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C244%2C31%2C0%2C742%2C0%2C%2C612%2C3%2C%2C%2C%2C1661%3Ans%3A1667732864877%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1667732867%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 777a878a59fc7f40085e0a025d0b12fe
1f2825fe9813cfcf9dd939748e73dcd585ccef1b
855cc70c2e0b2c2224d26880baa94abd969ef46cd99a36081bac28db2890d54f
GET /watch/37954615/1?wmode=7&page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110747%3Aet%3A1667732867%3Ac%3A1%3Arn%3A272539504%3Arqn%3A1%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C244%2C31%2C0%2C742%2C0%2C%2C612%2C3%2C%2C%2C%2C1661%3Ans%3A1667732864877%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1667732867%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Referer: https://3vsmdh0yz31vwcemst.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Sun, 06 Nov 2022 11:07:49 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 06-Nov-2022 11:07:49 GMT
last-modified: Sun, 06-Nov-2022 11:07:49 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&rl=&if=false&ts=1667732867314&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1667732867313.2075892323&it=1667732866883&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&rl=&if=false&ts=1667732867314&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1667732867313.2075892323&it=1667732866883&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&rl=&if=false&ts=1667732867314&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1667732867313.2075892323&it=1667732866883&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sun, 06 Nov 2022 11:07:49 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 62a8ce6a2338913103618edb2f4a9dbe
0e0850b1aef6ed524d119a41145112b84c257687
51d11b07f58551b5864fb55d4560d8a2237c2351036de0af7e25c81816763b31
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash f3832eb0418d94ec98c40df1bcf3ce5b
74dd7fa6ff4f9da9324c0772d075da5f42ab5879
cc42acc8dffa6c7f0c4c3a16ffe8c88919daf4859b7524a7a0ffc6e4b169c50d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash f3832eb0418d94ec98c40df1bcf3ce5b
74dd7fa6ff4f9da9324c0772d075da5f42ab5879
cc42acc8dffa6c7f0c4c3a16ffe8c88919daf4859b7524a7a0ffc6e4b169c50d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/Ixi5IiChXmIG6rRkjUa1qXHT/recaptcha__en.js
142.250.74.163200 OK 162 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Ixi5IiChXmIG6rRkjUa1qXHT/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (590)
Size 162 kB (162282 bytes)
Hash 05e06c50dab6f3d7f8bfde22301888db
64b3c20c788d298a672fabf9627eac914d95ed08
95176711feca1110e764a31e36764d5b331b033ed56fb372b42250329b33e1d6
GET /recaptcha/releases/Ixi5IiChXmIG6rRkjUa1qXHT/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162282
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 06 Nov 2022 09:05:49 GMT
expires: Mon, 06 Nov 2023 09:05:49 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 31 Oct 2022 04:02:45 GMT
content-type: text/javascript
age: 7320
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=956072864.1667732867&jid=2062724942&uid=0&gjid=1890648839&_gid=1188264543.1667732867&_u=YEBAAEAAAAAAACAEK~&z=1317422996
64.233.162.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=956072864.1667732867&jid=2062724942&uid=0&gjid=1890648839&_gid=1188264543.1667732867&_u=YEBAAEAAAAAAACAEK~&z=1317422996
IP 64.233.162.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=956072864.1667732867&jid=2062724942&uid=0&gjid=1890648839&_gid=1188264543.1667732867&_u=YEBAAEAAAAAAACAEK~&z=1317422996 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 06 Nov 2022 11:07:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=956072864.1667732867&jid=2101565450&uid=0&gjid=1897309774&_gid=1188264543.1667732867&_u=YEDAAEABAAAAACAEK~&z=1895860412
64.233.162.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=956072864.1667732867&jid=2101565450&uid=0&gjid=1897309774&_gid=1188264543.1667732867&_u=YEDAAEABAAAAACAEK~&z=1895860412
IP 64.233.162.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=956072864.1667732867&jid=2101565450&uid=0&gjid=1897309774&_gid=1188264543.1667732867&_u=YEDAAEABAAAAACAEK~&z=1895860412 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 06 Nov 2022 11:07:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 62a8ce6a2338913103618edb2f4a9dbe
0e0850b1aef6ed524d119a41145112b84c257687
51d11b07f58551b5864fb55d4560d8a2237c2351036de0af7e25c81816763b31
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/ping
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://3vsmdh0yz31vwcemst.com/
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 8bd9a2ff8f90457484d63d56a7734ec6
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sun, 06 Nov 2022 11:07:50 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 3ebbd65a2bdd5c6f3dea5a6b99b25f0d
484be27b25b736a7e7e2b1d5ef9760aecdcec01b
5616e6c097b0b7680eeee193b58950faa38c9792e8793c16c315e2554a34cdd1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/ping
185.26.99.196401 Unauthorized 35 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 0d996c3fba12286419cc5490ecc262f2
8d763a6d6dc7b73504e259d6755a91215cc90a77
89ee31619ad837c48dfe0eeb3bd1e65d8c372d8b73c1f1e345c6dd91aca7f25f
GET /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1000
x-client-session: u530f28kl29rtrcpite8
x-client-device-id: oeu0r2wt4wd1jwdnr56f
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Cookie: test_cooke_8ye1wcmw96y6qexid3w2r=1; test_cooke_669b51gb2drk7ntxkgsb98=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 401 Unauthorized
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 153805c94cd442fca8921dfd73eedc67
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 35
date: Sun, 06 Nov 2022 11:07:50 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash f3832eb0418d94ec98c40df1bcf3ce5b
74dd7fa6ff4f9da9324c0772d075da5f42ab5879
cc42acc8dffa6c7f0c4c3a16ffe8c88919daf4859b7524a7a0ffc6e4b169c50d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash 3ebbd65a2bdd5c6f3dea5a6b99b25f0d
484be27b25b736a7e7e2b1d5ef9760aecdcec01b
5616e6c097b0b7680eeee193b58950faa38c9792e8793c16c315e2554a34cdd1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 02 Nov 2022 14:07:32 GMT
expires: Thu, 02 Nov 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 334818
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.23200 OK 1.8 kB IP 192.124.249.23:0
Hash 003e777a6ce831c56c4ac0613cb6b85e
3029a955bea71d8f9e6a003d64d06e47bcea1ca8
1e7a11593f7e44f79dc7ab6b27c31d4611408539c3f3deab6f51dcc2b58c2986
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 06 Nov 2022 11:07:49 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 05 Nov 2022 21:25:00 GMT
Expires: Sun, 06 Nov 2022 21:25:00 GMT
ETag: "3029a955bea71d8f9e6a003d64d06e47bcea1ca8"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
code.jivosite.com/widget/3bcOoG4MqH
92.223.124.24200 OK 5.9 kB URL HTTP/2 code.jivosite.com/widget/3bcOoG4MqH
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (17133), with no line terminators
Hash f2e8ec92c09e911c8b27e2ed33a9f420
93be4b5791e81f186e4f77adef7e851232ae5de4
8efb6f77fe17a56b025b7d8e15b4732635943f75a9e0d1061d16cbc5c22a6126
GET /widget/3bcOoG4MqH HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:50 GMT
content-type: application/javascript
content-length: 5939
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: br
etag: "636381d2-1733"
expires: Sun, 06 Nov 2022 08:53:04 GMT
last-modified: Thu, 03 Nov 2022 08:54:42 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-06T11:04:40+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v2/translations?locales[]=bn&domains[]=promo&domains[]=validators&fallback=1
35.159.51.213200 OK 342 kB URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v2/translations?locales[]=bn&domains[]=promo&domains[]=validators&fallback=1
IP 35.159.51.213:0
Size 342 kB (341624 bytes)
Hash 367ae0b70e976fd3f2de88e8c2a0a5af
1f3c7bbcc216498ca3b1d533d9eeb1d961d43fdf
b9388af0f36ef4f3cf0c12e48497ec461a769ca1931cdc20ced3d17e4b6a0f8a
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=bn&domains[]=promo&domains[]=validators&fallback=1 HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
Connection: keep-alive
Cookie: theme=desktop; rst-uid=6994978640312139776; cid=1764855829; prid=most_partner.1764855829; pid=14628; sip=0; _ga=GA1.2.956072864.1667732867; _gid=GA1.2.1188264543.1667732867; _gaclientid=956072864.1667732867; _gasessionid=20221106|00580832; _gahitid=1667732866865; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=re5j6di7857mv40qpvekthkkf8; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=166773286733532740; _ym_d=1667732867; _fbp=fb.1.1667732867313.2075892323; _ym_isad=2; multiAuthThirdPartyEnabled=true; _ym_visorc=b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:50 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"ab9cacf48b4068e9d168fafe21390d78"
x-request-id: 25fd5d2d72681f736758b0ca75f32da7
vary: Accept-Encoding, Accept-Language
expires: Sun, 06 Nov 2022 11:07:50 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f522cfb1dc454906f23b71b17ca1afce
65200811b6dead00db7008996571497260968d81
461906f6bfa7f492a4e61faa6d0ba37e7d343a4ef2a1b824ceb35acc89357cf2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f522cfb1dc454906f23b71b17ca1afce
65200811b6dead00db7008996571497260968d81
461906f6bfa7f492a4e61faa6d0ba37e7d343a4ef2a1b824ceb35acc89357cf2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=956072864.1667732867&jid=2062724942&_u=YEBAAEAAAAAAACAEK~&z=1639037168
142.250.74.35200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=956072864.1667732867&jid=2062724942&_u=YEBAAEAAAAAAACAEK~&z=1639037168
IP 142.250.74.35:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=956072864.1667732867&jid=2062724942&_u=YEBAAEAAAAAAACAEK~&z=1639037168 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 06 Nov 2022 11:07:50 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
code.jivosite.com/script/widget/config/3bcOoG4MqH
92.223.124.24200 OK 3.4 kB URL HTTP/2 code.jivosite.com/script/widget/config/3bcOoG4MqH
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
Hash 61f64c4a1f1e371f0ccaa8f079c6fdd0
5e03af390f961dbcb05e28826416dca1fb032e1b
b629748b5f4bbaa7596eba75565d435f1b37f83fef01a6f51cf261a14abd355a
GET /script/widget/config/3bcOoG4MqH HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:50 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: gzip
expires: Sun, 06 Nov 2022 13:04:40 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-06T11:04:40+00:00
x-id: fr5-up-gc15
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash f522cfb1dc454906f23b71b17ca1afce
65200811b6dead00db7008996571497260968d81
461906f6bfa7f492a4e61faa6d0ba37e7d343a4ef2a1b824ceb35acc89357cf2
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 06 Nov 2022 11:07:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 9bfac95d2371f1e64772739f545733e0
9113651560ceeb486ad21a3fc06653b112022eb3
0274352675ef6427b6690817d63e6ce5dcf3238906925071ed08b27460be8e58
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1055
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sun, 06 Nov 2022 11:07:50 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=6994978640312139776; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 1
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
node-sber1-az1-6.jivosite.com/widget/status/561276/3bcOoG4MqH?rnd=0.031283833192716104
188.72.107.240200 OK 4.0 kB URL HTTP/2 node-sber1-az1-6.jivosite.com/widget/status/561276/3bcOoG4MqH?rnd=0.031283833192716104
IP 188.72.107.240:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (3385), with no line terminators
Hash dc15bacb72c270ff407242dfeb18a79f
783996528dfaf585b7f0301dd39253481edc2d85
32fa2148095846d0fc86bc2d67cc84933fc4324d1b6de2ee394ed1574d427046
GET /widget/status/561276/3bcOoG4MqH?rnd=0.031283833192716104 HTTP/1.1
Host: node-sber1-az1-6.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-max-age: 1728000
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-expose-headers: X-Geoip, X-Botmode
cache-control: no-cache, no-store, must-revalidate
content-security-policy: frame-ancestors 'none';
content-type: application/json; charset=utf-8
pragma: no-cache
server: foxy/2.0.1
x-botmode: no
x-frame-options: DENY
x-geoip: NO;03;Oslo (Alna District)
content-length: 4041
date: Sun, 06 Nov 2022 11:07:50 GMT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.195200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 16:40:18 GMT
expires: Fri, 03 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 239252
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 05 Nov 2022 12:31:58 GMT
expires: Sun, 05 Nov 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 81353
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15340, version 1.0\012- data
Hash 19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 05 Nov 2022 01:26:23 GMT
expires: Sun, 05 Nov 2023 01:26:23 GMT
cache-control: public, max-age=31536000
age: 121288
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 03 Nov 2022 21:46:16 GMT
expires: Fri, 03 Nov 2023 21:46:16 GMT
cache-control: public, max-age=31536000
age: 220895
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v1/currencies.json
35.159.51.213200 OK 821 B URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v1/currencies.json
IP 35.159.51.213:0
Hash ae82789a70a1e23b2b3bb20d03337dbc
6384ada7099e919f5cddab70808521204886d8ee
27d31d7a3bec818db318ded1726713414d9027af2367ba5836a439064ef8a634
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currencies.json HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1000
x-client-session: u530f28kl29rtrcpite8
x-client-device-id: oeu0r2wt4wd1jwdnr56f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
Cookie: theme=desktop; rst-uid=6994978640312139776; cid=1764855829; prid=most_partner.1764855829; pid=14628; sip=0; _ga=GA1.2.956072864.1667732867; _gid=GA1.2.1188264543.1667732867; _gaclientid=956072864.1667732867; _gasessionid=20221106|00580832; _gahitid=1667732866865; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=re5j6di7857mv40qpvekthkkf8; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=166773286733532740; _ym_d=1667732867; _fbp=fb.1.1667732867313.2075892323; _ym_isad=2; multiAuthThirdPartyEnabled=true; _ym_visorc=b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:51 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"9a06c38e7d784277059aaa21439f7869"
x-request-id: e4e8bbf60ac04684bbeba45b9bc3ca28
vary: Accept-Encoding, Accept-Language
expires: Sun, 06 Nov 2022 11:07:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1667732869_13b47d2666ea0f9eddcedd93cd3acb20b04536b46c55c444cc42809dc84182a1&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110748%3Aet%3A1667732869%3Ac%3A1%3Arn%3A188078923%3Arqn%3A3%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1667732864877%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1667732869&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_Agent%22%3A%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%5D%7D%7D
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1667732869_13b47d2666ea0f9eddcedd93cd3acb20b04536b46c55c444cc42809dc84182a1&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110748%3Aet%3A1667732869%3Ac%3A1%3Arn%3A188078923%3Arqn%3A3%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1667732864877%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1667732869&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_Agent%22%3A%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%5D%7D%7D
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1667732869_13b47d2666ea0f9eddcedd93cd3acb20b04536b46c55c444cc42809dc84182a1&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110748%3Aet%3A1667732869%3Ac%3A1%3Arn%3A188078923%3Arqn%3A3%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1667732864877%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1667732869&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_Agent%22%3A%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%5D%7D%7D HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 06 Nov 2022 11:07:51 GMT
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 06-Nov-2022 11:07:51 GMT
last-modified: Sun, 06-Nov-2022 11:07:51 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1667732869_13b47d2666ea0f9eddcedd93cd3acb20b04536b46c55c444cc42809dc84182a1&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110748%3Aet%3A1667732869%3Ac%3A1%3Arn%3A463039518%3Arqn%3A4%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1667732864877%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1667732869&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(4)aw(1)ecs(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Referrer%22%3A%5B%22%22%5D%7D%7D
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1667732869_13b47d2666ea0f9eddcedd93cd3acb20b04536b46c55c444cc42809dc84182a1&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110748%3Aet%3A1667732869%3Ac%3A1%3Arn%3A463039518%3Arqn%3A4%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1667732864877%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1667732869&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(4)aw(1)ecs(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Referrer%22%3A%5B%22%22%5D%7D%7D
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1667732869_13b47d2666ea0f9eddcedd93cd3acb20b04536b46c55c444cc42809dc84182a1&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110748%3Aet%3A1667732869%3Ac%3A1%3Arn%3A463039518%3Arqn%3A4%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1667732864877%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1667732869&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(4)aw(1)ecs(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Referrer%22%3A%5B%22%22%5D%7D%7D HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 06 Nov 2022 11:07:51 GMT
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 06-Nov-2022 11:07:51 GMT
last-modified: Sun, 06-Nov-2022 11:07:51 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1667732869_13b47d2666ea0f9eddcedd93cd3acb20b04536b46c55c444cc42809dc84182a1&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afp%3A2639%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110748%3Aet%3A1667732869%3Ac%3A1%3Arn%3A1047142669%3Arqn%3A2%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3958%2C3958%2C%2C%3Aeu%3A1%3Ans%3A1667732864877%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1667732869&t=gdpr(14)clc(0-0-0)rqnt(2)aw(1)ecs(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_ID%22%3A%220%22%7D%7D
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1667732869_13b47d2666ea0f9eddcedd93cd3acb20b04536b46c55c444cc42809dc84182a1&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afp%3A2639%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110748%3Aet%3A1667732869%3Ac%3A1%3Arn%3A1047142669%3Arqn%3A2%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3958%2C3958%2C%2C%3Aeu%3A1%3Ans%3A1667732864877%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1667732869&t=gdpr(14)clc(0-0-0)rqnt(2)aw(1)ecs(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_ID%22%3A%220%22%7D%7D
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1667732869_13b47d2666ea0f9eddcedd93cd3acb20b04536b46c55c444cc42809dc84182a1&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afp%3A2639%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110748%3Aet%3A1667732869%3Ac%3A1%3Arn%3A1047142669%3Arqn%3A2%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3958%2C3958%2C%2C%3Aeu%3A1%3Ans%3A1667732864877%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1667732869&t=gdpr(14)clc(0-0-0)rqnt(2)aw(1)ecs(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_ID%22%3A%220%22%7D%7D HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 06 Nov 2022 11:07:51 GMT
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 06-Nov-2022 11:07:51 GMT
last-modified: Sun, 06-Nov-2022 11:07:51 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1667732869_13b47d2666ea0f9eddcedd93cd3acb20b04536b46c55c444cc42809dc84182a1&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110748%3Aet%3A1667732869%3Ac%3A1%3Arn%3A263506910%3Arqn%3A5%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1667732864877%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1667732869&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Client_ID%22%3A%22undefined%22%7D%7D
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1667732869_13b47d2666ea0f9eddcedd93cd3acb20b04536b46c55c444cc42809dc84182a1&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110748%3Aet%3A1667732869%3Ac%3A1%3Arn%3A263506910%3Arqn%3A5%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1667732864877%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1667732869&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Client_ID%22%3A%22undefined%22%7D%7D
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1667732869_13b47d2666ea0f9eddcedd93cd3acb20b04536b46c55c444cc42809dc84182a1&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110748%3Aet%3A1667732869%3Ac%3A1%3Arn%3A263506910%3Arqn%3A5%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1667732864877%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1667732869&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)rqnl(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Client_ID%22%3A%22undefined%22%7D%7D HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 06 Nov 2022 11:07:51 GMT
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 06-Nov-2022 11:07:51 GMT
last-modified: Sun, 06-Nov-2022 11:07:51 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/favicon.png
35.159.51.213200 OK 2.8 kB URL HTTP/2 3vsmdh0yz31vwcemst.com/favicon.png
IP 35.159.51.213:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash f8cbfde8f3484f7a5f02189742f0f110
3eb0cec3e65d6cb0cc2744b5fa57ded1afb6e4d4
70504d4dc047aeac702b31e9290e9f5553e901d07d3844269cd966042988159a
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.png HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1000
x-client-session: u530f28kl29rtrcpite8
x-client-device-id: oeu0r2wt4wd1jwdnr56f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
Cookie: theme=desktop; rst-uid=6994978640312139776; cid=1764855829; prid=most_partner.1764855829; pid=14628; sip=0; _ga=GA1.2.956072864.1667732867; _gid=GA1.2.1188264543.1667732867; _gaclientid=956072864.1667732867; _gasessionid=20221106|00580832; _gahitid=1667732866865; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=re5j6di7857mv40qpvekthkkf8; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=166773286733532740; _ym_d=1667732867; _fbp=fb.1.1667732867313.2075892323; _ym_isad=2; multiAuthThirdPartyEnabled=true; _ym_visorc=b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:51 GMT
content-type: image/png
content-length: 2810
last-modified: Thu, 03 Nov 2022 10:24:54 GMT
etag: "636396f6-afa"
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 40e07adda7d99202a763ff533e47a584
7a6ca864472f08b78809b3f62968c37cb5bff977
7af4da5ca8e15ca2080fd0b328960a172c7e9f035fedba66a422b157d8d8d35b
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7AF4DA5CA8E15CA2080FD0B328960A172C7E9F035FEDBA66A422B157D8D8D35B"
Last-Modified: Sat, 05 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2085
Expires: Sun, 06 Nov 2022 11:42:39 GMT
Date: Sun, 06 Nov 2022 11:07:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 24 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7efe6289df793a218ce3bb02e91c548f
7dcb71c84630f20b75990952bfcb893ee5a8bcab
4e7b68d967f7dec83a003e6a40ceeb0339e54859e07d5d14dfea8dfdfb5f303a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7AF4DA5CA8E15CA2080FD0B328960A172C7E9F035FEDBA66A422B157D8D8D35B"
Last-Modified: Sat, 05 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18441
Expires: Sun, 06 Nov 2022 16:15:15 GMT
Date: Sun, 06 Nov 2022 11:07:54 GMT
Connection: keep-alive
webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&prev_url=&lang=en&uli=false
34.117.30.199200 OK 96 B URL HTTP/2 webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&prev_url=&lang=en&uli=false
IP 34.117.30.199:0
File type JSON data\012- , ASCII text, with no line terminators
Hash fa8ad37d56287354c896acc30c893f92
b0f849f97dfad2ea9866ca8e20540de006c0c9d7
af53b856e876fc502ad645d623861f4eff371cae922db202a16fb3717e70295a
GET /customer/799213038/campaigns?url=https:%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&prev_url=&lang=en&uli=false HTTP/1.1
Host: webchannel-content.eservice.emarsys.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 06 Nov 2022 11:07:54 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: *
content-type: application/json
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese
IP 142.250.74.10:0
GET /css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://front.cdn-mb.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 06 Nov 2022 11:07:50 GMT
date: Sun, 06 Nov 2022 11:07:50 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1000/static/js/main.e66ed6be.chunk.js
104.21.9.158200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1000/static/js/main.e66ed6be.chunk.js
IP 104.21.9.158:0
GET /spa-static/1.4.1000/static/js/main.e66ed6be.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 06 Nov 2022 11:07:48 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 10:33:47 GMT
vary: Accept-Encoding
etag: W/"6363990b-5bb58"
expires: Sun, 06 Nov 2022 11:30:55 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 13012
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ViqrFLiAIfsXQ5YA4YBovZhkpTlxeI9x3cur4Rwhe0YoMrfiwHxMbBo8U7%2Fixr3wGbRSnqW%2B4FgrO6yCC1JvoyBwVlBLF3SV9l9BeG0rJ3opvzzQNFSyvo8J%2FIKG%2Fb3mm6Ol"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 765d5e198d31b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1000/static/js/29.e50b4a0f.chunk.js
104.21.9.158200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1000/static/js/29.e50b4a0f.chunk.js
IP 104.21.9.158:0
GET /spa-static/1.4.1000/static/js/29.e50b4a0f.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 06 Nov 2022 11:07:48 GMT
content-type: application/javascript
last-modified: Thu, 03 Nov 2022 10:33:47 GMT
vary: Accept-Encoding
etag: W/"6363990b-7ac65"
expires: Sun, 06 Nov 2022 11:30:55 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 13012
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ezDZiRVMB9rLQM%2FT%2BiNVvJvh%2Fy120PwKHc5%2BK6sj7NndGBbtZYRMWHa1OXb3%2BsxH01DS%2Bf0H8qTWToEQAqyAI7iFdphkO2xOqv6nlOspKPZUA2scWY4j1CZ4pmxfvMmlR8MY"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 765d5e196d12b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/favicon.ico
35.159.51.213200 OK 0 B URL HTTP/2 3vsmdh0yz31vwcemst.com/favicon.ico
IP 35.159.51.213:0
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
Cookie: theme=desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:48 GMT
content-type: image/x-icon
last-modified: Thu, 03 Nov 2022 10:24:54 GMT
vary: Accept-Encoding
etag: W/"636396f6-1536"
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110747%3Aet%3A1667732867%3Ac%3A1%3Arn%3A272539504%3Arqn%3A1%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C244%2C31%2C0%2C742%2C0%2C%2C612%2C3%2C%2C%2C%2C1661%3Ans%3A1667732864877%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1667732867%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110747%3Aet%3A1667732867%3Ac%3A1%3Arn%3A272539504%3Arqn%3A1%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C244%2C31%2C0%2C742%2C0%2C%2C612%2C3%2C%2C%2C%2C1661%3Ans%3A1667732864877%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1667732867%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
GET /watch/37954615?wmode=7&page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110747%3Aet%3A1667732867%3Ac%3A1%3Arn%3A272539504%3Arqn%3A1%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C244%2C31%2C0%2C742%2C0%2C%2C612%2C3%2C%2C%2C%2C1661%3Ans%3A1667732864877%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1667732867%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/37954615/1?wmode=7&page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1764855829%26pid%3D14628%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc7gdnn6wxsfezmfynoxo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A416908841739%3Ahid%3A108172815%3Az%3A0%3Ai%3A20221106110747%3Aet%3A1667732867%3Ac%3A1%3Arn%3A272539504%3Arqn%3A1%3Au%3A166773286733532740%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A2%2C244%2C31%2C0%2C742%2C0%2C%2C612%2C3%2C%2C%2C%2C1661%3Ans%3A1667732864877%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1667732867%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Sun, 06 Nov 2022 11:07:49 GMT
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
set-cookie: yandexuid=25096061667732869; Expires=Mon, 06-Nov-2023 11:07:49 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=25096061667732869; Expires=Mon, 06-Nov-2023 11:07:49 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1771049841667732869; Path=/; SameSite=None; Secure
i=VDIxthOJ4FXN7kjY7TyjQTCGXGMRmtvEkRWnvkLeh0JIEqkw2Gy2cQMlQfo9GumVGgZJeTnvbUkkoey62sJQva4Uq5E=; Expires=Wed, 03-Nov-2032 11:07:39 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1699268869.yrts.1667732869#1699268869.yrtsi.1667732869; Expires=Mon, 06-Nov-2023 11:07:49 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 06-Nov-2022 11:07:49 GMT
last-modified: Sun, 06-Nov-2022 11:07:49 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v1/logo
35.159.51.213200 OK 0 B URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v1/logo
IP 35.159.51.213:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/logo HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1000
x-client-session: u530f28kl29rtrcpite8
x-client-device-id: oeu0r2wt4wd1jwdnr56f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
Cookie: theme=desktop; rst-uid=6994978640312139776; cid=1764855829; prid=most_partner.1764855829; pid=14628; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:48 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"9dfab82e3b4ec3d36c2d3f40883172cf"
x-request-id: ca1696991e5eeb8c4ca8590704085ea3
vary: Accept-Encoding, Accept-Language
expires: Sun, 06 Nov 2022 11:07:48 GMT
set-cookie: PHPSESSID=q1i78dk8ri8jv512uo83obpgtt; expires=Tue, 06-Dec-2022 11:07:48 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=bn; expires=Mon, 07-Nov-2022 11:07:48 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sun, 13-Nov-2022 11:07:48 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v1/auth/providers
35.159.51.213200 OK 0 B URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v1/auth/providers
IP 35.159.51.213:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/auth/providers HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1000
x-client-session: u530f28kl29rtrcpite8
x-client-device-id: oeu0r2wt4wd1jwdnr56f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
Cookie: theme=desktop; rst-uid=6994978640312139776; cid=1764855829; prid=most_partner.1764855829; pid=14628; sip=0; _ga=GA1.2.956072864.1667732867; _gid=GA1.2.1188264543.1667732867; _gaclientid=956072864.1667732867; _gasessionid=20221106|00580832; _gahitid=1667732866865; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=re5j6di7857mv40qpvekthkkf8; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=166773286733532740; _ym_d=1667732867; _fbp=fb.1.1667732867313.2075892323; _ym_isad=2; multiAuthThirdPartyEnabled=true; _ym_visorc=b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:51 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 132ab1801eb2b1440e67f05763bcfccc
vary: Accept-Encoding, Accept-Language
expires: Sun, 06 Nov 2022 11:07:51 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v1/footer_links
35.159.51.213200 OK 0 B URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v1/footer_links
IP 35.159.51.213:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/footer_links HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1000
x-client-session: u530f28kl29rtrcpite8
x-client-device-id: oeu0r2wt4wd1jwdnr56f
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1764855829&pid=14628&sip=0
Cookie: theme=desktop; rst-uid=6994978640312139776; cid=1764855829; prid=most_partner.1764855829; pid=14628; sip=0; _ga=GA1.2.956072864.1667732867; _gid=GA1.2.1188264543.1667732867; _gaclientid=956072864.1667732867; _gasessionid=20221106|00580832; _gahitid=1667732866865; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=re5j6di7857mv40qpvekthkkf8; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=166773286733532740; _ym_d=1667732867; _fbp=fb.1.1667732867313.2075892323
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 06 Nov 2022 11:07:49 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 4ec4d377cb7b485376e6e90907234b60
vary: Accept-Encoding, Accept-Language
expires: Sun, 06 Nov 2022 11:07:49 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2