c4adbk4m41qwkxamst.com/partners/casino-reg
3.73.127.68308 Permanent Redirect 164 B URL HTTP/1.1 c4adbk4m41qwkxamst.com/partners/casino-reg
IP 3.73.127.68:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f23c4815ecaef1588f16ac735c0e15d6
026bf8cdd5076014b6fc822878e0086eb44da556
43a81fb3d47b34e7d42d6b8444f592ed9251b8e57db8f67d32419aa40b1480d0
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/casino-reg HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 308 Permanent Redirect
Server: nginx
Date: Mon, 19 Dec 2022 07:58:15 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://c4adbk4m41qwkxamst.com/partners/casino-reg
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 4cbb89840b57466fcbc0b31305c9dc47
c2c08a7a243a3f7972e8068c448488cac6d2519f
5f871ffd142470f132fed1c93f5f1a7fe6a5ecc3b4311d3d47555fce1d9a35f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5F871FFD142470F132FED1C93F5F1A7FE6A5ECC3B4311D3D47555FCE1D9A35F1"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10580
Expires: Mon, 19 Dec 2022 10:54:35 GMT
Date: Mon, 19 Dec 2022 07:58:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2039a1dda99e075b82840608771d2326
e89713a35b312f3b87fbeaad98f03fddecbf77ce
aae78c754635e9833fa6c231d775bddc82add02f9ce3197a0b260a0806e708c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AAE78C754635E9833FA6C231D775BDDC82ADD02F9CE3197A0B260A0806E708C3"
Last-Modified: Sat, 17 Dec 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9854
Expires: Mon, 19 Dec 2022 10:42:29 GMT
Date: Mon, 19 Dec 2022 07:58:15 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Backoff, Content-Length, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 19 Dec 2022 07:45:36 GMT
content-type: application/json
age: 759
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cf03270e3476f7482a2cc7ddc6a9e857
ab70d5ee87b01e0601f8e518bf36f97c8ceeba9a
43a4e796860a1481636dac103488cadc68c261d13cfe835d273efc368e569f97
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43A4E796860A1481636DAC103488CADC68C261D13CFE835D273EFC368E569F97"
Last-Modified: Sun, 18 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8018
Expires: Mon, 19 Dec 2022 10:11:53 GMT
Date: Mon, 19 Dec 2022 07:58:15 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: kdnoAzj+ncIOeLDMWH5UGelgkzIiJwrHDDtlp8rA8mnBx74wdYbarKl5CyYy8O4BBzIV3Eozpyc=
x-amz-request-id: 2N9V1S7R1KF76GZC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 19 Dec 2022 07:28:56 GMT
age: 1759
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:15 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 006cd6b7668af738aed5b800a154e9ba
7f774aedb9064a6eb5d8cfa472112169576b5443
86a1cc3c7cc8847399fe7228fea8739cb0515c24ad26ba4cd17b42e9f62024ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "86A1CC3C7CC8847399FE7228FEA8739CB0515C24AD26BA4CD17B42E9F62024AD"
Last-Modified: Sun, 18 Dec 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 19 Dec 2022 13:58:16 GMT
Date: Mon, 19 Dec 2022 07:58:16 GMT
Connection: keep-alive
cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
54.230.111.20200 OK 23 kB URL HTTP/1.1 cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
IP 54.230.111.20:0
File type C source, ASCII text, with very long lines (539)
Hash bfcc64224f8c6e43e026afb16bd0f4f8
4b1a0dbd96c3047a917ba024690ffc4d544b8b00
c87358a7c76c044147379c9415f96488045b936666093c83fd0e57e08316548e
GET /js/11DAF087E87A3DFD/scarab-v2.js HTTP/1.1
Host: cdn.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Timing-Allow-Origin: *
Date: Mon, 19 Dec 2022 07:10:49 GMT
Cache-Control: max-age=3600,public
ETag: "aa53180343ab25d32aa7294158ca3216--gzip"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 3lpD-8vVM5VkeCIwElt4cfAHij6ZHqxcsSK1sPBtlAY6FGn9mis6UA==
Age: 2880
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d62c4eea8ea4b9e5545fc952781c3b1d
47ca338b2d6be9d8a22c052d0838bce364463dce
75f6054477e9c699a1ee189cc77b20c5696ec306db93af0396a98b3b5b49bbc4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 07:58:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
142.250.74.168200 OK 57 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (13906)
Hash 5a98bea02011046478133bf1bc2fc4ee
1d84090cb4518fa3f44bc61fe77ececacea408b1
dd9eab71e164dccf71cbae3124a602b9dbf037fbcd43378b82d85a4eadca536e
GET /gtm.js?id=GTM-5PMSX62 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 19 Dec 2022 07:58:16 GMT
expires: Mon, 19 Dec 2022 07:58:16 GMT
cache-control: private, max-age=900
last-modified: Mon, 19 Dec 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 56888
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash d62c4eea8ea4b9e5545fc952781c3b1d
47ca338b2d6be9d8a22c052d0838bce364463dce
75f6054477e9c699a1ee189cc77b20c5696ec306db93af0396a98b3b5b49bbc4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 07:58:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 19 Dec 2022 07:08:01 GMT
age: 3015
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/partners/casino-reg
3.73.127.68200 OK 18 kB URL HTTP/2 c4adbk4m41qwkxamst.com/partners/casino-reg
IP 3.73.127.68:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (38776)
Hash dcca4f27a075602fa6bff736b9743fc5
6aa47cc8cfea8c77c2e272f34636af636988d81c
01e3f2f2b20e18fa3ace209ec6032d82b190d99f863de1844085253048efe3ec
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/casino-reg HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:15 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 36873546bc8b0b69c86c49005473030d
95277b14b4a826ad2600b6ef8c5b671f0051d68b
d3aed5d2b06286ae1330d72ddc1be32fc2f5e853835ec293737cbc26b0fff096
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3AED5D2B06286AE1330D72DDC1BE32FC2F5E853835EC293737CBC26B0FFF096"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10401
Expires: Mon, 19 Dec 2022 10:51:37 GMT
Date: Mon, 19 Dec 2022 07:58:16 GMT
Connection: keep-alive
static.scarabresearch.com/wpjs/wpes6.js?ts=2763
54.230.111.9200 OK 32 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wpes6.js?ts=2763
IP 54.230.111.9:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 3cf68a7b8e4b97aac9b2500809c2d9f4
38a8e6ad80f21132226a6d1f16f86d7253aa3589
f2e3898ea70eb5cf6ace1080a7ce7f35cb780eabc4c2f918d785f55a10144195
GET /wpjs/wpes6.js?ts=2763 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sun, 18 Dec 2022 19:05:37 GMT
Last-Modified: Mon, 10 Oct 2022 11:09:51 GMT
ETag: W/"aea14a7926cfb79f14472c23a4b1543b"
Cache-Control: max-age=86400
x-amz-version-id: B7kEOPd3f.UUaahYeIIXT30URW6wDjD.
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: t5qDrlRjeztFSA8iYGpH9BMJR5RcVIg4SR3J25UlbEi13OoIAoi4WA==
Age: 46360
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0bc27cdcd6c42d7f8eece6c074bc452f
ff1234b58f7381f51f9082c1ef4894b1ac5700ff
672fc3b7ba7ee7a8b376c73a86a5bab00b1a1aead54c3ca64c0bff83d831348e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4522
Cache-Control: max-age=95037
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 07:58:16 GMT
Etag: "639ed82b-1d7"
Expires: Tue, 20 Dec 2022 10:22:13 GMT
Last-Modified: Sun, 18 Dec 2022 09:06:51 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
front.cdn-mb.com/spa-static/1.4.1047/static/js/30.5350eda7.chunk.js
172.67.160.69200 OK 153 kB URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1047/static/js/30.5350eda7.chunk.js
IP 172.67.160.69:0
File type ASCII text, with very long lines (65461)
Size 153 kB (152899 bytes)
Hash 52216d5e98d33b054964f37bd7fb822c
53876ce26015a4b33deef0b54f410ecdbcd52522
33b1eb4a88ce3d472fb0abab97737aaad439792c82e0ad4191599d2ebd496ade
GET /spa-static/1.4.1047/static/js/30.5350eda7.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Dec 2022 07:58:16 GMT
content-type: application/javascript
last-modified: Thu, 15 Dec 2022 08:52:47 GMT
vary: Accept-Encoding
etag: W/"639ae05f-7ac62"
expires: Mon, 19 Dec 2022 11:37:46 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 1230
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DHRL%2Fmu9roU0xd0JxUAFtbYfsyZCz%2B1CDZSQuch%2B7mfNMdwodeWWpLZO1lPuoWr87Yswj3tI%2BrzEnt7f081b25p7YANRPqVk3meZz1bvwHYPUqmFW8GBR1TevLldvVyvwNJ4"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77be97977c7ab4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rstat.rockmostbet.com/lib.js
162.55.5.93200 OK 237 kB URL HTTP/2 rstat.rockmostbet.com/lib.js
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with very long lines (29927), with LF, NEL line terminators
Size 237 kB (236698 bytes)
Hash 52204e4b57e07c1bacf5155962b90f46
24a694a72f918167857d2d47fb23db0c7478a591
b5af4961ac0bc763c76ebe2d7db3ed0217a50463fc69a9e995d00962609de4f9
GET /lib.js HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript
date: Mon, 19 Dec 2022 07:58:16 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7010513622036119552; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 0
x-xss-protection: 1
content-length: 236698
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 427b2e5523142587b62c57a5fabc4da4
90584c7f307f4713d5b9495c9439d2c87ff22932
7e0c6a59aa18eba56e2165e73ab161f1aa2cb282dba1ed4d93a4326a08655d72
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 846
Cache-Control: max-age=107545
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 07:58:16 GMT
Etag: "639f1763-1d7"
Expires: Tue, 20 Dec 2022 13:50:41 GMT
Last-Modified: Sun, 18 Dec 2022 13:36:35 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
216.58.207.206200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 216.58.207.206:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 19 Dec 2022 06:41:08 GMT
expires: Mon, 19 Dec 2022 08:41:08 GMT
cache-control: public, max-age=7200
age: 4628
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 8b26cd4609e2025e51e90573a0fbd6f7
efc2006ae5297ad5ae5e064188b9fba73f6b868f
e288b6a1e220f5fb781cfbb0b739b36c6acfdceccff8f0278fc151c241b0b50b
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: DYj0Hf+8oG9UxgQoA0kyduE/fs9IhIfz9xOwg6aMYrxZKx7QZhLH4HlJMstjITUkI0EFpInXxyb7WW0LDd/bxA==
content-length: 27298
x-fb-trip-id: 1904183273
date: Mon, 19 Dec 2022 07:58:16 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 427b2e5523142587b62c57a5fabc4da4
90584c7f307f4713d5b9495c9439d2c87ff22932
7e0c6a59aa18eba56e2165e73ab161f1aa2cb282dba1ed4d93a4326a08655d72
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 846
Cache-Control: max-age=107545
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 07:58:16 GMT
Etag: "639f1763-1d7"
Expires: Tue, 20 Dec 2022 13:50:41 GMT
Last-Modified: Sun, 18 Dec 2022 13:36:35 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 937 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 31cbb37abc1050d7b350c492b57ee48c
91b5139fa3e5e8f9c3a71419f271537feeb4e4dd
4e6d0473b7a0faf5fc77ffa4d9b40743dc3682d79e35b21c48960364f8e02c25
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 07:58:16 GMT
Content-Type: application/ocsp-response
Content-Length: 937
Connection: keep-alive
Expires: Fri, 23 Dec 2022 06:45:24 GMT
ETag: "91b5139fa3e5e8f9c3a71419f271537feeb4e4dd"
Last-Modified: Mon, 19 Dec 2022 06:45:25 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 13
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77be979ad966b505-OSL
push.services.mozilla.com/
54.149.83.187101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.149.83.187:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: jMSIvUhvdFX7fhR8+1+WbQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 6rHOn1ui5nXrUITxsJydWbDd5Qg=
mc.yandex.ru/metrika/tag.js
93.158.134.119200 OK 74 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 93.158.134.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash b604b44a44140d3e443d1c1c9da02d8d
05407447253dbbd694e67456c6b25b5112bd359d
0dcc105aceee70b68e812bdb6033ab465720efe541259c35f19aa09fadc88bf8
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73737
date: Mon, 19 Dec 2022 07:58:16 GMT
access-control-allow-origin: *
etag: "639bee03-12009"
expires: Mon, 19 Dec 2022 08:58:16 GMT
last-modified: Fri, 16 Dec 2022 07:03:15 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/websocket/credentials
3.73.127.68200 OK 326 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/websocket/credentials
IP 3.73.127.68:0
Hash a588df2ac98c78f21d457d4c589e4be1
33271116e0dc768236cad09d33f164e56ab48c53
976ea1bfcfc37de442dbb928555a5b3e411397caa2717dedfd134ebc6f26c777
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/websocket/credentials HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671436696.1.0.1671436696.0.0.0; _ga=GA1.1.134471640.1671436696
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:16 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 551b1f7d8e22d6d4cde6b68fb5795e62
vary: Accept-Encoding, Accept-Language
expires: Mon, 19 Dec 2022 07:58:16 GMT
set-cookie: PHPSESSID=1a2knrd9h82ob74iu0v32nrkql; expires=Wed, 18-Jan-2023 07:58:16 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=bn; expires=Tue, 20-Dec-2022 07:58:16 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Mon, 26-Dec-2022 07:58:16 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash ce685a4682940f037fb6540b6f264872
0f0cf1cbbe83f0ad474e65b3a0d09e8240be008d
721eb8347d6e6cf343de1f08b0770530256d02271f5db7d96d0f1ec595a47272
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 728
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Mon, 19 Dec 2022 07:58:16 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7010513622036119552; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 25
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/logo
3.73.127.68200 OK 160 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/logo
IP 3.73.127.68:0
Hash a66177a3a37b4f9cd59de16c15b2ede7
de8c4e94f8da111aa93b49c6d73f6368a25dae4a
c08803351da92a371fa88d663414acf7005245d4ad3231a930bc5479c00ab026
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/logo HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671436696.1.0.1671436696.0.0.0; _ga=GA1.1.134471640.1671436696; rst-uid=7010513622036119552; PHPSESSID=1a2knrd9h82ob74iu0v32nrkql; lunetics_locale=bn; tz=Europe%2FOslo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:16 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"2467b2b1f8388ce43e730fcbb0e782db"
x-request-id: 5918b20bc4669315e306cb06458ec56c
vary: Accept-Encoding, Accept-Language
expires: Mon, 19 Dec 2022 07:58:16 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/countries.json
3.73.127.68200 OK 7.1 kB URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/countries.json
IP 3.73.127.68:0
File type JSON data\012- , ASCII text, with very long lines (28541), with no line terminators
Hash 321b16d1215e9e61d59e0ae74d6202e1
a00da4c274f4e118bf1a7cd81d6302bcfe27a11d
0d0ef7b320b125029bcae6b73eaa621d09ab1a09154c2779ce49c939b7c213a0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/countries.json HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671436696.1.0.1671436696.0.0.0; _ga=GA1.1.134471640.1671436696; rst-uid=7010513622036119552; PHPSESSID=1a2knrd9h82ob74iu0v32nrkql; lunetics_locale=bn; tz=Europe%2FOslo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:16 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Dec 2022 07:58:16 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 19 Dec 2022 07:58:17 GMT
access-control-allow-origin: *
etag: "639bee03-2b"
expires: Mon, 19 Dec 2022 08:58:17 GMT
accept-ranges: bytes
last-modified: Fri, 16 Dec 2022 07:03:15 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075816%3Aet%3A1671436697%3Ac%3A1%3Arn%3A496125769%3Arqn%3A1%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C239%2C40%2C1%2C224%2C0%2C%2C412%2C4%2C%2C%2C%2C946%3Aco%3A0%3Ans%3A1671436695349%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671436697%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
93.158.134.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075816%3Aet%3A1671436697%3Ac%3A1%3Arn%3A496125769%3Arqn%3A1%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C239%2C40%2C1%2C224%2C0%2C%2C412%2C4%2C%2C%2C%2C946%3Aco%3A0%3Ans%3A1671436695349%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671436697%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 6832e25eb942339708f837513f944089
7e2e22bdcebc8d2a50266b20c8bd76b8f57e3951
92639ff98a14d094fed7c9450d1ac257b7664f46bc25aa4bd8d01f1b68f15023
GET /watch/37954615?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075816%3Aet%3A1671436697%3Ac%3A1%3Arn%3A496125769%3Arqn%3A1%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C239%2C40%2C1%2C224%2C0%2C%2C412%2C4%2C%2C%2C%2C946%3Aco%3A0%3Ans%3A1671436695349%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671436697%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/37954615/1?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&browser-info=pv%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075816%3Aet%3A1671436697%3Ac%3A1%3Arn%3A496125769%3Arqn%3A1%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A1%2C239%2C40%2C1%2C224%2C0%2C%2C412%2C4%2C%2C%2C%2C946%3Aco%3A0%3Ans%3A1671436695349%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1671436697%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Mon, 19 Dec 2022 07:58:17 GMT
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
set-cookie: yabs-sid=772444901671436697; Path=/; SameSite=None; Secure
i=9lG0iammgQd17KnKQZX97cxfGFMry+8VnAw6qy/qG+9PTCM2dKEf3xExuq+FLOF9rBv0i9/vmCpSbrYXNTPdAIV130I=; Expires=Thu, 16-Dec-2032 07:58:11 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=8613708201671436697; Expires=Tue, 19-Dec-2023 07:58:17 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=8613708201671436697; Expires=Tue, 19-Dec-2023 07:58:17 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1702972697.yc.1671436697#1702972697.yrts.1671436697#1702972697.yrtsi.1671436697; Expires=Tue, 19-Dec-2023 07:58:17 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 19-Dec-2022 07:58:17 GMT
last-modified: Mon, 19-Dec-2022 07:58:17 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&rl=&if=false&ts=1671436696921&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1671436696920.226085196&it=1671436696669&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&rl=&if=false&ts=1671436696921&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1671436696920.226085196&it=1671436696669&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&rl=&if=false&ts=1671436696921&sw=1280&sh=1024&v=2.9.90&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1671436696920.226085196&it=1671436696669&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Mon, 19 Dec 2022 07:58:17 GMT
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:17 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=ed08ec3e52d94b44be7f617d466e7953; expires=Tue, 19 Dec 2023 07:58:17 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 4e987f180d69ae6b87463ddc5f6e2389
bab51102220a77e898846fda97ef552b381a2efa
b3db143ce9b22a91d2811785423ca802878638e5ee17ec4e514873aa81d3892e
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 796
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Mon, 19 Dec 2022 07:58:17 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7010513622036119552; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 2
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=964417432&cid=134471640.1671436696&ul=en-us&sr=1280x1024&_s=1&sid=1671436696&sct=1&seg=0&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&dt=&en=page_view&_fv=2&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=964417432&cid=134471640.1671436696&ul=en-us&sr=1280x1024&_s=1&sid=1671436696&sct=1&seg=0&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&dt=&en=page_view&_fv=2&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=964417432&cid=134471640.1671436696&ul=en-us&sr=1280x1024&_s=1&sid=1671436696&sct=1&seg=0&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&dt=&en=page_view&_fv=2&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
date: Mon, 19 Dec 2022 07:58:17 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 03c8258e1c16364384a10c746732e080
24f121ea76ab812448228b238fadc421f5c4d6c8
9dfb03f619014cd8683030fb68b00b8a0befd9ad9755fcd77c69a2a4e163d397
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 07:58:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
142.250.74.132200 OK 577 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
IP 142.250.74.132:0
File type ASCII text, with very long lines (909), with no line terminators
Hash 7bdc8d0be4e82a7ccce2f89b12a2323d
f14de96794dc2b2ade651994004aa411926b3e55
ed2a3f8a54d06e0cec43dffdb36721b860c683c0f4f290c8b93400ea6ccbdd0c
GET /recaptcha/api.js?onload=onloadcallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Mon, 19 Dec 2022 07:58:17 GMT
date: Mon, 19 Dec 2022 07:58:17 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 577
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ba8634611fe90a1c7df261191c7d9bfe
18c29ad0730996a4d40d41bf329d9e98fb5b9b7a
b8106323da5cb0e12589f7987311864ae663779aeb389788c438e8111a494a73
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8106323DA5CB0E12589F7987311864AE663779AEB389788C438E8111A494A73"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20080
Expires: Mon, 19 Dec 2022 13:32:57 GMT
Date: Mon, 19 Dec 2022 07:58:17 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ba8634611fe90a1c7df261191c7d9bfe
18c29ad0730996a4d40d41bf329d9e98fb5b9b7a
b8106323da5cb0e12589f7987311864ae663779aeb389788c438e8111a494a73
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8106323DA5CB0E12589F7987311864AE663779AEB389788C438E8111A494A73"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20080
Expires: Mon, 19 Dec 2022 13:32:57 GMT
Date: Mon, 19 Dec 2022 07:58:17 GMT
Connection: keep-alive
c4adbk4m41qwkxamst.com/api/v1/currency-specific-settings/BDT.json
3.73.127.68200 OK 723 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/currency-specific-settings/BDT.json
IP 3.73.127.68:0
Hash 13c152e39c8f628d4d1f479edd4ac8ff
be51511b955a834db94061dde89159032ccbf0a0
84e19260dabf9379eb9d5abad3312bbb8068d9bdc271e7a44935ca320c1aa9bc
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currency-specific-settings/BDT.json HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671436696.1.0.1671436696.0.0.0; _ga=GA1.2.134471640.1671436696; rst-uid=7010513622036119552; PHPSESSID=bc0sobn20pogpilnbs3apl51eh; lunetics_locale=bn; tz=Europe%2FOslo; _gid=GA1.2.554193664.1671436697; _gaclientid=134471640.1671436696; _gasessionid=20221219|07806784; _gahitid=1671436696656; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671436697423193902; _ym_d=1671436697; _fbp=fb.1.1671436696920.226085196; _ym_isad=2; _ym_visorc=b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Dec 2022 07:58:17 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ba8634611fe90a1c7df261191c7d9bfe
18c29ad0730996a4d40d41bf329d9e98fb5b9b7a
b8106323da5cb0e12589f7987311864ae663779aeb389788c438e8111a494a73
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B8106323DA5CB0E12589F7987311864AE663779AEB389788C438E8111A494A73"
Last-Modified: Sat, 17 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20085
Expires: Mon, 19 Dec 2022 13:33:02 GMT
Date: Mon, 19 Dec 2022 07:58:17 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c7067973a30c54b2897aeeb5e204f014
7b0711fd3909e48347441e4edc9c429af69595a9
b224be5e7ec78abaa46ab333f0adee535cb24e5bc4b2b721c441e4061043a467
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 07:58:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/test_cookie_set?testcookie=ob4crv6lvzm6ryiz1r9haq
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=ob4crv6lvzm6ryiz1r9haq
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=ob4crv6lvzm6ryiz1r9haq HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://c4adbk4m41qwkxamst.com/
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 51894dcf001648bab14246d70cfa9c6d
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Mon, 19 Dec 2022 07:58:17 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=gjnvj3qacnmda0nfq4m7jw
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=gjnvj3qacnmda0nfq4m7jw
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=gjnvj3qacnmda0nfq4m7jw HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://c4adbk4m41qwkxamst.com/
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: ccec74fde5f249a5b9e022280fcba677
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Mon, 19 Dec 2022 07:58:17 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=ob4crv6lvzm6ryiz1r9haq
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=ob4crv6lvzm6ryiz1r9haq
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=ob4crv6lvzm6ryiz1r9haq HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 26d2bd34a83f4949936e7174393f567d
set-cookie: test_cooke_ob4crv6lvzm6ryiz1r9haq=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Mon, 19 Dec 2022 07:58:17 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=gjnvj3qacnmda0nfq4m7jw
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=gjnvj3qacnmda0nfq4m7jw
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=gjnvj3qacnmda0nfq4m7jw HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 20db527acba640ca8099bd8179b0c32d
set-cookie: test_cooke_gjnvj3qacnmda0nfq4m7jw=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Mon, 19 Dec 2022 07:58:17 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=ob4crv6lvzm6ryiz1r9haq
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=ob4crv6lvzm6ryiz1r9haq
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_get?testcookie=ob4crv6lvzm6ryiz1r9haq HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://c4adbk4m41qwkxamst.com/
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 1c839f634ef0477082aabe7cb4107955
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Mon, 19 Dec 2022 07:58:17 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=gjnvj3qacnmda0nfq4m7jw
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=gjnvj3qacnmda0nfq4m7jw
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_get?testcookie=gjnvj3qacnmda0nfq4m7jw HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://c4adbk4m41qwkxamst.com/
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 584091ac23304526844a2d42efde2662
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Mon, 19 Dec 2022 07:58:17 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/footer_links
3.73.127.68200 OK 640 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/footer_links
IP 3.73.127.68:0
Hash cba777089e742d2f6a8a7976ffaa075a
27524339165585d3a9c08891cc75bace8e6c7de4
e576bf901a66e33a0d3780f0b01c72c3b6f4156608671c780367578dc1985cdf
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/footer_links HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671436696.1.0.1671436696.0.0.0; _ga=GA1.2.134471640.1671436696; rst-uid=7010513622036119552; PHPSESSID=bc0sobn20pogpilnbs3apl51eh; lunetics_locale=bn; tz=Europe%2FOslo; _gid=GA1.2.554193664.1671436697; _gaclientid=134471640.1671436696; _gasessionid=20221219|07806784; _gahitid=1671436696656; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671436697423193902; _ym_d=1671436697; _fbp=fb.1.1671436696920.226085196; _ym_isad=2; _ym_visorc=b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:17 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: e382d38b463f708f4b3cf5b6bf9b76dd
vary: Accept-Encoding, Accept-Language
expires: Mon, 19 Dec 2022 07:58:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=ob4crv6lvzm6ryiz1r9haq
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=ob4crv6lvzm6ryiz1r9haq
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash e5b21ef9d336c6fe5ab6050fb9ab9d1f
3ce3fe564d8af003fe58f2d082571e7cba1a217c
0fb430e2fdf26d7e3ee13660211ba451888eb9d8a6c1de1731a8fd1121418823
GET /multiauth/test_cookie_get?testcookie=ob4crv6lvzm6ryiz1r9haq HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Cookie: test_cooke_ob4crv6lvzm6ryiz1r9haq=1; test_cooke_gjnvj3qacnmda0nfq4m7jw=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: a199b75d6d39440ba9fbbed777862a15
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Mon, 19 Dec 2022 07:58:17 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=gjnvj3qacnmda0nfq4m7jw
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=gjnvj3qacnmda0nfq4m7jw
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash e5b21ef9d336c6fe5ab6050fb9ab9d1f
3ce3fe564d8af003fe58f2d082571e7cba1a217c
0fb430e2fdf26d7e3ee13660211ba451888eb9d8a6c1de1731a8fd1121418823
GET /multiauth/test_cookie_get?testcookie=gjnvj3qacnmda0nfq4m7jw HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Cookie: test_cooke_ob4crv6lvzm6ryiz1r9haq=1; test_cooke_gjnvj3qacnmda0nfq4m7jw=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: e3b078b022374dc8920a5d8214ecf077
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Mon, 19 Dec 2022 07:58:17 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese
142.250.74.74200 OK 24 kB URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese
IP 142.250.74.74:0
Hash f356e5c4396afd1ae95a57c40aa16efe
52a33cc63eadd5aa09ede3034fccf5ed9fda92f0
b7542feba9be348241c61288aa63f59edaf262e9ac7bf2d5d89d8535667163a1
GET /css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://front.cdn-mb.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 19 Dec 2022 07:58:17 GMT
date: Mon, 19 Dec 2022 07:58:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 930f0320ed7bc9738f6d3d00639c7537
f9a1d6bea1bd4816546a03821888cd3dff122c73
1f59797edf40eaef89b0c2671766ecdcaf9e48ec2883f285b34d330f01823d19
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 07:58:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/ping
185.26.99.196401 Unauthorized 35 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 0d996c3fba12286419cc5490ecc262f2
8d763a6d6dc7b73504e259d6755a91215cc90a77
89ee31619ad837c48dfe0eeb3bd1e65d8c372d8b73c1f1e345c6dd91aca7f25f
GET /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Cookie: test_cooke_ob4crv6lvzm6ryiz1r9haq=1; test_cooke_gjnvj3qacnmda0nfq4m7jw=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 401 Unauthorized
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 55b26929abc74608a23bfa01c776b0c7
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 35
date: Mon, 19 Dec 2022 07:58:17 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e22c487307aca2e6e3d5ecfc7daae99a
3fb9ea3a5166ba4dfd6e5d05139936a96bc33c2d
66fc32efbb2c29a16706b6ea40145509974f7b9dbfafc72e104232a4c4d52d69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 07:58:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Dec 2022 14:07:32 GMT
expires: Thu, 14 Dec 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 409845
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.23200 OK 22 kB IP 192.124.249.23:0
Hash 84b778cddd37a5f4923c424b0095da33
eaac38cf48d03b16e33f9d944a5e06fa694ce25f
604060935ef8f79751d23569c88f1a2309d2a5568d41371fa986712a0637e32f
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Mon, 19 Dec 2022 07:58:17 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sun, 18 Dec 2022 20:13:34 GMT
Expires: Mon, 19 Dec 2022 20:13:34 GMT
ETag: "639648d91100e96bf25981c066ab054bd8bbd7b4"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash e22c487307aca2e6e3d5ecfc7daae99a
3fb9ea3a5166ba4dfd6e5d05139936a96bc33c2d
66fc32efbb2c29a16706b6ea40145509974f7b9dbfafc72e104232a4c4d52d69
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 07:58:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
code.jivosite.com/widget/3bcOoG4MqH
92.223.124.24200 OK 5.9 kB URL HTTP/2 code.jivosite.com/widget/3bcOoG4MqH
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (17132), with no line terminators
Hash 4ed53ed60dda87c7abf086e975902e89
deb873d181986c70c9a14847d95e6e138b2961e7
ce6183de5dc076e11536a3416e73bcd953c4d3978a76279a83bb37206f032e32
GET /widget/3bcOoG4MqH HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:17 GMT
content-type: application/javascript
content-length: 5938
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: br
etag: "639aaa93-1732"
expires: Sat, 17 Dec 2022 20:02:59 GMT
last-modified: Thu, 15 Dec 2022 05:03:15 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-19T06:06:21+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1671436697_fe519d2d9193761676d42d31ed4e42013a45605134514b0eff666584f477ba8d&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075817%3Aet%3A1671436697%3Ac%3A1%3Arn%3A12577910%3Arqn%3A2%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1631%2C1631%2C9%2C%3Aco%3A0%3Ans%3A1671436695349%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671436697&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(2)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1671436697_fe519d2d9193761676d42d31ed4e42013a45605134514b0eff666584f477ba8d&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075817%3Aet%3A1671436697%3Ac%3A1%3Arn%3A12577910%3Arqn%3A2%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1631%2C1631%2C9%2C%3Aco%3A0%3Ans%3A1671436695349%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671436697&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1671436697_fe519d2d9193761676d42d31ed4e42013a45605134514b0eff666584f477ba8d&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075817%3Aet%3A1671436697%3Ac%3A1%3Arn%3A12577910%3Arqn%3A2%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C1631%2C1631%2C9%2C%3Aco%3A0%3Ans%3A1671436695349%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671436697&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 69
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 19 Dec 2022 07:58:17 GMT
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 19-Dec-2022 07:58:17 GMT
last-modified: Mon, 19-Dec-2022 07:58:17 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1671436697_fe519d2d9193761676d42d31ed4e42013a45605134514b0eff666584f477ba8d&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075817%3Aet%3A1671436697%3Ac%3A1%3Arn%3A32681537%3Arqn%3A3%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671436695349%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671436697&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(3)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1671436697_fe519d2d9193761676d42d31ed4e42013a45605134514b0eff666584f477ba8d&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075817%3Aet%3A1671436697%3Ac%3A1%3Arn%3A32681537%3Arqn%3A3%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671436695349%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671436697&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1671436697_fe519d2d9193761676d42d31ed4e42013a45605134514b0eff666584f477ba8d&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075817%3Aet%3A1671436697%3Ac%3A1%3Arn%3A32681537%3Arqn%3A3%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671436695349%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671436697&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 187
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 19 Dec 2022 07:58:17 GMT
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 19-Dec-2022 07:58:17 GMT
last-modified: Mon, 19-Dec-2022 07:58:17 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1671436697_fe519d2d9193761676d42d31ed4e42013a45605134514b0eff666584f477ba8d&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075817%3Aet%3A1671436697%3Ac%3A1%3Arn%3A651085270%3Arqn%3A5%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671436695349%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671436697&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(5)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1671436697_fe519d2d9193761676d42d31ed4e42013a45605134514b0eff666584f477ba8d&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075817%3Aet%3A1671436697%3Ac%3A1%3Arn%3A651085270%3Arqn%3A5%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671436695349%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671436697&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(5)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1671436697_fe519d2d9193761676d42d31ed4e42013a45605134514b0eff666584f477ba8d&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075817%3Aet%3A1671436697%3Ac%3A1%3Arn%3A651085270%3Arqn%3A5%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671436695349%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671436697&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(5)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 79
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 19 Dec 2022 07:58:17 GMT
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 19-Dec-2022 07:58:17 GMT
last-modified: Mon, 19-Dec-2022 07:58:17 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1671436697_fe519d2d9193761676d42d31ed4e42013a45605134514b0eff666584f477ba8d&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075817%3Aet%3A1671436697%3Ac%3A1%3Arn%3A381212480%3Arqn%3A4%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671436695349%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671436697&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(4)aw(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1671436697_fe519d2d9193761676d42d31ed4e42013a45605134514b0eff666584f477ba8d&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075817%3Aet%3A1671436697%3Ac%3A1%3Arn%3A381212480%3Arqn%3A4%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671436695349%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671436697&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1671436697_fe519d2d9193761676d42d31ed4e42013a45605134514b0eff666584f477ba8d&browser-info=pa%3A1%3Aar%3A1%3Avf%3Awy278c4xrecmji309n1ev%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A943%3Acn%3A1%3Adp%3A0%3Als%3A436482445326%3Ahid%3A230583923%3Az%3A0%3Ai%3A20221219075817%3Aet%3A1671436697%3Ac%3A1%3Arn%3A381212480%3Arqn%3A4%3Au%3A1671436697423193902%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1671436695349%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1671436697&t=gdpr(14)mc(ci-1-p-4)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 75
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Mon, 19 Dec 2022 07:58:17 GMT
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 19-Dec-2022 07:58:17 GMT
last-modified: Mon, 19-Dec-2022 07:58:17 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/settings
3.73.127.68200 OK 776 kB URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/settings
IP 3.73.127.68:0
Size 776 kB (775499 bytes)
Hash ac4e9316a2111438ef931efb6eec6955
474a3c1d9920214eb6dbedb4f38e2fbf20a57d2b
c06f6994b1f1e364e07815c63b587eae1b70f5d00af68719868410f221cbfc07
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/settings HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671436696.1.0.1671436696.0.0.0; _ga=GA1.1.134471640.1671436696
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:16 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 2937410534624803bfb92426a089ca5b
vary: Accept-Encoding, Accept-Language
expires: Mon, 19 Dec 2022 07:58:16 GMT
set-cookie: PHPSESSID=bc0sobn20pogpilnbs3apl51eh; expires=Wed, 18-Jan-2023 07:58:16 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=bn; expires=Tue, 20-Dec-2022 07:58:16 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Mon, 26-Dec-2022 07:58:16 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v2/translations?locales[]=bn&domains[]=promo&domains[]=validators&fallback=1
3.73.127.68200 OK 523 kB URL HTTP/2 c4adbk4m41qwkxamst.com/api/v2/translations?locales[]=bn&domains[]=promo&domains[]=validators&fallback=1
IP 3.73.127.68:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size 523 kB (523008 bytes)
Hash 31c41b9599f58a1cc001d3584271ba0a
de41442f79d6ad9b07937851b56903abec4275a0
38b3c9173c0be15de5ebe263c5eb7f93a40e0046e2b77cf04f596d08f742dfd2
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=bn&domains[]=promo&domains[]=validators&fallback=1 HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg
Connection: keep-alive
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671436696.1.0.1671436696.0.0.0; _ga=GA1.2.134471640.1671436696; rst-uid=7010513622036119552; PHPSESSID=bc0sobn20pogpilnbs3apl51eh; lunetics_locale=bn; tz=Europe%2FOslo; _gid=GA1.2.554193664.1671436697; _gaclientid=134471640.1671436696; _gasessionid=20221219|07806784; _gahitid=1671436696656; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671436697423193902; _ym_d=1671436697; _fbp=fb.1.1671436696920.226085196; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Dec 2022 07:58:17 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c76e2d1033fe19d491bcdb4e24faaeeb
9b3da75ba4ebf950d17ee9178c64c46afc363047
20590ac857bae294c81ad22c37bb5ec0aca36ad35ae4aa4ece7a5e5ea47ded63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 07:58:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
142.250.74.163200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Dec 2022 09:45:37 GMT
expires: Fri, 15 Dec 2023 09:45:37 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
age: 339161
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=134471640.1671436696&jid=679282624&uid=0&gjid=1585357266&_gid=554193664.1671436697&_u=YADAAEABAAAAACAEK~&z=369320040
74.125.205.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=134471640.1671436696&jid=679282624&uid=0&gjid=1585357266&_gid=554193664.1671436697&_u=YADAAEABAAAAACAEK~&z=369320040
IP 74.125.205.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=134471640.1671436696&jid=679282624&uid=0&gjid=1585357266&_gid=554193664.1671436697&_u=YADAAEABAAAAACAEK~&z=369320040 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 19 Dec 2022 07:58:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
code.jivosite.com/script/widget/config/3bcOoG4MqH
92.223.124.24200 OK 3.4 kB URL HTTP/2 code.jivosite.com/script/widget/config/3bcOoG4MqH
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
Hash 37ffbe758a5c3f0b435a1a72801a5b2c
37b3db5c055c29086a2ebf80853690a054e7e2ea
ce959d9b2d8800d797eb5f1877c8f5c359645fc0de9639fb0882a6e29aeb3f96
GET /script/widget/config/3bcOoG4MqH HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:17 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: gzip
expires: Mon, 19 Dec 2022 08:32:06 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-19T06:32:06+00:00
x-id: fr5-up-gc15
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b52a05c34a7c3eaee8f5c1f73954364c
89c5023a0c43860efd362d0d2751a0ea9a204f54
94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9772
Expires: Mon, 19 Dec 2022 10:41:10 GMT
Date: Mon, 19 Dec 2022 07:58:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b52a05c34a7c3eaee8f5c1f73954364c
89c5023a0c43860efd362d0d2751a0ea9a204f54
94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9772
Expires: Mon, 19 Dec 2022 10:41:10 GMT
Date: Mon, 19 Dec 2022 07:58:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b52a05c34a7c3eaee8f5c1f73954364c
89c5023a0c43860efd362d0d2751a0ea9a204f54
94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9772
Expires: Mon, 19 Dec 2022 10:41:10 GMT
Date: Mon, 19 Dec 2022 07:58:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b52a05c34a7c3eaee8f5c1f73954364c
89c5023a0c43860efd362d0d2751a0ea9a204f54
94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9772
Expires: Mon, 19 Dec 2022 10:41:10 GMT
Date: Mon, 19 Dec 2022 07:58:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b52a05c34a7c3eaee8f5c1f73954364c
89c5023a0c43860efd362d0d2751a0ea9a204f54
94de3b3351ec8035986be412843212eebe4a3c9d6521b2a0c922870d5365adb8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94DE3B3351EC8035986BE412843212EEBE4A3C9D6521B2A0C922870D5365ADB8"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9772
Expires: Mon, 19 Dec 2022 10:41:10 GMT
Date: Mon, 19 Dec 2022 07:58:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47778af6-2d49-4ee8-b5bf-2e8c1140cce5.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47778af6-2d49-4ee8-b5bf-2e8c1140cce5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6c714628a486b8d09101fe1115b4a25
a859bec81457e5b3511fb7612b65bcd4be790f21
41586527c64614c69c2833d2eb9a0e5e03906388a39ae16443b45dd6885329af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F47778af6-2d49-4ee8-b5bf-2e8c1140cce5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9058
x-amzn-requestid: 30f541b7-557c-45c6-a639-596ec624d6b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dVJtzFJPIAMFaow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639ebcbe-221f45c41cc4ac943f78ce6c;Sampled=0
x-amzn-remapped-date: Sun, 18 Dec 2022 07:09:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: f_sUIMBle-AT5Od_IJdlhNc1razIfG8LYIi1tEsIyWtMRBs063gjwQ==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Mon, 19 Dec 2022 07:18:00 GMT
age: 2418
etag: "a859bec81457e5b3511fb7612b65bcd4be790f21"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61dd0e23-c172-4f68-b254-9fd26e2782f6.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61dd0e23-c172-4f68-b254-9fd26e2782f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d9d95001bfc942895a41fb4bbd50c56
67e1f40fbf45d7f32e4bd05f7c9e71f352483fa9
042c3809a802ef44ff6de8a270194cdf69cc3ba9d8f5192110dda7829d2d52d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61dd0e23-c172-4f68-b254-9fd26e2782f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5710
x-amzn-requestid: 9e587daa-7632-4765-a8c5-6cea13058bac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dNQQJEp6IAMF1Og=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639b9400-63c04fa4691c32f914301a3d;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 21:39:12 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cRZhQNysDphRjUTZ7bCgTbwlYYVWgXvMMmPJSv6RysKbK0bWOY1cpA==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 22:12:47 GMT
age: 35131
etag: "67e1f40fbf45d7f32e4bd05f7c9e71f352483fa9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c17fa1e-3676-4150-9a56-a1ca369a9c6a.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c17fa1e-3676-4150-9a56-a1ca369a9c6a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6d178a6b115f657a00617293489405fe
5a85960ea077d8a1e8ee24de73a9594682d9a4ef
61c2a7e815efe3206e64f00974ddba9b24b99b41bf030a102e53a6613d105b67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8c17fa1e-3676-4150-9a56-a1ca369a9c6a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11263
x-amzn-requestid: 7cb5a6e1-9e6f-4b65-a0c4-d7612223edb3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: c6OCtGU6IAMF6lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6393f6dd-459d1bef15af6cf134231005;Sampled=0
x-amzn-remapped-date: Sat, 10 Dec 2022 03:02:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: dF3uhrxqSuq8L3bfocnU2ryQb_UcL97PM_MVhushhf0_STCTbIhORA==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 21:38:12 GMT
age: 37206
etag: "5a85960ea077d8a1e8ee24de73a9594682d9a4ef"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F956cf952-1c2d-4c51-b322-8a251d3893bf.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F956cf952-1c2d-4c51-b322-8a251d3893bf.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43c9ed63c9760a5b3826550e59a96f43
912a87f2df4a93717a3817bb9c9bf0071b2fce7e
5e75e2e9bbc0d3e992f72257923c97ff8d037fcbf5ccf092e100ae26af2b2d89
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F956cf952-1c2d-4c51-b322-8a251d3893bf.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4362
x-amzn-requestid: e88d6aea-c8f7-45e5-9f10-07bc6efb4b9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dObYsEa1IAMFa_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639c0c37-1f4852530ab1b5b73a088601;Sampled=0
x-amzn-remapped-date: Fri, 16 Dec 2022 06:12:07 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8kTjTJyZbKvpI1rr0dfrwSJ4TuPBLiedSh26aiDivz5lPM_6tO_Stg==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 21:35:59 GMT
age: 37339
etag: "912a87f2df4a93717a3817bb9c9bf0071b2fce7e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbedc7d70-00c3-409b-9b46-11cbe9909f2b.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbedc7d70-00c3-409b-9b46-11cbe9909f2b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 71e9a308430eff340bb55c56b64fcc63
63d49b26322a1dca8ed669c1abafc27ee7f7c4b2
e3c8917124f2d13de6d1c0a1f1539f035abef31bbbf2246e77db44d9a3e29b61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbedc7d70-00c3-409b-9b46-11cbe9909f2b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12161
x-amzn-requestid: 6ad8283c-3d3d-41f0-ada7-1b0d20568aa6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dXIZIGZFIAMFubg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639f876d-0bc6f28d582f63b35a494472;Sampled=0
x-amzn-remapped-date: Sun, 18 Dec 2022 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gJgluMuS-cEZnEk8LNtVJk02T883tD8OZJy4BftXFGhJ6tHeLGrcqw==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 21:35:55 GMT
age: 37343
etag: "63d49b26322a1dca8ed669c1abafc27ee7f7c4b2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e12be4-4d3a-4c89-acc3-9f2634b84373.jpeg
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e12be4-4d3a-4c89-acc3-9f2634b84373.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8576327b06d5d8259e87bfeb71761ff5
2b2e5694e77b30f2e2cdfddd8ad616be214c9df2
377ffbcb85710900d97b1d99522a8087a6c66bcb778be42da806283cae833715
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa4e12be4-4d3a-4c89-acc3-9f2634b84373.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5654
x-amzn-requestid: b9f6e88a-f07b-4c6c-b823-9b9e928274ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dKtB8Eb5oAMF3gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639a8ed9-3c8888ca41c995d67a09fa50;Sampled=0
x-amzn-remapped-date: Thu, 15 Dec 2022 03:04:57 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FaoiV9Jr3-1aqI-rVbXAYEMTsG_cjqVxmr0di-CbJaQBwIbb6BRg6A==
via: 1.1 446313511980eb02f28ff5a9a4147c0a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 13:23:41 GMT
age: 66877
etag: "2b2e5694e77b30f2e2cdfddd8ad616be214c9df2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash c76e2d1033fe19d491bcdb4e24faaeeb
9b3da75ba4ebf950d17ee9178c64c46afc363047
20590ac857bae294c81ad22c37bb5ec0aca36ad35ae4aa4ece7a5e5ea47ded63
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 07:58:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
node-sber1-az1-6.jivosite.com/widget/status/561276/3bcOoG4MqH?rnd=0.026575767751639945
188.72.107.240200 OK 4.0 kB URL HTTP/2 node-sber1-az1-6.jivosite.com/widget/status/561276/3bcOoG4MqH?rnd=0.026575767751639945
IP 188.72.107.240:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (3376), with no line terminators
Hash 585ba900a8515af35ab3d7abcf253d82
6f046ab18e055e78a2fee373d6997395bfa21871
f33d74e42b4ee9300db863e62b2369cb8036f3276ef0e0bd3ff73185f81ee96b
GET /widget/status/561276/3bcOoG4MqH?rnd=0.026575767751639945 HTTP/1.1
Host: node-sber1-az1-6.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-max-age: 1728000
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: X-Geoip, X-Botmode
cache-control: no-cache, no-store, must-revalidate
content-security-policy: frame-ancestors 'none';
content-type: application/json; charset=utf-8
pragma: no-cache
server: foxy/2.0.1
x-botmode: no
x-frame-options: DENY
x-geoip: NO;03;Oslo (Alna District)
content-length: 3992
date: Mon, 19 Dec 2022 07:58:18 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7b18428df832332e2f89ca51203de4ba
8272451b056b54992cfa05e70c53adde8b744299
c9bdf42b2f8b0cf614cd4821bce48a719d284c836eb98959dce1802dea20e617
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 07:58:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 7b18428df832332e2f89ca51203de4ba
8272451b056b54992cfa05e70c53adde8b744299
c9bdf42b2f8b0cf614cd4821bce48a719d284c836eb98959dce1802dea20e617
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 19 Dec 2022 07:58:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=134471640.1671436696&jid=50215676&_u=YADAAEAAAAAAACAEK~&z=1959920417
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=134471640.1671436696&jid=50215676&_u=YADAAEAAAAAAACAEK~&z=1959920417
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=134471640.1671436696&jid=50215676&_u=YADAAEAAAAAAACAEK~&z=1959920417 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Dec 2022 07:58:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=134471640.1671436696&jid=679282624&_u=YADAAEABAAAAACAEK~&z=418386350
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=134471640.1671436696&jid=679282624&_u=YADAAEABAAAAACAEK~&z=418386350
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=134471640.1671436696&jid=679282624&_u=YADAAEABAAAAACAEK~&z=418386350 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 19 Dec 2022 07:58:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/favicon.png
3.73.127.68200 OK 2.8 kB URL HTTP/2 c4adbk4m41qwkxamst.com/favicon.png
IP 3.73.127.68:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash f8cbfde8f3484f7a5f02189742f0f110
3eb0cec3e65d6cb0cc2744b5fa57ded1afb6e4d4
70504d4dc047aeac702b31e9290e9f5553e901d07d3844269cd966042988159a
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.png HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671436696.1.0.1671436696.0.0.0; _ga=GA1.2.134471640.1671436696; rst-uid=7010513622036119552; PHPSESSID=bc0sobn20pogpilnbs3apl51eh; lunetics_locale=bn; tz=Europe%2FOslo; _gid=GA1.2.554193664.1671436697; _gaclientid=134471640.1671436696; _gasessionid=20221219|07806784; _gahitid=1671436696656; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671436697423193902; _ym_d=1671436697; _fbp=fb.1.1671436696920.226085196; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:19 GMT
content-type: image/png
content-length: 2810
last-modified: Thu, 15 Dec 2022 08:46:05 GMT
etag: "639adecd-afa"
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ae9c4bab516da49d26f00e2b6d32f716
4590efa4d4bef8b328437173e0b6bc8032f8b2f7
4f3c7cd5d5ace5904379e069b68aa3a67a7f2776d664af10cfd1d7431e788c33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4F3C7CD5D5ACE5904379E069B68AA3A67A7F2776D664AF10CFD1D7431E788C33"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5656
Expires: Mon, 19 Dec 2022 09:32:38 GMT
Date: Mon, 19 Dec 2022 07:58:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ae9c4bab516da49d26f00e2b6d32f716
4590efa4d4bef8b328437173e0b6bc8032f8b2f7
4f3c7cd5d5ace5904379e069b68aa3a67a7f2776d664af10cfd1d7431e788c33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4F3C7CD5D5ACE5904379E069B68AA3A67A7F2776D664AF10CFD1D7431E788C33"
Last-Modified: Sat, 17 Dec 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5656
Expires: Mon, 19 Dec 2022 09:32:38 GMT
Date: Mon, 19 Dec 2022 07:58:22 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 2f1085bba2337fc1d4045a17991df63c
22627b643484326b944641bd02503029b3f21ddd
73668839545466188fe4844e48dda194dead1875f8e9524701f58a59cd0e12aa
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 19 Dec 2022 07:58:23 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 23 Dec 2022 07:07:17 GMT
ETag: "22627b643484326b944641bd02503029b3f21ddd"
Last-Modified: Mon, 19 Dec 2022 07:07:18 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 259
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77be97c40dd3b517-OSL
code.jivo.ru/js/bundle_ru_RU.js?rand=1671109291
92.223.126.57200 OK 312 kB URL HTTP/2 code.jivo.ru/js/bundle_ru_RU.js?rand=1671109291
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type Unicode text, UTF-8 text, with very long lines (61072), with no line terminators
Size 312 kB (311916 bytes)
Hash 29f4410d1a7a27f57b6117ebb24a9096
86ad5732d4edfeebe088c6236b3963172a302115
27c72946131a91d24f0fcbc09a9cb7da482d03487d621783cd1c89490ccc1496
GET /js/bundle_ru_RU.js?rand=1671109291 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:23 GMT
content-type: application/javascript
content-length: 311916
access-control-allow-origin: *
cache-control: max-age=86400
content-encoding: br
etag: "639aaaef-4c26c"
last-modified: Thu, 15 Dec 2022 05:04:47 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-18T13:02:01+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&prev_url=&lang=en&uli=false
34.117.30.199200 OK 55 kB URL HTTP/2 webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&prev_url=&lang=en&uli=false
IP 34.117.30.199:0
Hash 9a3a563bf7e67fef3b329c8a9df2553d
d505a1f6f1bd1f313f57fba5c03579b9dac7ce8f
e3aa2c5822bfcec4cded34f4e5e10e0cbb3f3523e79f2976185b18ebc267aa29
GET /customer/799213038/campaigns?url=https:%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg&prev_url=&lang=en&uli=false HTTP/1.1
Host: webchannel-content.eservice.emarsys.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Dec 2022 07:58:22 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: *
content-type: application/json
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
code.jivo.ru/css/3171c8f/omnichannelMenu.widget.css
92.223.126.57200 OK 945 B URL HTTP/2 code.jivo.ru/css/3171c8f/omnichannelMenu.widget.css
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (3072), with no line terminators
Hash 4798383a040782bc8816e581f6b560b4
f4af2730471468533e06f3038e679fe3f87231ca
84074cecf5151b6af6abb5da9486e0a85f4a0fdc28798e4896532df848744ba4
GET /css/3171c8f/omnichannelMenu.widget.css HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:24 GMT
content-type: text/css
content-length: 945
cache-control: max-age=864000
content-encoding: gzip
etag: "639aaad8-3b1"
expires: Sun, 25 Dec 2022 13:02:18 GMT
last-modified: Thu, 15 Dec 2022 05:04:24 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-15T13:02:18+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/js/3171c8f/omnichannelMenu.js
92.223.126.57200 OK 3.1 kB URL HTTP/2 code.jivo.ru/js/3171c8f/omnichannelMenu.js
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (11729), with no line terminators
Hash fb88bad2cb1b680940f4d49a1e29d864
f1dfd75b748d2b92d8dd19ddb28f14ed238d7ee4
cbc21760c959a6571131c110618efca84d36e4789ecd079053b666e9eedecf33
GET /js/3171c8f/omnichannelMenu.js HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:24 GMT
content-type: application/javascript
content-length: 3124
access-control-allow-origin: *
cache-control: max-age=86400
content-encoding: br
etag: "639aaad8-c34"
last-modified: Thu, 15 Dec 2022 05:04:24 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-18T13:02:27+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/sounds/agent_message.mp3
92.223.126.57206 Partial Content 3.8 kB URL HTTP/2 code.jivo.ru/sounds/agent_message.mp3
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Hash 8e9a165c4cb185ffd0b2658fa088e43b
195873e5e8bbb2f5ecc32d95f90d6fb75817a649
ff81aad05612f90cf97c238f219765884e5cbf49351d8dc96a4a063c598c3f43
GET /sounds/agent_message.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Mon, 19 Dec 2022 07:58:24 GMT
content-type: audio/mpeg
content-length: 3760
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "6384b5cb-eb0"
expires: Mon, 02 Jan 2023 12:20:47 GMT
last-modified: Mon, 28 Nov 2022 13:21:15 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-03T12:20:47+00:00
x-id: am3-up-gc95
content-range: bytes 0-3759/3760
X-Firefox-Spdy: h2
code.jivo.ru/sounds/notification.mp3
92.223.126.57206 Partial Content 5.8 kB URL HTTP/2 code.jivo.ru/sounds/notification.mp3
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash 9aa341af370c4e59155717260ba0f282
0c1216ecead8d1409557c843d96202c063f3f252
1112436abea08c851302bba4d4e37a27e25e5ec26b20474667a3369d41154bab
GET /sounds/notification.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Mon, 19 Dec 2022 07:58:24 GMT
content-type: audio/mpeg
content-length: 5808
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "6384b5cb-16b0"
expires: Mon, 02 Jan 2023 12:11:24 GMT
last-modified: Mon, 28 Nov 2022 13:21:15 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-03T12:11:24+00:00
x-id: am3-up-gc95
content-range: bytes 0-5807/5808
X-Firefox-Spdy: h2
code.jivo.ru/sounds/outgoing_message.mp3
92.223.126.57206 Partial Content 5.0 kB URL HTTP/2 code.jivo.ru/sounds/outgoing_message.mp3
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Hash 7bf3e4962a5ecf1f8cbcc2ff3428f531
f75c694461a643d2e096ae8d0f6c1a9d19602eee
d44244617bf21df7a137694fa762d5cab3b82cb9fae8f33de5917977b02b2a11
GET /sounds/outgoing_message.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Mon, 19 Dec 2022 07:58:24 GMT
content-type: audio/mpeg
content-length: 5014
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "6384b5cb-1396"
expires: Mon, 02 Jan 2023 12:20:47 GMT
last-modified: Mon, 28 Nov 2022 13:21:15 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-03T12:20:47+00:00
x-id: am3-up-gc95
content-range: bytes 0-5013/5014
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1283f05-ca54-470d-bbc4-9b6d4386b138.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1283f05-ca54-470d-bbc4-9b6d4386b138.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e0773ba795a9e9a70038c6d8c64ebfa2
3d1db768017331da152d0df6cf5bc6ea6c813b83
46c25962e3bad9785a77bd8f51021460bcf44e9907c725c38329b6dadf560a44
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb1283f05-ca54-470d-bbc4-9b6d4386b138.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 8722
x-amzn-requestid: 88a7ab87-3bee-429d-9d3d-8969f6908c65
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dKGGkH2UIAMF78Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639a5090-072ab9b341d4c00622492ee8;Sampled=0
x-amzn-remapped-date: Wed, 14 Dec 2022 22:39:12 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: lpuH1nfNTFrtEUzxSDBEtunOkPU7Y5cP5PSVlJQ43YkRBrRX4OukPg==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 18 Dec 2022 21:36:45 GMT
age: 37299
etag: "3d1db768017331da152d0df6cf5bc6ea6c813b83"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
vi-sber1-3.jivosite.com/3bcOoG4MqH?31d0680ee41be4be
46.243.227.203101 Switching Protocols 0 B URL HTTP/1.1 vi-sber1-3.jivosite.com/3bcOoG4MqH?31d0680ee41be4be
IP 46.243.227.203:0
ASN #208677 Cloud technology Limited (Ltd.)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /3bcOoG4MqH?31d0680ee41be4be HTTP/1.1
Host: vi-sber1-3.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://c4adbk4m41qwkxamst.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: TnJUOpOXiNy5nng47tsaDQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Access-Control-Allow-Origin: https://c4adbk4m41qwkxamst.com
Sec-WebSocket-Accept: iMus4gHItS19lqgLQdoZUm6fHbM=
Server: hand/2.8
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 6a00b783d17f604e7a87708ba092da4f
185a4e2e267196e343485dfada4834935048a15f
05281171543d7f03d133b54941f046dbde097b6bee298a3d6911c97a5ab8d036
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 880
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Mon, 19 Dec 2022 07:58:25 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7010513622036119552; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 1
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1047/static/js/main.31fe44c1.chunk.js
172.67.160.69200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1047/static/js/main.31fe44c1.chunk.js
IP 172.67.160.69:0
GET /spa-static/1.4.1047/static/js/main.31fe44c1.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Dec 2022 07:58:16 GMT
content-type: application/javascript
last-modified: Thu, 15 Dec 2022 08:52:47 GMT
vary: Accept-Encoding
etag: W/"639ae05f-5bec9"
expires: Mon, 19 Dec 2022 11:37:46 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 1230
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GmHVetctw0wBalJVU6yPY4UDYYbGAl4ZieICBaEZFNqCRwsfLJoam3wM0hDWaOQKTNGrf08Ra4HA92KxJo7LqeOHN5y%2FwYYz84HZi7Tnyky5JfTq%2B06KrpenozNUCrSlCvmP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77be97977c75b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/currency-specific-settings/RUB.json
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/currency-specific-settings/RUB.json
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currency-specific-settings/RUB.json HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671436696.1.0.1671436696.0.0.0; _ga=GA1.2.134471640.1671436696; rst-uid=7010513622036119552; PHPSESSID=bc0sobn20pogpilnbs3apl51eh; lunetics_locale=bn; tz=Europe%2FOslo; _gid=GA1.2.554193664.1671436697; _gaclientid=134471640.1671436696; _gasessionid=20221219|07806784; _gahitid=1671436696656; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671436697423193902; _ym_d=1671436697; _fbp=fb.1.1671436696920.226085196; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:17 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Dec 2022 07:58:17 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/favicon.ico
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/favicon.ico
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671436696.1.0.1671436696.0.0.0; _ga=GA1.1.134471640.1671436696
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:16 GMT
content-type: image/x-icon
last-modified: Thu, 15 Dec 2022 08:46:05 GMT
vary: Accept-Encoding
etag: W/"639adecd-1536"
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1047/static/css/main.687ea28c.chunk.css
172.67.160.69200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1047/static/css/main.687ea28c.chunk.css
IP 172.67.160.69:0
GET /spa-static/1.4.1047/static/css/main.687ea28c.chunk.css HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 19 Dec 2022 07:58:16 GMT
content-type: text/css
last-modified: Thu, 15 Dec 2022 08:52:47 GMT
vary: Accept-Encoding
etag: W/"639ae05f-54"
expires: Mon, 19 Dec 2022 11:37:46 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 1230
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=C%2BRfUkKuzxlXmFRE5Pgvr%2BFkXJ%2BJYgPiKw8GfddiwyvyWeECbH%2Bt%2FSB8uoYE6%2FnAT5DlB8dRzkuzIlHMQeHD8wsie1qb%2FsjbXD7AXSAiRImWI6MCZT5DHlO28BJR0dcu2X8O"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77be97976c6cb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/partners/sport_logo.png
3.73.127.68404 Not Found 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/partners/sport_logo.png
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/sport_logo.png HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg
Cookie: theme=desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Mon, 19 Dec 2022 07:58:16 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/logo
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/logo
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/logo HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671436696.1.0.1671436696.0.0.0; _ga=GA1.2.134471640.1671436696; rst-uid=7010513622036119552; PHPSESSID=bc0sobn20pogpilnbs3apl51eh; lunetics_locale=bn; tz=Europe%2FOslo; _gid=GA1.2.554193664.1671436697; _gaclientid=134471640.1671436696; _gasessionid=20221219|07806784; _gahitid=1671436696656; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"2467b2b1f8388ce43e730fcbb0e782db"
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:16 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"2467b2b1f8388ce43e730fcbb0e782db"
x-request-id: b44e0193cfd3962b44535b077093fb2c
vary: Accept-Encoding, Accept-Language
expires: Mon, 19 Dec 2022 07:58:17 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/currencies.json
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/currencies.json
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currencies.json HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671436696.1.0.1671436696.0.0.0; _ga=GA1.2.134471640.1671436696; rst-uid=7010513622036119552; PHPSESSID=bc0sobn20pogpilnbs3apl51eh; lunetics_locale=bn; tz=Europe%2FOslo; _gid=GA1.2.554193664.1671436697; _gaclientid=134471640.1671436696; _gasessionid=20221219|07806784; _gahitid=1671436696656; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671436697423193902; _ym_d=1671436697; _fbp=fb.1.1671436696920.226085196; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Dec 2022 07:58:18 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/auth/providers
3.73.127.68200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/auth/providers
IP 3.73.127.68:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/auth/providers HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1047
x-client-session: cut0frdk9qj0gr92i8e2
x-client-device-id: 3oxk9v3pup18cvmtoq9d
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1671436696.1.0.1671436696.0.0.0; _ga=GA1.2.134471640.1671436696; rst-uid=7010513622036119552; PHPSESSID=bc0sobn20pogpilnbs3apl51eh; lunetics_locale=bn; tz=Europe%2FOslo; _gid=GA1.2.554193664.1671436697; _gaclientid=134471640.1671436696; _gasessionid=20221219|07806784; _gahitid=1671436696656; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1671436697423193902; _ym_d=1671436697; _fbp=fb.1.1671436696920.226085196; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 19 Dec 2022 07:58:18 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: dfb8e2d9d4c26ee6c3f63292b8e003c7
vary: Accept-Encoding, Accept-Language
expires: Mon, 19 Dec 2022 07:58:18 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2