b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
18.193.73.74308 Permanent Redirect 164 B URL HTTP/1.1 b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
IP 18.193.73.74:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f23c4815ecaef1588f16ac735c0e15d6
026bf8cdd5076014b6fc822878e0086eb44da556
43a81fb3d47b34e7d42d6b8444f592ed9251b8e57db8f67d32419aa40b1480d0
Analyzer Verdict Alert quad9 Sinkholed
GET /?registration=1&cid=1925768417&pid=165855&sip=0 HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 308 Permanent Redirect
Server: nginx
Date: Sun, 04 Dec 2022 09:12:42 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5180
Expires: Sun, 04 Dec 2022 10:39:02 GMT
Date: Sun, 04 Dec 2022 09:12:42 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 67e9370f1bf3e4946a01f346eeae8966
aaab391d1134302d718de7a0d5edbedf884633e6
27a8654fb14db88d4b2bb3b45c1b197fc498cd94143d4a68687742fa48a41358
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 29
Cache-Control: max-age=91139
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:42 GMT
Etag: "638b2570-1d7"
Expires: Mon, 05 Dec 2022 10:31:41 GMT
Last-Modified: Sat, 03 Dec 2022 10:31:12 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 08:20:05 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3157
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12950
Expires: Sun, 04 Dec 2022 12:48:32 GMT
Date: Sun, 04 Dec 2022 09:12:42 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 9aYeyQ4JPzGTxQARwl7xv+BdsNQPRnximtrlP0KyBF3tp5HMMvAImnSV74pw8kZEmFav0ZRBdus=
x-amz-request-id: SHPNZ73294ZJKCWR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 08:46:54 GMT
age: 1548
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:42 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3406b933f039060ae455e88e22b1509f
03232a84c2da9848fcb9b4fb2ce537c21de91aa7
a0624bab981c6374efcfa3d4a06014ffa32981bf91005fd32ee12a41509c6381
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A0624BAB981C6374EFCFA3D4A06014FFA32981BF91005FD32EE12A41509C6381"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21500
Expires: Sun, 04 Dec 2022 15:11:02 GMT
Date: Sun, 04 Dec 2022 09:12:42 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3a94442d71500112ec09cae7aecbb94c
3fe3ecd8126adf63c2e3c1ef20e1bf7da0ea7a70
1cd2b55d112b808c26193bac0eb010a3a1133c5ca62c3912b7529f4cd55875a9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3236
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:42 GMT
Last-Modified: Sun, 04 Dec 2022 08:18:46 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3a94442d71500112ec09cae7aecbb94c
3fe3ecd8126adf63c2e3c1ef20e1bf7da0ea7a70
1cd2b55d112b808c26193bac0eb010a3a1133c5ca62c3912b7529f4cd55875a9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3236
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:42 GMT
Last-Modified: Sun, 04 Dec 2022 08:18:46 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3a94442d71500112ec09cae7aecbb94c
3fe3ecd8126adf63c2e3c1ef20e1bf7da0ea7a70
1cd2b55d112b808c26193bac0eb010a3a1133c5ca62c3912b7529f4cd55875a9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2834
Cache-Control: max-age=98232
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:42 GMT
Etag: "638b3630-117"
Expires: Mon, 05 Dec 2022 12:29:54 GMT
Last-Modified: Sat, 03 Dec 2022 11:42:40 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
54.230.111.92200 OK 23 kB URL HTTP/1.1 cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
IP 54.230.111.92:0
File type C source, ASCII text, with very long lines (539)
Hash bfcc64224f8c6e43e026afb16bd0f4f8
4b1a0dbd96c3047a917ba024690ffc4d544b8b00
c87358a7c76c044147379c9415f96488045b936666093c83fd0e57e08316548e
GET /js/11DAF087E87A3DFD/scarab-v2.js HTTP/1.1
Host: cdn.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Timing-Allow-Origin: *
Date: Sun, 04 Dec 2022 08:40:29 GMT
Cache-Control: max-age=3600,public
ETag: "aa53180343ab25d32aa7294158ca3216--gzip"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wxEWlEsC_gsR0e8KFJtS3FqylmkLJ3eyuFsrn93vACAYOJXB2f-X-A==
Age: 2019
www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
142.250.74.168200 OK 57 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (13906)
Hash 0bb8b6af315cb63ff047252acb975616
06a734d1e3af80806e71e3101b53d4fecf73d3b2
4493edca9c209d3a05c59344f28f0b42aca05d9b2b3dda4cb04cd4ac0d53f3af
GET /gtm.js?id=GTM-5PMSX62 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Dec 2022 09:12:42 GMT
expires: Sun, 04 Dec 2022 09:12:42 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 56889
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 3a94442d71500112ec09cae7aecbb94c
3fe3ecd8126adf63c2e3c1ef20e1bf7da0ea7a70
1cd2b55d112b808c26193bac0eb010a3a1133c5ca62c3912b7529f4cd55875a9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3236
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:42 GMT
Last-Modified: Sun, 04 Dec 2022 08:18:46 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
static.scarabresearch.com/wpjs/wploader.js?ts=2761
54.230.111.73200 OK 11 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wploader.js?ts=2761
IP 54.230.111.73:0
File type Unicode text, UTF-8 text, with very long lines (26064)
Hash 2fc56d9a611d59d8961e74c4e8714e57
462e72a7259c4e557713d4a0f83b1dfa01445735
8e7522a5ad89315f9b9f6de63b9f538cdd001eccab8620b5d28f92840cac3ad8
GET /wpjs/wploader.js?ts=2761 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Date: Sat, 03 Dec 2022 16:35:40 GMT
Last-Modified: Mon, 10 Oct 2022 11:09:48 GMT
ETag: W/"1bb200ba7add3c5d4bfb6f3822bfe5af"
Cache-Control: max-age=86400
x-amz-version-id: DzVXMgBeksdrQfAKjc.ckmkVhMlLjwqT
Server: AmazonS3
Content-Encoding: gzip
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: pRJnOiRXGTgrKISPQb_e8h64jWa75HAi2TfuqPr8-U-uAPjjNW9i_w==
Age: 59824
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 09:08:58 GMT
cache-control: public,max-age=3600
age: 225
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
static.scarabresearch.com/wpjs/wpes6.js?ts=2761
54.230.111.73200 OK 32 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wpes6.js?ts=2761
IP 54.230.111.73:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 2deaf3e3bba06f12d56503ae36024fec
6793a706970604cf8ebb692d4fbf704f8196cb1c
d03b55e6886ad1d5748ecf83c44cd26dbec2e24fadf144dc6a16cc74597c5290
GET /wpjs/wpes6.js?ts=2761 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 10 Oct 2022 11:09:51 GMT
x-amz-version-id: B7kEOPd3f.UUaahYeIIXT30URW6wDjD.
Server: AmazonS3
Content-Encoding: gzip
Date: Sun, 04 Dec 2022 06:25:57 GMT
Cache-Control: max-age=86400
ETag: W/"aea14a7926cfb79f14472c23a4b1543b"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: MtQ-c3ObjzZ4juLpDozpFfzT-VtcFbdJ8zvjefJFCf7rE0ZMybCBvA==
Age: 10006
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 59db36d46a15f39873383bbb5ed40ab9
b000093c78513a82e001e45d586a7155d4b83ce5
830b537f9803c0324380c6a2906d85a193566ffab5a752d06af1659b4f2da929
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 95
Cache-Control: max-age=117854
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:43 GMT
Etag: "638b8d8a-1d7"
Expires: Mon, 05 Dec 2022 17:56:57 GMT
Last-Modified: Sat, 03 Dec 2022 17:55:22 GMT
Server: ECS (ska/F71D)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a151c326c67e1abb747847c1427db76f
80885d30ef8ba867bf33c40b861976958a27493a
de2b573ee1c8af980e593352e0c331b2595f62bd4499300ace30821d20814760
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 31
Cache-Control: max-age=86079
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:43 GMT
Etag: "638b11ab-1d7"
Expires: Mon, 05 Dec 2022 09:07:22 GMT
Last-Modified: Sat, 03 Dec 2022 09:06:51 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash feada0c59c0eaab85490c6c8a7bcdd19
067889598d6125a945f0f7815a03328b62e9d139
18d3562684c32ed7b8d7cf02c853d8f1f08bf1074151891d9b756d14fdddfa1f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "18D3562684C32ED7B8D7CF02C853D8F1F08BF1074151891D9B756D14FDDDFA1F"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1841
Expires: Sun, 04 Dec 2022 09:43:24 GMT
Date: Sun, 04 Dec 2022 09:12:43 GMT
Connection: keep-alive
my.rtmark.net/p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01
IP 139.45.195.8:0
Hash 6425f508eacb60db81c6d0b38ae56a58
d27caed071b054a15ab2291a11a4bfe12e097d7a
e94404dcfeb2d07ed1a6c0ad4230d5bc5754c0c965736d4ebc3224af415094d0
GET /p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:43 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
35.82.2.166200 OK 8 B URL HTTP/1.1 shavar.services.mozilla.com/downloads?client=Firefox&appver=96.0a&pver=2.2
IP 35.82.2.166:0
Hash 29fc57841962e407cb50c1be60284bf7
ce968a77e2996da5eee8925182318f171ccdce47
ae7e7075247dcfad763f1e131aeac3d2e756bb03d48b0d315a50c69636e5dc8b
POST /downloads?client=Firefox&appver=96.0a&pver=2.2 HTTP/1.1
Host: shavar.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 773
Connection: close
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: none
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/octet-stream
Date: Sun, 04 Dec 2022 09:12:43 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 8
Connection: Close
push.services.mozilla.com/
54.187.31.159101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.187.31.159:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: OlJlENWDf1V1usJlQpGq3A==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: ENKDEPgL1+D2PmeIQ9jbyXJ2oHY=
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 3ac900a479461cc671aa20bbc38e130a
3886d1d936d397593e766dc7e352656a2e0f2d0c
fdf9851edf9ff16422529c3f3e3dfc13963d26e8d6c39541b8bdbfd7d1400851
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 669
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sun, 04 Dec 2022 09:12:43 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7005096538720436224; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 3
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash be718d0ce945ecb9234c8c904f8022c7
d96a915adeaffa27e18bf646320f3e043cd0349e
97750b45893098c0a51cec23fa80b37fbd101a513362ce9e1daa00a8d62143cf
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 756
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sun, 04 Dec 2022 09:12:43 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7005096538720436224; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 2
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.14200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 04 Dec 2022 08:46:55 GMT
expires: Sun, 04 Dec 2022 10:46:55 GMT
cache-control: public, max-age=7200
age: 1548
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 14 kB IP 93.184.220.29:0
Hash 94e194fba957eb69cb0bbf41220f7a0b
076f142ba65817b77f99f15243a681125c8f017d
98efdaf42c85ca886f39acc95d65855ccc491bf286d2f78dd93fc340e53416d9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1341
Cache-Control: max-age=122709
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:43 GMT
Etag: "638b9ba3-1d7"
Expires: Mon, 05 Dec 2022 19:17:52 GMT
Last-Modified: Sat, 03 Dec 2022 18:55:31 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
b40llq4tvvy12m5mst.com/api/v1/countries.json
18.193.73.74200 OK 8.7 kB URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/countries.json
IP 18.193.73.74:0
Hash e36edf559337b4137af9c38a866846cd
a01a5d8353aebc35934915014545a08d1aafb521
222a8d23357500e4f6f91cce76cdd7fabb72ad0497ab929cd69702e76a227110
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/countries.json HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:43 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 11 Dec 2022 09:12:43 GMT
set-cookie: PHPSESSID=1gif9eqd4l41r9g8jjs1t8d0en; expires=Tue, 03-Jan-2023 09:12:43 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=en; expires=Mon, 05-Dec-2022 09:12:43 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sun, 11-Dec-2022 09:12:43 GMT; Max-Age=604800; path=/; secure
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
157.240.240.1200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.240.1:0
File type ASCII text, with very long lines (64348)
Hash 44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 6vTG/oZmFxBFKdqC7AYfmIXYMtku0V7HDBJFkJxKgI/Tf9XFH92H4zaEHRfCJHWkDO5ZP0enkJXbjtJXSgbWhg==
content-length: 27340
x-fb-trip-id: 1679558926
date: Sun, 04 Dec 2022 09:12:43 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd0b48347644ddc60fb16b04140cfcb7
ef8d6c8e3c979e98c82655290150aa14fe5d44d1
f3d27c16653ed979a7cce2dc6239a48a86c7dab2fc34949b540802e50b05275a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1341
Cache-Control: max-age=122709
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:43 GMT
Etag: "638b9ba3-1d7"
Expires: Mon, 05 Dec 2022 19:17:52 GMT
Last-Modified: Sat, 03 Dec 2022 18:55:31 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 471
mc.yandex.ru/metrika/tag.js
87.250.250.119200 OK 73 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.250.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (586)
Hash a4567a1e52f99c2b3870f58375ec8cac
dbfc795e71fc19f7e45e8637abc4ac770f639a48
2b13b5716855040bd9a08972b0e61369e50c6daa402ed937e18f6795f82429c8
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73266
date: Sun, 04 Dec 2022 09:12:43 GMT
access-control-allow-origin: *
etag: "6388ac0c-11e32"
expires: Sun, 04 Dec 2022 10:12:43 GMT
last-modified: Thu, 01 Dec 2022 16:28:44 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/connection/websocket
18.193.73.74101 Switching Protocols 0 B URL HTTP/1.1 b40llq4tvvy12m5mst.com/connection/websocket
IP 18.193.73.74:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /connection/websocket HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://b40llq4tvvy12m5mst.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: mpLHNQsd52nfuKJwycuUYQ==
Connection: keep-alive, Upgrade
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145161.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Sun, 04 Dec 2022 09:12:43 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: NKNsC0Ivyxj0zLHhutceW+DKrEM=
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7c9e0bb25e8c28e8b10038806b0a7190
9fa6097aeb8eacde8ba7c9ab80a7a7d2405ae2bc
f4864000960be2f888ed7d2467f74130231fed6f56ad48ff15861f5769e95a58
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
216.58.207.228200 OK 164 kB URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
IP 216.58.207.228:0
Size 164 kB (164298 bytes)
Hash 9cf86d5322e8df1c2f7a5aa56c679ef6
84fc2848533958ef81b581c125e5a5cdfcd964e5
9bf81b55beca5fbb704ad939cf920de41df91e42dc59ab52173c05fca2bb930f
GET /recaptcha/api.js?onload=onloadcallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 04 Dec 2022 09:12:43 GMT
date: Sun, 04 Dec 2022 09:12:43 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 578
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 35da6bebd17aba1ce8576fd759a0d180
e28636b5000dfe9809374de84740e42badf3eb68
28b43a096f65bed56fa8e9f43b69050ce781376fffd66bf307fc9eaf1b64d031
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28B43A096F65BED56FA8E9F43B69050CE781376FFFD66BF307FC9EAF1B64D031"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=827
Expires: Sun, 04 Dec 2022 09:26:31 GMT
Date: Sun, 04 Dec 2022 09:12:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 35da6bebd17aba1ce8576fd759a0d180
e28636b5000dfe9809374de84740e42badf3eb68
28b43a096f65bed56fa8e9f43b69050ce781376fffd66bf307fc9eaf1b64d031
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28B43A096F65BED56FA8E9F43B69050CE781376FFFD66BF307FC9EAF1B64D031"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=832
Expires: Sun, 04 Dec 2022 09:26:36 GMT
Date: Sun, 04 Dec 2022 09:12:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 35da6bebd17aba1ce8576fd759a0d180
e28636b5000dfe9809374de84740e42badf3eb68
28b43a096f65bed56fa8e9f43b69050ce781376fffd66bf307fc9eaf1b64d031
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28B43A096F65BED56FA8E9F43B69050CE781376FFFD66BF307FC9EAF1B64D031"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=809
Expires: Sun, 04 Dec 2022 09:26:13 GMT
Date: Sun, 04 Dec 2022 09:12:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 35da6bebd17aba1ce8576fd759a0d180
e28636b5000dfe9809374de84740e42badf3eb68
28b43a096f65bed56fa8e9f43b69050ce781376fffd66bf307fc9eaf1b64d031
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28B43A096F65BED56FA8E9F43B69050CE781376FFFD66BF307FC9EAF1B64D031"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=872
Expires: Sun, 04 Dec 2022 09:27:16 GMT
Date: Sun, 04 Dec 2022 09:12:44 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f54a71942ab5d7fdc54672cf84aa76db
e03db706ad371c93ddd3cc4a3e4c329777bb5f4b
87453ee6a206085c9b82594123a30bf59f7354733d19f21e388dea70768198c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/test_cookie_set?testcookie=l0m9xffjgurhm4hz7ct8yt
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=l0m9xffjgurhm4hz7ct8yt
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=l0m9xffjgurhm4hz7ct8yt HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://b40llq4tvvy12m5mst.com/
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: dd3bbff54c5d4c14ba3a315b57ca4b65
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sun, 04 Dec 2022 09:12:43 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=3qa7cwyz7hzwbf8lid2r6
185.26.99.196200 OK 15 kB URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=3qa7cwyz7hzwbf8lid2r6
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash ff3b85f91a8d151a2ba83e15a964a355
05ea3d39d72b7c141ed1bb86aa848dfbd2c5ac0a
dcb456c1f71c01fa509ffad0b6c328d2eba0d7059d4965a97225150c16ad0370
OPTIONS /multiauth/test_cookie_set?testcookie=3qa7cwyz7hzwbf8lid2r6 HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://b40llq4tvvy12m5mst.com/
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: a6f5ca3624844315a3b4667c9705f8a8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sun, 04 Dec 2022 09:12:43 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=l0m9xffjgurhm4hz7ct8yt
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=l0m9xffjgurhm4hz7ct8yt
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=l0m9xffjgurhm4hz7ct8yt HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: e1982b4f60d94a9c98622e5c3f897411
set-cookie: test_cooke_l0m9xffjgurhm4hz7ct8yt=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Sun, 04 Dec 2022 09:12:43 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=3qa7cwyz7hzwbf8lid2r6
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=3qa7cwyz7hzwbf8lid2r6
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=3qa7cwyz7hzwbf8lid2r6 HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 9ff82f7754e64c36911bd6d85e9655d5
set-cookie: test_cooke_3qa7cwyz7hzwbf8lid2r6=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Sun, 04 Dec 2022 09:12:43 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
region1.google-analytics.com/g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=16249727&cid=1785863095.1670145161&ul=en-us&sr=1280x1024&_s=1&sid=1670145161&sct=1&seg=0&dl=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&dt=mostbet_title&en=page_view&_fv=2&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=16249727&cid=1785863095.1670145161&ul=en-us&sr=1280x1024&_s=1&sid=1670145161&sct=1&seg=0&dl=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&dt=mostbet_title&en=page_view&_fv=2&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=16249727&cid=1785863095.1670145161&ul=en-us&sr=1280x1024&_s=1&sid=1670145161&sct=1&seg=0&dl=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&dt=mostbet_title&en=page_view&_fv=2&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
date: Sun, 04 Dec 2022 09:12:44 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&rl=&if=false&ts=1670145161874&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670145161873.1729128621&it=1670145161511&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&rl=&if=false&ts=1670145161874&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670145161873.1729128621&it=1670145161511&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&rl=&if=false&ts=1670145161874&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670145161873.1729128621&it=1670145161511&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sun, 04 Dec 2022 09:12:44 GMT
X-Firefox-Spdy: h2
my.rtmark.net/img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:44 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=1475689e59cc4b47b9f5942d293b10a9; expires=Mon, 04 Dec 2023 09:12:44 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
216.58.211.3200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 216.58.211.3:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 28 Nov 2022 19:09:57 GMT
expires: Tue, 28 Nov 2023 19:09:57 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 482567
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mc.yandex.ru/metrika/advert.gif
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 04 Dec 2022 09:12:44 GMT
access-control-allow-origin: *
etag: "6388ac0c-2b"
expires: Sun, 04 Dec 2022 10:12:44 GMT
accept-ranges: bytes
last-modified: Thu, 01 Dec 2022 16:28:44 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6908
Expires: Sun, 04 Dec 2022 11:07:52 GMT
Date: Sun, 04 Dec 2022 09:12:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6908
Expires: Sun, 04 Dec 2022 11:07:52 GMT
Date: Sun, 04 Dec 2022 09:12:44 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F757562c1-a4bf-4a51-bf99-64f3a0d51840.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F757562c1-a4bf-4a51-bf99-64f3a0d51840.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2c37ed587ee5e3fbdc8cab86ef1345f9
364a32a224b2cacc26b138d57a8945c191e537b1
3c66654da4670e0d5ec87afb6c62f0a420d90875c57b280710f2592269a9303e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F757562c1-a4bf-4a51-bf99-64f3a0d51840.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8285
x-amzn-requestid: 882c673f-4e3f-4f84-a51d-bbac56f716eb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAAEWUoAMFWuA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-3a2c571d6272b3493ec2a1c5;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DX2amuyEjkaWng9x7x8TknBMeXzYPSW7pimxhVkcwOPPPbKrX0beQQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:24 GMT
etag: "364a32a224b2cacc26b138d57a8945c191e537b1"
content-type: image/jpeg
age: 40940
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1521243a6fc065bb631bfbde22886fa2
527220e4e8cd1065ce05fcd0694d0d703d817e2e
b83ebf768bbfb34f49d5467f3dfb43ceb3ca3d30d3454e6f37db9aef72d7689a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f00caab-057c-4cc2-a163-fd0bb4d0b5f7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 11482
x-amzn-requestid: d1db05ab-bd5d-4ad4-96b4-8f439152e435
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clssNEeAoAMFh_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc181-0221c53842a2f5ef071e8071;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:37:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UZ5kblxfN8fkp55YeSpUA55GzDxZgsLpFZrYTsdJBihf53HLCN0hTA==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 36810aa1793ee589dc8c194860296078.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 22:17:35 GMT
age: 39309
etag: "527220e4e8cd1065ce05fcd0694d0d703d817e2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 11844
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a6e7b32ac999cf3c899a234c621fa91a
fc5d4f3163ebb9faf85968cbb1d194e8e68418be
f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 40963
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
34.120.237.76200 OK 5.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43309032a892c486f9985ef520df696e
36f4682ca6a33ff80ee02129c77e6f27e996ede0
24225ff504f30405d9ec3feb2555c738fcca0d6b265f285aa9c73a64c78a496e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6df54ea7-8915-4ac7-af2b-6a71ce14dbf4.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5681
x-amzn-requestid: 8f0d66b8-d532-48d9-9a29-74540cd6ab3a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltXnEotIAMFqkA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc296-27349a376ff819ab63b04a81;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:41:42 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vNP2rQwmWTntetjJyjonO8N_YOBqvQuZUm42BWX7c1GoX7jASOIpCg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:49:42 GMT
age: 40982
etag: "36f4682ca6a33ff80ee02129c77e6f27e996ede0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe8e3477-9245-4318-82d9-b30607246872.jpeg
34.120.237.76200 OK 6.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe8e3477-9245-4318-82d9-b30607246872.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 89e5fc40e9e626a035abde2964ba0959
e800712e4f8d9589670d8ee3a744ac0aedf7b6e3
64a41309871b71682370e2b2f3735ac70039802fff4e1e46013f5aa1f15b4084
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe8e3477-9245-4318-82d9-b30607246872.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6901
x-amzn-requestid: 5dd4545b-c48a-4fa2-8aa5-c7d0a5efeafe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsByFqCoAMF4CA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc071-6b96e54876cde366748564d6;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: sOtbi4sBuEPzvS_l6X_w5S5BeHb1DROkFmpNDTlvo57kUVeYN6ra3A==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 556b99c6be8d7078b9f067347c62df6a.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:42:39 GMT
age: 41405
etag: "e800712e4f8d9589670d8ee3a744ac0aedf7b6e3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash e7f53ab933d3c66937d6301ca64ad28e
9b5278aba34704981c0e03abca3a8db11e55da43
e58289779417c1fce1d6ef74378f24cbe89a18244a191b1ee854cc753f1e592c
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 928
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sun, 04 Dec 2022 09:12:44 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7005096538720436224; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 1
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=l0m9xffjgurhm4hz7ct8yt
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=l0m9xffjgurhm4hz7ct8yt
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_get?testcookie=l0m9xffjgurhm4hz7ct8yt HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://b40llq4tvvy12m5mst.com/
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: a7593ad621494ef385d050fd5fd5aa82
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sun, 04 Dec 2022 09:12:44 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=3qa7cwyz7hzwbf8lid2r6
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=3qa7cwyz7hzwbf8lid2r6
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_get?testcookie=3qa7cwyz7hzwbf8lid2r6 HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://b40llq4tvvy12m5mst.com/
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 0470186407a34eb89742daec48001310
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sun, 04 Dec 2022 09:12:44 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=l0m9xffjgurhm4hz7ct8yt
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=l0m9xffjgurhm4hz7ct8yt
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash e5b21ef9d336c6fe5ab6050fb9ab9d1f
3ce3fe564d8af003fe58f2d082571e7cba1a217c
0fb430e2fdf26d7e3ee13660211ba451888eb9d8a6c1de1731a8fd1121418823
GET /multiauth/test_cookie_get?testcookie=l0m9xffjgurhm4hz7ct8yt HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Cookie: test_cooke_l0m9xffjgurhm4hz7ct8yt=1; test_cooke_3qa7cwyz7hzwbf8lid2r6=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: cbc42e0e8f14419e828583d58ff61c8a
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Sun, 04 Dec 2022 09:12:44 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=3qa7cwyz7hzwbf8lid2r6
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=3qa7cwyz7hzwbf8lid2r6
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash e5b21ef9d336c6fe5ab6050fb9ab9d1f
3ce3fe564d8af003fe58f2d082571e7cba1a217c
0fb430e2fdf26d7e3ee13660211ba451888eb9d8a6c1de1731a8fd1121418823
GET /multiauth/test_cookie_get?testcookie=3qa7cwyz7hzwbf8lid2r6 HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Cookie: test_cooke_l0m9xffjgurhm4hz7ct8yt=1; test_cooke_3qa7cwyz7hzwbf8lid2r6=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: d96ce96892624302948bc8a577ad8dc9
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Sun, 04 Dec 2022 09:12:44 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&hittoken=1670145164_af39979b5ef8e5929d51d72844d8dca4fdc94cb3c3348fc2ab93f0d6d93bc34c&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091242%3Aet%3A1670145163%3Ac%3A1%3Arn%3A993231431%3Arqn%3A2%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C2857%2C2857%2C14%2C%3Aco%3A0%3Ans%3A1670145159730%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670145163&t=gdpr(14)mc(p-4)clc(0-0-0)rqnt(2)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&hittoken=1670145164_af39979b5ef8e5929d51d72844d8dca4fdc94cb3c3348fc2ab93f0d6d93bc34c&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091242%3Aet%3A1670145163%3Ac%3A1%3Arn%3A993231431%3Arqn%3A2%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C2857%2C2857%2C14%2C%3Aco%3A0%3Ans%3A1670145159730%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670145163&t=gdpr(14)mc(p-4)clc(0-0-0)rqnt(2)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&hittoken=1670145164_af39979b5ef8e5929d51d72844d8dca4fdc94cb3c3348fc2ab93f0d6d93bc34c&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091242%3Aet%3A1670145163%3Ac%3A1%3Arn%3A993231431%3Arqn%3A2%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C2857%2C2857%2C14%2C%3Aco%3A0%3Ans%3A1670145159730%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670145163&t=gdpr(14)mc(p-4)clc(0-0-0)rqnt(2)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 69
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 04 Dec 2022 09:12:45 GMT
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 04-Dec-2022 09:12:45 GMT
last-modified: Sun, 04-Dec-2022 09:12:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&hittoken=1670145164_af39979b5ef8e5929d51d72844d8dca4fdc94cb3c3348fc2ab93f0d6d93bc34c&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091242%3Aet%3A1670145163%3Ac%3A1%3Arn%3A647287172%3Arqn%3A4%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670145159730%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670145163&t=gdpr(14)mc(p-4)clc(0-0-0)rqnt(4)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&hittoken=1670145164_af39979b5ef8e5929d51d72844d8dca4fdc94cb3c3348fc2ab93f0d6d93bc34c&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091242%3Aet%3A1670145163%3Ac%3A1%3Arn%3A647287172%3Arqn%3A4%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670145159730%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670145163&t=gdpr(14)mc(p-4)clc(0-0-0)rqnt(4)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&hittoken=1670145164_af39979b5ef8e5929d51d72844d8dca4fdc94cb3c3348fc2ab93f0d6d93bc34c&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091242%3Aet%3A1670145163%3Ac%3A1%3Arn%3A647287172%3Arqn%3A4%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670145159730%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670145163&t=gdpr(14)mc(p-4)clc(0-0-0)rqnt(4)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 75
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 04 Dec 2022 09:12:45 GMT
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 04-Dec-2022 09:12:45 GMT
last-modified: Sun, 04-Dec-2022 09:12:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&hittoken=1670145164_af39979b5ef8e5929d51d72844d8dca4fdc94cb3c3348fc2ab93f0d6d93bc34c&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091242%3Aet%3A1670145163%3Ac%3A1%3Arn%3A1049366320%3Arqn%3A3%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670145159730%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670145163&t=gdpr(14)mc(p-4)clc(0-0-0)rqnt(3)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&hittoken=1670145164_af39979b5ef8e5929d51d72844d8dca4fdc94cb3c3348fc2ab93f0d6d93bc34c&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091242%3Aet%3A1670145163%3Ac%3A1%3Arn%3A1049366320%3Arqn%3A3%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670145159730%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670145163&t=gdpr(14)mc(p-4)clc(0-0-0)rqnt(3)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&hittoken=1670145164_af39979b5ef8e5929d51d72844d8dca4fdc94cb3c3348fc2ab93f0d6d93bc34c&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091242%3Aet%3A1670145163%3Ac%3A1%3Arn%3A1049366320%3Arqn%3A3%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670145159730%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670145163&t=gdpr(14)mc(p-4)clc(0-0-0)rqnt(3)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 187
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 04 Dec 2022 09:12:45 GMT
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 04-Dec-2022 09:12:45 GMT
last-modified: Sun, 04-Dec-2022 09:12:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&hittoken=1670145164_af39979b5ef8e5929d51d72844d8dca4fdc94cb3c3348fc2ab93f0d6d93bc34c&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091242%3Aet%3A1670145163%3Ac%3A1%3Arn%3A7128699%3Arqn%3A5%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670145159730%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670145163&t=gdpr(14)mc(p-4)clc(0-0-0)rqnt(5)aw(1)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&hittoken=1670145164_af39979b5ef8e5929d51d72844d8dca4fdc94cb3c3348fc2ab93f0d6d93bc34c&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091242%3Aet%3A1670145163%3Ac%3A1%3Arn%3A7128699%3Arqn%3A5%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670145159730%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670145163&t=gdpr(14)mc(p-4)clc(0-0-0)rqnt(5)aw(1)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&hittoken=1670145164_af39979b5ef8e5929d51d72844d8dca4fdc94cb3c3348fc2ab93f0d6d93bc34c&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091242%3Aet%3A1670145163%3Ac%3A1%3Arn%3A7128699%3Arqn%3A5%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Ans%3A1670145159730%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670145163&t=gdpr(14)mc(p-4)clc(0-0-0)rqnt(5)aw(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 79
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 04 Dec 2022 09:12:45 GMT
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 04-Dec-2022 09:12:45 GMT
last-modified: Sun, 04-Dec-2022 09:12:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=1785863095.1670145161&jid=1417204491&uid=0&gjid=183282502&_gid=1152209003.1670145161&_u=YADAAEAAAAAAACAEK~&z=1010230953
108.177.14.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=1785863095.1670145161&jid=1417204491&uid=0&gjid=183282502&_gid=1152209003.1670145161&_u=YADAAEAAAAAAACAEK~&z=1010230953
IP 108.177.14.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=1785863095.1670145161&jid=1417204491&uid=0&gjid=183282502&_gid=1152209003.1670145161&_u=YADAAEAAAAAAACAEK~&z=1010230953 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 04 Dec 2022 09:12:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=1785863095.1670145161&jid=134637258&uid=0&gjid=512821048&_gid=1152209003.1670145161&_u=YADAAEABAAAAACAEK~&z=1926911500
108.177.14.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=1785863095.1670145161&jid=134637258&uid=0&gjid=512821048&_gid=1152209003.1670145161&_u=YADAAEABAAAAACAEK~&z=1926911500
IP 108.177.14.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=1785863095.1670145161&jid=134637258&uid=0&gjid=512821048&_gid=1152209003.1670145161&_u=YADAAEABAAAAACAEK~&z=1926911500 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 04 Dec 2022 09:12:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mostauthor.com/multiauth/ping
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://b40llq4tvvy12m5mst.com/
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: bd23ecb77bd74fe3981de383d3aa4ac5
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sun, 04 Dec 2022 09:12:44 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/ping
185.26.99.196401 Unauthorized 35 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 56b7d88043e39baac118df00136b37fc
1a608988268ae1a633c14731692c9b7e2fc3fbb1
a18f5f834edec23ed17aa059a0eff28fe03ee6f2ecf37c596efe0b5f7cba3e3e
GET /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Cookie: test_cooke_l0m9xffjgurhm4hz7ct8yt=1; test_cooke_3qa7cwyz7hzwbf8lid2r6=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 401 Unauthorized
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: dd493053c14544c9aed62b4e96260116
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 35
date: Sun, 04 Dec 2022 09:12:44 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2dabd839729e9b0fb2558253d850126b
64f617aa0afb52168ef3519a4cf9829ac61ee007
1a47e4d0efdac6fbec990e3e168bfdfe615ff8953158773e8b1940d4d91eee18
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 663979bbd831a40bec8611cfac8d77af
aa43c96676a33100f244e6772e37adc2b6f89b76
60c21027da288e857f546b531dd226d81206bfa85a35985b0e1587a68dec4d5b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 1.6 kB IP 142.250.74.131:0
Hash 0304d968271eb85df7dcb13d34508f04
aab97c2027082cb7574d6c1a4edfb57bfcdd38db
dbfb3e3df7eecc674446059dc6c8c6578ad7384c044630600c55682a151016b1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=1785863095.1670145161&jid=134637258&_u=YADAAEABAAAAACAEK~&z=831601258
142.250.74.67200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=1785863095.1670145161&jid=134637258&_u=YADAAEABAAAAACAEK~&z=831601258
IP 142.250.74.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=1785863095.1670145161&jid=134637258&_u=YADAAEABAAAAACAEK~&z=831601258 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 09:12:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=1785863095.1670145161&jid=1417204491&_u=YADAAEAAAAAAACAEK~&z=1442863237
142.250.74.67200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=1785863095.1670145161&jid=1417204491&_u=YADAAEAAAAAAACAEK~&z=1442863237
IP 142.250.74.67:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=1785863095.1670145161&jid=1417204491&_u=YADAAEAAAAAAACAEK~&z=1442863237 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 04 Dec 2022 09:12:45 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 7.4 kB IP 142.250.74.131:0
Hash 477417f61c59ef0d33b8806cead47f83
152bcb90b17a95bad72859f4012f27944ce1b1cc
c91d2d2032a869e68ed61ac3ddf4aa3a9d0e240b8bb091fef8b844ac6710b20c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 09:12:45 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
b40llq4tvvy12m5mst.com/api/v1/locale
18.193.73.74200 OK 56 kB URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/locale
IP 18.193.73.74:0
Hash 850b7d1792f2a9bdfa7387182f1f293a
adaab4402e938e7375eb450e0136aec57a99bc18
de2fd0dfb9295d1fa160742e830f9d32f91dc2bccee908236e49498fea803443
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/locale HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145162.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 11 Dec 2022 09:12:45 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 88acf4679fd42ca1a03954e859b67193
0dfe255cd85dcdc7f2e475c47c874f2be992c8ba
cb3cf8350bd2d31e7fb2e5ef711994f125906e24c4e7a513537257cc06903f00
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 978
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sun, 04 Dec 2022 09:12:45 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7005096538720436224; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 1
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 1.0 kB URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
Hash 52a9d2e15ce92a2754d60a24e0948ae1
39cc7d02d9a59c7817a54d182e33cc184cf8c5c2
a7d664c11125d3ab8f569469b9dd19ec7bf790a38333528dd96c4198557e951c
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 974
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sun, 04 Dec 2022 09:12:45 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7005096538720436224; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 1
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v1/odd_formats.json
18.193.73.74200 OK 124 kB URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/odd_formats.json
IP 18.193.73.74:0
Size 124 kB (124097 bytes)
Hash 457eb444ca5b2afb6987c4adffc0b9a5
3360bb40a2cfbaf535a7e09a54353f68150aef7e
f27f4373a9d9f9d4e23bf7bb8ad6bcbbfe88bd750dd2d56fcfc784bbd012472e
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/odd_formats.json HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145162.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 11 Dec 2022 09:12:45 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v1/apk/check_version.json
18.193.73.74200 OK 227 kB URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/apk/check_version.json
IP 18.193.73.74:0
Size 227 kB (226879 bytes)
Hash ca831b05ef08b690354ee93da29c1973
dcbafe7cb6e7bf3e25886572839279fa1e821996
9f1d70400b0607b5503035e5ea57d1366a6061e32d77be86fe97c2fcb4716406
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/apk/check_version.json HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145162.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:45 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"1b8380461f3cbf6885ee46e2159de82e"
x-request-id: 92b6258d36ad0bf84eef46ba620500b1
vary: Accept-Encoding, Accept-Language
expires: Sun, 04 Dec 2022 09:12:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v1/timezones
18.193.73.74200 OK 272 kB URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/timezones
IP 18.193.73.74:0
Size 272 kB (272452 bytes)
Hash d81e435c4a8837cdcfe858a51322fe85
089a575e61f057e4de5ac4da2c6b0e2bb8da13e4
7d8c341aa5148c1d5e01536d6f5a36511ff1ddce0f1ff297a2e52eb811ac4cce
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/timezones HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145162.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:45 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 11 Dec 2022 09:12:45 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
code.jivosite.com/widget/Y1lPjvCuT3
92.223.126.57200 OK 5.9 kB URL HTTP/2 code.jivosite.com/widget/Y1lPjvCuT3
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (17133), with no line terminators
Hash 0b2ad26c5716ae37057e5bea81d67a91
e35fc43972773ab12b15f7ef76ce4471f26cc89f
373eab35ddae8cfa38a1a00cc8c3bdd256aa37a0dde1d5e60b3f26c08ca6ed6b
GET /widget/Y1lPjvCuT3 HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:46 GMT
content-type: application/javascript
content-length: 5936
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: br
etag: "6384b5f9-1730"
expires: Wed, 30 Nov 2022 15:31:32 GMT
last-modified: Mon, 28 Nov 2022 13:22:01 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-04T08:45:28+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
Hash 533d95489a553985d9cdb1932df9b7bb
9c228954c950ec7ba259f07a4152a6e7d2f6099c
4513cde9d8eeb2c9ae7e8ad3b271d5309e27f614ce545338905f3c0f1c3148b0
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 21:48:03 GMT
expires: Fri, 01 Dec 2023 21:48:03 GMT
cache-control: public, max-age=31536000
age: 213883
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 33 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
Hash 716d1408e1918fcfa0bc010fbce60179
7d2b61839453687c6b9347c551edc4b158c9e25a
cd12dac44560b7aaaca739e04b29fb33fad1146a1ffc00bf213259bddf96e5f1
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 16:40:43 GMT
expires: Fri, 01 Dec 2023 16:40:43 GMT
cache-control: public, max-age=31536000
age: 232323
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 216.58.207.227:0
Hash 239d568aad1a09dce4bc6ec871e292d2
6feaa7f7e9b308ef96f4419060296610e7f2a090
114ee0333c2c9f83560a9274529a96777841c21f6ce8ca0f1a5d2d7d860db116
GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 04:50:09 GMT
expires: Thu, 30 Nov 2023 04:50:09 GMT
cache-control: public, max-age=31536000
age: 361357
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v1/allsports/sports?ss=all
18.193.73.74200 OK 2.4 kB URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/allsports/sports?ss=all
IP 18.193.73.74:0
Hash be065495b9c86df6fbc1aa137c6d5d74
9d4e3d47412077282f113240be8482c8b1307407
be5b5d5c2dcc4c0cc36588d88ecad3b949427b59fc7744b67a2604adda5d58f6
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/allsports/sports?ss=all HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145163.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:46 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: de2f2d467725631b9f87ef8ef078ba7e
vary: Accept-Encoding, Accept-Language
expires: Sun, 04 Dec 2022 09:12:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/favicon.png
18.193.73.74200 OK 4.0 kB URL HTTP/2 b40llq4tvvy12m5mst.com/favicon.png
IP 18.193.73.74:0
Hash 2e26c0529aa2595bf3c39cb6b88de380
3bad7c7e703e2813bbe0c032718e64011de5ad21
746e84f96d4814d355f21e0f38446cf82b487ee0e4dfbf1923ca7916cb87c117
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.png HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145163.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:46 GMT
content-type: image/png
content-length: 2810
last-modified: Thu, 01 Dec 2022 12:52:40 GMT
etag: "6388a398-afa"
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v1/casino/games?page=1&itemsOnPage=6&platform=desktop¤cy=NOK
18.193.73.74200 OK 14 kB URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/casino/games?page=1&itemsOnPage=6&platform=desktop¤cy=NOK
IP 18.193.73.74:0
Hash 00b3f1eacbe20ee56e88fbb1a08f4aae
fee5c3012ec60f5259779d5f096828f5e47c30e8
24f71a90b4281e9c148d6730c3b0348bcd51c64d83bb06583db0039317a1bbf1
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/casino/games?page=1&itemsOnPage=6&platform=desktop¤cy=NOK HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145163.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:46 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: c5bf93802aa163ce5484e7a5db8e012a
vary: Accept-Encoding, Accept-Language
expires: Sun, 04 Dec 2022 09:12:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/cdn/uploads/casino/game/36915/game_1663860131.png
18.193.73.74200 OK 33 kB URL HTTP/2 b40llq4tvvy12m5mst.com/cdn/uploads/casino/game/36915/game_1663860131.png
IP 18.193.73.74:0
File type PNG image data, 297 x 193, 8-bit colormap, non-interlaced\012- data
Hash 4aff1b74d2d0f6f769578aae8a438de4
6c5d52a673acc89cf9fe4e1dcea1c089fc113335
8a26c99fe4ec9ade414afd7504b5f3464cb628c5b493f1a2d71ffbb2b716a6a3
Analyzer Verdict Alert quad9 Sinkholed
GET /cdn/uploads/casino/game/36915/game_1663860131.png HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145163.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:47 GMT
content-type: image/png
content-length: 32564
last-modified: Thu, 22 Sep 2022 15:22:12 GMT
etag: "632c7da4-7f34"
expires: Sun, 04 Dec 2022 10:12:47 GMT
cache-control: max-age=3600
vary: Accept-Encoding
cf-cache-status: HIT
age: 81465
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DUh1HWX8ULADoY0HhjMlDusORreIia8bO4twQ4aTs%2FGFVvdXal3%2BRE3vpf0w8UqQ4VirffKk2ntcJSixH81%2FSTT%2FHJJFxvHAClLQMx4Bwf20MxzI2OLx0eGD3Suzwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 77434fdcd9659968-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/cdn/uploads/casino/game/37077/game_1665477190.png
18.193.73.74200 OK 92 kB URL HTTP/2 b40llq4tvvy12m5mst.com/cdn/uploads/casino/game/37077/game_1665477190.png
IP 18.193.73.74:0
Hash 09f5da3497a8a53cc4e56c3a42cdd1a9
a31e33d0ae48f81814161e920053d6dcf685fb90
356c2f986f076dafb4de6705ed952b1792414c2885ffc32dd3e9d7c52995e832
Analyzer Verdict Alert quad9 Sinkholed
GET /cdn/uploads/casino/game/37077/game_1665477190.png HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145163.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:47 GMT
content-type: image/png
content-length: 83867
last-modified: Tue, 11 Oct 2022 08:33:10 GMT
etag: "63452a46-1479b"
expires: Sun, 04 Dec 2022 10:12:47 GMT
cache-control: max-age=3600
vary: Accept-Encoding
cf-cache-status: HIT
age: 77798
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FG33wI%2B4oGXiESXmmzF736R9MVcGXF84m%2BOEYaLHWjnvdfIpkD9L18kiew%2FYJAiwUWMhYxb2qmMH6n4gTVWQjrOSBj1NvUuxlOk9q1F4KzpykVhIBNkmn%2BAaUDo2eQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 7742e1d60a039a3f-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/cdn/uploads/casino/game/21225/game_1655387980.png
18.193.73.74200 OK 247 kB URL HTTP/2 b40llq4tvvy12m5mst.com/cdn/uploads/casino/game/21225/game_1655387980.png
IP 18.193.73.74:0
Size 247 kB (246895 bytes)
Hash 7e7570527bc0079c186f7d8a209abce4
f1330d7a9071fd470d3bb1744190ccae29320b9c
65de1e309bf8f48ddea9dc833a4aa75cb4a1d26e923ac660c3bef4533533f685
Analyzer Verdict Alert quad9 Sinkholed
GET /cdn/uploads/casino/game/21225/game_1655387980.png HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145163.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:47 GMT
content-type: image/png
content-length: 245797
last-modified: Thu, 16 Jun 2022 13:59:40 GMT
etag: "62ab374c-3c025"
expires: Sun, 04 Dec 2022 10:12:47 GMT
cache-control: max-age=3600
vary: Accept-Encoding
cf-cache-status: HIT
age: 69970
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BRSh%2FzaA4Vm2%2BYEMa3KiC%2FOQvfwA%2BUhpjeNYlSuHjSTBOBmrLPEtsJRj%2Fio1%2Bm2hF9lxoCeQFcf6kPSSyPkxeGMHucKKcP0fWMqk8avTqovu1T%2FftqurxbJaKojLZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 77429d23edf8997b-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/cdn/uploads/casino/game/37155/game_1664871457.gif
18.193.73.74200 OK 724 kB URL HTTP/2 b40llq4tvvy12m5mst.com/cdn/uploads/casino/game/37155/game_1664871457.gif
IP 18.193.73.74:0
Size 724 kB (723700 bytes)
Hash 5561488c6964aa157dec81fa66e0b049
9959b87ef03a26cd1056e6893911ea63405716a0
9f975a365eee1bf148ea2778787fe2f6bc7141021fee58a15ea406b6d16cde4e
Analyzer Verdict Alert quad9 Sinkholed
GET /cdn/uploads/casino/game/37155/game_1664871457.gif HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145163.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:47 GMT
content-type: image/gif
content-length: 722801
last-modified: Tue, 04 Oct 2022 08:17:38 GMT
etag: "633bec22-b0771"
expires: Sun, 04 Dec 2022 10:12:46 GMT
cache-control: max-age=3600
vary: Accept-Encoding
cf-cache-status: HIT
age: 80146
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dYFNVE1df6Y%2F4%2Fxd6vceQAOabqsGirjRvcGqjQ3Zq2wwqU2DaFDz%2FBfZnl9ilvkd8Mme7xfzoGHxTcUuV4Tu%2F5xitr8ecj%2BQm2SwlVpP7Awf52fAx84gmARBTWdwgg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-ray: 77433ed68e855c0e-FRA
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
code.jivosite.com/script/widget/config/Y1lPjvCuT3
92.223.126.57200 OK 2.3 kB URL HTTP/2 code.jivosite.com/script/widget/config/Y1lPjvCuT3
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
Hash f3a238cc5054c89d9ea8942b03bbd932
e0cd93ab37c57ec593d3f6a263f380185ad3afe3
758887411eae95de95e3aadf70c6d9a75eab522ca308852d0516d831e4103491
GET /script/widget/config/Y1lPjvCuT3 HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:47 GMT
content-type: application/x-javascript
content-length: 1561
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: gzip
expires: Sun, 04 Dec 2022 09:41:49 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-04T07:41:49+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
node-sber1-az1-6.jivosite.com/widget/status/561276/Y1lPjvCuT3?rnd=0.474526405876629
188.72.107.240200 OK 3.1 kB URL HTTP/2 node-sber1-az1-6.jivosite.com/widget/status/561276/Y1lPjvCuT3?rnd=0.474526405876629
IP 188.72.107.240:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (3045), with no line terminators
Hash cb3f356228af32e18fbc0bded701fb54
15c636d29528af0026facd4104bd67cf3cca559c
cef06d5dd2ea55c75c20a6cae0f7542966009843dc8c367e6f32e2cd8bbf5ffe
GET /widget/status/561276/Y1lPjvCuT3?rnd=0.474526405876629 HTTP/1.1
Host: node-sber1-az1-6.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-max-age: 1728000
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-expose-headers: X-Geoip, X-Botmode
cache-control: no-cache, no-store, must-revalidate
content-security-policy: frame-ancestors 'none';
content-type: application/json; charset=utf-8
pragma: no-cache
server: foxy/2.0.1
x-botmode: no
x-frame-options: DENY
x-geoip: NO;03;Oslo (Alna District)
content-length: 3059
date: Sun, 04 Dec 2022 09:12:47 GMT
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.24200 OK 19 kB IP 192.124.249.24:0
Hash a2356d28f801943db6691cdc68fda39f
3d008c333a81a1982a865f85502775e10c1a3f65
c464d80a16863e6df92df5d43c38bb850f3d119d6f3b04134ebcb46cbe37e1dd
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 04 Dec 2022 09:12:47 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 03 Dec 2022 20:20:18 GMT
Expires: Sun, 04 Dec 2022 20:20:18 GMT
ETag: "64668239b04d54fb497169cacef8b4418b21634b"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
code.jivosite.com/script/widget/config/TWlRM6tTTH
92.223.126.57200 OK 2.4 kB URL HTTP/2 code.jivosite.com/script/widget/config/TWlRM6tTTH
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
Hash a4bda9624cd7186dcea5a9fbe35021b2
b2e8a992783368843e375e7dabf9ecdb291a2751
2e560437cf39e2617362faf98ff43e53a41927833caca1a3ccb9d1b24f780ef9
GET /script/widget/config/TWlRM6tTTH HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:48 GMT
content-type: application/x-javascript
content-length: 1487
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: gzip
expires: Sun, 04 Dec 2022 08:40:49 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: STALE
x-cached-since: 2022-12-04T06:40:49+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
node-sber1-az1-6.jivosite.com/widget/status/561276/TWlRM6tTTH?rnd=0.9956500532646423
188.72.107.240200 OK 714 B URL HTTP/2 node-sber1-az1-6.jivosite.com/widget/status/561276/TWlRM6tTTH?rnd=0.9956500532646423
IP 188.72.107.240:0
Hash 1c586b174ccd53f4e8a0ce438a1ac53d
65cb9815878d277e3ce9c9cd141ea88379532624
c4cc24bf35fd998316232ca9c13fd97fcfd76a4a86fd021d759a062e1c7bdb61
GET /widget/status/561276/TWlRM6tTTH?rnd=0.9956500532646423 HTTP/1.1
Host: node-sber1-az1-6.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-max-age: 1728000
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-expose-headers: X-Geoip, X-Botmode
cache-control: no-cache, no-store, must-revalidate
content-security-policy: frame-ancestors 'none';
content-type: application/json; charset=utf-8
pragma: no-cache
server: foxy/2.0.1
x-botmode: no
x-frame-options: DENY
x-geoip: NO;03;Oslo (Alna District)
content-length: 518
date: Sun, 04 Dec 2022 09:12:48 GMT
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 2.3 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 35c6ac676aa0f05dde395dd30678d38b
c670f17d6e219f8779d7f892b2188a53ad97faa0
8c88edf24d71cea823a8f6da99d165ae12c105c1d5d3d0c850e7cbe16b4fb712
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 09:12:48 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 08 Dec 2022 05:09:13 GMT
ETag: "3e21a8b33db0c9d2fdf3334f6c33ca0f6466b0d8"
Last-Modified: Sun, 04 Dec 2022 05:09:14 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1948
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77436c295b13b521-OSL
b40llq4tvvy12m5mst.com/api/v1/bonus/first_deposit/info?currency=NOK
18.193.73.74200 OK 311 kB URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/bonus/first_deposit/info?currency=NOK
IP 18.193.73.74:0
Size 311 kB (311359 bytes)
Hash f051603c124e683d19cbf47fe57c326c
fccef9aac5f8f1bbafc09c9bddf3e588caf825df
fa04e3a415b7f61ceb3b1ad698ff5d5aadd69f726bac390a3633896cda9cde7b
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/bonus/first_deposit/info?currency=NOK HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145163.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:48 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 67f42432e95cbe486109b2c16edff59d
vary: Accept-Encoding, Accept-Language
expires: Sun, 04 Dec 2022 09:12:48 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
code.jivo.ru/css/e167154/widget.css
92.223.126.57200 OK 55 kB URL HTTP/2 code.jivo.ru/css/e167154/widget.css
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (65536), with no line terminators
Hash 53ec3949b1ce352a32c2cd000acb1b13
ee2a13c128338764b047f3752a00486421c35461
8f4c829d135a0490ecadb8dd7212d8a8cdfd083197d96c6888d7a3328f424d92
GET /css/e167154/widget.css HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:49 GMT
content-type: text/css
content-length: 54832
cache-control: max-age=864000
content-encoding: br
etag: "6384b63b-d630"
expires: Sat, 10 Dec 2022 10:35:17 GMT
last-modified: Mon, 28 Nov 2022 13:23:07 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-30T10:35:17+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 258767e5a5561df66a188177c00babe9
4bdf10c55e32f4b5a11752da9ed558d7fd49acb7
5a08919a4dcd8bd0bf81021230fdffd6738bbb1451bf099e30ed8ffd1a5becb3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5A08919A4DCD8BD0BF81021230FDFFD6738BBB1451BF099E30ED8FFD1A5BECB3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4581
Expires: Sun, 04 Dec 2022 10:29:10 GMT
Date: Sun, 04 Dec 2022 09:12:49 GMT
Connection: keep-alive
webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&prev_url=&lang=en&uli=false
34.117.30.199200 OK 809 B URL HTTP/2 webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&prev_url=&lang=en&uli=false
IP 34.117.30.199:0
Hash d5e6740e180e94ffd76fc53b457ec624
d2ffdfdac4237b5c455f2d51b8c37367422c9d09
acda85cede6957fc9e8480a079687a2ee06105c91427b35bb2df22cb481030c8
GET /customer/799213038/campaigns?url=https:%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&prev_url=&lang=en&uli=false HTTP/1.1
Host: webchannel-content.eservice.emarsys.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 09:12:49 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: *
content-type: application/json
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v1/casino/games/top?page=1&itemsOnPage=6&platform=desktop¤cy=NOK
18.193.73.74200 OK 36 kB URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/casino/games/top?page=1&itemsOnPage=6&platform=desktop¤cy=NOK
IP 18.193.73.74:0
Hash 62a90b30d2cd263d505bad778b633668
6c0ea070ea195c414d8c5a770d3aeabc988b4344
44cc00ecfadad3903d3fe920abd9dc361ce7fed7af82be4c4ae4083602ddebc9
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/casino/games/top?page=1&itemsOnPage=6&platform=desktop¤cy=NOK HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145163.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:46 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 1dabe534285c5cbb85737002f5319bf3
vary: Accept-Encoding, Accept-Language
expires: Sun, 04 Dec 2022 09:12:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
code.jivo.ru/sounds/notification.mp3
92.223.126.57206 Partial Content 6.0 kB URL HTTP/2 code.jivo.ru/sounds/notification.mp3
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
Hash 5c8a0beb09c22589a9cfe3858e135a43
5b4893158fe7e77b358209ceb6a1edf67b5a7cde
9529f21686377540929c88d2f474c3027dd51b4ebc4ba590824542d3981b6cd5
GET /sounds/notification.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Sun, 04 Dec 2022 09:12:49 GMT
content-type: audio/mpeg
content-length: 5808
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "6384b5cb-16b0"
expires: Mon, 02 Jan 2023 12:11:24 GMT
last-modified: Mon, 28 Nov 2022 13:21:15 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-03T12:11:24+00:00
x-id: am3-up-gc95
content-range: bytes 0-5807/5808
X-Firefox-Spdy: h2
code.jivo.ru/sounds/outgoing_message.mp3
92.223.126.57206 Partial Content 5.8 kB URL HTTP/2 code.jivo.ru/sounds/outgoing_message.mp3
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
Hash f427d7b7fe08c287de4bbea736acf2f7
1bae292308491cad02078d82fd7ffc8f77209f03
e595d1f045c230ff6fd37f4bfd3241e9695fc64992aec70aa661c05fa6e59b21
GET /sounds/outgoing_message.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Sun, 04 Dec 2022 09:12:49 GMT
content-type: audio/mpeg
content-length: 5014
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "6384b5cb-1396"
expires: Mon, 02 Jan 2023 12:20:47 GMT
last-modified: Mon, 28 Nov 2022 13:21:15 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-03T12:20:47+00:00
x-id: am3-up-gc95
content-range: bytes 0-5013/5014
X-Firefox-Spdy: h2
vi-sber1-3.jivosite.com/TWlRM6tTTH?4d2e1220cf65b8f3
46.243.227.203101 Switching Protocols 1.3 kB URL HTTP/1.1 vi-sber1-3.jivosite.com/TWlRM6tTTH?4d2e1220cf65b8f3
IP 46.243.227.203:0
ASN #208677 Cloud technology Limited (Ltd.)
Hash 59850c9ad4c2fde726436c74cbc609d2
8691eb52abca63c80069b40d82da3c71d7241300
22607249ab2fe492137e208673170fe79194d467d6601fe039d532181dc25c99
GET /TWlRM6tTTH?4d2e1220cf65b8f3 HTTP/1.1
Host: vi-sber1-3.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://b40llq4tvvy12m5mst.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FVJB2Ugoc5y5iWvhnxmD1g==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Access-Control-Allow-Origin: https://b40llq4tvvy12m5mst.com
Sec-WebSocket-Accept: VFuxnqugGwqcXxpUKmjsRXEGbvY=
Server: hand/2.8
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash a1d03d8e9ae3f50568b570940657e0e3
4dcda53e9c429381d1e0594231c881338876c083
1779556525accf6b86f85bb989153f6bb719fa465c544dfb8eb99cff606b1539
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 893
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sun, 04 Dec 2022 09:12:51 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7005096538720436224; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 1
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v1/settings
18.193.73.74200 OK 0 B URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/settings
IP 18.193.73.74:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/settings HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:43 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 720114587875f64990bc2813277e5d16
vary: Accept-Encoding, Accept-Language
expires: Sun, 04 Dec 2022 09:12:43 GMT
set-cookie: PHPSESSID=8l29gf64hto0uutmn24dchfmok; expires=Tue, 03-Jan-2023 09:12:43 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=en; expires=Mon, 05-Dec-2022 09:12:43 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sun, 11-Dec-2022 09:12:43 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v1/logo
18.193.73.74200 OK 0 B URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/logo
IP 18.193.73.74:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/logo HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:43 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"9fae6e123baa3436bdbe37f62d18440c"
x-request-id: c48ef79b803049783bd07cafef382775
vary: Accept-Encoding, Accept-Language
expires: Sun, 04 Dec 2022 09:12:43 GMT
set-cookie: PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; expires=Tue, 03-Jan-2023 09:12:43 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=en; expires=Mon, 05-Dec-2022 09:12:43 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sun, 11-Dec-2022 09:12:43 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/sport_logo.png
18.193.73.74404 Not Found 0 B URL HTTP/2 b40llq4tvvy12m5mst.com/sport_logo.png
IP 18.193.73.74:0
Analyzer Verdict Alert quad9 Sinkholed
GET /sport_logo.png HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sun, 04 Dec 2022 09:12:43 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v1/websocket/credentials
18.193.73.74200 OK 0 B URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/websocket/credentials
IP 18.193.73.74:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/websocket/credentials HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:43 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: c63571fc65033294bd4b57a87b765f2d
vary: Accept-Encoding, Accept-Language
expires: Sun, 04 Dec 2022 09:12:43 GMT
set-cookie: PHPSESSID=p20brqq201d53nh5q5t2ij5org; expires=Tue, 03-Jan-2023 09:12:43 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=en; expires=Mon, 05-Dec-2022 09:12:43 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sun, 11-Dec-2022 09:12:43 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v1/coupon/preview.json
18.193.73.74200 OK 0 B URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/coupon/preview.json
IP 18.193.73.74:0
Analyzer Verdict Alert quad9 Sinkholed
POST /api/v1/coupon/preview.json HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
Content-Type: application/json;charset=utf-8
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Content-Length: 97
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145163.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:46 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 7853cd14075b0a4fddfebb88181c40b4
vary: Accept-Encoding, Accept-Language
expires: Sun, 04 Dec 2022 09:12:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v1/casino/games?page=1&itemsOnPage=6&platform=desktop¤cy=NOK&productTypes[]=live_casino&productTypes[]=live_games
18.193.73.74200 OK 0 B URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/casino/games?page=1&itemsOnPage=6&platform=desktop¤cy=NOK&productTypes[]=live_casino&productTypes[]=live_games
IP 18.193.73.74:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/casino/games?page=1&itemsOnPage=6&platform=desktop¤cy=NOK&productTypes[]=live_casino&productTypes[]=live_games HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145163.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:46 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 20713601174f2029b0b5515f130606f5
vary: Accept-Encoding, Accept-Language
expires: Sun, 04 Dec 2022 09:12:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1038/static/css/main.687ea28c.chunk.css
172.67.160.69200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1038/static/css/main.687ea28c.chunk.css
IP 172.67.160.69:0
GET /spa-static/1.4.1038/static/css/main.687ea28c.chunk.css HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 09:12:42 GMT
content-type: text/css
last-modified: Thu, 01 Dec 2022 13:03:23 GMT
vary: Accept-Encoding
etag: W/"6388a61b-54"
expires: Sun, 04 Dec 2022 10:54:19 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 8303
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BzLzgKQvwMUsWvxsZWQsIMOS%2Bp0rAFd9XeQ37tCY3FvyPrxts6v%2Byy5tipJhPl9SwCP8gWqFbUfW%2FVd9JQ7T3IuDENi%2BM70B0%2Ff5YlF6uO2h2kcIZwKiQrs0%2BlpNMRHgnfYb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77436c03fd3d0b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1038/static/js/30.59254181.chunk.js
172.67.160.69200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1038/static/js/30.59254181.chunk.js
IP 172.67.160.69:0
GET /spa-static/1.4.1038/static/js/30.59254181.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 09:12:42 GMT
content-type: application/javascript
last-modified: Thu, 01 Dec 2022 13:03:23 GMT
vary: Accept-Encoding
etag: W/"6388a61b-7ac62"
expires: Sun, 04 Dec 2022 10:54:19 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 8303
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cfRiQVpFMt8fvJ%2FRA%2FJ0HhaOHofn1FLAYwssw9hSvRaTudacytqsDprtnPkvh1rmRAqigfTr7VvNmSGENv1DuYoav%2F9gXtJ25NY%2BLUNmx%2BXJGaN5oXpTS%2FSHlMjecxodIODv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77436c03fd3c0b3d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v2/translations?locales[]=en-US&locales[]=en&domains[]=messages&fallback=1
18.193.73.74200 OK 0 B URL HTTP/2 b40llq4tvvy12m5mst.com/api/v2/translations?locales[]=en-US&locales[]=en&domains[]=messages&fallback=1
IP 18.193.73.74:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=en-US&locales[]=en&domains[]=messages&fallback=1 HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Connection: keep-alive
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145161.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:43 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 11 Dec 2022 09:12:43 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v1/currency-specific-settings/NOK.json
18.193.73.74200 OK 0 B URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/currency-specific-settings/NOK.json
IP 18.193.73.74:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currency-specific-settings/NOK.json HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145161.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:44 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 11 Dec 2022 09:12:44 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v3/user/line/top-list?is_spa=1
18.193.73.74200 OK 0 B URL HTTP/2 b40llq4tvvy12m5mst.com/api/v3/user/line/top-list?is_spa=1
IP 18.193.73.74:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v3/user/line/top-list?is_spa=1 HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145163.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:46 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 279a9e46c6f2bfd6cba959a5360947f2
vary: Accept-Encoding, Accept-Language
expires: Sun, 04 Dec 2022 09:12:46 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
18.193.73.74200 OK 0 B URL HTTP/2 b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
IP 18.193.73.74:0
Analyzer Verdict Alert quad9 Sinkholed
GET /?registration=1&cid=1925768417&pid=165855&sip=0 HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:42 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091241%3Aet%3A1670145162%3Ac%3A1%3Arn%3A694596678%3Arqn%3A1%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C245%2C36%2C1%2C370%2C0%2C%2C508%2C5%2C%2C%2C%2C1174%3Aco%3A0%3Ans%3A1670145159730%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670145162%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
87.250.250.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091241%3Aet%3A1670145162%3Ac%3A1%3Arn%3A694596678%3Arqn%3A1%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C245%2C36%2C1%2C370%2C0%2C%2C508%2C5%2C%2C%2C%2C1174%3Aco%3A0%3Ans%3A1670145159730%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670145162%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 87.250.250.119:0
GET /watch/37954615?wmode=7&page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091241%3Aet%3A1670145162%3Ac%3A1%3Arn%3A694596678%3Arqn%3A1%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C245%2C36%2C1%2C370%2C0%2C%2C508%2C5%2C%2C%2C%2C1174%3Aco%3A0%3Ans%3A1670145159730%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670145162%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://b40llq4tvvy12m5mst.com
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/37954615/1?wmode=7&page-url=https%3A%2F%2Fb40llq4tvvy12m5mst.com%2F%3Fregistration%3D1%26cid%3D1925768417%26pid%3D165855%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynz2f7f3y7l8rj188tipo%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A389106128794%3Ahid%3A576922644%3Az%3A0%3Ai%3A20221204091241%3Aet%3A1670145162%3Ac%3A1%3Arn%3A694596678%3Arqn%3A1%3Au%3A1670145162289876684%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C245%2C36%2C1%2C370%2C0%2C%2C508%2C5%2C%2C%2C%2C1174%3Aco%3A0%3Ans%3A1670145159730%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670145162%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Sun, 04 Dec 2022 09:12:44 GMT
access-control-allow-origin: https://b40llq4tvvy12m5mst.com
set-cookie: yabs-sid=1198721701670145164; Path=/; SameSite=None; Secure
i=hcabTS+4ZyQBlXMdCgjonxIL50ItQAL6f8w+2MYss9zQT7SN87zUU2kKlUq48i3AH9Ibxrj91G1iDjTZTPThEwJ24R0=; Expires=Wed, 01-Dec-2032 09:12:41 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=8440910321670145164; Expires=Mon, 04-Dec-2023 09:12:44 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=8440910321670145164; Expires=Mon, 04-Dec-2023 09:12:44 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1701681164.yc.1670145164#1701681164.yrts.1670145164#1701681164.yrtsi.1670145164; Expires=Mon, 04-Dec-2023 09:12:44 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 04-Dec-2022 09:12:44 GMT
last-modified: Sun, 04-Dec-2022 09:12:44 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v1/footer_links
18.193.73.74200 OK 0 B URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/footer_links
IP 18.193.73.74:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/footer_links HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145162.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:45 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 9a275bd284f3fda5613abb1077bf8f02
vary: Accept-Encoding, Accept-Language
expires: Sun, 04 Dec 2022 09:12:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v2/slider?section=
18.193.73.74200 OK 0 B URL HTTP/2 b40llq4tvvy12m5mst.com/api/v2/slider?section=
IP 18.193.73.74:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/slider?section= HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145162.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:45 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: fa61fc075fa44c60c1b0e40eb8efa8e9
vary: Accept-Encoding, Accept-Language
expires: Sun, 04 Dec 2022 09:12:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v1/bonus/first_deposit/info
18.193.73.74200 OK 0 B URL HTTP/2 b40llq4tvvy12m5mst.com/api/v1/bonus/first_deposit/info
IP 18.193.73.74:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/bonus/first_deposit/info HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1038
x-client-session: xf60fjuk1g1h5rzwixev
x-client-device-id: g18s925l9ycdb4imr4xp
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145163.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:45 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 8e4d660a004e0e76d3831b692c631df3
vary: Accept-Encoding, Accept-Language
expires: Sun, 04 Dec 2022 09:12:45 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
b40llq4tvvy12m5mst.com/api/v2/translations?locales[]=en-US&locales[]=en&domains[]=validators&fallback=1
18.193.73.74200 OK 0 B URL HTTP/2 b40llq4tvvy12m5mst.com/api/v2/translations?locales[]=en-US&locales[]=en&domains[]=validators&fallback=1
IP 18.193.73.74:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=en-US&locales[]=en&domains[]=validators&fallback=1 HTTP/1.1
Host: b40llq4tvvy12m5mst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://b40llq4tvvy12m5mst.com/?registration=1&cid=1925768417&pid=165855&sip=0
Connection: keep-alive
Cookie: theme=desktop; cid=1925768417; prid=most_partner.1925768417; pid=165855; sip=0; PHPSESSID=3l1ovo3mc5lovlh6ph4u0qoirt; lunetics_locale=en; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1670145161.1.0.1670145163.0.0.0; _ga=GA1.2.1785863095.1670145161; rst-uid=7005096538720436224; _gid=GA1.2.1152209003.1670145161; _gaclientid=1785863095.1670145161; _gasessionid=20221204|05557580; _gahitid=1670145161447; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1670145162289876684; _ym_d=1670145162; _fbp=fb.1.1670145161873.1729128621; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 09:12:47 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 11 Dec 2022 09:12:47 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2