3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
35.159.51.213308 Permanent Redirect 164 B URL HTTP/1.1 3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
IP 35.159.51.213:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f23c4815ecaef1588f16ac735c0e15d6
026bf8cdd5076014b6fc822878e0086eb44da556
43a81fb3d47b34e7d42d6b8444f592ed9251b8e57db8f67d32419aa40b1480d0
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/casino-reg?cid=1795397351&pid=14628&sip=0 HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 308 Permanent Redirect
Server: nginx
Date: Sat, 12 Nov 2022 03:29:04 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 3d0727e32cd103ddd4b73f28c81758aa
197a7bf43d63723fc532c23c6dced68d5cc36652
d3f75d03561d6a47d19370292e821a86e58381466f0c69386a21175de55882ff
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D3F75D03561D6A47D19370292E821A86E58381466F0C69386A21175DE55882FF"
Last-Modified: Fri, 11 Nov 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11043
Expires: Sat, 12 Nov 2022 06:33:07 GMT
Date: Sat, 12 Nov 2022 03:29:04 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 4edf853c470fcec0ab277c78527f3c2d
de93530ce15337e671c488d9fe05e7091d4956f0
b9d7976b398b1243ff8a571ddd3975d3a1317d69101061bdb1a755b3b56620e6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2115
Cache-Control: max-age=113858
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:04 GMT
Etag: "636e247f-1d7"
Expires: Sun, 13 Nov 2022 11:06:42 GMT
Last-Modified: Fri, 11 Nov 2022 10:31:27 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash d130218d0e2841f39c99610fe1a2ab90
29fbe1e177ee55c7a61ae0a206afff271cf5f945
6b6d74dccf10c2bc98a91c3388280d7ba1d9596bf8cadd7db0e2f63720b3d152
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Backoff, Content-Type, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 12 Nov 2022 02:43:59 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2705
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5076aaa9f4ccd602540286ce0590cb9a
bbf7936a8413a564478971d9e19beb6338cbc869
00e3b967c579b0ccf709b78d497a43d95646b16eb50925fef1e2694c58f290b2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "00E3B967C579B0CCF709B78D497A43D95646B16EB50925FEF1E2694C58F290B2"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13279
Expires: Sat, 12 Nov 2022 07:10:23 GMT
Date: Sat, 12 Nov 2022 03:29:04 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: WSaiiw5niBVXOr5Mqyvs8ph9j+zD6eTcPbQyi3vv6GG+cJVWFELAA31iZMP9luecciTAzprqcvg=
x-amz-request-id: NQ8YR4MS7S4CKRDM
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 12 Nov 2022 03:12:50 GMT
age: 974
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:04 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Cache-Control, Retry-After, Content-Length, Expires, ETag, Pragma, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 12 Nov 2022 03:24:58 GMT
cache-control: public,max-age=3600
age: 246
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2a6f221333f4d0633c5d492adf89f854
25ed6192d61c074841159c65f0778d0145092d95
5da5c0633b78d8356564ff7bbcdefd72455fd191025fd3a230a2a69dbd2f1af1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5DA5C0633B78D8356564FF7BBCDEFD72455FD191025FD3A230A2A69DBD2F1AF1"
Last-Modified: Thu, 10 Nov 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5418
Expires: Sat, 12 Nov 2022 04:59:22 GMT
Date: Sat, 12 Nov 2022 03:29:04 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash f7ff606fbc8634c858bbc04b69f55cf6
2441de2cba649239efd0dae7a878d7ef2245c0b4
95154e0dbb7e827b8f893cc141f986c29634ead618256470d753429aa65a0548
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1242
Cache-Control: max-age=107910
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:04 GMT
Etag: "636e10ac-1d7"
Expires: Sun, 13 Nov 2022 09:27:34 GMT
Last-Modified: Fri, 11 Nov 2022 09:06:52 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 85d88bfb8fca121bbd41e00f1f3b4369
063343a8a4707d752db8d8ea779d0d681fa1c214
98678a8eb4352c1bc39e2614002f876f6ea1d578671cee6514bbeeb7da7b158c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4219
Cache-Control: max-age=120244
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:04 GMT
Etag: "636e3539-117"
Expires: Sun, 13 Nov 2022 12:53:08 GMT
Last-Modified: Fri, 11 Nov 2022 11:42:49 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 85d88bfb8fca121bbd41e00f1f3b4369
063343a8a4707d752db8d8ea779d0d681fa1c214
98678a8eb4352c1bc39e2614002f876f6ea1d578671cee6514bbeeb7da7b158c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4219
Cache-Control: max-age=120244
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:04 GMT
Etag: "636e3539-117"
Expires: Sun, 13 Nov 2022 12:53:08 GMT
Last-Modified: Fri, 11 Nov 2022 11:42:49 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
54.230.111.107200 OK 23 kB URL HTTP/1.1 cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
IP 54.230.111.107:0
File type C source, ASCII text, with very long lines (539)
Hash bfcc64224f8c6e43e026afb16bd0f4f8
4b1a0dbd96c3047a917ba024690ffc4d544b8b00
c87358a7c76c044147379c9415f96488045b936666093c83fd0e57e08316548e
GET /js/11DAF087E87A3DFD/scarab-v2.js HTTP/1.1
Host: cdn.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Timing-Allow-Origin: *
Date: Sat, 12 Nov 2022 03:05:16 GMT
Cache-Control: max-age=3600,public
ETag: "aa53180343ab25d32aa7294158ca3216--gzip"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: wRl-I6xSXrsd-dOwTpKyddiPajpWGcpgeVHPpLkzRFkrQwzLg4xbJw==
Age: 1447
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 85d88bfb8fca121bbd41e00f1f3b4369
063343a8a4707d752db8d8ea779d0d681fa1c214
98678a8eb4352c1bc39e2614002f876f6ea1d578671cee6514bbeeb7da7b158c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3264
Cache-Control: max-age=119288
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:05 GMT
Etag: "636e3539-117"
Expires: Sun, 13 Nov 2022 12:37:13 GMT
Last-Modified: Fri, 11 Nov 2022 11:42:49 GMT
Server: ECS (amb/6BC2)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 85d88bfb8fca121bbd41e00f1f3b4369
063343a8a4707d752db8d8ea779d0d681fa1c214
98678a8eb4352c1bc39e2614002f876f6ea1d578671cee6514bbeeb7da7b158c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4220
Cache-Control: max-age=120244
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:05 GMT
Etag: "636e3539-117"
Expires: Sun, 13 Nov 2022 12:53:09 GMT
Last-Modified: Fri, 11 Nov 2022 11:42:49 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b474f74278f0bc7d8a7d6a66c3dcc2dd
6aad727d11a42fefbcabe6af4f0d32c42c946043
db18a18706d236333a7e8671728aea6adbe89e54905799cb5dc8d32feadf2e53
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.scarabresearch.com/wpjs/wploader.js?ts=2758
54.230.111.73200 OK 11 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wploader.js?ts=2758
IP 54.230.111.73:0
File type Unicode text, UTF-8 text, with very long lines (26064)
Hash 5a9d4022e839d5c9142b7713905a32f6
28d50e8c56816de249444cb574dcabb1fe5d0593
a3f92910377fdb07f6137a07cba50d2c74e6b10d1aa9f2b07d6575a852d587e3
GET /wpjs/wploader.js?ts=2758 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 10 Oct 2022 11:09:48 GMT
x-amz-version-id: DzVXMgBeksdrQfAKjc.ckmkVhMlLjwqT
Server: AmazonS3
Content-Encoding: gzip
Date: Fri, 11 Nov 2022 05:21:47 GMT
Cache-Control: max-age=86400
ETag: W/"1bb200ba7add3c5d4bfb6f3822bfe5af"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5FtJjfw9SEc6MA8Z6i-yjd-8EbjFqzqNrpMaJuG4XIN01dMdWxkBew==
Age: 79638
www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
142.250.74.168200 OK 56 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (13644)
Hash 52fd58414c38494d6a3c75e214b4d368
4e6769d1504e02a19e95f5f22e7227f77ce846ab
57020b450896f0b0a2570a884a4891de6d3b158cfeb0154a0ea050045cf5d2a8
GET /gtm.js?id=GTM-5PMSX62 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sat, 12 Nov 2022 03:29:05 GMT
expires: Sat, 12 Nov 2022 03:29:05 GMT
cache-control: private, max-age=900
last-modified: Sat, 12 Nov 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 55947
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rstat.rockmostbet.com/public/rstat_pixel_spa.js
162.55.5.93200 OK 10 kB URL HTTP/2 rstat.rockmostbet.com/public/rstat_pixel_spa.js
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
Hash f1b5cdd115d84254efb1d1cce82933d7
05cd06e570be5aaeee38c3139bb8b77173d0ce7b
fd390c721adddf0b2b6e8e3a28fd3f072a4b95c7af5d1fc02c10c95ab2050d7c
GET /public/rstat_pixel_spa.js HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/javascript
etag: "rkzpry7y7"
last-modified: Mon, 07 Nov 2022 18:23:58 GMT
server: Caddy
x-content-type-options: nosniff
content-length: 10303
date: Sat, 12 Nov 2022 03:29:05 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b474f74278f0bc7d8a7d6a66c3dcc2dd
6aad727d11a42fefbcabe6af4f0d32c42c946043
db18a18706d236333a7e8671728aea6adbe89e54905799cb5dc8d32feadf2e53
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
52.89.114.252101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.89.114.252:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: j/tn+96ZXDC4c9QhgH1PxQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: i/JZOa1zejuizUP4RoKKjSaK9Z4=
front.cdn-mb.com/spa-static/1.4.1006/static/js/main.f903f749.chunk.js
104.21.9.158200 OK 316 kB URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1006/static/js/main.f903f749.chunk.js
IP 104.21.9.158:0
File type ASCII text, with very long lines (65536), with no line terminators
Size 316 kB (316428 bytes)
Hash a10e2e853210c05d9af796517747c586
6b4c762f4279ab71637e87d73da80f3ac2189fe1
6f87096e1b0593e3873a657e1359a77fd32bba728b34b6ea7a02b0578ec11311
GET /spa-static/1.4.1006/static/js/main.f903f749.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 03:29:05 GMT
content-type: application/javascript
last-modified: Wed, 09 Nov 2022 13:23:04 GMT
vary: Accept-Encoding
etag: W/"636ba9b8-5bdb8"
expires: Sat, 12 Nov 2022 07:26:38 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 147
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QaVcKeGjqSly0bLJxw6L9KRaT9%2FMYbKgxsyPWYu7XeqTfeW%2FQ1vq8T6%2FnlXUw%2Fsnm9mRFxbQWMdzbCqWfLePYvppKsMF3fpxQ9Zsiq2Tae3dqjzrpvrfwQBP9X%2FU3W84KyLF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 768c2e664fdb1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 21817fa3c60612398404dbe75d383a1a
2d5e08988401c8d0adb24fb26987a0ee26544b4e
12cf02219c8cf9fe9b31f48e19ec88ff888a4ca87a7af1c47eff60a9c5865bfe
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 03:29:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 10 Nov 2022 18:25:29 GMT
Expires: Thu, 17 Nov 2022 18:25:28 GMT
Etag: "2d5e08988401c8d0adb24fb26987a0ee26544b4e"
Cache-Control: max-age=485182,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 768c2e682c00b521-OSL
my.rtmark.net/p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01
IP 139.45.195.8:0
Hash 6425f508eacb60db81c6d0b38ae56a58
d27caed071b054a15ab2291a11a4bfe12e097d7a
e94404dcfeb2d07ed1a6c0ad4230d5bc5754c0c965736d4ebc3224af415094d0
GET /p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:05 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d84a911b820c140cf4e3da2af665b63c
fbee3b2193231404844c0ecb6e8f72d02d30e997
7f0381e9de205bbe3e0cab3e7e40afced0d58bb25b8df4715d1406c702624d14
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5565
Cache-Control: max-age=91695
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:05 GMT
Etag: "636dc073-1d7"
Expires: Sun, 13 Nov 2022 04:57:20 GMT
Last-Modified: Fri, 11 Nov 2022 03:24:35 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sat, 12 Nov 2022 02:41:09 GMT
expires: Sat, 12 Nov 2022 04:41:09 GMT
cache-control: public, max-age=7200
age: 2876
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
connect.facebook.net/en_US/fbevents.js
31.13.72.12200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (64348)
Hash 0ac10debd3a9ea8147a26d045bb93e6e
ff45f3442508e8695f2303701682ebdb6e016464
5dee7b453b2c72c07ff1d62432493a044507835a8031ea62edf2fa7cc26219b9
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: jVEcxUS6/n3V5ec4muRKqs0GM/XJML6r2FrGSeJhQf2eIQ/mOrA4q/B74hUYaonV5fAxHaYn1AAqzzpPm6cohg==
priority: u=3,i
content-length: 27337
x-fb-trip-id: 1904183273
date: Sat, 12 Nov 2022 03:29:05 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d84a911b820c140cf4e3da2af665b63c
fbee3b2193231404844c0ecb6e8f72d02d30e997
7f0381e9de205bbe3e0cab3e7e40afced0d58bb25b8df4715d1406c702624d14
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5565
Cache-Control: max-age=91695
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:05 GMT
Etag: "636dc073-1d7"
Expires: Sun, 13 Nov 2022 04:57:20 GMT
Last-Modified: Fri, 11 Nov 2022 03:24:35 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash 12af49097cdb29eec2b1046758d0a7f7
b3ab08e63d7f49f3a545017baa700f22335ba80a
50a391b5793865d050cc91ad79efac69878f1582148d894ff17bf3049434d67f
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 03:29:05 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Wed, 16 Nov 2022 01:49:37 GMT
ETag: "b3ab08e63d7f49f3a545017baa700f22335ba80a"
Last-Modified: Sat, 12 Nov 2022 01:49:38 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 14
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 768c2e69395ab51e-OSL
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 3b7aec6e51bcbd2d5fda97032ba0a9a2
7a09d20e64f40614a39a23e000c9595240226499
031894bc9258aeef2d6ce8bae0b4e85b19f199fc21101fbaff23d5dbe3db5436
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 659
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sat, 12 Nov 2022 03:29:05 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=6997037527248928768; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 3
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 6247851ccb128c77e9ae6ed291560e26
194cb53aef7b73acec21985b2017c14ac335ed3e
36966a33ddb06ad9a6044b9786e5e8026894e705c08115d119aa50d623e4a6ef
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 747
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sat, 12 Nov 2022 03:29:05 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=6997037527248928768; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 1
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/tag.js
93.158.134.119200 OK 73 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 93.158.134.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (587)
Hash 6bb9990fc521832208f25ccf5261b719
be8acfb80dfc034d5cbd7dabb318ea8853762c10
677f03256dacdc519c12971fd422fe1afa0ecca3864f4e8f7aa0bed4eecd9c38
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73397
date: Sat, 12 Nov 2022 03:29:05 GMT
access-control-allow-origin: *
etag: "63575841-11eb5"
expires: Sat, 12 Nov 2022 04:29:05 GMT
last-modified: Tue, 25 Oct 2022 06:30:09 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v1/logo
35.159.51.213200 OK 141 B URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v1/logo
IP 35.159.51.213:0
Hash 75926fabb45a9fe1dc3f0cb59e0b8e87
5c0961563a8b1a8dd6ed23097a0d3bb5288a374b
6a5f0458a3af0ed42f43a295a55dfa555cdaf948407ce36ddea85dee65553090
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/logo HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1006
x-client-session: dye0fnnkfe2hnr2zi3ee
x-client-device-id: cxxvgmh1i3yrdmvt8jhg
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
Cookie: theme=desktop; _ga_HCZ6L6382W=GS1.1.1668223744.1.0.1668223744.0.0.0; _ga=GA1.2.913967725.1668223745; rst-uid=6997037527248928768; _gid=GA1.2.1072228301.1668223745; _gaclientid=913967725.1668223745; _gasessionid=20221112|07312618; _gahitid=1668223745078; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; cid=1795397351; prid=most_partner.1795397351; pid=14628; sip=0; PHPSESSID=6tm6h56dprg7s8duujffqa4p8c; lunetics_locale=bn; tz=Europe%2FOslo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:05 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"9dfab82e3b4ec3d36c2d3f40883172cf"
x-request-id: fee1162079525d22621b3249eec61eab
vary: Accept-Encoding, Accept-Language
expires: Sat, 12 Nov 2022 03:29:05 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v1/websocket/credentials
35.159.51.213200 OK 243 B URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v1/websocket/credentials
IP 35.159.51.213:0
Hash 1e8546c3d385a7a3aa4e1eb6c5b68834
9c56ecf33831bf0c3a981cfd841e6e89272bb5bc
86b03ddab65af827b693f75b5acc2dac15fb92690e72c3e79e8b0304aa9e1abe
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/websocket/credentials HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1006
x-client-session: dye0fnnkfe2hnr2zi3ee
x-client-device-id: cxxvgmh1i3yrdmvt8jhg
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
Cookie: theme=desktop; _ga_HCZ6L6382W=GS1.1.1668223744.1.0.1668223744.0.0.0; _ga=GA1.1.913967725.1668223745; rst-uid=6997037527248928768
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:05 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 13a84d44d45e4d7be05dbf9377e5b4ac
vary: Accept-Encoding, Accept-Language
expires: Sat, 12 Nov 2022 03:29:05 GMT
set-cookie: PHPSESSID=6tm6h56dprg7s8duujffqa4p8c; expires=Mon, 12-Dec-2022 03:29:05 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=bn; expires=Sun, 13-Nov-2022 03:29:05 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sat, 19-Nov-2022 03:29:05 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v1/settings
35.159.51.213200 OK 94 kB URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v1/settings
IP 35.159.51.213:0
File type JSON data\012- , ASCII text, with very long lines (35619)
Hash ffee31ec78271ac6ecdb8d389041cd04
19e9b96ec3245d1899d98523601c4a4c568fe269
f6a1ada653805c2cadd879937fe291947bdc75275a047edc38af49d3727504e5
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/settings HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1006
x-client-session: dye0fnnkfe2hnr2zi3ee
x-client-device-id: cxxvgmh1i3yrdmvt8jhg
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
Cookie: theme=desktop; _ga_HCZ6L6382W=GS1.1.1668223744.1.0.1668223744.0.0.0; _ga=GA1.1.913967725.1668223745; rst-uid=6997037527248928768
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:05 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 6ada92154b2a18c5e52a2266821b05a5
vary: Accept-Encoding, Accept-Language
expires: Sat, 12 Nov 2022 03:29:05 GMT
set-cookie: PHPSESSID=vppubefek5p526d9i1if8iuh6n; expires=Mon, 12-Dec-2022 03:29:05 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=bn; expires=Sun, 13-Nov-2022 03:29:05 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sat, 19-Nov-2022 03:29:05 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 12 Nov 2022 03:29:05 GMT
access-control-allow-origin: *
etag: "63575841-2b"
expires: Sat, 12 Nov 2022 04:29:05 GMT
accept-ranges: bytes
last-modified: Tue, 25 Oct 2022 06:30:09 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?wmode=7&page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032905%3Aet%3A1668223745%3Ac%3A1%3Arn%3A123680748%3Arqn%3A1%3Au%3A1668223745666060505%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C459%2C39%2C2%2C353%2C0%2C%2C492%2C4%2C%2C%2C%2C1388%3Ans%3A1668223743436%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668223745%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
93.158.134.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?wmode=7&page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032905%3Aet%3A1668223745%3Ac%3A1%3Arn%3A123680748%3Arqn%3A1%3Au%3A1668223745666060505%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C459%2C39%2C2%2C353%2C0%2C%2C492%2C4%2C%2C%2C%2C1388%3Ans%3A1668223743436%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668223745%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash cedeb5c85a3d38f224807cbb9abeacbb
cf05665561bf88fb1e115f2281acdc59bc14061f
fceb67781f5968decd0acf4a63109f11659784f2bb0680278d25099cd6b2f688
GET /watch/37954615/1?wmode=7&page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032905%3Aet%3A1668223745%3Ac%3A1%3Arn%3A123680748%3Arqn%3A1%3Au%3A1668223745666060505%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C459%2C39%2C2%2C353%2C0%2C%2C492%2C4%2C%2C%2C%2C1388%3Ans%3A1668223743436%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668223745%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Referer: https://3vsmdh0yz31vwcemst.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Sat, 12 Nov 2022 03:29:05 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 12-Nov-2022 03:29:05 GMT
last-modified: Sat, 12-Nov-2022 03:29:05 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 12 kB IP 142.250.74.3:0
File type gzip compressed data, max speed, from Unix\012- data
Hash fec6d8adbff08d5810ab765174462608
97f4789b39979aa9da4501de1543c2cf6a3e09b4
8c42faea06bbe737d7001318ef8eaeee8c5e33dafae6ef3a957b47367d6065fa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
142.250.74.132200 OK 580 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
IP 142.250.74.132:0
File type ASCII text, with very long lines (909), with no line terminators
Hash 645839bb2a36f1b5337b8701d692b126
76f03a580d775a3dbd34f5dc4e7c2d4c18833cd5
70d059e2d878dadc8cf895cfa4dcebefbf7c7eef7771db6369f1e1a0539236d1
GET /recaptcha/api.js?onload=onloadcallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sat, 12 Nov 2022 03:29:05 GMT
date: Sat, 12 Nov 2022 03:29:05 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 580
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac127eb994552f5336f473da4ba5474a
e18d0e62831dfd3f8976d43b46f4286657d6d504
3b0da5e281a6859bb3e0672a4c42b2aa22e121ac5e6ec37169999d90b580a892
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3B0DA5E281A6859BB3E0672A4C42B2AA22E121AC5E6EC37169999D90B580A892"
Last-Modified: Thu, 10 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17072
Expires: Sat, 12 Nov 2022 08:13:37 GMT
Date: Sat, 12 Nov 2022 03:29:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac127eb994552f5336f473da4ba5474a
e18d0e62831dfd3f8976d43b46f4286657d6d504
3b0da5e281a6859bb3e0672a4c42b2aa22e121ac5e6ec37169999d90b580a892
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3B0DA5E281A6859BB3E0672A4C42B2AA22E121AC5E6EC37169999D90B580A892"
Last-Modified: Thu, 10 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17072
Expires: Sat, 12 Nov 2022 08:13:37 GMT
Date: Sat, 12 Nov 2022 03:29:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 61 kB IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b52ed854aa79591577dcb66ede91f947
51b5858c903b97992950f34df9ecefe980b55c50
4c1f0506adc11629296328e52220f686144e8ba01582e4ee1260ea54e755030e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3B0DA5E281A6859BB3E0672A4C42B2AA22E121AC5E6EC37169999D90B580A892"
Last-Modified: Thu, 10 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19896
Expires: Sat, 12 Nov 2022 09:00:42 GMT
Date: Sat, 12 Nov 2022 03:29:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ac127eb994552f5336f473da4ba5474a
e18d0e62831dfd3f8976d43b46f4286657d6d504
3b0da5e281a6859bb3e0672a4c42b2aa22e121ac5e6ec37169999d90b580a892
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3B0DA5E281A6859BB3E0672A4C42B2AA22E121AC5E6EC37169999D90B580A892"
Last-Modified: Thu, 10 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17038
Expires: Sat, 12 Nov 2022 08:13:04 GMT
Date: Sat, 12 Nov 2022 03:29:06 GMT
Connection: keep-alive
my.rtmark.net/img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01&ttl=&rurl=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:05 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=a3e87385b99f488b80036580b06548c6; expires=Sun, 12 Nov 2023 03:29:05 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e569acd833d180f3c2fba0919fbeb704
60a3121c9bf8e08a8a7fe70001c24b6f8c9981f5
994bee0670c93479c3e835985d24d7ce41fbc0a3013e173d79ea1ea5f63ac85c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/test_cookie_set?testcookie=up5el5qlq77smzuuts5gcj
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=up5el5qlq77smzuuts5gcj
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=up5el5qlq77smzuuts5gcj HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://3vsmdh0yz31vwcemst.com/
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: da7c471c88414961b59500fe507cfdae
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sat, 12 Nov 2022 03:29:05 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=okn3l0rjzuxb7m6vhw2jr
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=okn3l0rjzuxb7m6vhw2jr
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=okn3l0rjzuxb7m6vhw2jr HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://3vsmdh0yz31vwcemst.com/
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: a650ca6cdc814e839aa72db40ffdf364
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sat, 12 Nov 2022 03:29:05 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=up5el5qlq77smzuuts5gcj
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=up5el5qlq77smzuuts5gcj
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=up5el5qlq77smzuuts5gcj HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1006
x-client-session: dye0fnnkfe2hnr2zi3ee
x-client-device-id: cxxvgmh1i3yrdmvt8jhg
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 0b1585e178674944b2a6ca582626a36e
set-cookie: test_cooke_up5el5qlq77smzuuts5gcj=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Sat, 12 Nov 2022 03:29:05 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-HCZ6L6382W>m=2oeb90&_p=74032612&cid=913967725.1668223745&ul=en-us&sr=1280x1024&_s=1&sid=1668223744&sct=1&seg=0&dl=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&dt=&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-HCZ6L6382W>m=2oeb90&_p=74032612&cid=913967725.1668223745&ul=en-us&sr=1280x1024&_s=1&sid=1668223744&sct=1&seg=0&dl=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&dt=&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-HCZ6L6382W>m=2oeb90&_p=74032612&cid=913967725.1668223745&ul=en-us&sr=1280x1024&_s=1&sid=1668223744&sct=1&seg=0&dl=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&dt=&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
date: Sat, 12 Nov 2022 03:29:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=okn3l0rjzuxb7m6vhw2jr
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=okn3l0rjzuxb7m6vhw2jr
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=okn3l0rjzuxb7m6vhw2jr HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1006
x-client-session: dye0fnnkfe2hnr2zi3ee
x-client-device-id: cxxvgmh1i3yrdmvt8jhg
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: df79d7037bf64526b18de33d96f5d42d
set-cookie: test_cooke_okn3l0rjzuxb7m6vhw2jr=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Sat, 12 Nov 2022 03:29:05 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032905%3Aet%3A1668223745%3Ac%3A1%3Arn%3A123680748%3Arqn%3A1%3Au%3A1668223745666060505%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C459%2C39%2C2%2C353%2C0%2C%2C492%2C4%2C%2C%2C%2C1388%3Ans%3A1668223743436%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668223745%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
93.158.134.119302 Found 174 B URL HTTP/2 mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032905%3Aet%3A1668223745%3Ac%3A1%3Arn%3A123680748%3Arqn%3A1%3Au%3A1668223745666060505%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C459%2C39%2C2%2C353%2C0%2C%2C492%2C4%2C%2C%2C%2C1388%3Ans%3A1668223743436%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668223745%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type gzip compressed data, max speed, from Unix\012- data
Hash 9bd220dfa17f23dcdfd991a85f980efe
b9541a83b941f30c09389fa652df304fa372fc5c
9000035ce5b9bef5988fac32d20e12f70a6255224cf1207622032edc64cf83bd
GET /watch/37954615?wmode=7&page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032905%3Aet%3A1668223745%3Ac%3A1%3Arn%3A123680748%3Arqn%3A1%3Au%3A1668223745666060505%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C459%2C39%2C2%2C353%2C0%2C%2C492%2C4%2C%2C%2C%2C1388%3Ans%3A1668223743436%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668223745%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/37954615/1?wmode=7&page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032905%3Aet%3A1668223745%3Ac%3A1%3Arn%3A123680748%3Arqn%3A1%3Au%3A1668223745666060505%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C459%2C39%2C2%2C353%2C0%2C%2C492%2C4%2C%2C%2C%2C1388%3Ans%3A1668223743436%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1668223745%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Sat, 12 Nov 2022 03:29:05 GMT
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
set-cookie: yandexuid=3901102351668223745; Expires=Sun, 12-Nov-2023 03:29:05 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=3901102351668223745; Expires=Sun, 12-Nov-2023 03:29:05 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=554870611668223745; Path=/; SameSite=None; Secure
i=LTVU7COFLGmrheJFkV15fxRhX25KQ8fcRUhMRDvDqnbgK2lL0OWQbIgc69haq2VVGHLoKfw10yzZmM76RwJ3vvkHdSY=; Expires=Tue, 09-Nov-2032 03:29:04 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1699759745.yrts.1668223745#1699759745.yrtsi.1668223745; Expires=Sun, 12-Nov-2023 03:29:05 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 12-Nov-2022 03:29:05 GMT
last-modified: Sat, 12-Nov-2022 03:29:05 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v1/currency-specific-settings/BDT.json
35.159.51.213200 OK 220 B URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v1/currency-specific-settings/BDT.json
IP 35.159.51.213:0
File type JSON data\012- , ASCII text, with very long lines (608), with no line terminators
Hash d031731b734d6376d9d35f1477d09b28
d62276becb2e5e1bac920cf5157fbd386703a7d9
38f25b3d98506b8c5944d6e0a352436c51b45176952e54c5c9eb646649b92da2
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currency-specific-settings/BDT.json HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1006
x-client-session: dye0fnnkfe2hnr2zi3ee
x-client-device-id: cxxvgmh1i3yrdmvt8jhg
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
Cookie: theme=desktop; _ga_HCZ6L6382W=GS1.1.1668223744.1.0.1668223745.0.0.0; _ga=GA1.2.913967725.1668223745; rst-uid=6997037527248928768; _gid=GA1.2.1072228301.1668223745; _gaclientid=913967725.1668223745; _gasessionid=20221112|07312618; _gahitid=1668223745078; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; cid=1795397351; prid=most_partner.1795397351; pid=14628; sip=0; PHPSESSID=vppubefek5p526d9i1if8iuh6n; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=1668223745666060505; _ym_d=1668223745; _fbp=fb.1.1668223745354.473861138; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:06 GMT
content-type: application/json
cache-control: max-age=3600, private
etag: W/"f62f3a14a21eec1626541cbc2e78a9c1"
x-request-id: 3145c4edc91a9872822149f459f41157
vary: Accept-Encoding, Accept-Language
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=okn3l0rjzuxb7m6vhw2jr
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=okn3l0rjzuxb7m6vhw2jr
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_get?testcookie=okn3l0rjzuxb7m6vhw2jr HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://3vsmdh0yz31vwcemst.com/
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: e880f0e92ffa4c629034073777301e20
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sat, 12 Nov 2022 03:29:05 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=okn3l0rjzuxb7m6vhw2jr
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=okn3l0rjzuxb7m6vhw2jr
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash caf33483167cc6a28994a501b478f8df
8b80faf52bdfda242a8a7c2d2cff45a26c43d031
070bf1d4556043cf533cca3e374c72481fb31525f9254c46a37031fb35f69f0e
GET /multiauth/test_cookie_get?testcookie=okn3l0rjzuxb7m6vhw2jr HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1006
x-client-session: dye0fnnkfe2hnr2zi3ee
x-client-device-id: cxxvgmh1i3yrdmvt8jhg
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Cookie: test_cooke_up5el5qlq77smzuuts5gcj=1; test_cooke_okn3l0rjzuxb7m6vhw2jr=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 463d6542033a4ce9968d5be652268817
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Sat, 12 Nov 2022 03:29:05 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=up5el5qlq77smzuuts5gcj
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=up5el5qlq77smzuuts5gcj
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash caf33483167cc6a28994a501b478f8df
8b80faf52bdfda242a8a7c2d2cff45a26c43d031
070bf1d4556043cf533cca3e374c72481fb31525f9254c46a37031fb35f69f0e
GET /multiauth/test_cookie_get?testcookie=up5el5qlq77smzuuts5gcj HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1006
x-client-session: dye0fnnkfe2hnr2zi3ee
x-client-device-id: cxxvgmh1i3yrdmvt8jhg
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Cookie: test_cooke_up5el5qlq77smzuuts5gcj=1; test_cooke_okn3l0rjzuxb7m6vhw2jr=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: b09f506027c545f09ae5adb9c452ea80
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Sat, 12 Nov 2022 03:29:05 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v2/translations?locales[]=bn&domains[]=messages&fallback=1
35.159.51.213200 OK 734 kB URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v2/translations?locales[]=bn&domains[]=messages&fallback=1
IP 35.159.51.213:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Size 734 kB (734021 bytes)
Hash dc0aba7c55a8799a24e62aa68b749036
f2915b667ebbb075e3d16b23d6720cdb474735dc
8955ec9532fe7b495f22d31532d87d8db991fe369af6da2dc05b1e7f6a79b126
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=bn&domains[]=messages&fallback=1 HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
Connection: keep-alive
Cookie: theme=desktop; _ga_HCZ6L6382W=GS1.1.1668223744.1.0.1668223745.0.0.0; _ga=GA1.2.913967725.1668223745; rst-uid=6997037527248928768; _gid=GA1.2.1072228301.1668223745; _gaclientid=913967725.1668223745; _gasessionid=20221112|07312618; _gahitid=1668223745078; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; cid=1795397351; prid=most_partner.1795397351; pid=14628; sip=0; PHPSESSID=vppubefek5p526d9i1if8iuh6n; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=1668223745666060505; _ym_d=1668223745; _fbp=fb.1.1668223745354.473861138; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:06 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"be9ecd30a2d743b87d943eca1e0ac33c"
x-request-id: 8e0c3e4c31b6a49df9c5cdb09800c503
vary: Accept-Encoding, Accept-Language
expires: Sat, 12 Nov 2022 03:29:06 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 50b7ad7d0cb47a73140b0c340b5b72b4
5b7fd8d7d4a5fb963c33d52675ef3be152f4e7e3
494e1c3410c113871960bd9b35b3d89c0d404ecb836c03669a8522d159391cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/ping
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://3vsmdh0yz31vwcemst.com/
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 111b6f468c30485299768b427e63cf76
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sat, 12 Nov 2022 03:29:05 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15995
Expires: Sat, 12 Nov 2022 07:55:41 GMT
Date: Sat, 12 Nov 2022 03:29:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15995
Expires: Sat, 12 Nov 2022 07:55:41 GMT
Date: Sat, 12 Nov 2022 03:29:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash fb29db48daab83bcaed56b72093619cc
e0e0a09d729ffb1c41411419768896f1e1eb3346
08e24124f809f1ab7e6960355efcb419e13dd5fb6063c31caf04e11ebdb7a5cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "08E24124F809F1AB7E6960355EFCB419E13DD5FB6063C31CAF04E11EBDB7A5CF"
Last-Modified: Fri, 11 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15995
Expires: Sat, 12 Nov 2022 07:55:41 GMT
Date: Sat, 12 Nov 2022 03:29:06 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cc6bc0328a0b47b32c004162363f93e7
ea2e2e8dc44f9f53d1329b44683455b8cb95113b
0d8a3c793b15d06d3ad4d4d1b4a637711cda1aaf113443fa9137077ba5edf1b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/ping
185.26.99.196401 Unauthorized 35 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 0d996c3fba12286419cc5490ecc262f2
8d763a6d6dc7b73504e259d6755a91215cc90a77
89ee31619ad837c48dfe0eeb3bd1e65d8c372d8b73c1f1e345c6dd91aca7f25f
GET /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1006
x-client-session: dye0fnnkfe2hnr2zi3ee
x-client-device-id: cxxvgmh1i3yrdmvt8jhg
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Cookie: test_cooke_up5el5qlq77smzuuts5gcj=1; test_cooke_okn3l0rjzuxb7m6vhw2jr=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 401 Unauthorized
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 1e29d3c9c48d414bafbb78e7a5418239
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 35
date: Sat, 12 Nov 2022 03:29:05 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb94d751-826d-42ad-b2dc-367ce1cc369f.webp
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb94d751-826d-42ad-b2dc-367ce1cc369f.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e81c2d92517d06bf88be1107cfda9d29
f69aa0716a76302558c02934576cdcc567f2a43b
46510180a843c2cf2196c439e668fd973b73b66afe55e44f7f7c24a53d0625cf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb94d751-826d-42ad-b2dc-367ce1cc369f.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6230
x-amzn-requestid: 034a6e7a-b227-45e8-9e42-a2b5fe3fb774
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdM81GfDoAMFn6g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec1eb-521b8a501b7aec9f331acc9f;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:07 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 9OT-9YOaRWYlFgQkuy_PVJkrl87XpxGyl_SCuZNGIspxCwZcipoOIA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:45:12 GMT
etag: "f69aa0716a76302558c02934576cdcc567f2a43b"
content-type: image/jpeg
age: 20634
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.gstatic.com/recaptcha/releases/jF-AgDWy8ih0GfLx4Semh9UK/recaptcha__en.js
142.250.74.163200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/jF-AgDWy8ih0GfLx4Semh9UK/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (668)
Size 163 kB (162590 bytes)
Hash 70dc760a0efad09d703883a39f7683b2
2bc70f2a100ff27d27a89d563dfe279590c8336b
2bc59eab94309c59fba62afa40dfd841fb83760714e9ec7248ce3e10ae05fd19
GET /recaptcha/releases/jF-AgDWy8ih0GfLx4Semh9UK/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162590
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 11 Nov 2022 23:25:44 GMT
expires: Sat, 11 Nov 2023 23:25:44 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 07 Nov 2022 23:32:29 GMT
content-type: text/javascript
age: 14602
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24ff4e7b-c5dd-4b3d-a4fa-a796e12dfe1e.jpeg
34.120.237.76200 OK 20 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24ff4e7b-c5dd-4b3d-a4fa-a796e12dfe1e.jpeg
IP 34.120.237.76:0
Hash 3e9dd6c456a97851d1dff9cddeb5e126
02fc9cfe8065f926aa0cdc5581d5264268ac37e5
8b64d24ec06e14a98a97d4b3973a5d837f374da714a2040ffb5cc8c1e582fdfd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F24ff4e7b-c5dd-4b3d-a4fa-a796e12dfe1e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6398
x-amzn-requestid: c86cea6c-2f2f-490d-9187-2f21df615eb8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdNMGEQbIAMFh2A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec24d-23ffe10c6db644e679b581f7;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:44:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8cVG2w6c18kvkBcxD07M71pT6OA6XkvudTUXWdxWtv8S1dEHDvpCYQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:24:15 GMT
age: 18291
etag: "a1a2246415ff47340df17641ed2cf9c701453683"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg
IP 34.120.237.76:0
Hash 331190bf61ab34c959ce510d46643154
da845cdd9b93271c2218903772629e2fc3f427d6
a4ad5129c824032fc7279112c76859410754598acfb55c72ff488a1cc85b042b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4af930b9-b854-4316-8425-07c6aa06477a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11715
x-amzn-requestid: 20e508bd-6568-4225-9bee-c683a49d44f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMhUHkpIAMFfJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec13b-7dc726b94a37fc667e2e6646;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:11 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: X3SUo1LP97TxraRav0ftskBhzWkTJInHaS44PW26yloF-dgD-bHBuA==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 d01e7742f82df0bbc1fb681d709ed69c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:45:12 GMT
etag: "5109c156b180727767fc03c411190ccc0d3fb5fc"
content-type: image/jpeg
age: 20634
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cc6bc0328a0b47b32c004162363f93e7
ea2e2e8dc44f9f53d1329b44683455b8cb95113b
0d8a3c793b15d06d3ad4d4d1b4a637711cda1aaf113443fa9137077ba5edf1b9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2eaa4311-959b-4a18-8135-b4ce754c0765.jpeg
34.120.237.76200 OK 7.5 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2eaa4311-959b-4a18-8135-b4ce754c0765.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 567bcdef39653e949301b97714168c31
8669185a5f338e34026c48310c88c5a9d8caa1c2
7ecaa9ceaa0a60e608e62571108fbcf49f6fa2b3e77feacbf52d319beda40db1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2eaa4311-959b-4a18-8135-b4ce754c0765.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7533
x-amzn-requestid: 985674ba-be97-4ca3-babb-594c61f8d6c1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdM8BEqFIAMFsxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec1e6-3abc6a525f2a2bde14465b7e;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:02 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: DRfYKF1_Z56kxeaprUhH1Ng8MgW0Z6Xx_yWwiO3MnswRFY482udCjg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 567b44ed19c8caed2570b7bcd8c70034.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:43:48 GMT
age: 20718
etag: "8669185a5f338e34026c48310c88c5a9d8caa1c2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbae1f7e5-4deb-446b-bef2-d4185563f449.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbae1f7e5-4deb-446b-bef2-d4185563f449.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 43e4308988c320212eab6fb4d27c215e
2c2503ca7de1a0c9a4224131f9b0e4b990f7efcd
56efcb5d90ed224301384c850ec2f11317c2426fdc8ed6f88a211bbb75e6871e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbae1f7e5-4deb-446b-bef2-d4185563f449.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12578
x-amzn-requestid: 60fda47c-9518-4ab3-8f94-4e925f0b6773
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdM8iHeHoAMFQFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec1e9-62597e7b5c0f3b6b1e53bcce;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:43:05 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: FSquX2GRcCI4_Onwfi5qm_oBKl5EvL1RZJO84zJgyoEr7tPVTMy9dQ==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:43:47 GMT
age: 20719
etag: "2c2503ca7de1a0c9a4224131f9b0e4b990f7efcd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=913967725.1668223745&jid=1499650667&uid=0&gjid=375284398&_gid=1072228301.1668223745&_u=YADAAEAAAAAAACAEK~&z=1944978617
142.251.1.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=913967725.1668223745&jid=1499650667&uid=0&gjid=375284398&_gid=1072228301.1668223745&_u=YADAAEAAAAAAACAEK~&z=1944978617
IP 142.251.1.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=913967725.1668223745&jid=1499650667&uid=0&gjid=375284398&_gid=1072228301.1668223745&_u=YADAAEAAAAAAACAEK~&z=1944978617 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 12 Nov 2022 03:29:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb22878eb-d1d1-407d-8ba4-96fe956644f5.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb22878eb-d1d1-407d-8ba4-96fe956644f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e2f45403a256539d0408606c1675dd9e
a61616b84ed5c9c6caeab3342f20b082de5f7273
576ae4104b8452903c44ee58bbd77473222b9f1ab275461d7edd99b48f694777
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb22878eb-d1d1-407d-8ba4-96fe956644f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7163
x-amzn-requestid: 2eaa395b-2688-47e6-a353-bf46b44d8e91
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdNMRGzpIAMFhYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec24e-3158c33c70598fe32d827970;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:44:46 GMT
x-amz-cf-pop: YVR50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: J0U1rgtMbR8KI9S6Uhg_2nCJlrfOVjceAEUMSF0JBCJ9FS81D6117w==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 28390a4d24ed4fdccd685d99cd06cf4e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 22:03:52 GMT
age: 19514
etag: "a61616b84ed5c9c6caeab3342f20b082de5f7273"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=913967725.1668223745&jid=416391957&uid=0&gjid=624487529&_gid=1072228301.1668223745&_u=YADAAEABAAAAACAEK~&z=449430054
142.251.1.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=913967725.1668223745&jid=416391957&uid=0&gjid=624487529&_gid=1072228301.1668223745&_u=YADAAEABAAAAACAEK~&z=449430054
IP 142.251.1.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=913967725.1668223745&jid=416391957&uid=0&gjid=624487529&_gid=1072228301.1668223745&_u=YADAAEABAAAAACAEK~&z=449430054 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sat, 12 Nov 2022 03:29:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 50b7ad7d0cb47a73140b0c340b5b72b4
5b7fd8d7d4a5fb963c33d52675ef3be152f4e7e3
494e1c3410c113871960bd9b35b3d89c0d404ecb836c03669a8522d159391cd9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 23dd8b12572b78e5d32d491b3d0d9d32
718c3e3abcc55c295c72e5ee4e5441fe5acc1363
f72c359246ea96d4f28bbc5aee8d4d24fcba9f47dfc691693f6c49e370d9b103
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 06d7d61a20669050493c3fd5d2b9798e
5d2d51f23582ef785072cdd0ca9ccf859b563b2d
653662665ea3298734fa313f693216a3932a64ac2903986d7415f60f97bcf27f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 06d7d61a20669050493c3fd5d2b9798e
5d2d51f23582ef785072cdd0ca9ccf859b563b2d
653662665ea3298734fa313f693216a3932a64ac2903986d7415f60f97bcf27f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.36200 OK 1.8 kB IP 192.124.249.36:0
Hash 1feb8b208396305dc26615608179fe22
7db07ae69237df86d590c3223d2689e79c740667
3ca4aa314b832765d02785d93898198519d131018d2ca23a16f373f12dbd6de3
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sat, 12 Nov 2022 03:29:06 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19036
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Fri, 11 Nov 2022 19:24:28 GMT
Expires: Sat, 12 Nov 2022 19:24:28 GMT
ETag: "7db07ae69237df86d590c3223d2689e79c740667"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
code.jivosite.com/widget/3bcOoG4MqH
92.223.124.24200 OK 5.9 kB URL HTTP/2 code.jivosite.com/widget/3bcOoG4MqH
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (17132), with no line terminators
Hash 5d544f68adb5df61f02dd184132c6668
1762651e6ff01d0025e519c8fddf8fe86943582f
8a7b7b408a6b58e3614c065e0568696384f680dfeaf7b71bfa7ebee7641a6117
GET /widget/3bcOoG4MqH HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:06 GMT
content-type: application/javascript
content-length: 5938
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: br
etag: "636cf1b8-1732"
expires: Fri, 11 Nov 2022 18:01:50 GMT
last-modified: Thu, 10 Nov 2022 12:42:32 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-12T02:38:36+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 09 Nov 2022 14:07:32 GMT
expires: Thu, 09 Nov 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 220894
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aca2e38eee453679f022dba5cf64555b
1c9f6f5e9ed1272e9edcc958e7cc2dec61f793df
ea8bc6a82c3243813e137066ca5b659192f72ac69690f9ea4dcb668624baf586
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash aca2e38eee453679f022dba5cf64555b
1c9f6f5e9ed1272e9edcc958e7cc2dec61f793df
ea8bc6a82c3243813e137066ca5b659192f72ac69690f9ea4dcb668624baf586
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 12 Nov 2022 03:29:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=913967725.1668223745&jid=1499650667&_u=YADAAEAAAAAAACAEK~&z=1972007828
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=913967725.1668223745&jid=1499650667&_u=YADAAEAAAAAAACAEK~&z=1972007828
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=913967725.1668223745&jid=1499650667&_u=YADAAEAAAAAAACAEK~&z=1972007828 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 12 Nov 2022 03:29:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=913967725.1668223745&jid=416391957&_u=YADAAEABAAAAACAEK~&z=726719001
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=913967725.1668223745&jid=416391957&_u=YADAAEABAAAAACAEK~&z=726719001
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=913967725.1668223745&jid=416391957&_u=YADAAEABAAAAACAEK~&z=726719001 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sat, 12 Nov 2022 03:29:06 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
code.jivosite.com/script/widget/config/3bcOoG4MqH
92.223.124.24200 OK 3.9 kB URL HTTP/2 code.jivosite.com/script/widget/config/3bcOoG4MqH
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
Hash 96fb15ccabf69299bbd8593e307f5fe5
ff55f8c184c1967cd5bb71b5e21c3d12f8e4fe7a
5f0b2a160add8ecce64fb66dd2c45603e82be6fede9dc1be12495945df1dcf03
GET /script/widget/config/3bcOoG4MqH HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:06 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: gzip
expires: Sat, 12 Nov 2022 04:38:38 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-12T02:38:38+00:00
x-id: fr5-up-gc15
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v2/translations?locales[]=bn&domains[]=promo&domains[]=validators&fallback=1
35.159.51.213200 OK 342 kB URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v2/translations?locales[]=bn&domains[]=promo&domains[]=validators&fallback=1
IP 35.159.51.213:0
Size 342 kB (342374 bytes)
Hash c60c9dc4666d247c2fbd82fd70fbd4e5
df50b4827326d28188f20a973b7a71e0c8b0d893
e3727007d50278cf561a6c889831c46e819f36bf3b9bcbe2fc0a2819d01eabdd
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=bn&domains[]=promo&domains[]=validators&fallback=1 HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
Connection: keep-alive
Cookie: theme=desktop; _ga_HCZ6L6382W=GS1.1.1668223744.1.0.1668223745.0.0.0; _ga=GA1.2.913967725.1668223745; rst-uid=6997037527248928768; _gid=GA1.2.1072228301.1668223745; _gaclientid=913967725.1668223745; _gasessionid=20221112|07312618; _gahitid=1668223745078; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; cid=1795397351; prid=most_partner.1795397351; pid=14628; sip=0; PHPSESSID=vppubefek5p526d9i1if8iuh6n; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=1668223745666060505; _ym_d=1668223745; _fbp=fb.1.1668223745354.473861138; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:07 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"be9ecd30a2d743b87d943eca1e0ac33c"
x-request-id: 5ec85714f3f57febcd1d47af13e4fef6
vary: Accept-Encoding, Accept-Language
expires: Sat, 12 Nov 2022 03:29:07 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
node-sber1-az1-6.jivosite.com/widget/status/561276/3bcOoG4MqH?rnd=0.7977792894058259
188.72.107.240200 OK 3.0 kB URL HTTP/2 node-sber1-az1-6.jivosite.com/widget/status/561276/3bcOoG4MqH?rnd=0.7977792894058259
IP 188.72.107.240:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (2474), with no line terminators
Hash 118b3cf00c10cf01e88505ce3d839237
ceefa87931043ea5f91f9f4a2ddc57687bbcf71a
1b51499fe3a407f42536137a2785b506ed5869a05a29c497ee8b097d986b05bb
GET /widget/status/561276/3bcOoG4MqH?rnd=0.7977792894058259 HTTP/1.1
Host: node-sber1-az1-6.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-max-age: 1728000
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-expose-headers: X-Geoip, X-Botmode
cache-control: no-cache, no-store, must-revalidate
content-security-policy: frame-ancestors 'none';
content-type: application/json; charset=utf-8
pragma: no-cache
server: foxy/2.0.1
x-botmode: no
x-frame-options: DENY
x-geoip: NO;03;Oslo (Alna District)
content-length: 2962
date: Sat, 12 Nov 2022 03:29:07 GMT
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1668223745_25a11ff6cec5d9acf2d93f18999b95ad134e515e883f032e97d43cefb1a8b183&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032906%3Aet%3A1668223747%3Ac%3A1%3Arn%3A453530219%3Arqn%3A3%3Au%3A1668223745666060505%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668223743436%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668223747&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1668223745_25a11ff6cec5d9acf2d93f18999b95ad134e515e883f032e97d43cefb1a8b183&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032906%3Aet%3A1668223747%3Ac%3A1%3Arn%3A453530219%3Arqn%3A3%3Au%3A1668223745666060505%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668223743436%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668223747&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1668223745_25a11ff6cec5d9acf2d93f18999b95ad134e515e883f032e97d43cefb1a8b183&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032906%3Aet%3A1668223747%3Ac%3A1%3Arn%3A453530219%3Arqn%3A3%3Au%3A1668223745666060505%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668223743436%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668223747&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 187
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 12 Nov 2022 03:29:07 GMT
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 12-Nov-2022 03:29:07 GMT
last-modified: Sat, 12-Nov-2022 03:29:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1668223745_25a11ff6cec5d9acf2d93f18999b95ad134e515e883f032e97d43cefb1a8b183&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032906%3Aet%3A1668223747%3Ac%3A1%3Arn%3A21195293%3Arqn%3A4%3Au%3A1668223745666060505%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668223743436%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668223747&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(4)aw(1)ecs(1)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1668223745_25a11ff6cec5d9acf2d93f18999b95ad134e515e883f032e97d43cefb1a8b183&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032906%3Aet%3A1668223747%3Ac%3A1%3Arn%3A21195293%3Arqn%3A4%3Au%3A1668223745666060505%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668223743436%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668223747&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(4)aw(1)ecs(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1668223745_25a11ff6cec5d9acf2d93f18999b95ad134e515e883f032e97d43cefb1a8b183&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032906%3Aet%3A1668223747%3Ac%3A1%3Arn%3A21195293%3Arqn%3A4%3Au%3A1668223745666060505%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668223743436%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668223747&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(4)aw(1)ecs(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 75
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 12 Nov 2022 03:29:07 GMT
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 12-Nov-2022 03:29:07 GMT
last-modified: Sat, 12-Nov-2022 03:29:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1668223745_25a11ff6cec5d9acf2d93f18999b95ad134e515e883f032e97d43cefb1a8b183&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afp%3A2116%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032906%3Aet%3A1668223747%3Ac%3A1%3Arn%3A832402858%3Arqn%3A2%3Au%3A1668223745666060505%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3214%2C3214%2C%2C%3Aeu%3A1%3Ans%3A1668223743436%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668223747&t=gdpr(14)clc(0-0-0)rqnt(2)aw(1)ecs(1)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1668223745_25a11ff6cec5d9acf2d93f18999b95ad134e515e883f032e97d43cefb1a8b183&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afp%3A2116%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032906%3Aet%3A1668223747%3Ac%3A1%3Arn%3A832402858%3Arqn%3A2%3Au%3A1668223745666060505%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3214%2C3214%2C%2C%3Aeu%3A1%3Ans%3A1668223743436%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668223747&t=gdpr(14)clc(0-0-0)rqnt(2)aw(1)ecs(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1668223745_25a11ff6cec5d9acf2d93f18999b95ad134e515e883f032e97d43cefb1a8b183&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afp%3A2116%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032906%3Aet%3A1668223747%3Ac%3A1%3Arn%3A832402858%3Arqn%3A2%3Au%3A1668223745666060505%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3214%2C3214%2C%2C%3Aeu%3A1%3Ans%3A1668223743436%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668223747&t=gdpr(14)clc(0-0-0)rqnt(2)aw(1)ecs(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 69
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 12 Nov 2022 03:29:07 GMT
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 12-Nov-2022 03:29:07 GMT
last-modified: Sat, 12-Nov-2022 03:29:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1668223745_25a11ff6cec5d9acf2d93f18999b95ad134e515e883f032e97d43cefb1a8b183&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032906%3Aet%3A1668223747%3Ac%3A1%3Arn%3A485397775%3Arqn%3A5%3Au%3A1668223745666060505%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668223743436%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668223747&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)rqnl(1)ti(2)
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1668223745_25a11ff6cec5d9acf2d93f18999b95ad134e515e883f032e97d43cefb1a8b183&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032906%3Aet%3A1668223747%3Ac%3A1%3Arn%3A485397775%3Arqn%3A5%3Au%3A1668223745666060505%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668223743436%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668223747&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)rqnl(1)ti(2)
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&charset=utf-8&hittoken=1668223745_25a11ff6cec5d9acf2d93f18999b95ad134e515e883f032e97d43cefb1a8b183&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahc77qkb9hqc2jb24budq4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A921%3Acn%3A1%3Adp%3A0%3Als%3A1141034594963%3Ahid%3A605983992%3Az%3A0%3Ai%3A20221112032906%3Aet%3A1668223747%3Ac%3A1%3Arn%3A485397775%3Arqn%3A5%3Au%3A1668223745666060505%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1668223743436%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1668223747&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 79
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sat, 12 Nov 2022 03:29:07 GMT
access-control-allow-origin: https://3vsmdh0yz31vwcemst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sat, 12-Nov-2022 03:29:07 GMT
last-modified: Sat, 12-Nov-2022 03:29:07 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.195200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Nov 2022 16:40:18 GMT
expires: Fri, 10 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 125329
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 05 Nov 2022 12:31:58 GMT
expires: Sun, 05 Nov 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 572229
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
216.58.207.195200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15340, version 1.0\012- data
Hash 19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 12 Nov 2022 01:26:23 GMT
expires: Sun, 12 Nov 2023 01:26:23 GMT
cache-control: public, max-age=31536000
age: 7364
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 10 Nov 2022 21:46:16 GMT
expires: Fri, 10 Nov 2023 21:46:16 GMT
cache-control: public, max-age=31536000
age: 106971
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v1/currencies.json
35.159.51.213200 OK 751 B URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v1/currencies.json
IP 35.159.51.213:0
Hash 1ddc6c47abec9593de89ed74db7f9b0e
95fff6791a4293b42bc7fa8c61697bc86f48240e
e251d8e95b9c0b527a9e0a1d85bd4373309039127f86c973390cc0f7bd56cf25
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currencies.json HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1006
x-client-session: dye0fnnkfe2hnr2zi3ee
x-client-device-id: cxxvgmh1i3yrdmvt8jhg
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
Cookie: theme=desktop; _ga_HCZ6L6382W=GS1.1.1668223744.1.0.1668223745.0.0.0; _ga=GA1.2.913967725.1668223745; rst-uid=6997037527248928768; _gid=GA1.2.1072228301.1668223745; _gaclientid=913967725.1668223745; _gasessionid=20221112|07312618; _gahitid=1668223745078; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; cid=1795397351; prid=most_partner.1795397351; pid=14628; sip=0; PHPSESSID=vppubefek5p526d9i1if8iuh6n; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=1668223745666060505; _ym_d=1668223745; _fbp=fb.1.1668223745354.473861138; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:07 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"9a06c38e7d784277059aaa21439f7869"
x-request-id: 5965f07e665b45d79cb5fa694eabc0cc
vary: Accept-Encoding, Accept-Language
expires: Sat, 12 Nov 2022 03:29:07 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/favicon.png
35.159.51.213200 OK 2.8 kB URL HTTP/2 3vsmdh0yz31vwcemst.com/favicon.png
IP 35.159.51.213:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash f8cbfde8f3484f7a5f02189742f0f110
3eb0cec3e65d6cb0cc2744b5fa57ded1afb6e4d4
70504d4dc047aeac702b31e9290e9f5553e901d07d3844269cd966042988159a
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.png HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1006
x-client-session: dye0fnnkfe2hnr2zi3ee
x-client-device-id: cxxvgmh1i3yrdmvt8jhg
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
Cookie: theme=desktop; _ga_HCZ6L6382W=GS1.1.1668223744.1.0.1668223745.0.0.0; _ga=GA1.2.913967725.1668223745; rst-uid=6997037527248928768; _gid=GA1.2.1072228301.1668223745; _gaclientid=913967725.1668223745; _gasessionid=20221112|07312618; _gahitid=1668223745078; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; cid=1795397351; prid=most_partner.1795397351; pid=14628; sip=0; PHPSESSID=vppubefek5p526d9i1if8iuh6n; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=1668223745666060505; _ym_d=1668223745; _fbp=fb.1.1668223745354.473861138; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:08 GMT
content-type: image/png
content-length: 2810
last-modified: Wed, 09 Nov 2022 13:13:39 GMT
etag: "636ba783-afa"
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 222dd7fd7dd02b06b0baa4ef35c45441
eeaae6b9558994d6e6955ab08528af2f54ea61ac
6624a87968a6a6071a1471a60c5e0e47a084ca099d0853560fb48701f3e0dd22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6624A87968A6A6071A1471A60C5E0E47A084CA099D0853560FB48701F3E0DD22"
Last-Modified: Thu, 10 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15449
Expires: Sat, 12 Nov 2022 07:46:40 GMT
Date: Sat, 12 Nov 2022 03:29:11 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 222dd7fd7dd02b06b0baa4ef35c45441
eeaae6b9558994d6e6955ab08528af2f54ea61ac
6624a87968a6a6071a1471a60c5e0e47a084ca099d0853560fb48701f3e0dd22
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6624A87968A6A6071A1471A60C5E0E47A084CA099D0853560FB48701F3E0DD22"
Last-Modified: Thu, 10 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15449
Expires: Sat, 12 Nov 2022 07:46:40 GMT
Date: Sat, 12 Nov 2022 03:29:11 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash f044c1463644d9f6c99acb65228ada9d
c03dc1a083f7e46097c66708937ed078b59d8cbf
d29273aa7654d3faf693d52ad8b6c53a9854423c6479c95d7005f6df34a92a73
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sat, 12 Nov 2022 03:29:12 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Wed, 16 Nov 2022 01:36:13 GMT
ETag: "c03dc1a083f7e46097c66708937ed078b59d8cbf"
Last-Modified: Sat, 12 Nov 2022 01:36:14 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1565
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 768c2e94fe13b505-OSL
webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&prev_url=&lang=en&uli=false
34.117.30.199200 OK 313 kB URL HTTP/2 webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&prev_url=&lang=en&uli=false
IP 34.117.30.199:0
Size 313 kB (313391 bytes)
Hash 8fffc62e0647455f585b9b9437b41f78
5a936fa3b31dc98813fca318f44ffaa442ae2c47
2e689b42a5e3a89cb1622cfa782c800bfa9983dad1407ffe2efed4083b30f4e8
GET /customer/799213038/campaigns?url=https:%2F%2F3vsmdh0yz31vwcemst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1795397351%26pid%3D14628%26sip%3D0&prev_url=&lang=en&uli=false HTTP/1.1
Host: webchannel-content.eservice.emarsys.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3vsmdh0yz31vwcemst.com
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 03:29:11 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: *
content-type: application/json
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
code.jivo.ru/css/ff9b6aa/widget.css
92.223.126.57200 OK 69 kB URL HTTP/2 code.jivo.ru/css/ff9b6aa/widget.css
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (48184), with no line terminators
Hash b3beae1d0253a07ef753b6b24cc24596
c91b6739b982e0cc3e016acab45d9b2ff10eadbf
d9551771cd4d04cc8debf3ab95f2f4a2a867387cd1bff16ce75e948147b0520a
GET /css/ff9b6aa/widget.css HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:12 GMT
content-type: text/css
content-length: 54697
cache-control: max-age=864000
content-encoding: br
etag: "636cf1fb-d5a9"
expires: Sun, 20 Nov 2022 13:27:23 GMT
last-modified: Thu, 10 Nov 2022 12:43:39 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-10T13:27:23+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/js/ff9b6aa/omnichannelMenu.js
92.223.126.57200 OK 3.1 kB URL HTTP/2 code.jivo.ru/js/ff9b6aa/omnichannelMenu.js
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (11729), with no line terminators
Hash 9f217604f6d2c5d8e28693a122c0d843
ec45d51615cde7b96de2c3baa4c47f8c24a82fb4
4922ceb0b72ca8ec25b06d8cbc681cc2c4f290f1eb83f05373a4bb002b5ecb2f
GET /js/ff9b6aa/omnichannelMenu.js HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:13 GMT
content-type: application/javascript
content-length: 3110
access-control-allow-origin: *
cache-control: max-age=86400
content-encoding: br
etag: "636cf1fb-c26"
last-modified: Thu, 10 Nov 2022 12:43:39 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-11T13:27:27+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/css/ff9b6aa/omnichannelMenu.widget.css
92.223.126.57200 OK 946 B URL HTTP/2 code.jivo.ru/css/ff9b6aa/omnichannelMenu.widget.css
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (3072), with no line terminators
Hash 54aae6819ea34eec8a760164a2687ec1
3d0f31f6358c3e64070c13f96986c5c7be2a140c
24dd4132e43f4ec35621fc382eb561b97160f4e8094c4eece6a716a0dfaa4d22
GET /css/ff9b6aa/omnichannelMenu.widget.css HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:13 GMT
content-type: text/css
content-length: 946
cache-control: max-age=864000
content-encoding: gzip
etag: "636cf1fb-3b2"
expires: Sun, 20 Nov 2022 13:27:24 GMT
last-modified: Thu, 10 Nov 2022 12:43:39 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-10T13:27:24+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1655bda0-593c-40c8-bd9d-5c094248551b.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1655bda0-593c-40c8-bd9d-5c094248551b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash dea29172117b20fbba50877b6137a82c
4f059d139749207c70d8387abb5d8be54e97bca3
1a18bc2b4413225fb560a705ef5d228b6faa648f4908a51661be443d6d04001b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1655bda0-593c-40c8-bd9d-5c094248551b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 6771
x-amzn-requestid: 15d0cccd-10d5-4a58-91ba-181cd48d02a2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: bdMipFOqIAMFzYg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-636ec143-45dc19d1418acd1261b050e5;Sampled=0
x-amzn-remapped-date: Fri, 11 Nov 2022 21:40:20 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: wAXmVLj9L-TESuUQLMk2wvi9GH_A_kesPJUDIXN-6GLywdRpeNsYJQ==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 11 Nov 2022 21:45:13 GMT
age: 20640
etag: "4f059d139749207c70d8387abb5d8be54e97bca3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
code.jivo.ru/sounds/agent_message.mp3
92.223.126.57206 Partial Content 3.8 kB URL HTTP/2 code.jivo.ru/sounds/agent_message.mp3
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Hash 8e9a165c4cb185ffd0b2658fa088e43b
195873e5e8bbb2f5ecc32d95f90d6fb75817a649
ff81aad05612f90cf97c238f219765884e5cbf49351d8dc96a4a063c598c3f43
GET /sounds/agent_message.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Sat, 12 Nov 2022 03:29:13 GMT
content-type: audio/mpeg
content-length: 3760
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "636381a0-eb0"
expires: Sat, 03 Dec 2022 12:20:30 GMT
last-modified: Thu, 03 Nov 2022 08:53:52 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-03T12:20:30+00:00
x-id: am3-up-gc95
content-range: bytes 0-3759/3760
X-Firefox-Spdy: h2
code.jivo.ru/sounds/notification.mp3
92.223.126.57206 Partial Content 5.8 kB URL HTTP/2 code.jivo.ru/sounds/notification.mp3
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash 9aa341af370c4e59155717260ba0f282
0c1216ecead8d1409557c843d96202c063f3f252
1112436abea08c851302bba4d4e37a27e25e5ec26b20474667a3369d41154bab
GET /sounds/notification.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Sat, 12 Nov 2022 03:29:13 GMT
content-type: audio/mpeg
content-length: 5808
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "636381a0-16b0"
expires: Sat, 03 Dec 2022 12:10:40 GMT
last-modified: Thu, 03 Nov 2022 08:53:52 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-03T12:10:40+00:00
x-id: am3-up-gc95
content-range: bytes 0-5807/5808
X-Firefox-Spdy: h2
code.jivo.ru/sounds/outgoing_message.mp3
92.223.126.57206 Partial Content 5.0 kB URL HTTP/2 code.jivo.ru/sounds/outgoing_message.mp3
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Hash 7bf3e4962a5ecf1f8cbcc2ff3428f531
f75c694461a643d2e096ae8d0f6c1a9d19602eee
d44244617bf21df7a137694fa762d5cab3b82cb9fae8f33de5917977b02b2a11
GET /sounds/outgoing_message.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Sat, 12 Nov 2022 03:29:13 GMT
content-type: audio/mpeg
content-length: 5014
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "636381a0-1396"
expires: Sat, 03 Dec 2022 12:20:30 GMT
last-modified: Thu, 03 Nov 2022 08:53:52 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-03T12:20:30+00:00
x-id: am3-up-gc95
content-range: bytes 0-5013/5014
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1006/static/css/main.687ea28c.chunk.css
104.21.9.158200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1006/static/css/main.687ea28c.chunk.css
IP 104.21.9.158:0
GET /spa-static/1.4.1006/static/css/main.687ea28c.chunk.css HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 03:29:05 GMT
content-type: text/css
last-modified: Wed, 09 Nov 2022 13:23:04 GMT
vary: Accept-Encoding
etag: W/"636ba9b8-54"
expires: Sat, 12 Nov 2022 07:26:38 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 147
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tyxLgQE2qFd19763WCq1VW%2FNAJt3hEENeLsaJ4EX%2FKQR%2BI%2FjJS%2BjCwp9MGli1F1vhqr%2FGoyq50EQF8QQw2Tj2cEF3pkpuPDd1pSLFurZRA%2BrPRGw9U1TVard9w5AWG%2FY1EAU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 768c2e663fd91bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v1/footer_links
35.159.51.213200 OK 0 B URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v1/footer_links
IP 35.159.51.213:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/footer_links HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1006
x-client-session: dye0fnnkfe2hnr2zi3ee
x-client-device-id: cxxvgmh1i3yrdmvt8jhg
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
Cookie: theme=desktop; _ga_HCZ6L6382W=GS1.1.1668223744.1.0.1668223745.0.0.0; _ga=GA1.2.913967725.1668223745; rst-uid=6997037527248928768; _gid=GA1.2.1072228301.1668223745; _gaclientid=913967725.1668223745; _gasessionid=20221112|07312618; _gahitid=1668223745078; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; cid=1795397351; prid=most_partner.1795397351; pid=14628; sip=0; PHPSESSID=vppubefek5p526d9i1if8iuh6n; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=1668223745666060505; _ym_d=1668223745; _fbp=fb.1.1668223745354.473861138; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:06 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: bcae4d7d36f5c9393c465069d627033a
vary: Accept-Encoding, Accept-Language
expires: Sat, 12 Nov 2022 03:29:06 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese
IP 142.250.74.10:0
GET /css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://front.cdn-mb.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 12 Nov 2022 03:29:06 GMT
date: Sat, 12 Nov 2022 03:29:06 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/upload/spa/olympics.json?1668223745095
35.159.51.213200 OK 0 B URL HTTP/2 3vsmdh0yz31vwcemst.com/upload/spa/olympics.json?1668223745095
IP 35.159.51.213:0
Analyzer Verdict Alert quad9 Sinkholed
GET /upload/spa/olympics.json?1668223745095 HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1006
x-client-session: dye0fnnkfe2hnr2zi3ee
x-client-device-id: cxxvgmh1i3yrdmvt8jhg
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
Cookie: theme=desktop; _ga_HCZ6L6382W=GS1.1.1668223744.1.0.1668223744.0.0.0; _ga=GA1.2.913967725.1668223745; rst-uid=6997037527248928768; _gid=GA1.2.1072228301.1668223745; _gaclientid=913967725.1668223745; _gasessionid=20221112|07312618; _gahitid=1668223745078; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; cid=1795397351; prid=most_partner.1795397351; pid=14628; sip=0; PHPSESSID=6tm6h56dprg7s8duujffqa4p8c; lunetics_locale=bn; tz=Europe%2FOslo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:05 GMT
content-type: application/json
last-modified: Sat, 05 Feb 2022 09:22:38 GMT
vary: Accept-Encoding
etag: W/"61fe41de-2d"
expires: Sat, 19 Nov 2022 03:29:05 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/api/v1/auth/providers
35.159.51.213200 OK 0 B URL HTTP/2 3vsmdh0yz31vwcemst.com/api/v1/auth/providers
IP 35.159.51.213:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/auth/providers HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1006
x-client-session: dye0fnnkfe2hnr2zi3ee
x-client-device-id: cxxvgmh1i3yrdmvt8jhg
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
Cookie: theme=desktop; _ga_HCZ6L6382W=GS1.1.1668223744.1.0.1668223745.0.0.0; _ga=GA1.2.913967725.1668223745; rst-uid=6997037527248928768; _gid=GA1.2.1072228301.1668223745; _gaclientid=913967725.1668223745; _gasessionid=20221112|07312618; _gahitid=1668223745078; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; cid=1795397351; prid=most_partner.1795397351; pid=14628; sip=0; PHPSESSID=vppubefek5p526d9i1if8iuh6n; lunetics_locale=bn; tz=Europe%2FOslo; _ym_uid=1668223745666060505; _ym_d=1668223745; _fbp=fb.1.1668223745354.473861138; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:07 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 1e82326ba2fe7f06804afe14663e7527
vary: Accept-Encoding, Accept-Language
expires: Sat, 12 Nov 2022 03:29:07 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
35.159.51.213200 OK 0 B URL HTTP/2 3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
IP 35.159.51.213:0
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/casino-reg?cid=1795397351&pid=14628&sip=0 HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:04 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3vsmdh0yz31vwcemst.com/favicon.ico
35.159.51.213200 OK 0 B URL HTTP/2 3vsmdh0yz31vwcemst.com/favicon.ico
IP 35.159.51.213:0
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 3vsmdh0yz31vwcemst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/partners/casino-reg?cid=1795397351&pid=14628&sip=0
Cookie: theme=desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sat, 12 Nov 2022 03:29:05 GMT
content-type: image/x-icon
last-modified: Wed, 09 Nov 2022 13:13:39 GMT
vary: Accept-Encoding
etag: W/"636ba783-1536"
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1006/static/js/30.5d5a8d2f.chunk.js
104.21.9.158200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1006/static/js/30.5d5a8d2f.chunk.js
IP 104.21.9.158:0
GET /spa-static/1.4.1006/static/js/30.5d5a8d2f.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3vsmdh0yz31vwcemst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sat, 12 Nov 2022 03:29:05 GMT
content-type: application/javascript
last-modified: Wed, 09 Nov 2022 13:23:04 GMT
vary: Accept-Encoding
etag: W/"636ba9b8-7ac65"
expires: Sat, 12 Nov 2022 07:26:38 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 146
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yo48JT665zIxn8SOelRx8pH%2BznSdOx7EfK7k5NUl6xf4FFPLhlLxIT4elGSmtZMsd%2FZJkkDH%2BgT7iNWJ8qqJxicOAEnEOa%2FRabVbYYWytOj30fmi2sTMsCK9SC7pj2RT35g0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 768c2e668ff41bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2