8a1e2ftbmb.com/kYwS/0/0/0/0/0/6aee6h9a28we2wjc14
18.194.45.24308 Permanent Redirect 164 B URL HTTP/1.1 8a1e2ftbmb.com/kYwS/0/0/0/0/0/6aee6h9a28we2wjc14
IP 18.194.45.24:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f23c4815ecaef1588f16ac735c0e15d6
026bf8cdd5076014b6fc822878e0086eb44da556
43a81fb3d47b34e7d42d6b8444f592ed9251b8e57db8f67d32419aa40b1480d0
GET /kYwS/0/0/0/0/0/6aee6h9a28we2wjc14 HTTP/1.1
Host: 8a1e2ftbmb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 308 Permanent Redirect
Server: nginx
Date: Sun, 27 Nov 2022 18:10:50 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://8a1e2ftbmb.com/kYwS/0/0/0/0/0/6aee6h9a28we2wjc14
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6947
Expires: Sun, 27 Nov 2022 20:06:38 GMT
Date: Sun, 27 Nov 2022 18:10:51 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4913
Cache-Control: max-age=150135
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:51 GMT
Etag: "63833c71-1d7"
Expires: Tue, 29 Nov 2022 11:53:06 GMT
Last-Modified: Sun, 27 Nov 2022 10:31:13 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12564
Expires: Sun, 27 Nov 2022 21:40:15 GMT
Date: Sun, 27 Nov 2022 18:10:51 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 17:17:40 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3191
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SNPR/5sdFOn2p7M6Ct6+6oucckHVEkWwQZwpNrwCvHrMjq5ukDd/WdzvkAfkl+0oK4Mum0KOUzI=
x-amz-request-id: EBRBQ3JTQA6XS97M
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 17:44:43 GMT
age: 1568
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 946f1ac0917bba581c3c5323b1b5459e
ed32d2e0ef587b7c991d8144d236bb69b6a2d4fc
eb5fbea36974862dacb8933943484f3ca47ba89455b28233308c44857b91ef58
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB5FBEA36974862DACB8933943484F3CA47BA89455B28233308C44857B91EF58"
Last-Modified: Sun, 27 Nov 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7428
Expires: Sun, 27 Nov 2022 20:14:39 GMT
Date: Sun, 27 Nov 2022 18:10:51 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:51 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5af0e730581ced5a3819b7c5af4f5d5e
e97bdddac5fee842e76f2e34b9e5354ce771a3ff
6ceb08c224355e9d6eccdae37f34237312db64292155181517b2efbbfaf5a84e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6CEB08C224355E9D6ECCDAE37F34237312DB64292155181517B2EFBBFAF5A84E"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7428
Expires: Sun, 27 Nov 2022 20:14:39 GMT
Date: Sun, 27 Nov 2022 18:10:51 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 825010efa8a4bfdf6a99d4244f3e235b
5c6ecacbc5666e10e4be13241617c32cae72228f
3bcd60b45e75ee1b782b0e734d46d1f5444bb182f7ac79375a1d95769d9048ed
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2366
Cache-Control: max-age=151874
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:51 GMT
Etag: "63834d2f-117"
Expires: Tue, 29 Nov 2022 12:22:05 GMT
Last-Modified: Sun, 27 Nov 2022 11:42:39 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 825010efa8a4bfdf6a99d4244f3e235b
5c6ecacbc5666e10e4be13241617c32cae72228f
3bcd60b45e75ee1b782b0e734d46d1f5444bb182f7ac79375a1d95769d9048ed
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2366
Cache-Control: max-age=151874
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:51 GMT
Etag: "63834d2f-117"
Expires: Tue, 29 Nov 2022 12:22:05 GMT
Last-Modified: Sun, 27 Nov 2022 11:42:39 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
54.230.111.20200 OK 23 kB URL HTTP/1.1 cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
IP 54.230.111.20:0
File type C source, ASCII text, with very long lines (539)
Hash bfcc64224f8c6e43e026afb16bd0f4f8
4b1a0dbd96c3047a917ba024690ffc4d544b8b00
c87358a7c76c044147379c9415f96488045b936666093c83fd0e57e08316548e
GET /js/11DAF087E87A3DFD/scarab-v2.js HTTP/1.1
Host: cdn.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Timing-Allow-Origin: *
Date: Sun, 27 Nov 2022 18:05:39 GMT
Cache-Control: max-age=3600,public
ETag: "aa53180343ab25d32aa7294158ca3216--gzip"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: z2IeEC96Jiad3cJUgQBByD-MFL3mdQerRv8DDha1ayKYXaf_FVd5LA==
Age: 572
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 825010efa8a4bfdf6a99d4244f3e235b
5c6ecacbc5666e10e4be13241617c32cae72228f
3bcd60b45e75ee1b782b0e734d46d1f5444bb182f7ac79375a1d95769d9048ed
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1770
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:51 GMT
Last-Modified: Sun, 27 Nov 2022 17:41:22 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
front.cdn-mb.com/spa-static/1.4.1027/static/css/main.687ea28c.chunk.css
172.67.160.69200 OK 11 kB URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1027/static/css/main.687ea28c.chunk.css
IP 172.67.160.69:0
Hash 329dd5a0fc28549268b17e07c816cd94
6b89cf30e289302f363776428ea51b85cb8588f2
04cc9e71806b6e5737de2e040f0afeed57bafcbb76b13d03e91dfb70f4a79686
GET /spa-static/1.4.1027/static/css/main.687ea28c.chunk.css HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 18:10:51 GMT
content-type: text/css
last-modified: Sat, 26 Nov 2022 12:01:26 GMT
vary: Accept-Encoding
etag: W/"63820016-54"
expires: Sun, 27 Nov 2022 20:27:56 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 6175
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9aKqwSg6if5VTSMJ5LJND5iddLBvvpW0bcdCag3cvtGt2xFPJT3kzwpBTeK9Y882lyUSSCb9eG5RTDO7eXZBzEoTa2iLzjDb03MQuWpEatwzoR4Uvrr5hmMjRv5D2EUbBKgZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770cd2b21beab50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
142.250.74.168200 OK 57 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (13906)
Hash 3fc880ecd6f16d2ae230ca878e911c3c
88322f8be6d0a8016a1c8975630cab0109406474
de0c82f425aca7c9c9fcdf6eb08f61a285137f8fa524e6685301d1e3e308eaa4
GET /gtm.js?id=GTM-5PMSX62 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 27 Nov 2022 18:10:51 GMT
expires: Sun, 27 Nov 2022 18:10:51 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 56922
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
rstat.rockmostbet.com/public/rstat_pixel_spa.js
162.55.5.93200 OK 10 kB URL HTTP/2 rstat.rockmostbet.com/public/rstat_pixel_spa.js
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
Hash beb651622fc41f7197af6c07dc886f25
e59eece7a131b2940fbd0a02fcc74bc39a130d17
f05d3b023d47c83cbf67e7031a8657aab2f282563eb84480c341c44e80097ac1
GET /public/rstat_pixel_spa.js HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/javascript
etag: "rlhpsr806"
last-modified: Thu, 17 Nov 2022 11:41:15 GMT
server: Caddy
x-content-type-options: nosniff
content-length: 10374
date: Sun, 27 Nov 2022 18:10:51 GMT
X-Firefox-Spdy: h2
static.scarabresearch.com/wpjs/wpes6.js?ts=2760
54.230.111.9200 OK 32 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wpes6.js?ts=2760
IP 54.230.111.9:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash bf5659612719f74f46d9d2cecc7178fe
819ef76d0e68809b00fce0034395a6e710babc6d
8c1a0a865bfd8579ba7f7d5d3d81acab82093a6078ce207f16e5869c6f0a38a1
GET /wpjs/wpes6.js?ts=2760 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 10 Oct 2022 11:09:51 GMT
x-amz-version-id: B7kEOPd3f.UUaahYeIIXT30URW6wDjD.
Server: AmazonS3
Content-Encoding: gzip
Date: Sun, 27 Nov 2022 06:05:45 GMT
Cache-Control: max-age=86400
ETag: W/"aea14a7926cfb79f14472c23a4b1543b"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: qTcn3Pbk3aURqg3buK5zVTpHZBgoyrTOTs2u0gPF4BvzY9yRLPgxSQ==
Age: 80885
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:52 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 18:08:54 GMT
cache-control: public,max-age=3600
age: 118
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6560
Cache-Control: max-age=146719
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:52 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 10:56:11 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
front.cdn-mb.com/spa-static/1.4.1027/static/js/main.093062f9.chunk.js
172.67.160.69200 OK 242 kB URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1027/static/js/main.093062f9.chunk.js
IP 172.67.160.69:0
File type ASCII text, with very long lines (65461)
Size 242 kB (242407 bytes)
Hash 7c8db11b3407f4677e8a563b0a352fe8
8be049d98a5a106229e0f22d2166d997953bd076
3b369fbd2711d939ae3c2fcb44756e6b0e384a6233ceb7c3272c7de252a69161
GET /spa-static/1.4.1027/static/js/main.093062f9.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 18:10:51 GMT
content-type: application/javascript
last-modified: Sat, 26 Nov 2022 12:01:26 GMT
vary: Accept-Encoding
etag: W/"63820016-5c036"
expires: Sun, 27 Nov 2022 20:50:27 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 4824
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2F7QjJKLqYg11sYYe7g95oaviZd3elERdMiMxwe4cpznikwXgIWWdPsle9a4rPkDJJUQHm2o7PJjPRKct9FyWuISEQaS%2B%2FKdfCDHwoSVKXxDf1GGjd%2FKa0XaISsCVr5%2Bs8Ru"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770cd2b20bcfb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 43dca8ebcf06bd09eb16b5516072ec48
84fe572e189c13383dc0a805a90c07de69c48ee6
be524e069364f1231ff9f6f8a5ca6ae8aa4353ba95fa7913c30c13ed008ab8fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE524E069364F1231FF9F6F8A5CA6AE8AA4353BA95FA7913C30C13ED008AB8FD"
Last-Modified: Sat, 26 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3414
Expires: Sun, 27 Nov 2022 19:07:46 GMT
Date: Sun, 27 Nov 2022 18:10:52 GMT
Connection: keep-alive
rstat.rockmostbet.com/lib.js
162.55.5.93200 OK 250 kB URL HTTP/2 rstat.rockmostbet.com/lib.js
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
Size 250 kB (250526 bytes)
Hash f81e1fb46cfb1da55699cbd45ac0d2a1
1e4533a382d0e7e11ad2e9bc46710fb7a0239a96
286a9ede655f2999c00ea92b9bcc9585fb5d490430f5e60470938307921afe7e
GET /lib.js HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript
date: Sun, 27 Nov 2022 18:10:52 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7002695253434040320; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 0
x-xss-protection: 1
content-length: 236698
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/partners/sport_logo.png
18.193.128.9404 Not Found 94 kB URL HTTP/2 c4adbk4m41qwkxamst.com/partners/sport_logo.png
IP 18.193.128.9:0
Hash 0f849545256998d3908bce8a39f6eb88
16b31792b63e0f1d9efc10578e660ae122a3881c
225dfd652754fb71f03d038393c8a1d6255cc5dba9c2a721132b3a69b61fcad7
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/sport_logo.png HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Cookie: theme=desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Sun, 27 Nov 2022 18:10:52 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Sun, 27 Nov 2022 16:41:08 GMT
expires: Sun, 27 Nov 2022 18:41:08 GMT
cache-control: public, max-age=7200
age: 5384
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1def611ed1604b222e2c1b4e5b4dbbb3
efab3f910adb2498ed4aa794df938959e861b0f1
e455592a25ecac760d03d4ca2ff3ec5a74332ff8e4d9d38384390a20d3e959f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6032
Cache-Control: max-age=109482
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:52 GMT
Etag: "63829946-1d7"
Expires: Tue, 29 Nov 2022 00:35:34 GMT
Last-Modified: Sat, 26 Nov 2022 22:55:02 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.42.74.230101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.74.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: oGx2ypT3Nd5SPD3wmFT0uQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 4BdZoefyl/ZrlFhfOXkwW41bpfI=
c4adbk4m41qwkxamst.com/api/v1/countries.json
18.193.128.9200 OK 34 kB URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/countries.json
IP 18.193.128.9:0
File type JSON data\012- , ASCII text, with very long lines (36345)
Hash 2df4a776b079fb6cb523f14a8f6e0048
558f295eceab8951a09933ac2fbc1fd75d6257b3
f79ae3ce4fa9c9f3020be7f9d005b3239709fc9a738c82774282b067560f8223
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/countries.json HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 04 Dec 2022 18:10:52 GMT
set-cookie: PHPSESSID=9f5vtq5u8kjucnkrv53uosba49; expires=Tue, 27-Dec-2022 18:10:52 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=bn; expires=Mon, 28-Nov-2022 18:10:52 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sun, 04-Dec-2022 18:10:52 GMT; Max-Age=604800; path=/; secure
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/websocket/credentials
18.193.128.9200 OK 1.2 kB URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/websocket/credentials
IP 18.193.128.9:0
Hash 0e2a809f8cf73df9a1a382671a2ccdd7
9439ad987c158fd16acc2ea164ac44d9b13a5d42
d9c5f92a565a541b593b83434935b435b581333a48bed7578dfdafc603c56761
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/websocket/credentials HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:52 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 3cfecb105349de644c5c84bc42c303f9
vary: Accept-Encoding, Accept-Language
expires: Sun, 27 Nov 2022 18:10:52 GMT
set-cookie: PHPSESSID=ijnq1938ve3tm767ikm2h0mh4p; expires=Tue, 27-Dec-2022 18:10:52 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=bn; expires=Mon, 28-Nov-2022 18:10:52 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sun, 04-Dec-2022 18:10:52 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1def611ed1604b222e2c1b4e5b4dbbb3
efab3f910adb2498ed4aa794df938959e861b0f1
e455592a25ecac760d03d4ca2ff3ec5a74332ff8e4d9d38384390a20d3e959f7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6032
Cache-Control: max-age=109482
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:52 GMT
Etag: "63829946-1d7"
Expires: Tue, 29 Nov 2022 00:35:34 GMT
Last-Modified: Sat, 26 Nov 2022 22:55:02 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
mc.yandex.ru/metrika/tag.js
87.250.251.119200 OK 73 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.251.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (587)
Hash 1d79426653c3b55939eaec59a2ce8ef5
c6db0314df7a4e5c08047f6306e0b79a1ad3bab2
2729cfe8b2f5142cf99734cbb4e1a3c6cd35868d279cd796db49ef62742ef993
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73267
date: Sun, 27 Nov 2022 18:10:52 GMT
access-control-allow-origin: *
etag: "637f41b2-11e33"
expires: Sun, 27 Nov 2022 19:10:52 GMT
last-modified: Thu, 24 Nov 2022 13:04:34 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 44e33225fba97217bf0be1d30d3f03c1
e5d8d250d03be9be3397ae92862439b50f226d06
4135c7dd7ac6270008692146d80d6e0b2e416bcf3cb9093022213ab97ef040f2
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 673
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sun, 27 Nov 2022 18:10:52 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7002695253434040320; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 93
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 002c036234d2e14ab8891045648847dd
730ed89257a756b4e4d43b23121b5777e98508e0
0a0d6663f5853fe8665d64111ff00d32df7bb7a96cb1f7fb95f9b103a5dadfea
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 758
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sun, 27 Nov 2022 18:10:52 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7002695253434040320; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 68
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/connection/websocket
18.193.128.9101 Switching Protocols 0 B URL HTTP/1.1 c4adbk4m41qwkxamst.com/connection/websocket
IP 18.193.128.9:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /connection/websocket HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://c4adbk4m41qwkxamst.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: BAz9keB0ixZgZoVwLHztew==
Connection: keep-alive, Upgrade
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0; PHPSESSID=c7eqkk7oifuvj0dsuf5ijcijfh; lunetics_locale=bn; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1669572652.1.0.1669572652.0.0.0; _ga=GA1.2.365128270.1669572652; rst-uid=7002695253434040320; _gid=GA1.2.1483196567.1669572652; _gaclientid=365128270.1669572652; _gasessionid=20221127|07068001; _gahitid=1669572652296; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Sun, 27 Nov 2022 18:10:52 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: 9E0RuBFxFBzhDdWOXOAwJWLITJ8=
mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181052%3Aet%3A1669572653%3Ac%3A1%3Arn%3A95472044%3Arqn%3A1%3Au%3A1669572653475157107%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C77%2C55%2C0%2C540%2C0%2C%2C510%2C3%2C%2C%2C%2C1201%3Ans%3A1669572650618%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669572653%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
87.250.251.119302 Found 43 B URL HTTP/2 mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181052%3Aet%3A1669572653%3Ac%3A1%3Arn%3A95472044%3Arqn%3A1%3Au%3A1669572653475157107%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C77%2C55%2C0%2C540%2C0%2C%2C510%2C3%2C%2C%2C%2C1201%3Ans%3A1669572650618%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669572653%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /watch/37954615?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181052%3Aet%3A1669572653%3Ac%3A1%3Arn%3A95472044%3Arqn%3A1%3Au%3A1669572653475157107%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C77%2C55%2C0%2C540%2C0%2C%2C510%2C3%2C%2C%2C%2C1201%3Ans%3A1669572650618%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669572653%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/37954615/1?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181052%3Aet%3A1669572653%3Ac%3A1%3Arn%3A95472044%3Arqn%3A1%3Au%3A1669572653475157107%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C77%2C55%2C0%2C540%2C0%2C%2C510%2C3%2C%2C%2C%2C1201%3Ans%3A1669572650618%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669572653%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Sun, 27 Nov 2022 18:10:53 GMT
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
set-cookie: yandexuid=6099906401669572653; Expires=Mon, 27-Nov-2023 18:10:53 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=6099906401669572653; Expires=Mon, 27-Nov-2023 18:10:53 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1794046341669572653; Path=/; SameSite=None; Secure
i=8BRG3z/cD4J9N3e8gwGSbIIlPPA6ar8sclFwU/d5kOxZfk6P/rbktUarxwNvvhtT/LUQ9irz+jrZfWKINfOUr+37WOI=; Expires=Wed, 24-Nov-2032 18:10:51 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1701108653.yc.1669572653#1701108653.yrts.1669572653#1701108653.yrtsi.1669572653; Expires=Mon, 27-Nov-2023 18:10:53 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 27-Nov-2022 18:10:53 GMT
last-modified: Sun, 27-Nov-2022 18:10:53 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/logo
18.193.128.9200 OK 131 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/logo
IP 18.193.128.9:0
File type JSON data\012- , ASCII text, with very long lines (338), with no line terminators
Hash e2c4520c4125aefcdf2c1694113140df
052e767ae8dc1f1a8059c5a19700252971569c75
fc9b5acbe55962ed7c780b2159128e4a29fcf9cc39d9a1b7f6a5e9369ff7eee8
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/logo HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0; PHPSESSID=c7eqkk7oifuvj0dsuf5ijcijfh; lunetics_locale=bn; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1669572652.1.0.1669572652.0.0.0; _ga=GA1.2.365128270.1669572652; rst-uid=7002695253434040320; _gid=GA1.2.1483196567.1669572652; _gaclientid=365128270.1669572652; _gasessionid=20221127|07068001; _gahitid=1669572652296; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
If-None-Match: W/"9fae6e123baa3436bdbe37f62d18440c"
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:52 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"9fae6e123baa3436bdbe37f62d18440c"
x-request-id: 5c6cf1bf6cfad716d7aa61105aca2aed
vary: Accept-Encoding, Accept-Language
expires: Sun, 27 Nov 2022 18:10:52 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181052%3Aet%3A1669572653%3Ac%3A1%3Arn%3A95472044%3Arqn%3A1%3Au%3A1669572653475157107%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C77%2C55%2C0%2C540%2C0%2C%2C510%2C3%2C%2C%2C%2C1201%3Ans%3A1669572650618%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669572653%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
87.250.251.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181052%3Aet%3A1669572653%3Ac%3A1%3Arn%3A95472044%3Arqn%3A1%3Au%3A1669572653475157107%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C77%2C55%2C0%2C540%2C0%2C%2C510%2C3%2C%2C%2C%2C1201%3Ans%3A1669572650618%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669572653%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
IP 87.250.251.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 27fc8b8b11a29265daa990bbb1d54945
3271beecff6ad0c83ac3d09d2f5f5a22931c639f
a8db1c6642adad45a153b63fad42ca90cac44f22f29dc0fc370861cd51ba6022
GET /watch/37954615/1?wmode=7&page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181052%3Aet%3A1669572653%3Ac%3A1%3Arn%3A95472044%3Arqn%3A1%3Au%3A1669572653475157107%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A3%2C77%2C55%2C0%2C540%2C0%2C%2C510%2C3%2C%2C%2C%2C1201%3Ans%3A1669572650618%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669572653%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Referer: https://c4adbk4m41qwkxamst.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Sun, 27 Nov 2022 18:10:53 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 27-Nov-2022 18:10:53 GMT
last-modified: Sun, 27-Nov-2022 18:10:53 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v2/translations?locales[]=bn&domains[]=messages&fallback=1
18.193.128.9200 OK 748 kB URL HTTP/2 c4adbk4m41qwkxamst.com/api/v2/translations?locales[]=bn&domains[]=messages&fallback=1
IP 18.193.128.9:0
Size 748 kB (747627 bytes)
Hash 8cb35cdff7647d1c95d83091d15baf09
d19952157390a00b60d2d263dd1f9252ad11ea49
c998bc2596e42e5c0acada4727c85d71327422f074b1b841b0a6825ff126b8b3
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=bn&domains[]=messages&fallback=1 HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Connection: keep-alive
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0; PHPSESSID=c7eqkk7oifuvj0dsuf5ijcijfh; lunetics_locale=bn; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1669572652.1.0.1669572652.0.0.0; _ga=GA1.2.365128270.1669572652; rst-uid=7002695253434040320; _gid=GA1.2.1483196567.1669572652; _gaclientid=365128270.1669572652; _gasessionid=20221127|07068001; _gahitid=1669572652296; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1669572653475157107; _ym_d=1669572653
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 04 Dec 2022 18:10:52 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&rl=&if=false&ts=1669572652714&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1669572652714.2008739567&it=1669572652325&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&rl=&if=false&ts=1669572652714&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1669572652714.2008739567&it=1669572652325&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&rl=&if=false&ts=1669572652714&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1669572652714.2008739567&it=1669572652325&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Sun, 27 Nov 2022 18:10:53 GMT
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9f6cc8d3fe9092a6d3901e873a87fd87
2e0aac117a4cc57596efb3d6f6624c269f94b031
e73982e62b92abac3d15b161f4525448cc2bc8b9bacefdcbfc6f87b74ec372e4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
142.250.74.164200 OK 578 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
IP 142.250.74.164:0
File type ASCII text, with very long lines (909), with no line terminators
Hash 3e76aebafdd4150fa61a56cdc3f82f57
49417a42da96934c362d8cb10a54c163d5acfa86
c90ef1d881a67c453f7f446700ace6cb440f23a7cc4534151c5ed07556353324
GET /recaptcha/api.js?onload=onloadcallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Sun, 27 Nov 2022 18:10:53 GMT
date: Sun, 27 Nov 2022 18:10:53 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 578
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/currency-specific-settings/BDT.json
18.193.128.9200 OK 723 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/currency-specific-settings/BDT.json
IP 18.193.128.9:0
Hash 0704880252a49c2946f1c7517238c2c8
90cbf23b8b5cceab4282c175047463473b148a75
400fcd2454d23915d61eef26890d360b077f482754822769e5ed432706fced9f
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currency-specific-settings/BDT.json HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0; PHPSESSID=c7eqkk7oifuvj0dsuf5ijcijfh; lunetics_locale=bn; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1669572652.1.0.1669572652.0.0.0; _ga=GA1.2.365128270.1669572652; rst-uid=7002695253434040320; _gid=GA1.2.1483196567.1669572652; _gaclientid=365128270.1669572652; _gasessionid=20221127|07068001; _gahitid=1669572652296; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1669572653475157107; _ym_d=1669572653; _fbp=fb.1.1669572652714.2008739567
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 04 Dec 2022 18:10:53 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 404e39ceaf4993cac31cd4ae64ed53d8
10e2b28b28124446fa5a583bcaff5ff47e538d53
b9ee6e805e5d13be227139ab52f8d09882866c19c49d092b7c40069fe15b7297
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9EE6E805E5D13BE227139AB52F8D09882866C19C49D092B7C40069FE15B7297"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15301
Expires: Sun, 27 Nov 2022 22:25:54 GMT
Date: Sun, 27 Nov 2022 18:10:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 404e39ceaf4993cac31cd4ae64ed53d8
10e2b28b28124446fa5a583bcaff5ff47e538d53
b9ee6e805e5d13be227139ab52f8d09882866c19c49d092b7c40069fe15b7297
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9EE6E805E5D13BE227139AB52F8D09882866C19C49D092B7C40069FE15B7297"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15301
Expires: Sun, 27 Nov 2022 22:25:54 GMT
Date: Sun, 27 Nov 2022 18:10:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 404e39ceaf4993cac31cd4ae64ed53d8
10e2b28b28124446fa5a583bcaff5ff47e538d53
b9ee6e805e5d13be227139ab52f8d09882866c19c49d092b7c40069fe15b7297
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9EE6E805E5D13BE227139AB52F8D09882866C19C49D092B7C40069FE15B7297"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15301
Expires: Sun, 27 Nov 2022 22:25:54 GMT
Date: Sun, 27 Nov 2022 18:10:53 GMT
Connection: keep-alive
mostauthor.com/multiauth/test_cookie_set?testcookie=xa1zta9hvfxboct9tr4p
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=xa1zta9hvfxboct9tr4p
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=xa1zta9hvfxboct9tr4p HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://c4adbk4m41qwkxamst.com/
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 550b81a0c052495bb2fe524eaa62a3ee
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sun, 27 Nov 2022 18:10:52 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=x8lo5tbjhjm2c8owswuyfr
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=x8lo5tbjhjm2c8owswuyfr
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=x8lo5tbjhjm2c8owswuyfr HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://c4adbk4m41qwkxamst.com/
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 8850a65a632c4340afbc30fc42acf6d8
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sun, 27 Nov 2022 18:10:52 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 88e42375d2172305f819b892225cf877
674324641f82700172e72fe259ee2241361e2ea1
6dce3754a67df878b536c368657a492a1f908d408fe7fe5ba43c5d24c44434b3
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/test_cookie_set?testcookie=xa1zta9hvfxboct9tr4p
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=xa1zta9hvfxboct9tr4p
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=xa1zta9hvfxboct9tr4p HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 4b0a663c32c148d7922a199a79ca90f7
set-cookie: test_cooke_xa1zta9hvfxboct9tr4p=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Sun, 27 Nov 2022 18:10:52 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=x8lo5tbjhjm2c8owswuyfr
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=x8lo5tbjhjm2c8owswuyfr
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=x8lo5tbjhjm2c8owswuyfr HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 4b57d0ff1fa84d6180e8d2e3926d3e09
set-cookie: test_cooke_x8lo5tbjhjm2c8owswuyfr=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Sun, 27 Nov 2022 18:10:52 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
142.250.74.163200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 21:26:04 GMT
expires: Sun, 26 Nov 2023 21:26:04 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 74689
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=365128270.1669572652&jid=602678500&uid=0&gjid=444705982&_gid=1483196567.1669572652&_u=YADAAEAAAAAAACAEK~&z=271568453
142.251.1.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=365128270.1669572652&jid=602678500&uid=0&gjid=444705982&_gid=1483196567.1669572652&_u=YADAAEAAAAAAACAEK~&z=271568453
IP 142.251.1.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=365128270.1669572652&jid=602678500&uid=0&gjid=444705982&_gid=1483196567.1669572652&_u=YADAAEAAAAAAACAEK~&z=271568453 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 27 Nov 2022 18:10:53 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash e9895464b828d538dc654c678c82b181
af5791cd48761cb3f3f979b481c23e1508692823
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 770555aa8a0a52c611bafb289ca8a650
62504cadc49747f328e3c31ad3aa7a740043072c
6317c8530220392b1339be640b8c1181c468ff8e3f3d1d5692b39cb32404216f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 5af61422c4eaa1b995ec63e463abda26
db75634681ed688840773ce828c169ac9da7d131
506791493bb08d458008ad072ac34a26c2170c1e775b83f55f20cd8af97aa895
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:53 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.godaddy.com/
192.124.249.22200 OK 1.8 kB IP 192.124.249.22:0
Hash 82fb67402a058c83faa41136816a54a1
4dec3e10bdc572605a6cd7eb2768828dbf009c7c
6eb139766f22efe52b67da19f762037ff0026dac4b96b7700862352baf5239a3
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Sun, 27 Nov 2022 18:10:54 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19022
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Sat, 26 Nov 2022 20:05:21 GMT
Expires: Sun, 27 Nov 2022 20:05:21 GMT
ETag: "4dec3e10bdc572605a6cd7eb2768828dbf009c7c"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.195200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 14:07:32 GMT
expires: Thu, 23 Nov 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 360201
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
code.jivosite.com/widget/3bcOoG4MqH
92.223.124.24200 OK 5.9 kB URL HTTP/2 code.jivosite.com/widget/3bcOoG4MqH
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (17132), with no line terminators
Hash 1d96c1773a5a3818343907e7d3e7a695
851edb19d12b9620ce72468d5b9a85cd6f0b5805
768f3ef3243416f20b3ca1ec38c1ee00b1cbcca90c7ab21266f77d89b8182c28
GET /widget/3bcOoG4MqH HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:53 GMT
content-type: application/javascript
content-length: 5938
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: br
etag: "637b7db0-1732"
expires: Fri, 25 Nov 2022 11:11:58 GMT
last-modified: Mon, 21 Nov 2022 13:31:28 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-27T16:29:29+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivosite.com/script/widget/config/3bcOoG4MqH
92.223.124.24200 OK 3.9 kB URL HTTP/2 code.jivosite.com/script/widget/config/3bcOoG4MqH
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
Hash 02737ccb3b770fa5ecb54f88120ae86c
0e0ec2484562d3ab863d0b9b493b96e12d52f5a5
46a0a5d2469e46bfd044e7f20d0fe4ccb3ac34d93a513e68352f47f57b89fd62
GET /script/widget/config/3bcOoG4MqH HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:53 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: gzip
expires: Sun, 27 Nov 2022 18:52:53 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-27T16:52:53+00:00
x-id: fr5-up-gc15
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9979
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 18:10:54 GMT
Connection: keep-alive
mostauthor.com/multiauth/test_cookie_get?testcookie=x8lo5tbjhjm2c8owswuyfr
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=x8lo5tbjhjm2c8owswuyfr
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_get?testcookie=x8lo5tbjhjm2c8owswuyfr HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://c4adbk4m41qwkxamst.com/
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 31bdff3d66604397914d41e562e31ffb
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sun, 27 Nov 2022 18:10:53 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=xa1zta9hvfxboct9tr4p
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=xa1zta9hvfxboct9tr4p
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_get?testcookie=xa1zta9hvfxboct9tr4p HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://c4adbk4m41qwkxamst.com/
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 2cd871d43c6d490bb07fbd91a301902b
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sun, 27 Nov 2022 18:10:53 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9979
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 18:10:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9979
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 18:10:54 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9979
Expires: Sun, 27 Nov 2022 20:57:13 GMT
Date: Sun, 27 Nov 2022 18:10:54 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 76c00eceed956377d7469ef58b0815cb
97a135335f5b1b042adeb385718f8808cb78528b
81fb72ab752b2eb39ab6ee015055304490b3b6c3259968703fd07c2a2eed1e61
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff0b2959f-9d1d-41c7-a7c1-b9f52a7766ac.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7380
x-amzn-requestid: 18589644-299c-4a39-9376-db1bd1472009
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iEegIAMFeuQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-23990acc0fdc599a75a534e3;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: RqsZxAtbOkWBGbXJ3sZHxcS-ZvWOw7Yg2Qd4zj0QLhrp3wAXC8w6jA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "97a135335f5b1b042adeb385718f8808cb78528b"
content-type: image/jpeg
age: 73720
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2cd887044e91d7ed0f1a8d7119ff7dd0
ae8aa4ce6ddaccba771fe65446926b60fc5628da
bad283c15531000b7a8c126d442154b64a880cc26196a46cbd2e6266a526db67
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdee4f5d4-5a5e-4a39-9681-50795cecc0f4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10199
x-amzn-requestid: baee3bbe-7ded-425a-ae39-fccfc8169217
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iF1VIAMF09g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-5522727b2f09b27e63b23270;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: K2eKLQhrsCdd4ASsfEibRuZAYW4CpPTlO3fZs7xdoKrw1HBxfTGkEA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "ae8aa4ce6ddaccba771fe65446926b60fc5628da"
content-type: image/jpeg
age: 73720
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 741ddfb19764ac9a77509e7e87cfbfb2
308c08784ce4a0757cbd112807555b83e17a1d56
e9271a76da94d8b655860c3b00d111396c5d3a227fd2f19e0ef400fd5e84d87e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fba57ea10-c30b-4188-bb72-b589f3564094.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8817
x-amzn-requestid: 33d3ca17-7878-4897-a634-5f626a64e820
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cJ40OEOqIAMFaOg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6380a1b4-040288d571fc10b96d893fa4;Sampled=0
x-amzn-remapped-date: Fri, 25 Nov 2022 11:06:28 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: f_U8KSYET6kaKAPbEV7sHW0tO6JGijsqUvghniwzFCRd2YGQjVlFoA==
via: 1.1 f313d3df80c4dab8f5399614116801cc.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 10:16:35 GMT
age: 28459
etag: "308c08784ce4a0757cbd112807555b83e17a1d56"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1db6041a0bdb2319ae85afcc30caaeec
3b0ec6a7188dadf986f72fda8110296d9abd6f35
05f1f9b7834e7268dc34e3233434217f58cb68ee43a403cd08d0bb0ab4f37815
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F34752db1-0be8-4784-9fa0-41e828e40e06.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13049
x-amzn-requestid: 2755f206-af23-4597-b4b9-7dae5001d6be
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cBsvpHDJoAMFhFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d5b30-600008f573bd7e0024585eb1;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 23:28:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: y0ofyT6UcPjB8mfRR1VMjHSTW64Qb_EQ0rrjsOdbby1CG-xMIFJMPw==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:49:19 GMT
age: 73295
etag: "3b0ec6a7188dadf986f72fda8110296d9abd6f35"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
age: 73720
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e97baa4851785eac92c719abf481c64
c32a57038d3cdbc514c9081c9938eca6a04fb481
adb59e982648082e5421f58899a5331b2747e9d45be33c495fbe3ab8cc872b22
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8387
x-amzn-requestid: fc238ea9-0169-47fc-b92e-f12b3ee27c72
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b433YGtOoAMFexg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6379d362-2f97c67a2e5f05b6746cf858;Sampled=0
x-amzn-remapped-date: Sun, 20 Nov 2022 07:12:34 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Miss from cloudfront
x-amz-cf-id: oMrdB0NUGe5CqTY7eFd3u8xaSy9TyDdOrf1awBikFJzm3jWreD2irQ==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 82c2ab57bc9900898383f6b70681b9e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 12:30:20 GMT
age: 20434
etag: "c32a57038d3cdbc514c9081c9938eca6a04fb481"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=x8lo5tbjhjm2c8owswuyfr
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=x8lo5tbjhjm2c8owswuyfr
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash caf33483167cc6a28994a501b478f8df
8b80faf52bdfda242a8a7c2d2cff45a26c43d031
070bf1d4556043cf533cca3e374c72481fb31525f9254c46a37031fb35f69f0e
GET /multiauth/test_cookie_get?testcookie=x8lo5tbjhjm2c8owswuyfr HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Cookie: test_cooke_xa1zta9hvfxboct9tr4p=1; test_cooke_x8lo5tbjhjm2c8owswuyfr=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: e3aefe6016b041d4a665f808620d8722
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Sun, 27 Nov 2022 18:10:53 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=xa1zta9hvfxboct9tr4p
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=xa1zta9hvfxboct9tr4p
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash caf33483167cc6a28994a501b478f8df
8b80faf52bdfda242a8a7c2d2cff45a26c43d031
070bf1d4556043cf533cca3e374c72481fb31525f9254c46a37031fb35f69f0e
GET /multiauth/test_cookie_get?testcookie=xa1zta9hvfxboct9tr4p HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Cookie: test_cooke_xa1zta9hvfxboct9tr4p=1; test_cooke_x8lo5tbjhjm2c8owswuyfr=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 33f9b2c3cc1d4eb1816aba4e6a816839
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Sun, 27 Nov 2022 18:10:53 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d3c9b092aee5820bdab6595daad65d61
89e983faeedf25b3e15696f9bf6dbf76feb07868
58d24c4dde4a578c2c0191a19a5a42bdcb5be03b21a1907f60c8deaee78b7331
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d3c9b092aee5820bdab6595daad65d61
89e983faeedf25b3e15696f9bf6dbf76feb07868
58d24c4dde4a578c2c0191a19a5a42bdcb5be03b21a1907f60c8deaee78b7331
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=365128270.1669572652&jid=430324718&_u=YADAAEABAAAAACAEK~&z=2028759066
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=365128270.1669572652&jid=430324718&_u=YADAAEABAAAAACAEK~&z=2028759066
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=365128270.1669572652&jid=430324718&_u=YADAAEABAAAAACAEK~&z=2028759066 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 27 Nov 2022 18:10:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=365128270.1669572652&jid=602678500&_u=YADAAEAAAAAAACAEK~&z=393731774
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=365128270.1669572652&jid=602678500&_u=YADAAEAAAAAAACAEK~&z=393731774
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=365128270.1669572652&jid=602678500&_u=YADAAEAAAAAAACAEK~&z=393731774 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Sun, 27 Nov 2022 18:10:54 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash d3c9b092aee5820bdab6595daad65d61
89e983faeedf25b3e15696f9bf6dbf76feb07868
58d24c4dde4a578c2c0191a19a5a42bdcb5be03b21a1907f60c8deaee78b7331
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 18:10:54 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mostauthor.com/multiauth/ping
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://c4adbk4m41qwkxamst.com/
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: a94ce9eccfcf4bbe9fd5690900f7d7a3
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Sun, 27 Nov 2022 18:10:53 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/ping
185.26.99.196401 Unauthorized 35 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 56b7d88043e39baac118df00136b37fc
1a608988268ae1a633c14731692c9b7e2fc3fbb1
a18f5f834edec23ed17aa059a0eff28fe03ee6f2ecf37c596efe0b5f7cba3e3e
GET /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Cookie: test_cooke_xa1zta9hvfxboct9tr4p=1; test_cooke_x8lo5tbjhjm2c8owswuyfr=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 401 Unauthorized
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 3850b75a92424735862c65148bc28cd4
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 35
date: Sun, 27 Nov 2022 18:10:53 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash a63afcad6edc4d92cbdb7c601bbfcc50
c4114729e960c635a477ef54b5035ee1b340b3b0
9ec023a6031977d3e66a52cff224404ebab952881c37b961e595650aab85ec19
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1055
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sun, 27 Nov 2022 18:10:54 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7002695253434040320; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 1
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&hittoken=1669572653_a63b5a9d91277315afdb73512c079de328be7a352fbb8ef9fe85e9cf0b9d310b&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A2227%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181053%3Aet%3A1669572654%3Ac%3A1%3Arn%3A407542412%3Arqn%3A2%3Au%3A1669572653475157107%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3365%2C3365%2C%2C%3Aeu%3A1%3Ans%3A1669572650618%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669572654&t=gdpr(14)clc(0-0-0)rqnt(2)aw(1)ecs(1)rqnl(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&hittoken=1669572653_a63b5a9d91277315afdb73512c079de328be7a352fbb8ef9fe85e9cf0b9d310b&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A2227%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181053%3Aet%3A1669572654%3Ac%3A1%3Arn%3A407542412%3Arqn%3A2%3Au%3A1669572653475157107%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3365%2C3365%2C%2C%3Aeu%3A1%3Ans%3A1669572650618%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669572654&t=gdpr(14)clc(0-0-0)rqnt(2)aw(1)ecs(1)rqnl(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&hittoken=1669572653_a63b5a9d91277315afdb73512c079de328be7a352fbb8ef9fe85e9cf0b9d310b&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A2227%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181053%3Aet%3A1669572654%3Ac%3A1%3Arn%3A407542412%3Arqn%3A2%3Au%3A1669572653475157107%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A%2C%2C%2C%2C%2C%2C%2C%2C%2C3365%2C3365%2C%2C%3Aeu%3A1%3Ans%3A1669572650618%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669572654&t=gdpr(14)clc(0-0-0)rqnt(2)aw(1)ecs(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 69
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 27 Nov 2022 18:10:54 GMT
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 27-Nov-2022 18:10:54 GMT
last-modified: Sun, 27-Nov-2022 18:10:54 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&hittoken=1669572653_a63b5a9d91277315afdb73512c079de328be7a352fbb8ef9fe85e9cf0b9d310b&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181053%3Aet%3A1669572654%3Ac%3A1%3Arn%3A756648600%3Arqn%3A3%3Au%3A1669572653475157107%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669572650618%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669572654&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)rqnl(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&hittoken=1669572653_a63b5a9d91277315afdb73512c079de328be7a352fbb8ef9fe85e9cf0b9d310b&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181053%3Aet%3A1669572654%3Ac%3A1%3Arn%3A756648600%3Arqn%3A3%3Au%3A1669572653475157107%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669572650618%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669572654&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)rqnl(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&hittoken=1669572653_a63b5a9d91277315afdb73512c079de328be7a352fbb8ef9fe85e9cf0b9d310b&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181053%3Aet%3A1669572654%3Ac%3A1%3Arn%3A756648600%3Arqn%3A3%3Au%3A1669572653475157107%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669572650618%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669572654&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 187
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 27 Nov 2022 18:10:54 GMT
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 27-Nov-2022 18:10:54 GMT
last-modified: Sun, 27-Nov-2022 18:10:54 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&hittoken=1669572653_a63b5a9d91277315afdb73512c079de328be7a352fbb8ef9fe85e9cf0b9d310b&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181054%3Aet%3A1669572654%3Ac%3A1%3Arn%3A186117210%3Arqn%3A5%3Au%3A1669572653475157107%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669572650618%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669572654&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)rqnl(1)ti(2)
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&hittoken=1669572653_a63b5a9d91277315afdb73512c079de328be7a352fbb8ef9fe85e9cf0b9d310b&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181054%3Aet%3A1669572654%3Ac%3A1%3Arn%3A186117210%3Arqn%3A5%3Au%3A1669572653475157107%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669572650618%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669572654&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)rqnl(1)ti(2)
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&charset=utf-8&hittoken=1669572653_a63b5a9d91277315afdb73512c079de328be7a352fbb8ef9fe85e9cf0b9d310b&browser-info=pa%3A1%3Aar%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A1341129807913%3Ahid%3A575243245%3Az%3A0%3Ai%3A20221127181054%3Aet%3A1669572654%3Ac%3A1%3Arn%3A186117210%3Arqn%3A5%3Au%3A1669572653475157107%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aeu%3A1%3Ans%3A1669572650618%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1669572654&t=gdpr(14)mc(p-3)clc(0-0-0)rqnt(5)aw(1)ecs(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 79
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Sun, 27 Nov 2022 18:10:54 GMT
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Sun, 27-Nov-2022 18:10:54 GMT
last-modified: Sun, 27-Nov-2022 18:10:54 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v2/translations?locales[]=en-US&locales[]=en&locales[]=bn&domains[]=promo&domains[]=validators&fallback=1
18.193.128.9200 OK 545 kB URL HTTP/2 c4adbk4m41qwkxamst.com/api/v2/translations?locales[]=en-US&locales[]=en&locales[]=bn&domains[]=promo&domains[]=validators&fallback=1
IP 18.193.128.9:0
Size 545 kB (545254 bytes)
Hash 1631d9130ee5e4b107f6118138047e41
92f688cdefcdd7a2c76ec113fd0e1ce5581503fa
db4641414337710a4f935e9b160db0f0207e141a9e6ebdb604e5022b6d93fcf9
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=en-US&locales[]=en&locales[]=bn&domains[]=promo&domains[]=validators&fallback=1 HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Connection: keep-alive
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0; PHPSESSID=c7eqkk7oifuvj0dsuf5ijcijfh; lunetics_locale=bn; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1669572652.1.0.1669572652.0.0.0; _ga=GA1.2.365128270.1669572652; rst-uid=7002695253434040320; _gid=GA1.2.1483196567.1669572652; _gaclientid=365128270.1669572652; _gasessionid=20221127|07068001; _gahitid=1669572652296; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1669572653475157107; _ym_d=1669572653; _fbp=fb.1.1669572652714.2008739567; _ym_isad=2; _ym_visorc=b
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 04 Dec 2022 18:10:53 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
216.58.207.195200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 16:40:18 GMT
expires: Fri, 24 Nov 2023 16:40:18 GMT
cache-control: public, max-age=31536000
age: 264636
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
node-sber1-az1-6.jivosite.com/widget/status/561276/3bcOoG4MqH?rnd=0.1389596155709244
188.72.107.240200 OK 2.4 kB URL HTTP/2 node-sber1-az1-6.jivosite.com/widget/status/561276/3bcOoG4MqH?rnd=0.1389596155709244
IP 188.72.107.240:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (2001), with no line terminators
Hash b9734354f993e2d9dd5e27c990510404
e1c7fc41dd21f4cec225e34d05ef758569ed0858
433df214b9376f9530d5f2096b4674b5368042ee714b6255f4e5aeafd39b0e49
GET /widget/status/561276/3bcOoG4MqH?rnd=0.1389596155709244 HTTP/1.1
Host: node-sber1-az1-6.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-max-age: 1728000
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: X-Geoip, X-Botmode
cache-control: no-cache, no-store, must-revalidate
content-security-policy: frame-ancestors 'none';
content-type: application/json; charset=utf-8
pragma: no-cache
server: foxy/2.0.1
x-botmode: no
x-frame-options: DENY
x-geoip: NO;03;Oslo (Alna District)
content-length: 2353
date: Sun, 27 Nov 2022 18:10:54 GMT
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/auth/providers
18.193.128.9200 OK 272 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/auth/providers
IP 18.193.128.9:0
File type JSON data\012- , ASCII text, with very long lines (1293), with no line terminators
Hash c454fcc30a19a1eef9463a14e5a51b73
c8da020f25306053d23a8a526b0d62c838d9a9d9
52251e526c2fb639cae36af6bb6fb14f0f5ddcaaf960c06e30925e1de0bb5b3d
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/auth/providers HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0; PHPSESSID=c7eqkk7oifuvj0dsuf5ijcijfh; lunetics_locale=bn; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1669572652.1.0.1669572654.0.0.0; _ga=GA1.2.365128270.1669572652; rst-uid=7002695253434040320; _gid=GA1.2.1483196567.1669572652; _gaclientid=365128270.1669572652; _gasessionid=20221127|07068001; _gahitid=1669572652296; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1669572653475157107; _ym_d=1669572653; _fbp=fb.1.1669572652714.2008739567; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:54 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: a202b0c7714dd86e6126bc3af6273f02
vary: Accept-Encoding, Accept-Language
expires: Sun, 27 Nov 2022 18:10:54 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/favicon.png
18.193.128.9200 OK 2.8 kB URL HTTP/2 c4adbk4m41qwkxamst.com/favicon.png
IP 18.193.128.9:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash f8cbfde8f3484f7a5f02189742f0f110
3eb0cec3e65d6cb0cc2744b5fa57ded1afb6e4d4
70504d4dc047aeac702b31e9290e9f5553e901d07d3844269cd966042988159a
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.png HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0; PHPSESSID=c7eqkk7oifuvj0dsuf5ijcijfh; lunetics_locale=bn; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1669572652.1.0.1669572654.0.0.0; _ga=GA1.2.365128270.1669572652; rst-uid=7002695253434040320; _gid=GA1.2.1483196567.1669572652; _gaclientid=365128270.1669572652; _gasessionid=20221127|07068001; _gahitid=1669572652296; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1669572653475157107; _ym_d=1669572653; _fbp=fb.1.1669572652714.2008739567; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:55 GMT
content-type: image/png
content-length: 2810
last-modified: Sat, 26 Nov 2022 11:51:03 GMT
etag: "6381fda7-afa"
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a8d6afff0cbe8e116596c8243b46f3eb
eeaa490711393c343573c301fee43424d1764526
6bde394ac2fac3da18a9f64c7c393782ef22678c91fa4bc87ee851bb7333cb1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BDE394AC2FAC3DA18A9F64C7C393782EF22678C91FA4BC87EE851BB7333CB1C"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4670
Expires: Sun, 27 Nov 2022 19:28:48 GMT
Date: Sun, 27 Nov 2022 18:10:58 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash a8d6afff0cbe8e116596c8243b46f3eb
eeaa490711393c343573c301fee43424d1764526
6bde394ac2fac3da18a9f64c7c393782ef22678c91fa4bc87ee851bb7333cb1c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6BDE394AC2FAC3DA18A9F64C7C393782EF22678C91FA4BC87EE851BB7333CB1C"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4670
Expires: Sun, 27 Nov 2022 19:28:48 GMT
Date: Sun, 27 Nov 2022 18:10:58 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 99c49cb603572f9d3a9e527591c7c46b
e860c8fc35b0563ca350ee62314496c3e4f1dd39
338a9f328c23c1fbc983a03457f5fd3ea9adee4652b066ee215ce52c765a4f8d
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 18:11:00 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 01 Dec 2022 14:50:06 GMT
ETag: "e860c8fc35b0563ca350ee62314496c3e4f1dd39"
Last-Modified: Sun, 27 Nov 2022 14:50:07 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1094
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 770cd2e59ec8b527-OSL
webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&prev_url=&lang=en&uli=false
34.117.30.199200 OK 314 kB URL HTTP/2 webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&prev_url=&lang=en&uli=false
IP 34.117.30.199:0
Size 314 kB (314050 bytes)
Hash 58a96c268be33e2e947d3d3d6e7fb107
a5e52c9475e88e83531072a780a04ecedd4642d9
32f2eddf5674fc5036afc61284b653a4f2c1ca2be78a84a517f27dbf635d63b1
GET /customer/799213038/campaigns?url=https:%2F%2Fc4adbk4m41qwkxamst.com%2Fpartners%2Fcasino-reg%3Fcid%3D1890612157%26pid%3D156181%26sip%3D0&prev_url=&lang=en&uli=false HTTP/1.1
Host: webchannel-content.eservice.emarsys.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 18:10:58 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: *
content-type: application/json
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
code.jivo.ru/css/ccb4914/widget.css
92.223.124.24200 OK 55 kB URL HTTP/2 code.jivo.ru/css/ccb4914/widget.css
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (65536), with no line terminators
Hash db6beafebcb6086459c52128e2891078
e8c2dce373ecf80e0a81ac4e3a338ba2e477ca06
80b81399b7962fe612687b99a67f0ea45f7f651ed7cc350d0bf31587700c143c
GET /css/ccb4914/widget.css HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:11:00 GMT
content-type: text/css
content-length: 54699
cache-control: max-age=864000
content-encoding: br
etag: "637b7df3-d5ab"
expires: Fri, 02 Dec 2022 11:16:45 GMT
last-modified: Mon, 21 Nov 2022 13:32:35 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-22T11:16:45+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
34.120.237.76200 OK 5.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 433875a1b1fef34e45f2d8ac344c07e3
f2129466436cbbdd58abe42a47fb7af19eba58e6
ab1e7b46f3804640c7dd94d70c8c31ec2dfc3e2f0f015a8556d04d9d9089c450
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F297e7532-86f8-4631-9062-cdd6a291b40b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 5099
x-amzn-requestid: 57648043-7820-453d-9549-0f743b6c2557
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4jFBvoAMFl1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-53b59d607b82c264180f469d;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: VsdLWuh4rCawI5V0YYGaHxEMl2YEVNgsbjfCwzDsrnCZhRK2FkCkVw==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "f2129466436cbbdd58abe42a47fb7af19eba58e6"
content-type: image/jpeg
age: 73726
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
code.jivo.ru/css/ccb4914/omnichannelMenu.widget.css
92.223.124.24200 OK 946 B URL HTTP/2 code.jivo.ru/css/ccb4914/omnichannelMenu.widget.css
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (3072), with no line terminators
Hash 616756e88c9acc86aac6b6b286c279b0
d82c0c39f059d3b6e02c99414b2c3ff246e6d4c5
e554d5ecaf32ae2ddb56b118d144febfd84bd703f644f257db43b118fe8b792a
GET /css/ccb4914/omnichannelMenu.widget.css HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:11:00 GMT
content-type: text/css
content-length: 946
cache-control: max-age=864000
content-encoding: gzip
etag: "637b7df3-3b2"
expires: Fri, 02 Dec 2022 11:16:46 GMT
last-modified: Mon, 21 Nov 2022 13:32:35 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-22T11:16:46+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/js/ccb4914/omnichannelMenu.js
92.223.124.24200 OK 3.1 kB URL HTTP/2 code.jivo.ru/js/ccb4914/omnichannelMenu.js
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (11729), with no line terminators
Hash f647c12ea473d153c0f7e12711c3aa1a
fb4a1195a6dc927106fa3aeb69c9366ec8999d0a
0a5fe7ed0494a5afd33edcd5fbb17deeef4357abc4b9337551ba71efaa43c97b
GET /js/ccb4914/omnichannelMenu.js HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:11:00 GMT
content-type: application/javascript
content-length: 3113
access-control-allow-origin: *
cache-control: max-age=86400
content-encoding: br
etag: "637b7df3-c29"
last-modified: Mon, 21 Nov 2022 13:32:35 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-11-27T11:16:52+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 6991f67d0cd0336648b466927eda4d45
bf24f9c0e03df43087c4b9f09d6081c021842326
9a2cd54911224d1ecfa7003fdfc7bec2f1d40b8130b549b2ca979e85a16f7bf4
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 912
Origin: https://c4adbk4m41qwkxamst.com
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://c4adbk4m41qwkxamst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Sun, 27 Nov 2022 18:11:00 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7002695253434040320; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 65
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/currencies.json
18.193.128.9200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/currencies.json
IP 18.193.128.9:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currencies.json HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0; PHPSESSID=c7eqkk7oifuvj0dsuf5ijcijfh; lunetics_locale=bn; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1669572652.1.0.1669572654.0.0.0; _ga=GA1.2.365128270.1669572652; rst-uid=7002695253434040320; _gid=GA1.2.1483196567.1669572652; _gaclientid=365128270.1669572652; _gasessionid=20221127|07068001; _gahitid=1669572652296; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1669572653475157107; _ym_d=1669572653; _fbp=fb.1.1669572652714.2008739567; _ym_isad=2; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:54 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 04 Dec 2022 18:10:54 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
8a1e2ftbmb.com/kYwS/0/0/0/0/0/6aee6h9a28we2wjc14
18.194.45.24302 Found 0 B URL HTTP/2 8a1e2ftbmb.com/kYwS/0/0/0/0/0/6aee6h9a28we2wjc14
IP 18.194.45.24:0
GET /kYwS/0/0/0/0/0/6aee6h9a28we2wjc14 HTTP/1.1
Host: 8a1e2ftbmb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
server: nginx
date: Sun, 27 Nov 2022 18:10:51 GMT
content-type: text/html; charset=UTF-8
set-cookie: TID=1890612157; expires=Tue, 27-Dec-2022 18:10:51 GMT; Max-Age=2592000; path=/; domain=8a1e2ftbmb.com; HttpOnly
location: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
18.193.128.9200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
IP 18.193.128.9:0
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/casino-reg?cid=1890612157&pid=156181&sip=0 HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:51 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese
IP 142.250.74.10:0
GET /css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://front.cdn-mb.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 27 Nov 2022 18:10:53 GMT
date: Sun, 27 Nov 2022 18:10:53 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1027/static/js/30.fbf86ddc.chunk.js
172.67.160.69200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1027/static/js/30.fbf86ddc.chunk.js
IP 172.67.160.69:0
GET /spa-static/1.4.1027/static/js/30.fbf86ddc.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 27 Nov 2022 18:10:51 GMT
content-type: application/javascript
last-modified: Sat, 26 Nov 2022 12:01:26 GMT
vary: Accept-Encoding
etag: W/"63820016-7ac64"
expires: Sun, 27 Nov 2022 20:50:27 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 4824
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5cB3Gx%2B9X%2B9emsc%2BR%2FDUfk4NZT9aKfNGzVWBkMvsVtQDkPOnVaA%2BzXNwVVOaNlpiIMN6el0LS8%2BRziorMu%2BVlL2sZ43qnPvHKdhHIIEIGrndCHNqMFgHxmeQrlfLdl2svzit"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 770cd2b22c08b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/favicon.ico
18.193.128.9200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/favicon.ico
IP 18.193.128.9:0
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0; PHPSESSID=c7eqkk7oifuvj0dsuf5ijcijfh; lunetics_locale=bn; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1669572652.1.0.1669572652.0.0.0; _ga=GA1.1.365128270.1669572652
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:52 GMT
content-type: image/x-icon
last-modified: Sat, 26 Nov 2022 11:51:03 GMT
vary: Accept-Encoding
etag: W/"6381fda7-1536"
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/currency-specific-settings/RUB.json
18.193.128.9200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/currency-specific-settings/RUB.json
IP 18.193.128.9:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currency-specific-settings/RUB.json HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0; PHPSESSID=c7eqkk7oifuvj0dsuf5ijcijfh; lunetics_locale=bn; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1669572652.1.0.1669572652.0.0.0; _ga=GA1.2.365128270.1669572652; rst-uid=7002695253434040320; _gid=GA1.2.1483196567.1669572652; _gaclientid=365128270.1669572652; _gasessionid=20221127|07068001; _gahitid=1669572652296; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1669572653475157107; _ym_d=1669572653
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:53 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 04 Dec 2022 18:10:52 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/footer_links
18.193.128.9200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/footer_links
IP 18.193.128.9:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/footer_links HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0; PHPSESSID=c7eqkk7oifuvj0dsuf5ijcijfh; lunetics_locale=bn; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1669572652.1.0.1669572652.0.0.0; _ga=GA1.2.365128270.1669572652; rst-uid=7002695253434040320; _gid=GA1.2.1483196567.1669572652; _gaclientid=365128270.1669572652; _gasessionid=20221127|07068001; _gahitid=1669572652296; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; _ym_uid=1669572653475157107; _ym_d=1669572653; _fbp=fb.1.1669572652714.2008739567; _ym_isad=2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:53 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 2cb928e5592b8bba13039efc72395228
vary: Accept-Encoding, Accept-Language
expires: Sun, 27 Nov 2022 18:10:53 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/logo
18.193.128.9200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/logo
IP 18.193.128.9:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/logo HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:52 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"9fae6e123baa3436bdbe37f62d18440c"
x-request-id: ef189769c16087fc0239cb18e2947fea
vary: Accept-Encoding, Accept-Language
expires: Sun, 27 Nov 2022 18:10:52 GMT
set-cookie: PHPSESSID=2mfeep67jt20700mju25h0uel2; expires=Tue, 27-Dec-2022 18:10:52 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=bn; expires=Mon, 28-Nov-2022 18:10:52 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sun, 04-Dec-2022 18:10:52 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v1/settings
18.193.128.9200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v1/settings
IP 18.193.128.9:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/settings HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1027
x-client-session: 4ru0fvvkxjhearpai7ez
x-client-device-id: dei6hkcy9pgpbimjx3mr
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:52 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 14a59903b8a1c7be0b774afca4ab37cf
vary: Accept-Encoding, Accept-Language
expires: Sun, 27 Nov 2022 18:10:52 GMT
set-cookie: PHPSESSID=c7eqkk7oifuvj0dsuf5ijcijfh; expires=Tue, 27-Dec-2022 18:10:52 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=bn; expires=Mon, 28-Nov-2022 18:10:52 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Sun, 04-Dec-2022 18:10:52 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
c4adbk4m41qwkxamst.com/api/v2/translations?locales[]=en-US&locales[]=en&domains[]=messages&fallback=1
18.193.128.9200 OK 0 B URL HTTP/2 c4adbk4m41qwkxamst.com/api/v2/translations?locales[]=en-US&locales[]=en&domains[]=messages&fallback=1
IP 18.193.128.9:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=en-US&locales[]=en&domains[]=messages&fallback=1 HTTP/1.1
Host: c4adbk4m41qwkxamst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://c4adbk4m41qwkxamst.com/partners/casino-reg?cid=1890612157&pid=156181&sip=0
Connection: keep-alive
Cookie: theme=desktop; cid=1890612157; prid=most_partner.1890612157; pid=156181; sip=0; PHPSESSID=c7eqkk7oifuvj0dsuf5ijcijfh; lunetics_locale=bn; tz=Europe%2FOslo; _ga_9Q6VE8VYRH=GS1.1.1669572652.1.0.1669572652.0.0.0; _ga=GA1.2.365128270.1669572652; rst-uid=7002695253434040320; _gid=GA1.2.1483196567.1669572652; _gaclientid=365128270.1669572652; _gasessionid=20221127|07068001; _gahitid=1669572652296; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 18:10:52 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Sun, 04 Dec 2022 18:10:52 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2