Report - getclout-co.intuitve.co/

Report Overview

Submitted URL
getclout-co.intuitve.co/
IP
162.241.24.161
ASN
#46606 UNIFIEDLAYER-AS-1
Submitted
2023-02-01 15:53:03
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
14

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
region1.analytics.google.com	unknown	2022-03-17T12:26:33Z	2023-03-13T05:11:52Z	976 B	440 B	216.239.32.36
pj.l.admedo.com	81464	2018-08-31T03:52:54Z	2023-03-13T09:09:05Z	366 B	505 B	54.230.111.26
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	54.184.102.146
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	375 B	73 kB	142.250.74.40
backend.cyberbet.academy	unknown	2020-06-11T19:59:41Z	2023-03-07T08:21:53Z	1.9 kB	4.0 kB	34.254.83.154
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	4.5 kB	9.1 kB	142.250.74.131
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	483 B	32 kB	142.250.74.35
link.affiliates.cyber.bet	unknown	2022-05-23T16:23:27Z	2023-03-13T06:01:56Z	550 B	1.0 kB	172.66.43.156
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	366 B	21 kB	142.250.74.110
shop.similarwebline.com	unknown	2023-01-25T10:17:21Z	2023-02-27T18:54:41Z	402 B	465 B	159.69.234.10
my.rtmark.net	9054	2015-02-04T10:54:57Z	2023-03-13T05:11:40Z	1.2 kB	1.9 kB	139.45.195.8
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	854 B	18 kB	142.250.74.106
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	476 B	578 B	142.250.74.163
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
dns.firstblackphase.com	unknown	2023-01-26T15:02:02Z	2023-03-12T10:38:21Z	391 B	2.0 kB	159.69.234.10
away.firstblackphase.com	unknown	2023-01-31T10:27:07Z	2023-02-03T14:40:16Z	701 B	763 B	194.135.30.40
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	2.1 kB	5.8 kB	54.230.245.100
cdnstatic.cyber.bet	unknown	2021-04-30T21:09:27Z	2023-03-08T06:52:57Z	6.1 kB	236 kB	54.230.111.100
www.google.com	7	2015-05-10T13:11:19Z	2023-03-13T06:40:43Z	1.0 kB	1.2 kB	142.250.74.132
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	682 B	1.3 kB	93.184.220.29
cyber.bet	658696	2019-03-07T04:37:47Z	2023-03-13T06:02:01Z	19 kB	1.1 MB	172.66.43.156
store.firstblackphase.com	unknown	2023-01-31T11:07:33Z	2023-03-11T12:09:22Z	1.1 kB	1.0 kB	194.135.30.210
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-13T08:02:41Z	1.2 kB	1.2 kB	173.194.73.157
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	5.4 kB	14 kB	95.101.11.115
getclout-co.intuitve.co	unknown	2019-06-15T13:51:18Z	2023-02-01T14:42:32Z	673 B	1.2 kB	162.241.24.161
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
xml-v4.gipostart-2.co	unknown	2023-01-25T14:43:19Z	2023-03-12T01:39:09Z	374 B	269 B	173.239.53.32
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	385 B	32 kB	142.250.74.170
pool.admedo.com	4728	2014-03-06T15:36:11Z	2023-03-12T19:51:07Z	750 B	775 B	35.210.53.219
cdn.violetlovelines.com	unknown	2022-12-03T14:27:40Z	2023-03-12T05:27:32Z	391 B	4.0 kB	159.69.234.10
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.8 kB	77 kB	34.120.237.76
arctic-farmer.com	unknown	2023-01-27T19:37:30Z	2023-02-02T11:41:34Z	2.1 kB	4.0 kB	188.72.219.35

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-01	medium	arctic-farmer.com/cTG-FVzWc.zX9Yk_aaXbQc9dM-TfYg3hNiT_Ik2lNmjnc-3pNqDrMsy_MujvQw5xN-TzMAxBMCi_ZEkFdGGHt-uJPKULpMB_dO0PFQ0Rc-zTFUQVRW0_9YFZWaVbd-TdYeVfBgl_SiUjkk2lY-znhorpdqn_RsDtZukvd-GxMykzNA3_JCnDBE0Fb-jH1IDJZK0_pMPNVOHPh-JRSSlTlUu_SWnXZYZZV-1bJcpdWeV_cg1hai0jt-plQmmntoa_aqkrUsytW-XvpwBxNyE_1AXBTCXDl-OFVGEH1I3_TKmLpMZNM-UP5QHRRSX_dUaVVW1Xp-pZTa0bRcs_aeUf9gEhY-zjJkNlVm0_Vo3pTq0rR-EtVu2vxwl_cyWzVACBa-mDpEjFOGU_FIGJQKXLF-JNaOVPhQB_ZSyT0UtVJ-nXJYyZZaX_FcodPeTfl-hhNizjAkz_ZmDnhohpY-zrAswtNuT_Ew3xYy2zY-wBNCWDNEj_YGmHMIzJZ-WLVMiNOOD_EQwROSDTI-4VJWnXJYy_aaWbQc9dN-jfIg3hOiT_hkjlNmTnR-ipMqDrZsh_Mu2vIw5xM-WzEA4BOCT_ZEmFMGDHk-xJMKTLgMy_ZOGPJQhRM-zTAUmVcWn_NYyZYazb1-vddeXfQgm_eimj9kulZ-UnlokpPqT_Qs1tNuzvI-yxMyDzAA	Phishing
2023-02-01	medium	arctic-farmer.com/b/3/V.0YPo3bpgvbb/mvV/JsZmDz0o0-NOTccyyRMrjDA/w/LLTTQX1eNezvIDy/MxDwER	Phishing

mnemonic secure dns

Scan Date	Severity	Indicator	Alert
2023-02-01	medium	violetlovelines.com	Sinkholed

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-01	medium	similarwebline.com	Sinkholed
2023-02-01	medium	arctic-farmer.com	Sinkholed
2023-02-01	medium	arctic-farmer.com	Sinkholed
2023-02-01	medium	arctic-farmer.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (35)

	URL	Size	First Seen	Last Seen
	www.googletagmanager.com/gtag/destination?id=G-ZK6ZSCE3G7&l=dataLayer&cx=c	223 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/destination?id=G-ZK6ZSCE3G7&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:17:33 Last Seen2023-03-13 14:17:33 Times Seen1 Hash 5e1b4fd6a74b4325e6eb71b7d8656d4d 5799b96cc37b607595283dc905d33cfc42a8b0d6 e402bf5489d03e1aece58878a09e8b192ad4160080863f4512ac7f82793fb8be Loading...

	my.rtmark.net/p.js?f=sync&lr=1&partner=ba0d5680aec92ed9c5c9da2be8d0e8a3a577866b71c7089a32ed732bc1246910	697 B	2023-03-10	2024-01-26
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=ba0d5680aec92ed9c5c9da2be8d0e8a3a577866b71c7089a32ed732bc1246910 IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:49:08 Last Seen2024-01-26 23:34:58 Times Seen71 Hash bb07e31c2c066db5c4b3259d1f69a442 db79e9d4a817ce703b11b65faf2ba097228063b2 d96b7a3f7fe0803348c6ea7cd2f02b2a3d96feabac2339d2f89033336f6583a8 Loading...

	cdnstatic.cyber.bet/js/currencyMapping.js	16 kB	2023-03-10	2023-03-13
Pretty URL cdnstatic.cyber.bet/js/currencyMapping.js IP 54.230.111.100 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:49:08 Last Seen2023-03-13 20:30:42 Times Seen1 Hash 2a3d85d14eaeaac04949a29f3c94c548 8d14a1f32ac11f78446fdfb26d24d0944780b626 af9a360f190345d8781bcd1955ca7d5d40c9e8c95f4e096fef7c825500c9b740 Loading...

	pj.l.admedo.com/admtracker.lib.min.js	5.4 kB	2023-03-10	2023-05-13
Pretty URL pj.l.admedo.com/admtracker.lib.min.js IP 54.230.111.26 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:49:08 Last Seen2023-05-13 12:33:22 Times Seen8 Hash 5a420213029638ecea775a40089898aa 17ca797e031f3383df78562421115476d8ffb00a 412c173f93136f00006d6941a755fc6b84e29ea6a772cd274a668deef3e77dd1 Loading...

	cdnstatic.cyber.bet/js/libs/phone/intlTelInput.js	88 kB	2023-03-07	2024-04-23
Pretty URL cdnstatic.cyber.bet/js/libs/phone/intlTelInput.js IP 54.230.111.100 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:38:25 Last Seen2024-04-23 14:42:28 Times Seen89 Hash c73ba86bd67306c5889e9aac41e959e0 fff500c277ef00fd6cfc115b5e94f9281ac8d8cc 9b2b5fa78ba1f9424d7e85b0d2f160a8df6068d911dc1cfe26f78fb78d1d7172 Loading...

	cyber.bet/land/js/locales/spin/locales.js	7.9 kB	2023-03-10	2023-05-04
Pretty URL cyber.bet/land/js/locales/spin/locales.js IP 172.66.43.156 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:49:08 Last Seen2023-05-04 20:11:19 Times Seen3 Hash 85fadce1226a91f63e2910495d4fe1d8 73a88bf99be17e34d88ac059d4162b8840543d20 70fb1c50140a893dbf2e7246210a11efa4341179c45f74dd67a9072bd9827a82 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js	88 kB	2023-03-07	2024-04-24
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js IP 142.250.74.170 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-24 20:04:31 Times Seen95451 Hash 220afd743d9e9643852e31a135a9f3ae 88523924351bac0b5d560fe0c5781e2556e7693d 0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a Loading...

	cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice=	739 B	2023-03-10	2024-01-26
Pretty URL cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice= IP 172.66.43.156 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:49:08 Last Seen2024-01-26 23:34:57 Times Seen39 Hash dda0c4c5c9e00b5c718403e613cf2d57 dad1499931e90b20118a8ec383e109c61e40f207 c1931e011368966ab988daf963cbbbe32251588a274f432406550ea02f781db0 Loading...

	cyber.bet/land/casino_spin_football_regform/js/main.js?v=15	2.1 kB	2023-03-10	2023-05-04
Pretty URL cyber.bet/land/casino_spin_football_regform/js/main.js?v=15 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:49:08 Last Seen2023-05-04 20:11:20 Times Seen4 Hash d5d5a24dd254b55e7eb96bbaf7ea6aa0 6a2ec260d51ed5cbb2b53b8c2ac7668293009f7b 84fdbc7ecddd651875abd6aa6ff870755518d579c839b498c37f0c003f98c0b9 Loading...

	cdnstatic.cyber.bet/js/libs/phone/utils.js	245 kB	2023-03-07	2024-04-18
Pretty URL cdnstatic.cyber.bet/js/libs/phone/utils.js IP 54.230.111.100 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:38:25 Last Seen2024-04-18 11:23:34 Times Seen455 Hash 8f3a2154b225b6257161c4dfc9b89c9c 16b798cbb9e22cd4e1d710a8de7b12734551ca00 acaefecc2a438420ae02baa357bb498ac4abec71c80ba9e3c2b7079cacf256c2 Loading...

	cdnstatic.cyber.bet/js/libs/iso3to2.js	4.1 kB	2023-03-10	2023-05-22
Pretty URL cdnstatic.cyber.bet/js/libs/iso3to2.js IP 54.230.111.100 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:49:08 Last Seen2023-05-22 14:54:42 Times Seen5 Hash db031116c7888248916813c60a4cce2b 34bf6f00efd8944708b1a819d56cbbbe4715a069 41393b689fa5ab55cc3783118cf6c8eeb8ab4b5972cb4a7736c47837f5b461fd Loading...

	pool.admedo.com/pixel?id=148776&t=js	0 B	2023-03-07	2024-04-24
Pretty URL pool.admedo.com/pixel?id=148776&t=js IP 35.210.53.219 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-24 22:35:57 Times Seen37049343 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	away.firstblackphase.com/scripts/take.js?vr=1.8.2	5.0 kB	2023-03-13	2023-03-13
Pretty URL away.firstblackphase.com/scripts/take.js?vr=1.8.2 IP 194.135.30.40 ASN #2856 British Telecommunications PLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:18:09 Last Seen2023-03-13 15:40:34 Times Seen1 Hash 5ca21b096ed9ba396cd6fe467a533eaf 65c6faa00b6f41463e80b4afb4121a39b4e4fa68 783a250380f39107a64fa5698d7c4e3052ccce2e88d9d7e12640f2889ab4d1d6 Loading...

	www.googletagmanager.com/gtag/js?id=G-8FYNJV02NV&l=dataLayer&cx=c	217 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-8FYNJV02NV&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:17:33 Last Seen2023-03-13 14:17:33 Times Seen1 Hash 16a7bf39d7096b1f65a3ce6e025b2b94 9cd08c652cb0da298f4fde7de49b30c0ddd8cc0e 704ff9d35364c3071c526b50f7393b1fd0eca0e31293d25fed186270a76a64a5 Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	cdnstatic.cyber.bet/js/geoMapping.js	443 B	2023-03-10	2023-10-09
Pretty URL cdnstatic.cyber.bet/js/geoMapping.js IP 54.230.111.100 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:49:08 Last Seen2023-10-09 15:18:47 Times Seen12 Hash 2f6043a16c26cde9a190dbb829b5519c 791479cfced1a000ef6411990f1c4bba615b6b4c f9dfb0c2f94be90f2cdeb66286b36cdeb5d8fb0fbb9f28b1e1d3d99a3780306a Loading...

	dns.firstblackphase.com/scripts/start.js?vl=0.9.5	1.7 kB	2023-03-13	2023-03-13
Pretty URL dns.firstblackphase.com/scripts/start.js?vl=0.9.5 IP 159.69.234.10 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 13:16:45 Last Seen2023-03-13 15:40:34 Times Seen1 Hash e8025c2f37df60985c146f189efa904b 6acd32c36a0822a210b267e305821646a42ce3f3 531863f173e405b3149d06c28c9e9b768c18ff354fce7a98f3924d1ddd7e9a60 Loading...

	arctic-farmer.com/b/3/V.0YPo3bpgvbb/mvV/JsZmDz0o0-NOTccyyRMrjDA/w/LLTTQX1eNezvIDy/MxDwER	464 B	2023-03-13	2023-03-13
Pretty URL arctic-farmer.com/b/3/V.0YPo3bpgvbb/mvV/JsZmDz0o0-NOTccyyRMrjDA/w/LLTTQX1eNezvIDy/MxDwER IP 188.72.219.35 ASN #35415 Webzilla B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:17:34 Last Seen2023-03-13 14:17:34 Times Seen1 Hash 5ca1c841c9c990e1e22d433c84642860 de081c9d282e552ccbb123ca027b621486af121d 510d538b03708e43e5b1fc41c74f0db267f26ab97e1f5ff408a7e65b3b4c05cb Loading...

	cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice=	1.6 kB	2023-03-10	2024-01-26
Pretty URL cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice= IP 172.66.43.156 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:49:08 Last Seen2024-01-26 23:34:57 Times Seen39 Hash 563c19e863e3315d859414dd57018095 8a7bc9fa92864a5d6cbbceaedd1b5692776627fb 5214dde220113de229b3ea10c1ea4afa3dce510dd4c1deee822534bc62166dd1 Loading...

	cyber.bet/land/casino_spin_football_regform/js/Utils.js	3.7 kB	2023-03-10	2023-05-04
Pretty URL cyber.bet/land/casino_spin_football_regform/js/Utils.js IP 172.66.43.156 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:49:08 Last Seen2023-05-04 20:11:20 Times Seen5 Hash 70ae43934cdf82b914c47d85204f5c22 fa1b3708b71b2e307cdf8cec22ac958444f4a5ae cfc336f2f92746d022dd4ad9577ab0419dba446b8df4377eb11b7184642d2e1e Loading...

	cdnstatic.cyber.bet/js/fp.js	533 B	2023-03-10	2023-10-09
Pretty URL cdnstatic.cyber.bet/js/fp.js IP 54.230.111.100 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:49:08 Last Seen2023-10-09 15:18:47 Times Seen13 Hash d1abfbe2c5b50e7f427e41c79197dcd3 01f6142a97168fd15da33334c35ce351d676ed08 7266855231eab7a13a11e53e9df50e1c84582649d9708e9a8f72d62e8af8b569 Loading...

	store.firstblackphase.com/follow/give.php?id=93953945-77-345376456-23&qid=8568&wid=76538&kid=863843534&suid=67878056	275 B	2023-03-13	2023-03-13
Pretty URL store.firstblackphase.com/follow/give.php?id=93953945-77-345376456-23&qid=8568&wid=76538&kid=863843534&suid=67878056 IP 194.135.30.210 ASN #2856 British Telecommunications PLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:06:33 Last Seen2023-03-13 14:17:34 Times Seen1 Hash 0cf8de93c8a6a429143e238eca7e2254 c3eabe51de0377ae32e151b08cc04ce1fe3e4395 1fb74b810ee2af4796f38c34f4f4ca02374e5a4d3a881ccf46e8b8e5561d7470 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-NR2G4XB	202 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-NR2G4XB IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 14:17:34 Last Seen2023-03-13 14:17:34 Times Seen1 Hash 08302630662a001dd893cfb76bdb05d6 59503fdf3c82abd39eab6986363a0a1aef30866e cbb0ed80abf990946a8c4089d23d35071318e7c4f741db7a11522049afb076a1 Loading...

	cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice=	331 B	2023-03-10	2023-10-09
Pretty URL cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice= IP 172.66.43.156 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:49:08 Last Seen2023-10-09 15:18:47 Times Seen7 Hash b9c3d6bdb1ffaf083e5e1b6358a294c4 d2ff06cef74700843afc99a78e8bc4703de02ade 62c732a98ac2767df6e93c610f50aa9f95f7d8892da7e3c2811a9f002f4316c8 Loading...

	cdn.violetlovelines.com/scripts/global.js?v=2.0.5	12 kB	2023-03-13	2023-03-13
Pretty URL cdn.violetlovelines.com/scripts/global.js?v=2.0.5 IP 159.69.234.10 ASN #24940 Hetzner Online GmbH Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 07:18:26 Last Seen2023-03-13 15:38:54 Times Seen1 Hash ebb1285adcc9516a679b594730c2a3c9 f9101aca54aacc408e7bf238f11bbccd117b84b9 ca911ce41bbdcd9768561f56a070f8823717b67d0b825ee9a0efc1f8d26072e2 Loading...

	cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice=	373 B	2023-03-10	2023-03-13
Pretty URL cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice= IP 172.66.43.156 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:49:08 Last Seen2023-03-13 19:50:10 Times Seen1 Hash df5826533a13b8a7ce8fa6a89c1b9c2a 06cf62cd887d5ecca7c9bc18443f8b7edc39848c bdda3709dc0e198777923591da0bc1f269e16060ebb926ff124a04682774bd9c Loading...

	cdnstatic.cyber.bet/js/global.js	71 kB	2023-03-10	2023-03-13
Pretty URL cdnstatic.cyber.bet/js/global.js IP 54.230.111.100 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-10 06:49:08 Last Seen2023-03-13 15:08:47 Times Seen1 Hash 8943965f22a29b6f800a98e0eaed584f 1cfa4c3d79808cce1785967a637819b88a9d11f5 3655c70a4699f50b8ffedcba2985671c7c8788b6a73e665e45515e6b8e69e3db Loading...

	cdnstatic.cyber.bet/js/libs/jquery.nice-select.min.js	2.9 kB	2023-03-07	2024-04-18
Pretty URL cdnstatic.cyber.bet/js/libs/jquery.nice-select.min.js IP 54.230.111.100 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:01:42 Last Seen2024-04-18 22:13:37 Times Seen748 Hash 4e2def5093eb4c4281624db4a5aa8f9c c3b8e8919f96d8d34594f111b95586ec28545a36 b73acfa96127f9a41a2c76fcf2196d37ff818460d02d48415770979eb59e4f3a Loading...

		Size	First Seen	Last Seen
	#1 Eval - fea868702356dd2f7073216002d4e759	58 B	2023-03-10	2023-10-09
Pretty Observations First Seen2023-03-10 06:49:08 Last Seen2023-10-09 15:18:47 Times Seen7 Hash fea868702356dd2f7073216002d4e759 3625a96c014974f566f41516b38447929dafb5e4 1d9b92eafcbdd9c3b487de09e8e76b0c25552c9d60daf73cde231b16788b0b83 Loading...

	#2 Eval - 7269d0b2114cacaedb0519b785487922	84 B	2023-03-08	2024-04-24
Pretty Observations First Seen2023-03-08 01:40:31 Last Seen2024-04-24 16:00:14 Times Seen49 Hash 7269d0b2114cacaedb0519b785487922 db531ec467b76eb36dbe13c5a33d7b87099c6107 792f580a888b462212032166a87582b6c764e5a166b54faa0c3fffdfa6a95b1f Loading...

	#3 Eval - 14faeed9447073abce7e4bd2df76bd8e	209 B	2023-03-07	2024-04-24
Pretty Observations First Seen2023-03-07 01:32:33 Last Seen2024-04-24 16:00:14 Times Seen283 Hash 14faeed9447073abce7e4bd2df76bd8e b786cd710b75c9d2cd0c54ddfba101030cae0220 0cfc8f57ea174bb9e3a746405077c0156867dc3a2dc5901ae81c4b52e82a80ab Loading...

	#4 Eval - 0850b953a585b70b1afa351a40444c84	81 B	2023-03-10	2024-01-26
Pretty Observations First Seen2023-03-10 06:49:09 Last Seen2024-01-26 23:34:58 Times Seen39 Hash 0850b953a585b70b1afa351a40444c84 9d81b6cf79a23fafc4f0b5f5077a622fbd88959a 29d16afb11928cf04fe3eb6ec9937a4d7f5321257ce886d2918cb5d09d0cd044 Loading...

	#5 Eval - ec5836df6eeba268a0fc3eb8119d3824	65 B	2023-03-10	2024-01-26
Pretty Observations First Seen2023-03-10 06:49:09 Last Seen2024-01-26 23:34:58 Times Seen39 Hash ec5836df6eeba268a0fc3eb8119d3824 df817559287b119c318901c4de5cc04f42c816ef 7c3aab0ec1bedd74fec8eb4338a8ec29d5548db5b99bdc031bcb1b939820711c Loading...

	#6 Eval - 1bdddf0717a25257dc9b5f41948293bc	82 B	2023-03-10	2024-01-26
Pretty Observations First Seen2023-03-10 06:49:09 Last Seen2024-01-26 23:34:58 Times Seen38 Hash 1bdddf0717a25257dc9b5f41948293bc 7473e1698e1de047889207ef0e7ead943a438873 5cf62f23df0a9958ae85f7aca4742e41cc2193224a7b240b883442442ba0b62d Loading...

	#7 Eval - c8c66afc783afdaa5ccb23de68b346c3	74 B	2023-03-07	2024-04-10
Pretty Observations First Seen2023-03-07 01:03:02 Last Seen2024-04-10 12:39:55 Times Seen293 Hash c8c66afc783afdaa5ccb23de68b346c3 cb571480a4ffd5ead7677c6e63e5206f6f8d1ee6 a23001dc0a49b03a2c257d85dec6791ab3b81ab3e971cb6e0d38ae1be1473100 Loading...

HTTP Transactions (123)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d2e72d45afe3d391c204b5391599607c
149d68b9d00a720b6f380fa2324779dca9dbe26d
f6f1c295c68dfebadacb1fc812b44e01c7ede0e203615ef3e2cced2ce2251e7e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6F1C295C68DFEBADACB1FC812B44E01C7EDE0E203615EF3E2CCED2CE2251E7E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8474
Expires: Wed, 01 Feb 2023 18:14:06 GMT
Date: Wed, 01 Feb 2023 15:52:52 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
0c35c3ec659d3a26ea97e68d787bb043
d97e3672244efec5b7814f2d8a734cd1a9387854
4c946a026114ff05316d92277750facf3d5f5d162839149da0b7fb1a4cff6b5e

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4C946A026114FF05316D92277750FACF3D5F5D162839149DA0B7FB1A4CFF6B5E"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10336
Expires: Wed, 01 Feb 2023 18:45:08 GMT
Date: Wed, 01 Feb 2023 15:52:52 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Retry-After, Content-Length, Alert, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 01 Feb 2023 15:36:02 GMT
content-type: application/json
age: 1010
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
09ee4b0fe6cf4ca5ed31b24452338d00
7e62b6e20f0d4737f4a8d94f9818a0883027839e
56da08e18a408d7313de4e598984a251a0ecf85bbba98b421be9aebeb98835af

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "56DA08E18A408D7313DE4E598984A251A0ECF85BBBA98B421BE9AEBEB98835AF"
Last-Modified: Mon, 30 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2915
Expires: Wed, 01 Feb 2023 16:41:27 GMT
Date: Wed, 01 Feb 2023 15:52:52 GMT
Connection: keep-alive

getclout-co.intuitve.co/

162.241.24.161

200 OK

214 B

URL HTTP/1.1
getclout-co.intuitve.co/
IP
162.241.24.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text, with very long lines (2023), with no line terminators
Size
214 B (214 bytes)
Hash
d3c2b351e7da740f5ab84e99f446cebd
565ee0ad74a18d906d1a7fdccd30cbae82ff5b3a
cd6068a7a8129b3a424b40ab902a7c247169472d71614eac8c31463d6b02c367

HTTP Headers

GET / HTTP/1.1
Host: getclout-co.intuitve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 15:52:52 GMT
Server: Apache
Vary: Referer,Accept-Encoding,User-Agent
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Cache-Control: max-age=2592000
Expires: Fri, 03 Mar 2023 15:52:52 GMT
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Length: 214
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: TNqTPGX4hVhSrzfpm44TLUTGvaxz6+OS1oWyvq9frcOuzYASh8QfNAs6YWNob9FiJgi8Fm/b57A=
x-amz-request-id: GD3D84V67DXQH3JF
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 01 Feb 2023 15:51:37 GMT
age: 75
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 15:52:52 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
d0f5aecf6e01b0a174a0c72456de3a2c
fecce67e5e7157782607e50d39d057779dbfd51b
13150d96cff0ad1ef61cbd13255dc91d84bb845b9454bdaaa718af859d6690f4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "13150D96CFF0AD1EF61CBD13255DC91D84BB845B9454BDAAA718AF859D6690F4"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7729
Expires: Wed, 01 Feb 2023 18:01:41 GMT
Date: Wed, 01 Feb 2023 15:52:52 GMT
Connection: keep-alive

cdn.violetlovelines.com/scripts/global.js?v=2.0.5

159.69.234.10

200 OK

3.6 kB

URL HTTP/1.1
cdn.violetlovelines.com/scripts/global.js?v=2.0.5
IP
159.69.234.10:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (11707), with no line terminators
Size
3.6 kB (3603 bytes)
Hash
59a536b2d045da4d1218d24229454bb2
ff6e01c48e1ab7d7bc3c78f86e43917478a65b14
b7a81a84e8d207c400dda475ef5695726d0a24112dc4f07c2880e21e2b06b561

Detections

Analyzer	Verdict	Alert
mnemonic_dns	Sinkholed

HTTP Headers

GET /scripts/global.js?v=2.0.5 HTTP/1.1
Host: cdn.violetlovelines.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://getclout-co.intuitve.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 15:52:52 GMT
Content-Type: application/javascript
Last-Modified: Wed, 25 Jan 2023 09:20:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63d0f45d-2dbb"
Expires: Sat, 11 Feb 2023 15:52:52 GMT
Cache-Control: max-age=864000
Access-Control-Allow-Origin: *
Content-Encoding: gzip

getclout-co.intuitve.co/favicon.ico

162.241.24.161

200 OK

214 B

URL HTTP/1.1
getclout-co.intuitve.co/favicon.ico
IP
162.241.24.161:0
ASN
#46606 UNIFIEDLAYER-AS-1

File type
HTML document, ASCII text, with very long lines (2023), with no line terminators
Size
214 B (214 bytes)
Hash
d3c2b351e7da740f5ab84e99f446cebd
565ee0ad74a18d906d1a7fdccd30cbae82ff5b3a
cd6068a7a8129b3a424b40ab902a7c247169472d71614eac8c31463d6b02c367

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: getclout-co.intuitve.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://getclout-co.intuitve.co/

HTTP/1.1 200 OK
Date: Wed, 01 Feb 2023 15:52:52 GMT
Server: Apache
Vary: Referer,Accept-Encoding,User-Agent
Upgrade: h2,h2c
Connection: Upgrade, Keep-Alive
Cache-Control: max-age=2592000
Expires: Fri, 03 Mar 2023 15:52:52 GMT
Content-Encoding: gzip
host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
Content-Length: 214
Keep-Alive: timeout=5, max=75
Content-Type: text/html; charset=UTF-8

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Last-Modified, Cache-Control, Pragma, ETag, Backoff, Content-Type, Alert, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 01 Feb 2023 15:41:42 GMT
age: 670
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fcbacac5eb95f3ff2259da750f722f9f
b9bb493602c7c53cc8419307230dc727533442fa
7ce7a12bbdda79f1bf740f6cfdf66c683e53ae46b2168d37f45b77833cff8c4c

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7CE7A12BBDDA79F1BF740F6CFDF66C683E53AE46B2168D37F45B77833CFF8C4C"
Last-Modified: Tue, 31 Jan 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12749
Expires: Wed, 01 Feb 2023 19:25:21 GMT
Date: Wed, 01 Feb 2023 15:52:52 GMT
Connection: keep-alive

dns.firstblackphase.com/scripts/start.js?vl=0.9.5

159.69.234.10

200 OK

1.7 kB

URL HTTP/1.1
dns.firstblackphase.com/scripts/start.js?vl=0.9.5
IP
159.69.234.10:0
ASN
#24940 Hetzner Online GmbH

File type
ASCII text, with very long lines (1685), with no line terminators
Size
1.7 kB (1685 bytes)
Hash
e8025c2f37df60985c146f189efa904b
6acd32c36a0822a210b267e305821646a42ce3f3
531863f173e405b3149d06c28c9e9b768c18ff354fce7a98f3924d1ddd7e9a60

HTTP Headers

GET /scripts/start.js?vl=0.9.5 HTTP/1.1
Host: dns.firstblackphase.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://getclout-co.intuitve.co/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 15:52:52 GMT
Content-Type: application/javascript
Content-Length: 1685
Last-Modified: Tue, 31 Jan 2023 11:00:07 GMT
Connection: keep-alive
ETag: "63d8f4b7-695"
Expires: Sat, 11 Feb 2023 15:52:52 GMT
Cache-Control: max-age=864000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8832
Expires: Wed, 01 Feb 2023 18:20:04 GMT
Date: Wed, 01 Feb 2023 15:52:52 GMT
Connection: keep-alive

away.firstblackphase.com/scripts/take.js?vr=1.8.2

194.135.30.40

301 Moved Permanently

162 B

URL HTTP/1.1
away.firstblackphase.com/scripts/take.js?vr=1.8.2
IP
194.135.30.40:0
ASN
#2856 British Telecommunications PLC

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /scripts/take.js?vr=1.8.2 HTTP/1.1
Host: away.firstblackphase.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://getclout-co.intuitve.co/

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 01 Feb 2023 15:52:53 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://away.firstblackphase.com/scripts/take.js?vr=1.8.2

push.services.mozilla.com/

54.184.102.146

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
54.184.102.146:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: uMPApqq4H6iCj3zgqt0AqA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 7sftkCueWud7YfKzFwvQYkldATs=

shop.similarwebline.com/zX2nnT?&se_referrer=&default_keyword=&&frm6393271e20c24=script6393271e20c28&_cid=c173b3d5-aa0c-8a4c-da69-bf2ee86a79cd

159.69.234.10

301 Moved Permanently

0 B

URL HTTP/1.1
shop.similarwebline.com/zX2nnT?&se_referrer=&default_keyword=&&frm6393271e20c24=script6393271e20c28&_cid=c173b3d5-aa0c-8a4c-da69-bf2ee86a79cd
IP
159.69.234.10:0
ASN
#24940 Hetzner Online GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /zX2nnT?&se_referrer=&default_keyword=&&frm6393271e20c24=script6393271e20c28&_cid=c173b3d5-aa0c-8a4c-da69-bf2ee86a79cd HTTP/1.1
Host: shop.similarwebline.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://getclout-co.intuitve.co/

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 01 Feb 2023 15:52:53 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Location: https://shop.similarwebline.com/zX2nnT?&se_referrer=&default_keyword=&&frm6393271e20c24=script6393271e20c28&_cid=c173b3d5-aa0c-8a4c-da69-bf2ee86a79cd
Pragma: no-cache
Vary: Accept-Encoding
Access-Control-Allow-Origin: *

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
47b6290ce6b7d9ec7e45122eafe9c140
a6633c111d750152038095227dc1fcdbcd7bcf7b
2a697e55ddce87fded019d5311f37194b959bd6a6b049001a066ca77d52cc974

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2A697E55DDCE87FDED019D5311F37194B959BD6A6B049001A066CA77D52CC974"
Last-Modified: Tue, 31 Jan 2023 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=223
Expires: Wed, 01 Feb 2023 15:56:36 GMT
Date: Wed, 01 Feb 2023 15:52:53 GMT
Connection: keep-alive

store.firstblackphase.com/follow/give.php?id=3467457-33-7843423

194.135.30.210

302 Found

0 B

URL HTTP/1.1
store.firstblackphase.com/follow/give.php?id=3467457-33-7843423
IP
194.135.30.210:0
ASN
#2856 British Telecommunications PLC

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /follow/give.php?id=3467457-33-7843423 HTTP/1.1
Host: store.firstblackphase.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://getclout-co.intuitve.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx
Date: Wed, 01 Feb 2023 15:52:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://store.firstblackphase.com/follow/give.php?id=93953945-77-345376456-23&qid=8568&wid=76538&kid=863843534&suid=67878056
Access-Control-Allow-Origin: *

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
fead455db0c5a5c375bb3369c673eb05
db9047b2ac26a4a2f5962150631964683bb8a801
14cda7ad9c7777aaecb1216bb321fc250a5a16feed081945fa113d208ec52942

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "14CDA7AD9C7777AAECB1216BB321FC250A5A16FEED081945FA113D208EC52942"
Last-Modified: Mon, 30 Jan 2023 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7967
Expires: Wed, 01 Feb 2023 18:05:41 GMT
Date: Wed, 01 Feb 2023 15:52:54 GMT
Connection: keep-alive

store.firstblackphase.com/follow/give.php?id=93953945-77-345376456-23&qid=8568&wid=76538&kid=863843534&suid=67878056

194.135.30.210

200 OK

463 B

URL HTTP/1.1
store.firstblackphase.com/follow/give.php?id=93953945-77-345376456-23&qid=8568&wid=76538&kid=863843534&suid=67878056
IP
194.135.30.210:0
ASN
#2856 British Telecommunications PLC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Size
463 B (463 bytes)
Hash
f4fb5fcef40258813aadd804bd4e3fe4
a72595e9df38169458504f2b2e1c94e21a328223
c3496a3c77c6eeab755de66198ba494da1fb5cd8ecffb2de10cb9d5c41028538

HTTP Headers

GET /follow/give.php?id=93953945-77-345376456-23&qid=8568&wid=76538&kid=863843534&suid=67878056 HTTP/1.1
Host: store.firstblackphase.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://getclout-co.intuitve.co/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 01 Feb 2023 15:52:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14575
Expires: Wed, 01 Feb 2023 19:55:49 GMT
Date: Wed, 01 Feb 2023 15:52:54 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14575
Expires: Wed, 01 Feb 2023 19:55:49 GMT
Date: Wed, 01 Feb 2023 15:52:54 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14575
Expires: Wed, 01 Feb 2023 19:55:49 GMT
Date: Wed, 01 Feb 2023 15:52:54 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14575
Expires: Wed, 01 Feb 2023 19:55:49 GMT
Date: Wed, 01 Feb 2023 15:52:54 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e8e0173672ec76c01676a1ba4e1be857
3d01334320c94972440226cfe96c8c7646cae796
c75aea885e434e8bf53e439c4b441e2af4b228f70212001fcc4c8094f534e0f1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C75AEA885E434E8BF53E439C4B441E2AF4B228F70212001FCC4C8094F534E0F1"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14575
Expires: Wed, 01 Feb 2023 19:55:49 GMT
Date: Wed, 01 Feb 2023 15:52:54 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8597 bytes)
Hash
27e95b7912edc909d6b031e36fe83534
eb27fae0bb17dbe0929a620002195233ef50c1d0
b32e7e1a2eee367c5bf9e99bcb38f4c74c4e9e7bdfe7fb0f8f2a657060c0624c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F82a4ade3-0c43-4f21-9738-0bc1dbb9a6a6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8597
x-amzn-requestid: e7bf4ac9-d86d-4ee9-9e10-8a42e5dfe2c6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fcRaNEW4IAMFatA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d4c90d-7731312f630b00ba028836ca;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 07:04:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: z3ZJ7bq6LuJd-9I9D22VIs0avctNGVDKnYmt-fxevCheQibivmUomQ==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 12:57:00 GMT
age: 10554
etag: "eb27fae0bb17dbe0929a620002195233ef50c1d0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

14 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb36bfce9-5d67-458e-846d-ca30f9242449.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
14 kB (14041 bytes)
Hash
78fe9a77211d6f9a462f625af0c6f9bc
ac0b58423d7578e7a1b60a62220c0a57924dda82
e047466c3ae0a55509f4ace49d0476f94271b5a25e71caa3b06ec468a238b652

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb36bfce9-5d67-458e-846d-ca30f9242449.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 14041
x-amzn-requestid: 2be6655d-3b0e-4e65-b44b-11682610b640
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaRGFpIAMFbMQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-5554d18d5db235913afa77a2;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jJHVbOXepgkVHjuNJG9wPcMjDcGbAc-NIpv_KUECG6c-AnJZoIW0zg==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:42:56 GMT
age: 65398
etag: "ac0b58423d7578e7a1b60a62220c0a57924dda82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8735 bytes)
Hash
23db22ce2120fbb0ae6109e1a046062d
2068c8d9a5bc30a17be658e198e26c64a80703cf
f307ba6c4929d9f0c9354334b7baea878da379138489d9689bb777c4da308dab

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffc960001-158a-4a74-b6ce-f28cd110ca9c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8735
x-amzn-requestid: f466c962-7b12-4923-a4be-7ff9fce372a0
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaWFP_IAMF9wA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-7a8c027d58f5b9132bb68a33;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: XtqfgDxskGIUmZdRj2nrGDpo9KvECk528eLZV29xNx3h7CLOu49mnQ==
via: 1.1 9b311162717b41c968f6f00426d88aaa.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:42:19 GMT
age: 65435
etag: "2068c8d9a5bc30a17be658e198e26c64a80703cf"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5736 bytes)
Hash
2998f7f50ac0eec931c348e8a0fb0c60
f5e411cda74cb7fb4a662f4787e9543b9749c8b5
0c81413a819e379212bf757b1c9469415aec2ac8fdf47f94ff23c420a1da20e1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb28b8703-d49a-4e2e-80e7-cf4d081d6dba.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5736
x-amzn-requestid: 895ee89b-8d2e-42f9-a392-466557f8a0d3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ffEtEGk_oAMFYPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d5e7ed-026a1b0d79dc7eb572317bd2;Sampled=0
x-amzn-remapped-date: Sun, 29 Jan 2023 03:28:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 4yxwz2MFTdpb8I56VVbFU2Zz0qG_uHcYc3aDtn6boQPjhw7UFLLnYw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 10:37:09 GMT
age: 18945
etag: "f5e411cda74cb7fb4a662f4787e9543b9749c8b5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.6 kB (9600 bytes)
Hash
3366ef4f8733cb9c89a5c88f63a0a441
7da46843b6d885f38a4759a08e6c899906ab7b97
7114397ee5c251cc5cb46f3433c2cc17ff68a08e0872e227671198e9b61eba0a

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F46e30ba8-4b02-4bad-8cbf-1a128aa4376f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9600
x-amzn-requestid: 48094e1a-d550-4a91-b87c-4a08505f7cce
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVsWcFN7IAMF2pg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2275c-5ced593a7e2126c9494563df;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:10:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: aZOeDFqBJQoGwLpIs-GpPvY0FKGCAOXY6MgzG32qzX-kVzUCKKv-kw==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 02:29:58 GMT
age: 48176
etag: "7da46843b6d885f38a4759a08e6c899906ab7b97"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.8 kB (6819 bytes)
Hash
ec7e808a5e82552c46c3417a5b32b836
f0a273292b47d7e2e33c9d77fd95abdcc9e31ddd
f16d982224dfeb0753eaf9d4eb87d80fd1111f682fd8fa36f3177aad5bf926a4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F30335cb7-009a-42f5-8186-d0c302adc827.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6819
x-amzn-requestid: a0368695-4182-40bd-9a28-c50ae783a7a5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: foJaRHGnoAMF0Ow=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d9890e-624285eb16110b8c2360dec5;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 21:33:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: daAf58GNG6Oy-ov_8TUeXnTcvZyW5eL_qwWz7dapr2Sy_5XSiS-3Mw==
via: 1.1 1cc6ed0d2d3dd9529ce544f9dfe61a52.cloudfront.net (CloudFront), 1.1 3cd7af07832481c336aa1c93c9b4a6fe.cloudfront.net (CloudFront), 1.1 google
date: Tue, 31 Jan 2023 21:42:56 GMT
age: 65398
etag: "f0a273292b47d7e2e33c9d77fd95abdcc9e31ddd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

arctic-farmer.com/favicon.ico

188.72.219.35

204 No Content

0 B

URL HTTP/2
arctic-farmer.com/favicon.ico
IP
188.72.219.35:0
ASN
#35415 Webzilla B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: arctic-farmer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Wed, 01 Feb 2023 15:52:54 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-content-type-options: nosniff
X-Firefox-Spdy: h2

arctic-farmer.com/cTG-FVzWc.zX9Yk_aaXbQc9dM-TfYg3hNiT_Ik2lNmjnc-3pNqDrMsy_MujvQw5xN-TzMAxBMCi_ZEkFdGGHt-uJPKULpMB_dO0PFQ0Rc-zTFUQVRW0_9YFZWaVbd-TdYeVfBgl_SiUjkk2lY-znhorpdqn_RsDtZukvd-GxMykzNA3_JCnDBE0Fb-jH1IDJZK0_pMPNVOHPh-JRSSlTlUu_SWnXZYZZV-1bJcpdWeV_cg1hai0jt-plQmmntoa_aqkrUsytW-XvpwBxNyE_1AXBTCXDl-OFVGEH1I3_TKmLpMZNM-UP5QHRRSX_dUaVVW1Xp-pZTa0bRcs_aeUf9gEhY-zjJkNlVm0_Vo3pTq0rR-EtVu2vxwl_cyWzVACBa-mDpEjFOGU_FIGJQKXLF-JNaOVPhQB_ZSyT0UtVJ-nXJYyZZaX_FcodPeTfl-hhNizjAkz_ZmDnhohpY-zrAswtNuT_Ew3xYy2zY-wBNCWDNEj_YGmHMIzJZ-WLVMiNOOD_EQwROSDTI-4VJWnXJYy_aaWbQc9dN-jfIg3hOiT_hkjlNmTnR-ipMqDrZsh_Mu2vIw5xM-WzEA4BOCT_ZEmFMGDHk-xJMKTLgMy_ZOGPJQhRM-zTAUmVcWn_NYyZYazb1-vddeXfQgm_eimj9kulZ-UnlokpPqT_Qs1tNuzvI-yxMyDzAA

188.72.219.35

302 Found

0 B

URL HTTP/2
arctic-farmer.com/cTG-FVzWc.zX9Yk_aaXbQc9dM-TfYg3hNiT_Ik2lNmjnc-3pNqDrMsy_MujvQw5xN-TzMAxBMCi_ZEkFdGGHt-uJPKULpMB_dO0PFQ0Rc-zTFUQVRW0_9YFZWaVbd-TdYeVfBgl_SiUjkk2lY-znhorpdqn_RsDtZukvd-GxMykzNA3_JCnDBE0Fb-jH1IDJZK0_pMPNVOHPh-JRSSlTlUu_SWnXZYZZV-1bJcpdWeV_cg1hai0jt-plQmmntoa_aqkrUsytW-XvpwBxNyE_1AXBTCXDl-OFVGEH1I3_TKmLpMZNM-UP5QHRRSX_dUaVVW1Xp-pZTa0bRcs_aeUf9gEhY-zjJkNlVm0_Vo3pTq0rR-EtVu2vxwl_cyWzVACBa-mDpEjFOGU_FIGJQKXLF-JNaOVPhQB_ZSyT0UtVJ-nXJYyZZaX_FcodPeTfl-hhNizjAkz_ZmDnhohpY-zrAswtNuT_Ew3xYy2zY-wBNCWDNEj_YGmHMIzJZ-WLVMiNOOD_EQwROSDTI-4VJWnXJYy_aaWbQc9dN-jfIg3hOiT_hkjlNmTnR-ipMqDrZsh_Mu2vIw5xM-WzEA4BOCT_ZEmFMGDHk-xJMKTLgMy_ZOGPJQhRM-zTAUmVcWn_NYyZYazb1-vddeXfQgm_eimj9kulZ-UnlokpPqT_Qs1tNuzvI-yxMyDzAA
IP
188.72.219.35:0
ASN
#35415 Webzilla B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

POST /cTG-FVzWc.zX9Yk_aaXbQc9dM-TfYg3hNiT_Ik2lNmjnc-3pNqDrMsy_MujvQw5xN-TzMAxBMCi_ZEkFdGGHt-uJPKULpMB_dO0PFQ0Rc-zTFUQVRW0_9YFZWaVbd-TdYeVfBgl_SiUjkk2lY-znhorpdqn_RsDtZukvd-GxMykzNA3_JCnDBE0Fb-jH1IDJZK0_pMPNVOHPh-JRSSlTlUu_SWnXZYZZV-1bJcpdWeV_cg1hai0jt-plQmmntoa_aqkrUsytW-XvpwBxNyE_1AXBTCXDl-OFVGEH1I3_TKmLpMZNM-UP5QHRRSX_dUaVVW1Xp-pZTa0bRcs_aeUf9gEhY-zjJkNlVm0_Vo3pTq0rR-EtVu2vxwl_cyWzVACBa-mDpEjFOGU_FIGJQKXLF-JNaOVPhQB_ZSyT0UtVJ-nXJYyZZaX_FcodPeTfl-hhNizjAkz_ZmDnhohpY-zrAswtNuT_Ew3xYy2zY-wBNCWDNEj_YGmHMIzJZ-WLVMiNOOD_EQwROSDTI-4VJWnXJYy_aaWbQc9dN-jfIg3hOiT_hkjlNmTnR-ipMqDrZsh_Mu2vIw5xM-WzEA4BOCT_ZEmFMGDHk-xJMKTLgMy_ZOGPJQhRM-zTAUmVcWn_NYyZYazb1-vddeXfQgm_eimj9kulZ-UnlokpPqT_Qs1tNuzvI-yxMyDzAA HTTP/1.1
Host: arctic-farmer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
Origin: null
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 302 Found
server: nginx
date: Wed, 01 Feb 2023 15:52:54 GMT
content-type: text/html;charset=UTF-8
content-length: 0
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
referrer-policy: no-referrer
p3p: CP="CUR ADM OUR NOR STA NID"
location: http://xml-v4.gipostart-2.co/click?i=i3zrKW6KNUE_0
x-frame-options: DENY
last-modified: Wed, 01 Feb 2023 15:52:54 GMT
set-cookie: kadCCap=79610:1:1674135009;184246:1:1673859446;222582:1:1674318856;219047:1:1667194435;194136:1:1675008656;132751:1:1675084242;236055:1:1675253981;199455:1:1668245056;219484:1:1667715065;218665:1:1673777741;212269:1:1675220948;235975:1:1675248006;222555:1:1671433227;218693:1:1669515516;220335:1:1670435916;171526:1:1673628579;220790:1:1668460505;222775:1:1674305361;221398:1:1674769535;221352:1:1670163762;215297:1:1674141027;223454:1:1674804841;223255:1:1670393482;222513:1:1671568408;223642:1:1674763884;101716:1:1672946010;219652:1:1669330335; max-age=1706802774; path=/
kadACap=445506:1:1669286676;446498:1:1671420411;389299:1:1673726804;346329:1:1670226206;453850:1:1671627132;462319:1:1674949690;453839:1:1675215975;419299:1:1675150383;469907:1:1674927295;272913:1:1674460051;410256:1:1674039938;458045:1:1670528140;424443:1:1674359547;401659:1:1674332133;404163:1:1673226439;460522:1:1675063677;446718:1:1674353140;449523:1:1670210030;456883:1:1671781891;419297:1:1675156199;441369:1:1671297690;445499:1:1670164226;419301:1:1674188761;419321:1:1674357365;419323:1:1674028005;451724:1:1669565807;470673:1:1674289452;419293:1:1675131038;451147:1:1674036929;444748:1:1669841678;471728:1:1674871019;383700:1:1675240028;445081:1:1671894608;451139:1:1673951585;419303:1:1674299014;442019:1:1675112111;407100:1:1668246232;406293:1:1673859446;444785:1:1671894608;465201:1:1674236409;446714:1:1674043083;424441:1:1674948590;346327:1:1675197874;446720:1:1673953397;320498:1:1674924381;453831:1:1674872001;450649:1:1674026353;419295:1:1674030439;458498:1:1672536671;454815:1:1673736038;410252:1:1674308810;417177:1:1674123312;462327:1:1673736144;445788:1:1669918420;320494:1:1675266774;190964:1:1674135009;445735:1:1669286676;468607:1:1674893352;460384:1:1674927276;446013:1:1668228435;419291:1:1675228250;398832:1:1672025828;458041:1:1670526590;424445:1:1675105910;410254:1:1674926948;446531:1:1669270846;446716:1:1674258987; max-age=1706802774; path=/
kadCSCap=212269:1:1675220948;236055:1:1675253981;235975:2:1675182062; path=/
kadASCap=453839:1:1675215975;419291:1:1675228250;383700:1:1675240028;346327:1:1675197874;320494:1:1675266774; path=/
kadRPixJ=bnVsbA==; max-age=1706802774; path=/
kadUnP3=CAEQ1pXqngYaDQjgrZgCEAIY54jnngYaDQiU0ZoCEAEY7v/kngYaDQjVv5kBEAEYsvvlngYaDQj2iP8BEAIYlcblngYaDQioiJcCEAMYhoPpngYiCggDEAEY1pXqngYqDAiDvRIQARiy++WeBioMCLiOJRACGJXG5Z4GKgwIpJMoEAMYhoPpngYqDAiKqSgQAhjniOeeBioMCI3MKBABGO7/5J4G; max-age=1706802774; path=/
x-content-type-options: nosniff
X-Firefox-Spdy: h2

xml-v4.gipostart-2.co/click?i=i3zrKW6KNUE_0

173.239.53.32

302 Found

0 B

URL HTTP/1.1
xml-v4.gipostart-2.co/click?i=i3zrKW6KNUE_0
IP
173.239.53.32:0
ASN
#27257 WEBAIR-INTERNET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?i=i3zrKW6KNUE_0 HTTP/1.1
Host: xml-v4.gipostart-2.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://link.affiliates.cyber.bet/click?b=0&pid=8425&offer_id=53&l=1669392156&sub4=CYBERMAX300&sub8=_betting&sub6=1669392156&ref_id=EbL4HVkwiJE
Pragma: no-cache

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
0c470b2c6a6d6e0ae8981ff565585af4
281b9f337005160bb8e5372ed0580aaf41605063
c399e11efc5307df36aeb02791be06dd34ad65b6eaa26ce49ef5835b779cf314

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3035
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:55 GMT
Etag: "63d9b144-117"
Last-Modified: Wed, 01 Feb 2023 15:02:20 GMT
Server: ECS (amb/6BC4)
X-Cache: HIT
Content-Length: 279

link.affiliates.cyber.bet/click?b=0&pid=8425&offer_id=53&l=1669392156&sub4=CYBERMAX300&sub8=_betting&sub6=1669392156&ref_id=EbL4HVkwiJE

172.66.43.156

302 Found

0 B

URL HTTP/2
link.affiliates.cyber.bet/click?b=0&pid=8425&offer_id=53&l=1669392156&sub4=CYBERMAX300&sub8=_betting&sub6=1669392156&ref_id=EbL4HVkwiJE
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?b=0&pid=8425&offer_id=53&l=1669392156&sub4=CYBERMAX300&sub8=_betting&sub6=1669392156&ref_id=EbL4HVkwiJE HTTP/1.1
Host: link.affiliates.cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Wed, 01 Feb 2023 15:52:55 GMT
content-length: 0
location: https://cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice=
x-adjust-use-original-forwarded-for: 1
access-control-allow-origin: *
set-cookie: afclick=63da8ad7902fa000015bc932; expires=Thu, 01 Feb 2024 15:52:55 GMT; secure; SameSite=None
afoffers={"53":1675266775}; expires=Thu, 01 Feb 2024 15:52:55 GMT; secure; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MbySFppPsUs2oAknNDWW2dzyLsw7j5AM6K1yVJhdz873dH%2FkzvjUVtud9NwQsoGnqS4aQpLBlw4ZNRn6uK78JTcwYYGo%2BgPcuQLRcd5jgy%2FCR0xwQBJhVKyCsRmLxDeJtlGsrXY3zd2MCq4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792bdb60e871b515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/css/style.css?v=17

172.66.43.156

200 OK

4.7 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (23296), with no line terminators
Size
4.7 kB (4688 bytes)
Hash
80af14ea1d7c05a0b2cedb3a8bf261aa
df43bf2aa1c350802de020bc1b80726135c1ebe1
da4e2fcc2efa7b2b101094bc5ec67ec9792ef39b296e1218d704801c722ce965

HTTP Headers

GET /land/casino_spin_football_regform/css/style.css?v=17 HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=33037
etag: W/"63824c9c-810d"
last-modified: Sat, 26 Nov 2022 17:27:56 GMT
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2395
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eWCWEmirubg0M%2F2zZbwJdOFuA%2FgTz4sUqVtmJHPRs8RETb%2F7fDA%2FFfjeG%2FpWRqhFVJyQ22LXemg7%2Bo2d8rvXUwpuWgkc%2BRsqxL8GeV0vXhfsp4UXw15FgDrwTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb62cb02b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0dea93a9adb1e26a6ebfaf2e12c22cd5
e286810b718e374858f11adf0aae18dc65f27d66
73dafa5cd629cdf850ca05894932507c209713024ef27ce7597cb25365f2150e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0dea93a9adb1e26a6ebfaf2e12c22cd5
e286810b718e374858f11adf0aae18dc65f27d66
73dafa5cd629cdf850ca05894932507c209713024ef27ce7597cb25365f2150e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js

142.250.74.170

200 OK

31 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
IP
142.250.74.170:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (65451)
Size
31 kB (30774 bytes)
Hash
81182f4b684635f6bdcbdd907ee66f25
a1f2f151df72ede41397c8131bd47a3ce85575b3
be40946c98d9a78a3c7c9ad097d379ab12549a195bd7a4766919a1d3fd987396

HTTP Headers

GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30774
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 28 Jan 2023 00:57:20 GMT
expires: Sun, 28 Jan 2024 00:57:20 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 399335
last-modified: Mon, 13 May 2019 14:37:17 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
de49044c9365e16fec3a6d361cb94728
2b7b69c16de6fda1ae5206f92fe781ee07bd182a
6e76887b036544a5da3918116a180876c094cc3b31676abce8d5b7b716b00c30

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
0b03afb76529d41add60c5daac95b0e5
8a1635989a4d8f6ade117b2eaa2caf4c738b9b6b
6cb7083dac48fdfd4b053ad9b2120267ccc7fdf8a85839673fbda32d1e5c94f5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 01 Feb 2023 15:52:55 GMT
Last-Modified: Wed, 01 Feb 2023 14:22:36 GMT
Server: ECS (bsa/EB12)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Zuwhxz4xXc6yy7slmX3aLAiKSzUIv-63H8r85bk9rcLkB0OP8WFgbA==
Age: 5419

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
0b03afb76529d41add60c5daac95b0e5
8a1635989a4d8f6ade117b2eaa2caf4c738b9b6b
6cb7083dac48fdfd4b053ad9b2120267ccc7fdf8a85839673fbda32d1e5c94f5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=154963
Date: Wed, 01 Feb 2023 15:52:55 GMT
Etag: "63da44fa-1d7"
Expires: Fri, 03 Feb 2023 10:55:38 GMT
Last-Modified: Wed, 01 Feb 2023 10:54:50 GMT
Server: ECS (dcb/7FA5)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: QLNJlWu2ZJP-dHpaaaV14DLq8I55uRTzVpIC4u--UZnQEB3JRWBj5w==
Age: 48

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
0b03afb76529d41add60c5daac95b0e5
8a1635989a4d8f6ade117b2eaa2caf4c738b9b6b
6cb7083dac48fdfd4b053ad9b2120267ccc7fdf8a85839673fbda32d1e5c94f5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 01 Feb 2023 15:52:55 GMT
Last-Modified: Wed, 01 Feb 2023 14:45:32 GMT
Server: ECS (nyb/1D24)
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: bM7-okOc4d-UE4HNw1deQYowkYT89aLfYuSTDu0bCy_0G6Aa_yokRA==
Age: 4043

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c004ef398fc2138876eac9e202e6e7c9
9b695108fe043113ee8dc3369be58234f1a73323
ab71d4c6d64f3c7a0114070414615b26843c22de34b0f04c9ad932ca112031c7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
0b03afb76529d41add60c5daac95b0e5
8a1635989a4d8f6ade117b2eaa2caf4c738b9b6b
6cb7083dac48fdfd4b053ad9b2120267ccc7fdf8a85839673fbda32d1e5c94f5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=159894
Date: Wed, 01 Feb 2023 15:52:55 GMT
Etag: "63da44fa-1d7"
Expires: Fri, 03 Feb 2023 12:17:49 GMT
Last-Modified: Wed, 01 Feb 2023 10:54:50 GMT
Server: ECS (dcb/7F14)
X-Cache: Miss from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: GSWYKzL-0RVa_N0Iw9wFmPuIoUhF_6EkTULrpFExZjFu3owQIc5_Ig==
Age: 4979

www.googletagmanager.com/gtm.js?id=GTM-NR2G4XB

142.250.74.40

200 OK

72 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-NR2G4XB
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (15106)
Size
72 kB (72023 bytes)
Hash
ab78182ad5bdc2a20df0f71746c2c7e5
f307f7bdf7a57c74196949e99437e62912f38bbc
206d393b34287a8e8dd768cdbf87c3c7ce3642857c9a5add459b59dea9501011

HTTP Headers

GET /gtm.js?id=GTM-NR2G4XB HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 01 Feb 2023 15:52:55 GMT
expires: Wed, 01 Feb 2023 15:52:55 GMT
cache-control: private, max-age=900
last-modified: Wed, 01 Feb 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72023
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c004ef398fc2138876eac9e202e6e7c9
9b695108fe043113ee8dc3369be58234f1a73323
ab71d4c6d64f3c7a0114070414615b26843c22de34b0f04c9ad932ca112031c7

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdnstatic.cyber.bet/css/global.css

54.230.111.100

200 OK

4.7 kB

URL HTTP/2
cdnstatic.cyber.bet/css/global.css
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type
ASCII text, with CRLF line terminators
Size
4.7 kB (4746 bytes)
Hash
1d710fedcd0ddfd6744b7011d3261d07
884abf5c059be6ddcdd9067c24c55f744d6df31f
47db4a55aeef076b5cc2c69bb230028feb69a8575b5a9651a1fa79e51990edb9

HTTP Headers

GET /css/global.css HTTP/1.1
Host: cdnstatic.cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
content-type: text/css
content-length: 4746
vary: Accept-Encoding
date: Wed, 01 Feb 2023 15:52:56 GMT
last-modified: Tue, 24 Jan 2023 12:10:32 GMT
etag: "1d710fedcd0ddfd6744b7011d3261d07"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: pjy-3wpy812HXuwEiRWRYcGvi0wnkrxZFSqwnuCvjsUq2uUUrP0hRA==
cache-control: no-store, no-cache, must-revalidate
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/man_left.png

172.66.43.156

200 OK

224 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/man_left.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 687 x 1080, 8-bit colormap, non-interlaced\012- data
Size
224 kB (224094 bytes)
Hash
04203ecc12c6379416293d09c2d94906
63068c8a16df3c346ce4cf902a6c8964c5b0f9b0
24393837ee0c8ddc5d2cfee805f4ba1cf4a8864c3a7520115f4ef714cae6d62c

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/man_left.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: image/png
content-length: 224094
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-36b5e"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2183
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X7TSWeiqaHp7Rgas2nZhms2o4bP8eizDs%2Fb6hNY6FePTHFHw%2BdL827JHJiZmCIbv26kySSFeTlWtrkwnS4xQq6omj6GgG9Mkzj5Mg1f56WM1GXzFQjcsC55iUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb650ddab515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/bg-2.jpg

172.66.43.156

200 OK

214 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/bg-2.jpg
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size
214 kB (214519 bytes)
Hash
fd6919a32afd9d6e88194010087e4c7f
2710f46894e8801e34ab0534748a04f693b41f64
43ab393f116b2bd4b8ce85f35ce9322f434de6c26d44d8d42d7d7d5e323ac34b

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/bg-2.jpg HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: image/jpeg
content-length: 214519
cf-bgj: h2pri
etag: "6377aab4-345f7"
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2183
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CRivVwEiEYJmUnHB4wN5pFDpEk6V9WaMeQGYUGDeUUtnjLNIzR0jpIpyYbmDSqxyFfstCIdct0gH9RKO0KY92aZEu%2BZCjFsEfcflS1FN0x%2F%2Bb1xWDZsbvTne7A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb64fdccb515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/coins_left_1.png

172.66.43.156

200 OK

17 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/coins_left_1.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 790 x 1080, 8-bit colormap, non-interlaced\012- data
Size
17 kB (16672 bytes)
Hash
74fa24294c9977b3b6ee7a8d379664d4
41f923a6552723c4dd8d407e82df334b367a683c
bb0e6a68d8b48bb9caf00bf2938e4a569e703b1e2cb77884b6e9ccaac215b171

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/coins_left_1.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: image/png
content-length: 16672
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-4120"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2183
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YjYYkFzx2q9ZF4ypPeh4Zh7n4ISmjQoJqE%2B8x7PkpsDSFcaEmjDqLLmRG1YWPmaXmRaxCDSmC13vvayeaTZH17H4B%2BKyrEZY25P7REODQemBBpwndeidd57hdg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb651de3b515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/man_right.png

172.66.43.156

200 OK

203 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/man_right.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 667 x 1080, 8-bit colormap, non-interlaced\012- data
Size
203 kB (203053 bytes)
Hash
7e0a0f1ddbd4f469d70d379cc80fa1f7
d43f5a61e7e79afc93a9f6bd2f2763e67ac92a0d
1bd57a7a6e69260caed0cab6af817764609b1bd1d8938006fefecc43917db2d0

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/man_right.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: image/png
content-length: 203053
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-3192d"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2183
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yN6eR2vdraxCiqwBLYMakzvjqOR%2FIILAsF8l5A%2FUfFo1KBvBzBVdE0SVeNH8aAx3OayLh1eAHWUqatlT5R5yXcx19AXkByawkzkMuvDjER%2FVtOjYW4h8dyik%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb650ddeb515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/coins_right_1.png

172.66.43.156

200 OK

25 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/coins_right_1.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 813 x 1080, 8-bit colormap, non-interlaced\012- data
Size
25 kB (25077 bytes)
Hash
01e2d88c4c51b2f2a5b10d378c1d4b8d
1e8fa866268b969d364d202eaa1253e278ec6bd0
87c37b4ecb791af1fd5a3b17f513547a8d4cc0174066bccdb293a13ca5684a8e

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/coins_right_1.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: image/png
content-length: 25077
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-61f5"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2183
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YehBLeZ4n7I8dMBifzSs2BtUsLXQpEy%2Fbu2zkqn74kQPJXa%2F5AR7ZzHRYVeqHg%2BW5AR%2Bch8njBQPLaRb4ksdvHUR2M20p4WbFduoCaI2xmQPUjqo2RLa4VCpZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb652e02b515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/coins_left_2.png

172.66.43.156

200 OK

23 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/coins_left_2.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 703 x 1080, 8-bit colormap, non-interlaced\012- data
Size
23 kB (23327 bytes)
Hash
f111aa95827c7922143782ca612f2233
61fa84d487f9f722edecf8bc146d34ebb0a0807b
45897acd8804822425ffee5a38d5a62d03e134beb58f25120c24e1aff49c4acf

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/coins_left_2.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: image/png
content-length: 23327
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-5b1f"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2183
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FlneFSuMDkGG65wwzotxYaVBW3Uh0IJX0ReRO1TJBkiE4tT7XnM%2BwhZ0zHW%2B7KroFt21JU7cG%2B4NdlZ3D1vFES9PkPb5CwSW9khv%2BmYwRuFCwfCbxzHbscGDdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb652e01b515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_fields_EN.png

172.66.43.156

200 OK

50 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_fields_EN.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 491 x 491, 8-bit colormap, non-interlaced\012- data
Size
50 kB (49699 bytes)
Hash
e667e4fc0f204c3ce417761556c68dd2
1bc3c50cc97bf6b961d47e1919ecb5138f863b2c
5ebe297bfc97cb9fd78e26a8f7115d5d275a90300befd403a3eec6334a18b8c1

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/wheel_fields_EN.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: image/png
content-length: 49699
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-c223"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2183
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JqMzrmECMTDM85KFlMLsgHuX22QANbD5r3M9MiAG1dM1%2FCmb%2BGWdoSA%2BzoESVA9%2BTCUlqnQ%2BHiKX9ijhQipzz3mpsVAatNPZ%2FujB8B0pf2BvMek6HTfATrI59w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb652e05b515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/coins_right_2.png

172.66.43.156

200 OK

11 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/coins_right_2.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 686 x 1080, 8-bit colormap, non-interlaced\012- data
Size
11 kB (11330 bytes)
Hash
58c57a118de44f03a8b4b558204af08f
d2c3f2d4000d4b9082554c9ab09eb61473dcc642
81e8f5c8aaac158d0dee432fb91844697d88ea9cb72efeb75dd6fec48dc3aee8

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/coins_right_2.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: image/png
content-length: 11330
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-2c42"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2183
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qK7gIGrTjXbWQfVbbZalffhSHP4oHxEINw9J6Om563pQwDFyPH9cnbs6s7ngld%2BUIgVPU%2B3uqLVQiD%2BoxlPrO8%2Fo0H0DKrfG62pyNhY1iCGBU7pi9vY1hqgX0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb652e03b515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/logo.png

172.66.43.156

200 OK

3.1 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/logo.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 319 x 61, 8-bit colormap, non-interlaced\012- data
Size
3.1 kB (3083 bytes)
Hash
2629d1a123bcff6f4f9730d3c334d0f1
648471b60baebce5a6a83ccebd4a1c198d4da297
1723721ffe474cfdcbf447e300c5804cb66991491fbce776cbb55d8a8cb7c189

HTTP Headers

GET /land/casino_spin_football_regform/img/logo.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: image/png
content-length: 3083
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-c0b"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2183
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9ZIsbFhiFkYKcfXUzvYbiKQakQlrvc6DHpilXC9Lcw7BRoNj2Q5qxLZSO7h4Gn2kZwtW0rsSAq%2BRSJ2Tvz1T0pQLp45c6IhwZfG1xwnwBMZOMCzp1YlqE8WCdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb652e04b515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_frame.png

172.66.43.156

200 OK

36 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_frame.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 566 x 602, 8-bit colormap, non-interlaced\012- data
Size
36 kB (36319 bytes)
Hash
9673d7e34cd1da5ec860a85663e7e6e2
2b3ec751dc279dc26c480e84ff49210532b27a78
ced70ebfec90de68184b290375f7ab2c9ff26c4711921e735cfd950f65210826

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/wheel_frame.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: image/png
content-length: 36319
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-8ddf"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2183
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3su0mhHuTPrZ4Qd839vkU81vLc6qaRTEwlKA5h6Lx3Jg3LDH3eTNz9vbsTM2nQrzZmfgq2o3XDK3alcZYa5KkDqoL1x9nlx3QOlFUuZNSDT18xYZ%2BpU9CZtfUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb654e29b515-OSL
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
6b21f87e54b10ba719e15dc390c48701
7da5a76ac948ba52b23e19b4d857efddef75313e
178a5d6a627ac741af8a057c542d308bdc88802d07f1aeb41af37ff997cd90df

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "178A5D6A627AC741AF8A057C542D308BDC88802D07F1AEB41AF37FF997CD90DF"
Last-Modified: Tue, 31 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16509
Expires: Wed, 01 Feb 2023 20:28:04 GMT
Date: Wed, 01 Feb 2023 15:52:55 GMT
Connection: keep-alive

cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_btn_EN_default.png

172.66.43.156

200 OK

10 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_btn_EN_default.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 171 x 171, 8-bit colormap, non-interlaced\012- data
Size
10 kB (10373 bytes)
Hash
dd9cee9644e592e9158ed2b3edf257cb
830e926590cc3ca66db051fff01693391effdf43
d773c30678fa7c669d9df3ab8b36f19f0543248fd09b9c1f8da895f0dd70ab57

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/wheel_btn_EN_default.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: image/png
content-length: 10373
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-2885"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2183
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zDnj2x%2BF3rAJr9T7jH0uYGDOE9of9jdxxo90iG0DUsgYqzaQgbCmW4N9M6as5x0Ski2J0G9mqRVkv3ZhEKWnw7SgayACkge9%2FPDGxi740nlH%2B3jQPmd9YAaYdw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb654e27b515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/cta-2.png

172.66.43.156

200 OK

94 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/cta-2.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 800 x 378, 8-bit colormap, non-interlaced\012- data
Size
94 kB (94518 bytes)
Hash
cb1ddc998ee76e8c34eedc2829c4e3e5
3926e0baf7fcbbe35b54b313a6ce439a321d4688
9f7a05996156388cff3bbfcad6abe962967a89f897b281767e79f8aa9d0dd367

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/cta-2.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: image/png
content-length: 94518
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-17136"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2183
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B30NMieaWTUjKRLuT1DliN5QqJj8wxUyIodPjyuYA7W2HUUXR%2B0tRI3bpf3MnCrfMbjbdEkHQx0BemMH3M%2FWlfz8lJSUwx0tiJpySbUtrjtaCVzWNbOLUFSAeg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb655e36b515-OSL
X-Firefox-Spdy: h2

cdnstatic.cyber.bet/js/global.js

54.230.111.100

200 OK

71 kB

URL HTTP/2
cdnstatic.cyber.bet/js/global.js
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (5000), with CRLF line terminators
Size
71 kB (70834 bytes)
Hash
8943965f22a29b6f800a98e0eaed584f
1cfa4c3d79808cce1785967a637819b88a9d11f5
3655c70a4699f50b8ffedcba2985671c7c8788b6a73e665e45515e6b8e69e3db

HTTP Headers

GET /js/global.js HTTP/1.1
Host: cdnstatic.cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
content-type: application/javascript
content-length: 70834
vary: Accept-Encoding
date: Wed, 01 Feb 2023 15:52:56 GMT
last-modified: Tue, 24 Jan 2023 12:10:35 GMT
etag: "8943965f22a29b6f800a98e0eaed584f"
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
x-cache: Miss from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sM_oavvK4gjGX5kD30ChgPhxt2OYNe8IXielLZYNrh-C30kB5dCq3w==
cache-control: no-store, no-cache, must-revalidate
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
789b41f1f8027d4275a66ac9cb2f124d
c5eff6750f9a50fc52a7a6ec6e30a7afaf28fc79
e053b0b29fc44721473ed39ddfe41064f09b56b3531c765228fa322d599e770f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:55 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.rtmark.net/p.js?f=sync&lr=1&partner=ba0d5680aec92ed9c5c9da2be8d0e8a3a577866b71c7089a32ed732bc1246910

139.45.195.8

200 OK

697 B

URL HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=ba0d5680aec92ed9c5c9da2be8d0e8a3a577866b71c7089a32ed732bc1246910
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
ASCII text
Size
697 B (697 bytes)
Hash
bb07e31c2c066db5c4b3259d1f69a442
db79e9d4a817ce703b11b65faf2ba097228063b2
d96b7a3f7fe0803348c6ea7cd2f02b2a3d96feabac2339d2f89033336f6583a8

HTTP Headers

GET /p.js?f=sync&lr=1&partner=ba0d5680aec92ed9c5c9da2be8d0e8a3a577866b71c7089a32ed732bc1246910 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2

142.250.74.35

200 OK

31 kB

URL HTTP/2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Size
31 kB (30928 bytes)
Hash
ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780

HTTP Headers

GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://cyber.bet
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 27 Jan 2023 07:08:09 GMT
expires: Sat, 27 Jan 2024 07:08:09 GMT
cache-control: public, max-age=31536000
age: 463486
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/favicon.png

172.66.43.156

200 OK

34 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/favicon.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel\012- data
Size
34 kB (34494 bytes)
Hash
983ad95f22f765399eb6873c7023ef54
ac4e2d269d98a4caa6d5e1c53503f8d423e377ad
581ee9af05f03c9c751bd2ff9275957ec320137956d33c27d7397bcbf2ddbde1

HTTP Headers

GET /land/casino_spin_football_regform/img/favicon.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice=
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=; _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266797.60.0.0; _ga=GA1.1.1047787705.1675266798
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: image/png
content-length: 34494
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-86be"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 761
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JSQ1xDirCc7zneNi0eLtTh6frGzfl0icmBflMRq6dJkOitgbo2k7KaYFXWmDJu32ZGcrznl%2FXAL7pUaefoJGTrWIrtx4xlbRGRrgYezKOLQgXWYAVXFOC66DAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb65eefbb515-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
42d54c8c12a2f90c448a11bf42800e86
bb66d35435411c825bfcd0a091f33b7d1708191e
3b67d91fbb38e5c47b6ebff53da366b87af3a308e5c588775ac66a808761dbb1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Wed, 01 Feb 2023 15:46:59 GMT
expires: Wed, 01 Feb 2023 17:46:59 GMT
cache-control: public, max-age=7200
age: 357
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Montserrat:wght@100;200;300;400;500;600;700;900&display=swap

142.250.74.106

200 OK

1.2 kB

URL HTTP/2
fonts.googleapis.com/css2?family=Montserrat:wght@100;200;300;400;500;600;700;900&display=swap
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
1.2 kB (1161 bytes)
Hash
8d2fcb01ad091fdaf9f7e9d0ae012433
2dc9e8f043e7d107a93723d569d704d928d2b2b3
b18bba554e12aa31a53671ec5f8304f52b3303b00b4c403f874fde5ac6eabbe1

HTTP Headers

GET /css2?family=Montserrat:wght@100;200;300;400;500;600;700;900&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 01 Feb 2023 15:52:55 GMT
date: Wed, 01 Feb 2023 15:52:55 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8FYNJV02NV&cid=1047787705.1675266798&gtm=2oe1u0&aip=1&z=2140829403

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8FYNJV02NV&cid=1047787705.1675266798&gtm=2oe1u0&aip=1&z=2140829403
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8FYNJV02NV&cid=1047787705.1675266798&gtm=2oe1u0&aip=1&z=2140829403 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 15:52:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cdnstatic.cyber.bet/js/fp.js

54.230.111.100

200 OK

533 B

URL HTTP/2
cdnstatic.cyber.bet/js/fp.js
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type
ASCII text, with CRLF line terminators
Size
533 B (533 bytes)
Hash
d1abfbe2c5b50e7f427e41c79197dcd3
01f6142a97168fd15da33334c35ce351d676ed08
7266855231eab7a13a11e53e9df50e1c84582649d9708e9a8f72d62e8af8b569

HTTP Headers

GET /js/fp.js HTTP/1.1
Host: cdnstatic.cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Cookie: _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 533
last-modified: Tue, 24 Jan 2023 12:10:35 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Wed, 01 Feb 2023 15:52:03 GMT
etag: "d1abfbe2c5b50e7f427e41c79197dcd3"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 8Ixddju_FUHW5T5RHPfjCYuq5sSHU4Ns45elp2t1Kx7_Gb0nCQ2uGQ==
age: 53
X-Firefox-Spdy: h2

cdnstatic.cyber.bet/js/geoMapping.js

54.230.111.100

200 OK

443 B

URL HTTP/2
cdnstatic.cyber.bet/js/geoMapping.js
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type
ASCII text, with CRLF line terminators
Size
443 B (443 bytes)
Hash
2f6043a16c26cde9a190dbb829b5519c
791479cfced1a000ef6411990f1c4bba615b6b4c
f9dfb0c2f94be90f2cdeb66286b36cdeb5d8fb0fbb9f28b1e1d3d99a3780306a

HTTP Headers

GET /js/geoMapping.js HTTP/1.1
Host: cdnstatic.cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Cookie: _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
content-length: 443
last-modified: Tue, 24 Jan 2023 12:10:35 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Wed, 01 Feb 2023 15:52:03 GMT
etag: "2f6043a16c26cde9a190dbb829b5519c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: VYUWsMwEOXQVV_1L9Y2Hvx17FWjheYucq0aydqk5-gE5pcc1s-rgLw==
age: 54
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
4a1c315f637e41293820773d650c12f3
f28e2314c4888386cb8ce3c4e2fba928b999f134
b2a81e11574f61804cf613a15225cc32f10aec859b5ee9af3ef0ae421f81c30f

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 01 Feb 2023 15:52:56 GMT
Etag: "63d971f8-1d7"
Last-Modified: Wed, 01 Feb 2023 14:16:43 GMT
Server: ECS (nyb/1D22)
X-Cache: Miss from cloudfront
Via: 1.1 2d5cbe05385a7f3bbffc8a562b8711f6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: WOhYPYe3LJGmto9W42o__ZVsPuEXB4wO-T5Tn8h_SWtbz4THoM_Vpg==
Age: 5773

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
b4c9a8ce96aa57d27a6bd55df00f08ac
180302ed4863fb5b22b45ab0cc7c770a12a8c63d
3707163ad693f536f95ed3331f045060ad51b12e95d55690d341a4a93e7f1d12

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Roboto:500,700&display=swap&subset=cyrillic

142.250.74.106

200 OK

15 kB

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:500,700&display=swap&subset=cyrillic
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
Unicode text, UTF-8 text, with very long lines (34150)
Size
15 kB (15033 bytes)
Hash
0dff6599e89321034f071d3d251a82e8
a8a061a2ca226241b7da1b61b199078e956f55f1
6a678836a9e377867f40fb7737f43e1da29312a33dd2d9922b356d71b21bab99

HTTP Headers

GET /css?family=Roboto:500,700&display=swap&subset=cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 01 Feb 2023 15:52:55 GMT
date: Wed, 01 Feb 2023 15:52:55 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/css/errors.css

172.66.43.156

200 OK

1.9 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/css/errors.css
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1033), with no line terminators
Size
1.9 kB (1879 bytes)
Hash
8bbac76c372fa53739377a6c4734007a
828fedd06a2e36a5a4b249e20daf9dca9dbe15f7
fd802d455f10119ec06be7f72d1120dea278a3892127199a4d677a56f314b340

HTTP Headers

GET /land/casino_spin_football_regform/css/errors.css HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1399
etag: W/"6377aab4-577"
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2395
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4cqk8di6Sl4hj88QaoMkMl5%2B88%2FQ79H5zO%2FwrgUGfSzDKl2U9DJz6J10OLVkXbXOMvuY%2FsFaHBhUMphXtU6S5YIwHMjEPK5Ijv5rAwKVCmEawq2Ub4MWKvF%2Bvw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb62cb05b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
46e2bec06a11406d5cdcec9c0e76911d
edc777878dca7029c70577edae741264a22ab010
21f7443ebf888a28fb0f0010d1c83ca833b42c06f7d2c755f83a4b418de96854

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cyber.bet/land/casino_spin_football_regform/js/Utils.js

172.66.43.156

200 OK

2.1 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/js/Utils.js
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (1417)
Size
2.1 kB (2106 bytes)
Hash
f15f4050919b88f4dcd07182ec6a697c
a564b5559c8b8aa7b6db6be3c424981f880e7b03
1b8ee50ee92c666bd473ec0d038ad6dde17430126d28e5342478ea6131dd9f6c

HTTP Headers

GET /land/casino_spin_football_regform/js/Utils.js HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=4944
etag: W/"6377aab4-1350"
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2183
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=283qiIQZax4Qgcw7BGkFpdzNBZpk9m%2Bo%2FrNOKZNcC5tNZBsR5MBru9BwS1zInvdmeI1kyR9zSylsB7UtNm3PNUTsFlWrRXXY0ue67iO2K7sSc7br0kZPdPRIxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb62eb42b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-113371679-5&cid=1047787705.1675266798&jid=117321977&gjid=21946890&_gid=1838844547.1675266798&_u=YCDACEABBAAAACAFK~&z=2109213194

173.194.73.157

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-113371679-5&cid=1047787705.1675266798&jid=117321977&gjid=21946890&_gid=1838844547.1675266798&_u=YCDACEABBAAAACAFK~&z=2109213194
IP
173.194.73.157:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-113371679-5&cid=1047787705.1675266798&jid=117321977&gjid=21946890&_gid=1838844547.1675266798&_u=YCDACEABBAAAACAFK~&z=2109213194 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://cyber.bet
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://cyber.bet
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 01 Feb 2023 15:52:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-113371679-3&cid=1047787705.1675266798&jid=84744038&gjid=1496918814&_gid=1838844547.1675266798&_u=YCDACEAABAAAACABI~&z=1636058975

173.194.73.157

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-113371679-3&cid=1047787705.1675266798&jid=84744038&gjid=1496918814&_gid=1838844547.1675266798&_u=YCDACEAABAAAACABI~&z=1636058975
IP
173.194.73.157:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-113371679-3&cid=1047787705.1675266798&jid=84744038&gjid=1496918814&_gid=1838844547.1675266798&_u=YCDACEAABAAAACABI~&z=1636058975 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://cyber.bet
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://cyber.bet
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 01 Feb 2023 15:52:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
073fcf833bc8ef0412daa191be356733
b4890d7bc43ac33b3df23cf1c53b921bf7ff540a
8c09cd2f5febdb1566f29301c908e21ab44a367491d384818e231cecaac83027

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C09CD2F5FEBDB1566F29301C908E21AB44A367491D384818E231CECAAC83027"
Last-Modified: Wed, 01 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4130
Expires: Wed, 01 Feb 2023 17:01:46 GMT
Date: Wed, 01 Feb 2023 15:52:56 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
073fcf833bc8ef0412daa191be356733
b4890d7bc43ac33b3df23cf1c53b921bf7ff540a
8c09cd2f5febdb1566f29301c908e21ab44a367491d384818e231cecaac83027

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C09CD2F5FEBDB1566F29301C908E21AB44A367491D384818E231CECAAC83027"
Last-Modified: Wed, 01 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4130
Expires: Wed, 01 Feb 2023 17:01:46 GMT
Date: Wed, 01 Feb 2023 15:52:56 GMT
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

54.230.245.100

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.100:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
199bb3686e2305492a8e928b187b107a
ab037860b21a7d474e2031d3cfe0c64b7081ac50
f168ac90c2d2d9f55f3589842036633df71aafd87b686a6f91b1a676faab63a1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 01 Feb 2023 15:52:56 GMT
Last-Modified: Wed, 01 Feb 2023 15:26:41 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 c2b101e67ac25a2f0013450d56ecac38.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: vkxsGVr5EGruDKDOf3O_iaaX8_PEbI05b-rabxTk3-p6c0TC3LYzCw==
Age: 1575

cyber.bet/graphql/v2

172.66.43.156

200 OK

126 B

URL HTTP/2
cyber.bet/graphql/v2
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with no line terminators
Size
126 B (126 bytes)
Hash
fc91e6423b3f3fa830a108da071f60f6
4a63a49a3d858b31286cf8093583364c987021fa
c3f58df74686b683fa8dfaeacbeab7aace6fe2d56d8dc59d05096d75cc8919da

HTTP Headers

POST /graphql/v2 HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice=
Content-Type: application/json;charset=utf-8
Origin: https://cyber.bet
Content-Length: 51
Connection: keep-alive
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=; _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:56 GMT
content-type: application/json
strict-transport-security: max-age=15724800; includeSubDomains
cb-blocked: no
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3DDg3rdH1AiNqgqeQFNKY5zZNbZpfjfXgVGI4uS%2FK8dRZJYybT2ScJFq33NcqyQ2vVAU8kRub4X087yX2dp%2FAPFKqiTFOptsckNDUD2F0ACBEr3%2FiwztDqN0zw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792bdb669fd6b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
46e2bec06a11406d5cdcec9c0e76911d
edc777878dca7029c70577edae741264a22ab010
21f7443ebf888a28fb0f0010d1c83ca833b42c06f7d2c755f83a4b418de96854

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

backend.cyberbet.academy/api/gql/send?ttl=86400

34.254.83.154

200 OK

4 B

URL HTTP/2
backend.cyberbet.academy/api/gql/send?ttl=86400
IP
34.254.83.154:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
5b3abf9c1aa7556c3a36fea4e695c5d2
3fd967d09a748e1f2b26d6fe562e7155aa87e9de
98c4922bb641c65c7a30b7bcafdf230b9b00b6693631c56146ab25b2786ee4a3

HTTP Headers

OPTIONS /api/gql/send?ttl=86400 HTTP/1.1
Host: backend.cyberbet.academy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://cyber.bet/
Origin: https://cyber.bet
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:56 GMT
content-type: application/json; charset=utf-8
content-length: 4
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: origin, content-type, accept
etag: W/"4-P9ln0Jp0jh8rJtb+Vi5xVaqH6d4"
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2

backend.cyberbet.academy/api/gql/send?ttl=86400

34.254.83.154

200 OK

1.7 kB

URL HTTP/2
backend.cyberbet.academy/api/gql/send?ttl=86400
IP
34.254.83.154:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (1732), with no line terminators
Size
1.7 kB (1732 bytes)
Hash
7d262be351a12c20d4e65ce60529f9fc
8081b04642d8b42d8af4fe92cf2e496ed15eaca5
a9d1bfc8e3fcf82bc6d372d278866fb7cc002c158e1ed329bd4f94a70a965241

HTTP Headers

POST /api/gql/send?ttl=86400 HTTP/1.1
Host: backend.cyberbet.academy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cyber.bet/
Content-Type: application/json;charset=utf-8
Origin: https://cyber.bet
Content-Length: 359
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:56 GMT
content-type: application/json; charset=utf-8
content-length: 1732
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: origin, content-type, accept
etag: W/"6c4-gIGwRkLYtC2K9P6Szy5JbtFerKU"
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_btn_again_NO_hover.png

172.66.43.156

200 OK

11 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_btn_again_NO_hover.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 171 x 171, 8-bit colormap, non-interlaced\012- data
Size
11 kB (10851 bytes)
Hash
4a8c87ba6002a3773a1a6d3e7bfb71ee
bc1085ef3f8b4ad7edd49e37a6c473e7e5939609
c105dd8ea92f79a076c06c84f70eba921d7725491f46986b59872e4db79a2822

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/wheel_btn_again_NO_hover.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=; _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:56 GMT
content-type: image/png
content-length: 10851
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-2a63"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1352
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HEMSD4VbhA3TNPuIDnO6KlGieAddH2W6646SQLBGp42fbtQgVoOxD3pie%2F1cxSQVGmE2QDbUHW7wfJ85OiwW3rurDdnxu35O9x7JisFAFLZqNcXxpMMV3N%2BlkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb689aa9b515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_btn_NO_default.png

172.66.43.156

200 OK

10 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_btn_NO_default.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 171 x 171, 8-bit colormap, non-interlaced\012- data
Size
10 kB (10373 bytes)
Hash
dd9cee9644e592e9158ed2b3edf257cb
830e926590cc3ca66db051fff01693391effdf43
d773c30678fa7c669d9df3ab8b36f19f0543248fd09b9c1f8da895f0dd70ab57

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/wheel_btn_NO_default.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=; _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:56 GMT
content-type: image/png
content-length: 10373
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-2885"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1352
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qgtjyFFkHKo5U9zyc4D907uHK0o%2BdKmFv8rLt35gobXqAufKNchamO72CjnaSDGpYMmrd8YzFEN5AstqqRxsIkt2NGi8Qa7BSZ2VBjl9kct2%2BknCD3eaQ5NVPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb689aa4b515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_btn_NO_hover.png

172.66.43.156

200 OK

10 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_btn_NO_hover.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 171 x 171, 8-bit colormap, non-interlaced\012- data
Size
10 kB (10490 bytes)
Hash
898b775f838a886e9bea314057f0c0ad
09330a97613e3a7bd14231e4e1bfb2489af99205
e7fcf4dfe650addacf1286592d67620a38ea5e194fdb2c8bb33e90a67c245844

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/wheel_btn_NO_hover.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=; _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:56 GMT
content-type: image/png
content-length: 10490
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-28fa"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1352
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9AyYTchnphqAwIQkcSIsZnoC8A1riNT27k8NCJQXd8uVl5QrJATuu1zJiWQ7npxTjFRGWoCs6lf%2Fg63lZcHEMfBLqEu8kmfy4mtiMUhRqZTbrxtY02ChTtLwrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb689aa6b515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_btn_again_NO_default.png

172.66.43.156

200 OK

11 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_btn_again_NO_default.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 171 x 171, 8-bit colormap, non-interlaced\012- data
Size
11 kB (10902 bytes)
Hash
79c19f7713e71b064f7c7382e2cdbe57
db1001457ae6dac8c037ed7aa5f1e05368e087c5
6a4c515df973722a1a2eb3b42f481792dc0fb79d932a23e306b8a66f5d86525b

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/wheel_btn_again_NO_default.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=; _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:56 GMT
content-type: image/png
content-length: 10902
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-2a96"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1352
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n5Re7j1RpF5uqtjIX1kg6siuxSXi19ipNyL94vIwSXtmOGhEZrOOz65ySH2INoKaTSgPlkad9HQqJabP4JtRjHGwzHsJ55niAsUMkudkS8piW1MHKBnPpoEPtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb689aa8b515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_fields_NO.png

172.66.43.156

200 OK

51 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_fields_NO.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 491 x 491, 8-bit colormap, non-interlaced\012- data
Size
51 kB (51365 bytes)
Hash
23d66fdffe3ef92b139a8055aabe103e
5e7b0ef1845f079649cb436f00ad74015f23877a
304459e1aa92d76671d0f3d68f48036a63cac09a952fe85a0ad0f4297025ded5

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/wheel_fields_NO.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=; _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:56 GMT
content-type: image/png
content-length: 51365
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-c8a5"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1352
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=49fYS4BIK%2BdeWWoJHmDt%2FF7VNQtIfXP4Htm%2FwjEPk3fK8ZqBvnk8AJRAGwYvszj1GqNUNir6cEFBOCIK30VL9n1klQJWeachNhU0oG86vAc1FnVprDGQmgbHbg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb688aa2b515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_btn_again_NO_pressed.png

172.66.43.156

200 OK

11 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_btn_again_NO_pressed.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 171 x 171, 8-bit colormap, non-interlaced\012- data
Size
11 kB (10844 bytes)
Hash
a80c8101756664caf6ba02e5b746f0e8
d883d76428c3d0af76abdccf7bc4221fa387adcb
874d475bfae7900fe778897e8b541dc89fe0dc3a466ff109595dd36902cb8891

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/wheel_btn_again_NO_pressed.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=; _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:56 GMT
content-type: image/png
content-length: 10844
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-2a5c"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1352
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lX98p4BrghUwO7pBgTTMD0%2FpHhEF9yQdCb6%2By1x2Vspd4gADkaV9Hees5W%2FcN7hqzA76qENJHhX8t%2FwrMS%2FBYssbuexmI8vfs1suY1sJKUCr4DKAgbSm91bA8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb689aadb515-OSL
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_btn_NO_pressed.png

172.66.43.156

200 OK

10 kB

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/wheel_btn_NO_pressed.png
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 171 x 171, 8-bit colormap, non-interlaced\012- data
Size
10 kB (10457 bytes)
Hash
f3a0e4f91c3aabe726be4506cc358625
1ff6840595167526b23bd2720411a40b8281714a
4a7f77943024093e75c40b895b598b78a59b6d38cb6df6d0caf36f71cace9d6b

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/wheel_btn_NO_pressed.png HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=; _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:56 GMT
content-type: image/png
content-length: 10457
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: "6377aab4-28d9"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 1352
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eD0XgyJ658Y7ns2%2Fiq6zzRYrr3%2BT%2B3MYCwqWA44SmRAmbOC4MUiNEad4JcirBq6gF7zJf1aFA7uwcW0yxcACh6iWDaaONTG6LGQVIJqQfUbIJiYt8v0YMPr86w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb689aa7b515-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a327176edf538c07784f9b0da660c22d
4a56cfcac291dfe1cc177bd3eff976f106731834
aae92a95f747be0bca6982ed7e3e58af8ac74ff69c799b55046ab38474e149dd

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
df4a6d84addba49571d9f6ae44c61a3f
28c8093de27e27645cf6dfd5ae93a62fc77b9be5
cb6623b08b6245ea11bb871729613e453046d427d738a8c6431c5da8347e6e05

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

backend.cyberbet.academy/api/affise/land_promocode?promocode=CYBERMAX300

34.254.83.154

200 OK

728 B

URL HTTP/2
backend.cyberbet.academy/api/affise/land_promocode?promocode=CYBERMAX300
IP
34.254.83.154:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (724), with no line terminators
Size
728 B (728 bytes)
Hash
4bfd4b30ef9033553e00792bd3938e29
dc712b27d1b73701adcda989f9da1c23128bba31
6956ba998ac2794a1286eaf1fbc2283e127c4044f76ac0aa28c8974aae8635d1

HTTP Headers

GET /api/affise/land_promocode?promocode=CYBERMAX300 HTTP/1.1
Host: backend.cyberbet.academy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cyber.bet/
Origin: https://cyber.bet
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:56 GMT
content-type: application/json; charset=utf-8
content-length: 728
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: origin, content-type, accept
etag: W/"2d8-3HErJ9G3NwGtzamJ+docIxKLujE"
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
456d05ee4610b34f04dae8f5cd842af3
b58fa567712bd67a24b4c12b751751868dcf6953
238a61ad047b01299983d80f3030a107caf0c7e62207c685e1630bc1305cd89d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4140
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:56 GMT
Last-Modified: Wed, 01 Feb 2023 14:43:56 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-113371679-5&cid=1047787705.1675266798&jid=117321977&_u=YCDACEABBAAAACAFK~&z=22710791

142.250.74.132

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-113371679-5&cid=1047787705.1675266798&jid=117321977&_u=YCDACEABBAAAACAFK~&z=22710791
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-113371679-5&cid=1047787705.1675266798&jid=117321977&_u=YCDACEABBAAAACAFK~&z=22710791 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 15:52:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-113371679-3&cid=1047787705.1675266798&jid=84744038&_u=YCDACEAABAAAACABI~&z=2029726490

142.250.74.132

200 OK

42 B

URL HTTP/2
www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-113371679-3&cid=1047787705.1675266798&jid=84744038&_u=YCDACEAABAAAACABI~&z=2029726490
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j99&tid=UA-113371679-3&cid=1047787705.1675266798&jid=84744038&_u=YCDACEAABAAAACABI~&z=2029726490 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 01 Feb 2023 15:52:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
d06fd066caf4dfa1e21a722a5c468158
acb765577662906ae8e11242bed487ce1051db28
4b45760de269e60345d43ff2da6c5803722f7c052edd0a9f5258ce69b2ffa32f

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 01 Feb 2023 15:52:56 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

cdnstatic.cyber.bet/css/iti/intlTelInput.css

54.230.111.100

200 OK

81 kB

URL HTTP/2
cdnstatic.cyber.bet/css/iti/intlTelInput.css
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type
data
Size
81 kB (80891 bytes)
Hash
7850cccb7dfb2f5dcef78ada92fe57aa
db16d33f4aed7bded356e9a8ab96458734c9ea59
d0378c9bf63779303b15658a61641e7466da51484e67ac956cff48441ad432e5

HTTP Headers

GET /css/iti/intlTelInput.css HTTP/1.1
Host: cdnstatic.cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Cookie: _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 24 Jan 2023 12:10:32 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Wed, 01 Feb 2023 15:52:56 GMT
etag: W/"a69aa970266649e0b08c2cb4bc166568"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: h3x26vYzaO0A6SL8OvtdXLsifO-HclhWOFP2gAKGjan4zogSopBCTQ==
age: 10
X-Firefox-Spdy: h2

my.rtmark.net/img.gif?f=sync&partner=ba0d5680aec92ed9c5c9da2be8d0e8a3a577866b71c7089a32ed732bc1246910&ttl=&rurl=https%3A%2F%2Fcyber.bet%2Fland%2Fcasino_spin_football_regform%2F%3Fcid%3D63da8ad7902fa000015bc932%26pid%3D8425%26subid1%3D%26affs%3D1%26sid%3Daffs%26utm_medium%3Drevshare%26utm_source%3Daffise%26utm_campaign%3D53_betting%26promocode%3DCYBERMAX300%26subid2%3D%26subid3%3D%26aff_bnnr%3D%26aff_land%3D1669392156%26slice%3D

139.45.195.8

200 OK

43 B

URL HTTP/2
my.rtmark.net/img.gif?f=sync&partner=ba0d5680aec92ed9c5c9da2be8d0e8a3a577866b71c7089a32ed732bc1246910&ttl=&rurl=https%3A%2F%2Fcyber.bet%2Fland%2Fcasino_spin_football_regform%2F%3Fcid%3D63da8ad7902fa000015bc932%26pid%3D8425%26subid1%3D%26affs%3D1%26sid%3Daffs%26utm_medium%3Drevshare%26utm_source%3Daffise%26utm_campaign%3D53_betting%26promocode%3DCYBERMAX300%26subid2%3D%26subid3%3D%26aff_bnnr%3D%26aff_land%3D1669392156%26slice%3D
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&partner=ba0d5680aec92ed9c5c9da2be8d0e8a3a577866b71c7089a32ed732bc1246910&ttl=&rurl=https%3A%2F%2Fcyber.bet%2Fland%2Fcasino_spin_football_regform%2F%3Fcid%3D63da8ad7902fa000015bc932%26pid%3D8425%26subid1%3D%26affs%3D1%26sid%3Daffs%26utm_medium%3Drevshare%26utm_source%3Daffise%26utm_campaign%3D53_betting%26promocode%3DCYBERMAX300%26subid2%3D%26subid3%3D%26aff_bnnr%3D%26aff_land%3D1669392156%26slice%3D HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 15:52:56 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=3ad1241eeabc4253be6513e5272ca03b; expires=Thu, 01 Feb 2024 15:52:56 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

pool.admedo.com/pixel?id=148776&t=js

35.210.53.219

302 Found

0 B

URL HTTP/2
pool.admedo.com/pixel?id=148776&t=js
IP
35.210.53.219:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pixel?id=148776&t=js HTTP/1.1
Host: pool.admedo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
cache-control: no-cache, no-store, must-revalidate
content-length: 0
date: Wed, 01 Feb 2023 15:52:56 GMT
location: https://pool.admedo.com/ul_cb/pixel?id=148776&t=js
set-cookie: tuuid=3b20bafd-f64d-4aed-91a1-42226591b03a; path=/; expires=Thu, 01-Feb-2024 15:52:56 GMT
c=1675266776; path=/; expires=Thu, 01-Feb-2024 15:52:56 GMT
tuuid_lu=1675266776; path=/; expires=Thu, 01-Feb-2024 15:52:56 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-8FYNJV02NV&gtm=2oe1u0&_p=1671071069&_gaz=1&cid=1047787705.1675266798&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675266797&sct=1&seg=0&dl=https%3A%2F%2Fcyber.bet%2Fland%2Fcasino_spin_football_regform%2F%3Fcid%3D63da8ad7902fa000015bc932%26pid%3D8425%26subid1%3D%26affs%3D1%26sid%3Daffs%26utm_medium%3Drevshare%26utm_source%3Daffise%26utm_campaign%3D53_betting%26promocode%3DCYBERMAX300%26subid2%3D%26subid3%3D%26aff_bnnr%3D%26aff_land%3D1669392156%26slice%3D&dt=Cyber.bet%20Wheel%20of%20Fortune&en=page_view&_fv=2&_nsi=1&_ss=2&up.ip=&up.anon_id=&up.score_bot=

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-8FYNJV02NV&gtm=2oe1u0&_p=1671071069&_gaz=1&cid=1047787705.1675266798&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675266797&sct=1&seg=0&dl=https%3A%2F%2Fcyber.bet%2Fland%2Fcasino_spin_football_regform%2F%3Fcid%3D63da8ad7902fa000015bc932%26pid%3D8425%26subid1%3D%26affs%3D1%26sid%3Daffs%26utm_medium%3Drevshare%26utm_source%3Daffise%26utm_campaign%3D53_betting%26promocode%3DCYBERMAX300%26subid2%3D%26subid3%3D%26aff_bnnr%3D%26aff_land%3D1669392156%26slice%3D&dt=Cyber.bet%20Wheel%20of%20Fortune&en=page_view&_fv=2&_nsi=1&_ss=2&up.ip=&up.anon_id=&up.score_bot=
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-8FYNJV02NV&gtm=2oe1u0&_p=1671071069&_gaz=1&cid=1047787705.1675266798&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675266797&sct=1&seg=0&dl=https%3A%2F%2Fcyber.bet%2Fland%2Fcasino_spin_football_regform%2F%3Fcid%3D63da8ad7902fa000015bc932%26pid%3D8425%26subid1%3D%26affs%3D1%26sid%3Daffs%26utm_medium%3Drevshare%26utm_source%3Daffise%26utm_campaign%3D53_betting%26promocode%3DCYBERMAX300%26subid2%3D%26subid3%3D%26aff_bnnr%3D%26aff_land%3D1669392156%26slice%3D&dt=Cyber.bet%20Wheel%20of%20Fortune&en=page_view&_fv=2&_nsi=1&_ss=2&up.ip=&up.anon_id=&up.score_bot= HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cyber.bet
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://cyber.bet
date: Wed, 01 Feb 2023 15:52:56 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

backend.cyberbet.academy/api/land_regs/session

34.254.83.154

200 OK

2 B

URL HTTP/2
backend.cyberbet.academy/api/land_regs/session
IP
34.254.83.154:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

OPTIONS /api/land_regs/session HTTP/1.1
Host: backend.cyberbet.academy
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://cyber.bet/
Origin: https://cyber.bet
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:56 GMT
content-type: text/html; charset=utf-8
content-length: 2
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-methods: *
access-control-allow-headers: origin, content-type, accept
etag: W/"2-nOO9QiTIwXgNtWtBJezz8kv3SLc"
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2

cdnstatic.cyber.bet/js/libs/iso3to2.js

54.230.111.100

200 OK

1.4 kB

URL HTTP/2
cdnstatic.cyber.bet/js/libs/iso3to2.js
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type
data
Size
1.4 kB (1369 bytes)
Hash
038ce890688457b01f4c89846dc394e7
3209e029b521fd45f061f16b54b1f25ca1edc1e6
127925a8225f311421ce8eb4618525e33d9c16a3246325f496a69d5de396e687

HTTP Headers

GET /js/libs/iso3to2.js HTTP/1.1
Host: cdnstatic.cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Cookie: _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 12:10:35 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Wed, 01 Feb 2023 15:52:56 GMT
etag: W/"db031116c7888248916813c60a4cce2b"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MbD6nZCrchthe_BuKMPBG17q_A-qbMtqaLMjGkIA1z0hvhOy_7OP7A==
age: 2
X-Firefox-Spdy: h2

cdnstatic.cyber.bet/css/img/flags.png

54.230.111.100

200 OK

71 kB

URL HTTP/2
cdnstatic.cyber.bet/css/img/flags.png
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type
PNG image data, 5652 x 15, 8-bit/color RGBA, non-interlaced\012- data
Size
71 kB (70857 bytes)
Hash
416250f60d785a2e02f17e054d2e4e44
21572c9751e5a3dc20395befa0fcb349c32c4811
0a012cf808a24573168308916092d2d4bd3f2b4af8e16b59167013cc77acee55

HTTP Headers

GET /css/img/flags.png HTTP/1.1
Host: cdnstatic.cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cdnstatic.cyber.bet/css/iti/intlTelInput.css
Cookie: _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.1.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1; _ga_ZK6ZSCE3G7=GS1.1.1675266798.1.0.1675266798.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
content-type: image/png
content-length: 70857
last-modified: Tue, 24 Jan 2023 12:10:32 GMT
x-amz-server-side-encryption: AES256
accept-ranges: bytes
server: AmazonS3
date: Wed, 01 Feb 2023 15:52:57 GMT
etag: "416250f60d785a2e02f17e054d2e4e44"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fWwXLfITsJD4sPUolRvWNW2xyy1HADil8fLw-mvD_K4_yA0at93FZg==
X-Firefox-Spdy: h2

pool.admedo.com/ul_cb/pixel?id=148776&t=js

35.210.53.219

200 OK

0 B

URL HTTP/2
pool.admedo.com/ul_cb/pixel?id=148776&t=js
IP
35.210.53.219:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ul_cb/pixel?id=148776&t=js HTTP/1.1
Host: pool.admedo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cyber.bet/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: no-cache, no-store, must-revalidate
content-length: 0
content-type: text/javascript; charset=UTF-8
date: Wed, 01 Feb 2023 15:52:56 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (15857 bytes)
Hash
4bb3a6fba496d54cdbbccaf2b9600386
8e30002699e9fbf2047f9ac11a36d2175fc9c591
927bf3a04b011b4e3bc8d8772a3d5813507f7f523312d43627767b64615562f3

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe2d02739-590e-4a37-9ca5-c27003f9e416.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 15857
x-amzn-requestid: cfe36b9d-34f6-4f3f-896e-e70ec45c4a04
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fmJ2JGGWoAMFSLA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d8bcf3-0dd68dd778b9aba268a129b0;Sampled=0
x-amzn-remapped-date: Tue, 31 Jan 2023 07:02:11 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: pU_436f27nMZKPxZZWqZekERHFTvcG5NT5p_CYEXHRPtIWjDtSA-uA==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 fda3b2797d2719576f6b916583a28e52.cloudfront.net (CloudFront), 1.1 google
date: Wed, 01 Feb 2023 07:27:41 GMT
age: 30320
etag: "8e30002699e9fbf2047f9ac11a36d2175fc9c591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

away.firstblackphase.com/scripts/take.js?vr=1.8.2

194.135.30.40

200 OK

0 B

URL HTTP/2
away.firstblackphase.com/scripts/take.js?vr=1.8.2
IP
194.135.30.40:0
ASN
#2856 British Telecommunications PLC

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /scripts/take.js?vr=1.8.2 HTTP/1.1
Host: away.firstblackphase.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://getclout-co.intuitve.co/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 15:52:53 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 31 Jan 2023 11:04:27 GMT
vary: Accept-Encoding
etag: W/"63d8f5bb-138b"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
strict-transport-security: max-age=15768000;
content-encoding: gzip
X-Firefox-Spdy: h2

cdnstatic.cyber.bet/js/currencyMapping.js

54.230.111.100

200 OK

0 B

URL HTTP/2
cdnstatic.cyber.bet/js/currencyMapping.js
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/currencyMapping.js HTTP/1.1
Host: cdnstatic.cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Cookie: _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 12:10:35 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Wed, 01 Feb 2023 15:52:03 GMT
etag: W/"2a3d85d14eaeaac04949a29f3c94c548"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: TR0AtPea_0hpee-uWPXaoY0u8nRmfzJ2Kta5sLVrhGTQL0IVn1yzDQ==
age: 54
X-Firefox-Spdy: h2

cdnstatic.cyber.bet/js/libs/phone/intlTelInput.js

54.230.111.100

200 OK

0 B

URL HTTP/2
cdnstatic.cyber.bet/js/libs/phone/intlTelInput.js
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/libs/phone/intlTelInput.js HTTP/1.1
Host: cdnstatic.cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Cookie: _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 12:10:35 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Wed, 01 Feb 2023 15:52:56 GMT
etag: W/"c73ba86bd67306c5889e9aac41e959e0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BWTbFuLF6YZDk42VXmH9IBUQZPYj5AiQI91VAPyOpQKKI3RMqJ98sg==
age: 2
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice=

172.66.43.156

200 OK

0 B

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice=
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice= HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: text/html
last-modified: Sat, 26 Nov 2022 17:27:56 GMT
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HglkZbsWHx8fw0cabmLijHoF1PcCE%2FUWVBjFnCC6ah6kl1ZmId5Lhj%2BILYjCCSHKA%2Fg69rM7RmtdMCH2Rimksd5MmN5wf2344H%2Fbj2Rk1kxG%2Bs%2Bb5RacxqyMOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 792bdb617914b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdnstatic.cyber.bet/js/libs/phone/utils.js

54.230.111.100

200 OK

0 B

URL HTTP/2
cdnstatic.cyber.bet/js/libs/phone/utils.js
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/libs/phone/utils.js HTTP/1.1
Host: cdnstatic.cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Cookie: _ga_8FYNJV02NV=GS1.1.1675266797.1.0.1675266798.59.0.0; _ga=GA1.2.1047787705.1675266798; _gid=GA1.2.1838844547.1675266798; _gat_UA-113371679-3=1; _gat_UA-113371679-5=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 12:10:35 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Wed, 01 Feb 2023 15:52:56 GMT
etag: W/"8f3a2154b225b6257161c4dfc9b89c9c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: N1m9K88l3Yo8rGCqr59vwUZjeC69ArSr2mOc14oK1repMihj9hCmlg==
age: 2
X-Firefox-Spdy: h2

cyber.bet/land/casino_spin_football_regform/img/new_spins/promo_icon.svg

172.66.43.156

200 OK

0 B

URL HTTP/2
cyber.bet/land/casino_spin_football_regform/img/new_spins/promo_icon.svg
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /land/casino_spin_football_regform/img/new_spins/promo_icon.svg HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/css/style.css?v=17
Cookie: _uc_referrer=direct; _uc_utm_source=affise; _uc_utm_medium=revshare; _uc_utm_campaign=53_betting; _uc_utm_term=; _uc_utm_content=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: image/svg+xml
last-modified: Fri, 18 Nov 2022 15:54:28 GMT
etag: W/"6377aab4-606"
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2183
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y2X5NfglmC9J%2BXeVdZZCMr%2FyykTF37y1sayXHzwzjkfuVceAeeV1XOu7kQfcPNSByyCG5q6KRx2fzTLEIeNN7i4LpTHxmCvWtGTlwbyqMAuC%2Bisqr2Vc9IqUPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb650dceb515-OSL
content-encoding: br
X-Firefox-Spdy: h2

arctic-farmer.com/b/3/V.0YPo3bpgvbb/mvV/JsZmDz0o0-NOTccyyRMrjDA/w/LLTTQX1eNezvIDy/MxDwER

188.72.219.35

200 OK

0 B

URL HTTP/2
arctic-farmer.com/b/3/V.0YPo3bpgvbb/mvV/JsZmDz0o0-NOTccyyRMrjDA/w/LLTTQX1eNezvIDy/MxDwER
IP
188.72.219.35:0
ASN
#35415 Webzilla B.V.

File type

Size
0 B (0 bytes)
Hash

Detections

Analyzer	Verdict	Alert
fortinet	Phishing
quad9	Sinkholed

HTTP Headers

GET /b/3/V.0YPo3bpgvbb/mvV/JsZmDz0o0-NOTccyyRMrjDA/w/LLTTQX1eNezvIDy/MxDwER HTTP/1.1
Host: arctic-farmer.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://store.firstblackphase.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 01 Feb 2023 15:52:54 GMT
content-type: text/html;charset=UTF-8
vary: Accept-Encoding
expires: Mon, 26 Jul 2011 05:00:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64
x-frame-options: DENY
referrer-policy: no-referrer
x-content-type-options: nosniff
content-encoding: br
X-Firefox-Spdy: h2

cyber.bet/land/js/locales/spin/locales.js

172.66.43.156

200 OK

0 B

URL HTTP/2
cyber.bet/land/js/locales/spin/locales.js
IP
172.66.43.156:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /land/js/locales/spin/locales.js HTTP/1.1
Host: cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/land/casino_spin_football_regform/?cid=63da8ad7902fa000015bc932&pid=8425&subid1=&affs=1&sid=affs&utm_medium=revshare&utm_source=affise&utm_campaign=53_betting&promocode=CYBERMAX300&subid2=&subid3=&aff_bnnr=&aff_land=1669392156&slice=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 01 Feb 2023 15:52:55 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=11498
etag: W/"6377a497-2cea"
last-modified: Fri, 18 Nov 2022 15:28:23 GMT
strict-transport-security: max-age=15724800; includeSubDomains
cache-control: max-age=31536000
cf-cache-status: HIT
age: 2608
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c7RW%2FP9L3CbYkQRUB8oBMjtkfQPqfr3jYdEyN7ZOdCktshOslXEKGieSQL5ORD1KOr5sn2GwvKLhDd%2BXxdWeaPjMyyrJXsVvEeF1Qr0Ty8Iz1NtqHM8lEQl9GA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 792bdb62db36b515-OSL
content-encoding: br
X-Firefox-Spdy: h2

cdnstatic.cyber.bet/js/libs/jquery.nice-select.min.js

54.230.111.100

200 OK

0 B

URL HTTP/2
cdnstatic.cyber.bet/js/libs/jquery.nice-select.min.js
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /js/libs/jquery.nice-select.min.js HTTP/1.1
Host: cdnstatic.cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 24 Jan 2023 12:10:35 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Wed, 01 Feb 2023 15:52:55 GMT
etag: W/"4e2def5093eb4c4281624db4a5aa8f9c"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ttz_9Js60wtfidj26nNcG_KfDaYhuhX25LDGZzOWRFcGB0EbaFE05Q==
age: 12
X-Firefox-Spdy: h2

cdnstatic.cyber.bet/css/libs/nice-select.css

54.230.111.100

200 OK

0 B

URL HTTP/2
cdnstatic.cyber.bet/css/libs/nice-select.css
IP
54.230.111.100:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css/libs/nice-select.css HTTP/1.1
Host: cdnstatic.cyber.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
content-type: text/css
last-modified: Tue, 24 Jan 2023 12:10:32 GMT
x-amz-server-side-encryption: AES256
server: AmazonS3
content-encoding: gzip
date: Wed, 01 Feb 2023 15:52:02 GMT
etag: W/"b83506d101e8a03948d5c01e83da2b8e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SEY6b9v9EoT2XYOmadFy8d2dlUmJsb18S6bIolX3FxRTH4eW71UZjQ==
age: 55
X-Firefox-Spdy: h2

pj.l.admedo.com/admtracker.lib.min.js

54.230.111.26

200 OK

0 B

URL HTTP/2
pj.l.admedo.com/admtracker.lib.min.js
IP
54.230.111.26:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /admtracker.lib.min.js HTTP/1.1
Host: pj.l.admedo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cyber.bet/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript
last-modified: Tue, 25 Aug 2020 14:10:14 GMT
server: AmazonS3
content-encoding: gzip
date: Wed, 01 Feb 2023 15:52:45 GMT
cache-control: public,max-age=900
etag: W/"5a420213029638ecea775a40089898aa"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: fHOGEU0DLAHCzNFQA_FYobNrlT-zhcTfhALnirMdNWtRaGZERa_ZKw==
age: 14
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (35)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML