3rt7sgssxw0yj8wmst.com/partners/casino-reg
18.184.136.169308 Permanent Redirect 164 B URL HTTP/1.1 3rt7sgssxw0yj8wmst.com/partners/casino-reg
IP 18.184.136.169:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash f23c4815ecaef1588f16ac735c0e15d6
026bf8cdd5076014b6fc822878e0086eb44da556
43a81fb3d47b34e7d42d6b8444f592ed9251b8e57db8f67d32419aa40b1480d0
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/casino-reg HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 308 Permanent Redirect
Server: nginx
Date: Wed, 07 Dec 2022 15:59:22 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Location: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 5ceaca9fd4ad000cb435820812fc69c8
8168397aaf7b572c89a9c83f46c0b65e4ac509f2
9c4e52e7e17158307d752db0bc3d1fbedae4f305cc301fd73b260f73ab796492
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9C4E52E7E17158307D752DB0BC3D1FBEDAE4F305CC301FD73B260F73AB796492"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8481
Expires: Wed, 07 Dec 2022 18:20:44 GMT
Date: Wed, 07 Dec 2022 15:59:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2630c6482aef4e822d6634e417f65ab6
6bd1264568eb9647d1665e51521b3bfc15d4df4a
e00eaad18ffa9f5181fe540b156608df88565b09e98ca78b87eba97f3fbc6e79
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E00EAAD18FFA9F5181FE540B156608DF88565B09E98CA78B87EBA97F3FBC6E79"
Last-Modified: Wed, 07 Dec 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18614
Expires: Wed, 07 Dec 2022 21:09:37 GMT
Date: Wed, 07 Dec 2022 15:59:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash a0abf10fb7e96c1c98dacf2f013a68b4
acdd839bce85eadc78a8e821e32e00a958d5c0c8
b85d98f8df05431777d96c767ce4c152302ec3f653cdf6e61c8c3fa9574f3255
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B85D98F8DF05431777D96C767CE4C152302EC3F653CDF6E61C8C3FA9574F3255"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7558
Expires: Wed, 07 Dec 2022 18:05:21 GMT
Date: Wed, 07 Dec 2022 15:59:23 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 07 Dec 2022 15:08:03 GMT
content-type: application/json
age: 3080
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 998zFCwheZmaGk1WzJVhOQfOkJ+lIW5NZCogxGb7+tfPcduEvPQS097e6pq1vYVjMmIkke+XWmM=
x-amz-request-id: PFWV6DXVBPC2WJBN
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 07 Dec 2022 15:49:25 GMT
age: 598
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:23 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 704fe300b94e51d7e8805e39945aff12
a79cd43e49836a494e8614af9ee8c3de2676b039
d91191eb92b08b2f4a685005946e8654ef7583ce49b831792a4d2aae6267ad88
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D91191EB92B08B2F4A685005946E8654EF7583CE49B831792A4D2AAE6267AD88"
Last-Modified: Tue, 06 Dec 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Wed, 07 Dec 2022 21:59:23 GMT
Date: Wed, 07 Dec 2022 15:59:23 GMT
Connection: keep-alive
cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
54.230.111.92200 OK 23 kB URL HTTP/1.1 cdn.scarabresearch.com/js/11DAF087E87A3DFD/scarab-v2.js
IP 54.230.111.92:0
File type C source, ASCII text, with very long lines (539)
Hash bfcc64224f8c6e43e026afb16bd0f4f8
4b1a0dbd96c3047a917ba024690ffc4d544b8b00
c87358a7c76c044147379c9415f96488045b936666093c83fd0e57e08316548e
GET /js/11DAF087E87A3DFD/scarab-v2.js HTTP/1.1
Host: cdn.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Timing-Allow-Origin: *
Date: Wed, 07 Dec 2022 15:39:19 GMT
Cache-Control: max-age=3600,public
ETag: "aa53180343ab25d32aa7294158ca3216--gzip"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: dcO7xNVwwykArT6YmzZFkEIRB8tSbkZHTtlQs35KhB-gtvvx9H8Imw==
Age: 1207
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9be44a024e4e6c1eaaeff49318759952
3878e0a27b40f4462fb3f7236b7d329dc78bf242
64a83691e3892611604d569d150cb897a555ff2e83803c3bb247b10ad38c55a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3746
Cache-Control: max-age=161142
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:23 GMT
Etag: "63907c2f-117"
Expires: Fri, 09 Dec 2022 12:45:05 GMT
Last-Modified: Wed, 07 Dec 2022 11:42:39 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9be44a024e4e6c1eaaeff49318759952
3878e0a27b40f4462fb3f7236b7d329dc78bf242
64a83691e3892611604d569d150cb897a555ff2e83803c3bb247b10ad38c55a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1288
Cache-Control: max-age=158684
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:23 GMT
Etag: "63907c2f-117"
Expires: Fri, 09 Dec 2022 12:04:07 GMT
Last-Modified: Wed, 07 Dec 2022 11:42:39 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9be44a024e4e6c1eaaeff49318759952
3878e0a27b40f4462fb3f7236b7d329dc78bf242
64a83691e3892611604d569d150cb897a555ff2e83803c3bb247b10ad38c55a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6315
Cache-Control: max-age=163711
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:23 GMT
Etag: "63907c2f-117"
Expires: Fri, 09 Dec 2022 13:27:54 GMT
Last-Modified: Wed, 07 Dec 2022 11:42:39 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 30aec170d58f580f2ed4da4b92d72cc7
3b11a98ba9563f7f266e7a935e3b78bd0c0712aa
7b25e66e4383cdb29228d0451a4810eeab7d194ca81045e066c00c9467f29312
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.scarabresearch.com/wpjs/wploader.js?ts=2761
54.230.111.73200 OK 11 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wploader.js?ts=2761
IP 54.230.111.73:0
File type Unicode text, UTF-8 text, with very long lines (26064)
Hash 58cf2d238e0fc82bbd65200b17f64486
4b57787ba170b5b7b71d3da4d1dd4ff5ea387290
85917a8b6c7e6635dea1b3d0f7fb60eab24a5f9da526d55de900bd0b4e8e2c66
GET /wpjs/wploader.js?ts=2761 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 10 Oct 2022 11:09:48 GMT
x-amz-version-id: DzVXMgBeksdrQfAKjc.ckmkVhMlLjwqT
Server: AmazonS3
Content-Encoding: gzip
Date: Wed, 07 Dec 2022 09:39:41 GMT
Cache-Control: max-age=86400
ETag: W/"1bb200ba7add3c5d4bfb6f3822bfe5af"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: CFnUXcfei0MYX6CfZLKZpR4hhsp9oVaGRGkoeVxVNEmNSNIUtfdkDQ==
Age: 22783
static.scarabresearch.com/wpjs/wpes6.js?ts=2761
54.230.111.73200 OK 32 kB URL HTTP/1.1 static.scarabresearch.com/wpjs/wpes6.js?ts=2761
IP 54.230.111.73:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 2deaf3e3bba06f12d56503ae36024fec
6793a706970604cf8ebb692d4fbf704f8196cb1c
d03b55e6886ad1d5748ecf83c44cd26dbec2e24fadf144dc6a16cc74597c5290
GET /wpjs/wpes6.js?ts=2761 HTTP/1.1
Host: static.scarabresearch.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 10 Oct 2022 11:09:51 GMT
x-amz-version-id: B7kEOPd3f.UUaahYeIIXT30URW6wDjD.
Server: AmazonS3
Content-Encoding: gzip
Date: Wed, 07 Dec 2022 06:25:58 GMT
Cache-Control: max-age=86400
ETag: W/"aea14a7926cfb79f14472c23a4b1543b"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 f46773a8236e136c4f6648dd79a7af8e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2OoTP6d-coD_H4loRHCP31f1Ju8vCc_RtmvV_dCEO92N2G98ejGv4g==
Age: 34406
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 9be44a024e4e6c1eaaeff49318759952
3878e0a27b40f4462fb3f7236b7d329dc78bf242
64a83691e3892611604d569d150cb897a555ff2e83803c3bb247b10ad38c55a7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3746
Cache-Control: max-age=161142
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:23 GMT
Etag: "63907c2f-117"
Expires: Fri, 09 Dec 2022 12:45:05 GMT
Last-Modified: Wed, 07 Dec 2022 11:42:39 GMT
Server: ECS (ska/F70F)
X-Cache: HIT
Content-Length: 279
www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
142.250.74.168200 OK 57 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5PMSX62
IP 142.250.74.168:0
File type Unicode text, UTF-8 text, with very long lines (13906)
Hash 1238b4682d11223de586b7665b0fb1cf
539337546e93591864e46c5c66893cd177ad5d57
e9b94072df8e642cabde1f36b4ad6f807914c5118c3ea94964340b1b50eb1c9f
GET /gtm.js?id=GTM-5PMSX62 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 07 Dec 2022 15:59:23 GMT
expires: Wed, 07 Dec 2022 15:59:23 GMT
cache-control: private, max-age=900
last-modified: Wed, 07 Dec 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 56888
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Pragma, Last-Modified, ETag, Alert, Expires, Retry-After, Cache-Control, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 07 Dec 2022 15:07:58 GMT
age: 3085
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
rstat.rockmostbet.com/public/rstat_pixel_spa.js
162.55.5.93200 OK 10 kB URL HTTP/2 rstat.rockmostbet.com/public/rstat_pixel_spa.js
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
Hash beb651622fc41f7197af6c07dc886f25
e59eece7a131b2940fbd0a02fcc74bc39a130d17
f05d3b023d47c83cbf67e7031a8657aab2f282563eb84480c341c44e80097ac1
GET /public/rstat_pixel_spa.js HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/javascript
etag: "rlhpsr806"
last-modified: Thu, 17 Nov 2022 11:41:15 GMT
server: Caddy
x-content-type-options: nosniff
content-length: 10374
date: Wed, 07 Dec 2022 15:59:23 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash b22490b02628e79842aa551994331a2e
238870b8a3e6ef3b6a761154e3abee386643597c
ef2e0268a5ed0ca7d64dfc1baa3d56d55f4062e4d84972bc9423fe56df585673
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF2E0268A5ED0CA7D64DFC1BAA3D56D55F4062E4D84972BC9423FE56DF585673"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10967
Expires: Wed, 07 Dec 2022 19:02:10 GMT
Date: Wed, 07 Dec 2022 15:59:23 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 053aff7451e55d4269dd9610ab070f3f
b3376256d11d159b0c7280ba1515b78d7d9e12ca
24114ca560fe70d03185bd66985603fd5a03dc310aa9a8ea7a7b3723ed46ce3e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6422
Cache-Control: max-age=154469
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:23 GMT
Etag: "639057aa-1d7"
Expires: Fri, 09 Dec 2022 10:53:52 GMT
Last-Modified: Wed, 07 Dec 2022 09:06:50 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
my.rtmark.net/p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01
139.45.195.8200 OK 697 B URL HTTP/2 my.rtmark.net/p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01
IP 139.45.195.8:0
Hash 6425f508eacb60db81c6d0b38ae56a58
d27caed071b054a15ab2291a11a4bfe12e097d7a
e94404dcfeb2d07ed1a6c0ad4230d5bc5754c0c965736d4ebc3224af415094d0
GET /p.js?f=sync&lr=1&partner=8900e7870715b2f6f27ac0859edcc81719d5b1da87a5615f24096125f4502d01 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:23 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/partners/sport_logo.png
18.184.136.169404 Not Found 65 kB URL HTTP/2 3rt7sgssxw0yj8wmst.com/partners/sport_logo.png
IP 18.184.136.169:0
Hash da3ddfd0f756a5e3ccdad5dc81709302
f5eb7e6fa7d9b31adb613ffc72ff6af65febb910
dba549806a1520bcb08d52f883e3b2efadef3b21a5f49367e91dee8c70745eca
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/sport_logo.png HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
Cookie: theme=desktop
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Wed, 07 Dec 2022 15:59:23 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c6e417896e533914bd9baf1b58cc8465
e4d2f1b78f9ebd1ecb7b7ac827a399dfdffea455
21b0ea689a73d8b75ca7b6e26e887bd0cbf4ac6f1477ca3b0cdb528287f86c68
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3796
Cache-Control: max-age=165192
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:24 GMT
Etag: "63908bd0-1d7"
Expires: Fri, 09 Dec 2022 13:52:36 GMT
Last-Modified: Wed, 07 Dec 2022 12:49:20 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash a6fe877db064e1fcaef1740cc1c2fd75
ca27e395d7988fafddd0b3a844d4d7e5caa778fc
f543ac61f8726222351bf9bf2ce75e0de6dc350b88707296e6b7efbabe865654
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 15:59:24 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Sun, 11 Dec 2022 14:52:31 GMT
ETag: "ca27e395d7988fafddd0b3a844d4d7e5caa778fc"
Last-Modified: Wed, 07 Dec 2022 14:52:32 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1781
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775e77e07e450b49-OSL
connect.facebook.net/en_US/fbevents.js
157.240.247.8200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.247.8:0
File type ASCII text, with very long lines (64348)
Hash 44ecaa3c2a4929a40141edc4540aaf84
f29a573182333b2500d41bfc389d6c5232dfb348
6589fe14578dedd4df678a909afadd7e5bc7f57c7e3e24518a7f5faac7383396
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: wJKV2NuTRSBlSnhbh9ihQV9ZqHURKCQx0g5NxarEKJxRro2XZKhjc8Z4qoca4nehzHQm3bl4U6s734XnMX9fkQ==
content-length: 27340
x-fb-trip-id: 1679558926
date: Wed, 07 Dec 2022 15:59:24 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c6e417896e533914bd9baf1b58cc8465
e4d2f1b78f9ebd1ecb7b7ac827a399dfdffea455
21b0ea689a73d8b75ca7b6e26e887bd0cbf4ac6f1477ca3b0cdb528287f86c68
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3796
Cache-Control: max-age=165192
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:24 GMT
Etag: "63908bd0-1d7"
Expires: Fri, 09 Dec 2022 13:52:36 GMT
Last-Modified: Wed, 07 Dec 2022 12:49:20 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.38.139.17101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.38.139.17:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 7dawohDILi6HRzHIb+DpWA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: USIkseozqr0zVSHcickilPsuBQ4=
mc.yandex.ru/metrika/tag.js
87.250.250.119200 OK 73 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.250.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (586)
Hash ca660dd755c277ee54a1afa1a7b12570
54423b26ea7980e671f22a35cd949c8d1a8b1300
3291d6ec84cd4fc3d2e97998ff04aa2c54b39941079547d2d825b33c2f4169b8
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73234
date: Wed, 07 Dec 2022 15:59:24 GMT
access-control-allow-origin: *
etag: "638eb36c-11e12"
expires: Wed, 07 Dec 2022 16:59:24 GMT
last-modified: Tue, 06 Dec 2022 06:13:48 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 9084a518c70ad57bb3226fb519b648fd
79348ebe6f5900a035d4d65e08a7409fd9708f15
f0c6b0f66c31aa7cb2d2808eb4c04c3681d48e731efc8cbba0f3fef1d218ce7b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
3rt7sgssxw0yj8wmst.com/connection/websocket
18.184.136.169101 Switching Protocols 0 B URL HTTP/1.1 3rt7sgssxw0yj8wmst.com/connection/websocket
IP 18.184.136.169:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /connection/websocket HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://3rt7sgssxw0yj8wmst.com
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ul4r5Til/j4nQa2Yke8cfQ==
Connection: keep-alive, Upgrade
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670428763.1.0.1670428763.0.0.0; _ga=GA1.2.630756433.1670428764; _gid=GA1.2.803735565.1670428764; _gaclientid=630756433.1670428764; _gasessionid=20221207|01422005; _gahitid=1670428763833; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=9fb129pftfoe97j657oe3i9hv6; lunetics_locale=az; tz=Europe%2FOslo
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Server: nginx
Date: Wed, 07 Dec 2022 15:59:24 GMT
Connection: upgrade
upgrade: websocket
sec-websocket-accept: A8tk+v9qqybULWMSV2p1IHhRKhM=
www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
216.58.207.228200 OK 578 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
IP 216.58.207.228:0
File type ASCII text, with very long lines (909), with no line terminators
Hash 3e76aebafdd4150fa61a56cdc3f82f57
49417a42da96934c362d8cb10a54c163d5acfa86
c90ef1d881a67c453f7f446700ace6cb440f23a7cc4534151c5ed07556353324
GET /recaptcha/api.js?onload=onloadcallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Wed, 07 Dec 2022 15:59:24 GMT
date: Wed, 07 Dec 2022 15:59:24 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 578
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash cd6dabd083ee1c237c8ea3ba38cc48d5
bbe4420bf1c0fe0d5621336865563418d2f16f39
c9314cdac13bc2ea94505f473538ab4d5c0a940dfbc2f5447e6f22a5af580572
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e459fee4f1e0a0e3315dc947b2f95a8e
8b5fcbfc70c6105a5ed7bdbea92f124e78f7d15e
a49ee46e1c6cb3c68c2953fd3ed5ba46dbf0304f16d4cec969b8f6c02ecd60e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A49EE46E1C6CB3C68C2953FD3ED5BA46DBF0304F16D4CEC969B8F6C02ECD60E5"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18178
Expires: Wed, 07 Dec 2022 21:02:22 GMT
Date: Wed, 07 Dec 2022 15:59:24 GMT
Connection: keep-alive
3rt7sgssxw0yj8wmst.com/api/v1/logo
18.184.136.169200 OK 634 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/logo
IP 18.184.136.169:0
Hash d3cd9697609b7df8d4e12eee8ee5fa45
fe406011a0a965797fa43fa815cfeb35fd452a80
cc541e0c120690826a2222f8902a5757b7e240fa46fed7bd92c3108dc0f8d61b
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/logo HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670428763.1.0.1670428763.0.0.0; _ga=GA1.2.630756433.1670428764; _gid=GA1.2.803735565.1670428764; _gaclientid=630756433.1670428764; _gasessionid=20221207|01422005; _gahitid=1670428763833; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:24 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"9fae6e123baa3436bdbe37f62d18440c"
x-request-id: 2b5c3c0b8012c6a5431ea4c0c548a94c
vary: Accept-Encoding, Accept-Language
expires: Wed, 07 Dec 2022 15:59:24 GMT
set-cookie: PHPSESSID=1grm6il565eg42a2edphqvqmfv; expires=Fri, 06-Jan-2023 15:59:24 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=az; expires=Thu, 08-Dec-2022 15:59:24 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Wed, 14-Dec-2022 15:59:24 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 7f630f613ae6f85822c64c48ae411d39
4e75405abcbc88ccfde5787e3a1adda16ad509a7
1b839a6fe226bc03a4fd32d704e95c2b5620785785291e1751e5079119e22ccd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1B839A6FE226BC03A4FD32D704E95C2B5620785785291E1751E5079119E22CCD"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9650
Expires: Wed, 07 Dec 2022 18:40:14 GMT
Date: Wed, 07 Dec 2022 15:59:24 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash e459fee4f1e0a0e3315dc947b2f95a8e
8b5fcbfc70c6105a5ed7bdbea92f124e78f7d15e
a49ee46e1c6cb3c68c2953fd3ed5ba46dbf0304f16d4cec969b8f6c02ecd60e5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A49EE46E1C6CB3C68C2953FD3ED5BA46DBF0304F16D4CEC969B8F6C02ECD60E5"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16260
Expires: Wed, 07 Dec 2022 20:30:24 GMT
Date: Wed, 07 Dec 2022 15:59:24 GMT
Connection: keep-alive
3rt7sgssxw0yj8wmst.com/api/v1/websocket/credentials
18.184.136.169200 OK 240 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/websocket/credentials
IP 18.184.136.169:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 8eede33aaaef97cfc9ad2336d31d7523
740fe5504ad989e542907dea2497cfdf5cee3200
63d92fcad1a4ccf929b8287e7026d03f500377de5efece29613af43a36a427f3
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/websocket/credentials HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670428763.1.0.1670428763.0.0.0; _ga=GA1.1.630756433.1670428764
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:24 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 8b2561af5182dc24ccd96081ede66f8a
vary: Accept-Encoding, Accept-Language
expires: Wed, 07 Dec 2022 15:59:24 GMT
set-cookie: PHPSESSID=crsi5v32jvcmop54nuftpph1de; expires=Fri, 06-Jan-2023 15:59:24 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=az; expires=Thu, 08-Dec-2022 15:59:24 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Wed, 14-Dec-2022 15:59:24 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=wutzz44wj49ek6e84uh4n
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=wutzz44wj49ek6e84uh4n
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/test_cookie_set?testcookie=wutzz44wj49ek6e84uh4n HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://3rt7sgssxw0yj8wmst.com/
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: ef946780eae54435a6eeb14918873a74
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Wed, 07 Dec 2022 15:59:24 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/currency-specific-settings/AZN.json
18.184.136.169200 OK 261 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/currency-specific-settings/AZN.json
IP 18.184.136.169:0
Hash 85fa53ee6162d3a622f6423307254f3b
17320c490594c674d5495a0ce3487281be32fdb2
c8c0e0639469bc8e193504f4ec8e54a62f00a5bb5ea122ce347c87d7499e3190
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currency-specific-settings/AZN.json HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670428763.1.0.1670428763.0.0.0; _ga=GA1.2.630756433.1670428764; _gid=GA1.2.803735565.1670428764; _gaclientid=630756433.1670428764; _gasessionid=20221207|01422005; _gahitid=1670428763833; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=j665hnbgpc71lenv2a8nfh09nv; lunetics_locale=az; tz=Europe%2FOslo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:24 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 14 Dec 2022 15:59:24 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=1734869564&cid=630756433.1670428764&ul=en-us&sr=1280x1024&_s=1&sid=1670428763&sct=1&seg=0&dl=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&dt=&en=page_view&_fv=2&_nsi=1&_ss=1
216.239.32.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=1734869564&cid=630756433.1670428764&ul=en-us&sr=1280x1024&_s=1&sid=1670428763&sct=1&seg=0&dl=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&dt=&en=page_view&_fv=2&_nsi=1&_ss=1
IP 216.239.32.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-9Q6VE8VYRH>m=2oebu0&_p=1734869564&cid=630756433.1670428764&ul=en-us&sr=1280x1024&_s=1&sid=1670428763&sct=1&seg=0&dl=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&dt=&en=page_view&_fv=2&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
date: Wed, 07 Dec 2022 15:59:24 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=c34apjnhupn2mzxqoflt
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=c34apjnhupn2mzxqoflt
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=c34apjnhupn2mzxqoflt HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 4a2a904251f24a998f4595ff91f6bd39
set-cookie: test_cooke_c34apjnhupn2mzxqoflt=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Wed, 07 Dec 2022 15:59:24 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_set?testcookie=wutzz44wj49ek6e84uh4n
185.26.99.196200 OK 10 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_set?testcookie=wutzz44wj49ek6e84uh4n
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f7f86d583c92292a7025fc1f25657a1f
92659f2f702a5b18d44a58055c6cd77173630ae2
3b9de8f3bb4d65ebe964703b38c9ce2f3b40a58b33484e6eed8f92bbd5f10a4f
GET /multiauth/test_cookie_set?testcookie=wutzz44wj49ek6e84uh4n HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 6cb7e7c6ddd5406a84fcc127c135f739
set-cookie: test_cooke_wutzz44wj49ek6e84uh4n=1; Max-Age=3600; SameSite=None; Secure
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 10
date: Wed, 07 Dec 2022 15:59:24 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/favicon.ico
18.184.136.169200 OK 16 kB URL HTTP/2 3rt7sgssxw0yj8wmst.com/favicon.ico
IP 18.184.136.169:0
Hash 7df92e339d9b73cee4d85f35ed51dbc9
8d15d76c6e3e448e9ceabd2b798ab48093b19127
472a88f2d0c3b94067cde301dde1142ba310714789b3d58f693a6dec23e48dba
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670428763.1.0.1670428763.0.0.0; _ga=GA1.1.630756433.1670428764
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:23 GMT
content-type: image/x-icon
last-modified: Tue, 06 Dec 2022 12:23:40 GMT
vary: Accept-Encoding
etag: W/"638f344c-1536"
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 07 Dec 2022 15:59:24 GMT
access-control-allow-origin: *
etag: "638eb36c-2b"
expires: Wed, 07 Dec 2022 16:59:24 GMT
accept-ranges: bytes
last-modified: Tue, 06 Dec 2022 06:13:48 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash ec6ece82a7cb8faa3ba171efae3a9eda
7ee75fba9a9d1078960f7834d71961c38f514b82
301d0c4d73b444369e488ee4f78b3a994a9168ec6c6d46cd7f3448722a841a2e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
216.58.211.3200 OK 163 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js
IP 216.58.211.3:0
File type ASCII text, with very long lines (730)
Size 163 kB (162976 bytes)
Hash 79d18cf4265108d7cecca1bf4ada6109
e51d0285a545381d4c39e9e0292a650ffeeecbb9
59ce7253f371df0833c3f72d4748ef812002b90a49413c56d0ca7c40bb5a0ab6
GET /recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 162976
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 13:40:02 GMT
expires: Thu, 07 Dec 2023 13:40:02 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 14 Nov 2022 03:01:59 GMT
content-type: text/javascript
age: 8362
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 24 kB IP 216.58.211.3:0
Hash 2eaf5ef20c96d1e2aaf39f95920e91ed
1b333eb4c7f0c78421e0310340478802bfb59c41
e990be84be039ef9a4f907c4357499b746d8c399c8a838dd4970062496567f84
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:24 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 3074a66f6d9b2e2af9b41ec0e2f4e2db
942e2c49b3848f11da966937f5914c62aed24bce
7c3b21b91aab06aff58cc56ce4b7273a7d320df8b0b4ad685c660e03ba0b72aa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
3rt7sgssxw0yj8wmst.com/api/v1/footer_links
18.184.136.169200 OK 201 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/footer_links
IP 18.184.136.169:0
Hash b3b6840320a9abf439f28b2836082673
0afedb39e461007cb994adc98a2f24e09887b769
afe8b7cfb3bfb6f74e9a8301ae0e2cc37a21a60f439e16d41483ae8c85f71f2d
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/footer_links HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670428763.1.0.1670428763.0.0.0; _ga=GA1.2.630756433.1670428764; _gid=GA1.2.803735565.1670428764; _gaclientid=630756433.1670428764; _gasessionid=20221207|01422005; _gahitid=1670428763833; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=1grm6il565eg42a2edphqvqmfv; lunetics_locale=az; tz=Europe%2FOslo; _ym_uid=1670428764298854273; _ym_d=1670428764
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:24 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: ead27bfb88d6047e3cfb3002e1442064
vary: Accept-Encoding, Accept-Language
expires: Wed, 07 Dec 2022 15:59:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 48a240a70786ef0cb550581dfce3c046
7707eef72d75a5c5ef4ccbf8694c9cd8b7a6892c
22b20dafc0eb64bf31dc0b09ac9d09adff5d4288590f98b70be4fb12f4700fc9
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 768
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Wed, 07 Dec 2022 15:59:25 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7006286046388289537; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 6
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.41200 OK 63 kB IP 192.124.249.41:0
Hash 11a9a1d03d2b7c9f9c79c8ad2166b900
46b6dfff02cc1b3ee0068b4e6ce25382722d5335
73904e84f80e97337cde474d526381beddda4f777332dc93846dc0f61eaeae87
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 07 Dec 2022 15:59:24 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19041
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 06 Dec 2022 20:28:28 GMT
Expires: Wed, 07 Dec 2022 20:28:28 GMT
ETag: "6f93264ae9291b95603cba1f349aabe83fc53bbe"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
mc.yandex.ru/watch/37954615/1?wmode=7&page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynzjpe2ysmhyiw5vig54s%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A803427655864%3Ahid%3A228624037%3Az%3A0%3Ai%3A20221207155924%3Aet%3A1670428764%3Ac%3A1%3Arn%3A220337686%3Arqn%3A1%3Au%3A1670428764298854273%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C231%2C35%2C0%2C323%2C0%2C%2C454%2C1%2C%2C%2C%2C1063%3Aco%3A0%3Ans%3A1670428762473%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670428764%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
87.250.250.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?wmode=7&page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynzjpe2ysmhyiw5vig54s%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A803427655864%3Ahid%3A228624037%3Az%3A0%3Ai%3A20221207155924%3Aet%3A1670428764%3Ac%3A1%3Arn%3A220337686%3Arqn%3A1%3Au%3A1670428764298854273%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C231%2C35%2C0%2C323%2C0%2C%2C454%2C1%2C%2C%2C%2C1063%3Aco%3A0%3Ans%3A1670428762473%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670428764%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 744ce9b40646fe112ebe03022d30003d
d0d0290de35ffa134cf9ee1d5045dd614b609538
592cbbe60e2e0bd3c35c2313f6548ee7bb58bda93371dd3935a28b022e96f159
GET /watch/37954615/1?wmode=7&page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynzjpe2ysmhyiw5vig54s%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A803427655864%3Ahid%3A228624037%3Az%3A0%3Ai%3A20221207155924%3Aet%3A1670428764%3Ac%3A1%3Arn%3A220337686%3Arqn%3A1%3Au%3A1670428764298854273%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C231%2C35%2C0%2C323%2C0%2C%2C454%2C1%2C%2C%2C%2C1063%3Aco%3A0%3Ans%3A1670428762473%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670428764%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3rt7sgssxw0yj8wmst.com
Referer: https://3rt7sgssxw0yj8wmst.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Wed, 07 Dec 2022 15:59:25 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 07-Dec-2022 15:59:25 GMT
last-modified: Wed, 07-Dec-2022 15:59:25 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
code.jivosite.com/widget/l6Xq8In3Ej
92.223.124.24200 OK 5.9 kB URL HTTP/2 code.jivosite.com/widget/l6Xq8In3Ej
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (17132), with no line terminators
Hash f88bf78ceff3088d5b4f809243458aba
6794345bcc1b8c8fe5e0260fef772a20f9d85bc1
3c0287f6671fdb5e77a5947ff94af0f95e3c9984195d2e0d2dbe95345a403eaa
GET /widget/l6Xq8In3Ej HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:25 GMT
content-type: application/javascript
content-length: 5938
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: br
etag: "63904393-1732"
expires: Wed, 07 Dec 2022 15:59:55 GMT
last-modified: Wed, 07 Dec 2022 07:41:07 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-07T13:59:55+00:00
x-id: fr5-up-gc15
accept-ranges: bytes
X-Firefox-Spdy: h2
www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&rl=&if=false&ts=1670428764619&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670428764617.2073567723&it=1670428763937&coo=false&rqm=GET
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&rl=&if=false&ts=1670428764619&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670428764617.2073567723&it=1670428763937&coo=false&rqm=GET
IP 31.13.72.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=2109311049329438&ev=PageView&dl=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&rl=&if=false&ts=1670428764619&sw=1280&sh=1024&v=2.9.89&r=stable&a=tmgoogletagmanager&ec=0&o=30&fbp=fb.1.1670428764617.2073567723&it=1670428763937&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Wed, 07 Dec 2022 15:59:25 GMT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:56 GMT
expires: Thu, 30 Nov 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 591929
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=c34apjnhupn2mzxqoflt
185.26.99.196200 OK 14 kB URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=c34apjnhupn2mzxqoflt
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash e067e5bf805c35f49185f079b928a53d
4fe5bd35556564c6388777647be930e34a36bd7d
1690d3a730c4295e01e92fcef5c85fb7d9fb80387ac9f3749e6ff632c7262420
OPTIONS /multiauth/test_cookie_get?testcookie=c34apjnhupn2mzxqoflt HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://3rt7sgssxw0yj8wmst.com/
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: d906b91501a745168ab1f72e1a732dc6
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Wed, 07 Dec 2022 15:59:24 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynzjpe2ysmhyiw5vig54s%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A803427655864%3Ahid%3A228624037%3Az%3A0%3Ai%3A20221207155924%3Aet%3A1670428764%3Ac%3A1%3Arn%3A220337686%3Arqn%3A1%3Au%3A1670428764298854273%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C231%2C35%2C0%2C323%2C0%2C%2C454%2C1%2C%2C%2C%2C1063%3Aco%3A0%3Ans%3A1670428762473%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670428764%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
87.250.250.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/37954615?wmode=7&page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynzjpe2ysmhyiw5vig54s%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A803427655864%3Ahid%3A228624037%3Az%3A0%3Ai%3A20221207155924%3Aet%3A1670428764%3Ac%3A1%3Arn%3A220337686%3Arqn%3A1%3Au%3A1670428764298854273%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C231%2C35%2C0%2C323%2C0%2C%2C454%2C1%2C%2C%2C%2C1063%3Aco%3A0%3Ans%3A1670428762473%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670428764%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2)
IP 87.250.250.119:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch/37954615?wmode=7&page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynzjpe2ysmhyiw5vig54s%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A803427655864%3Ahid%3A228624037%3Az%3A0%3Ai%3A20221207155924%3Aet%3A1670428764%3Ac%3A1%3Arn%3A220337686%3Arqn%3A1%3Au%3A1670428764298854273%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C231%2C35%2C0%2C323%2C0%2C%2C454%2C1%2C%2C%2C%2C1063%3Aco%3A0%3Ans%3A1670428762473%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670428764%3At%3Amostbet_title&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/37954615/1?wmode=7&page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&charset=utf-8&browser-info=pv%3A1%3Avf%3Aynzjpe2ysmhyiw5vig54s%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A803427655864%3Ahid%3A228624037%3Az%3A0%3Ai%3A20221207155924%3Aet%3A1670428764%3Ac%3A1%3Arn%3A220337686%3Arqn%3A1%3Au%3A1670428764298854273%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Ads%3A0%2C231%2C35%2C0%2C323%2C0%2C%2C454%2C1%2C%2C%2C%2C1063%3Aco%3A0%3Ans%3A1670428762473%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1670428764%3At%3Amostbet_title&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29ti%282%29
date: Wed, 07 Dec 2022 15:59:24 GMT
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
set-cookie: yabs-sid=746419251670428764; Path=/; SameSite=None; Secure
i=s4SU1pKmy7CJae4fh1Rn06+BV92qAMTvdom01/rSKJG9ZVXdFX+TWk4kYiIv+rYt7iBvxzXHYVZu2nDipWd/pKSeJwY=; Expires=Sat, 04-Dec-2032 15:59:24 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
yandexuid=8191712251670428764; Expires=Thu, 07-Dec-2023 15:59:24 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=8191712251670428764; Expires=Thu, 07-Dec-2023 15:59:24 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
ymex=1701964764.yc.1670428764#1701964764.yrts.1670428764#1701964764.yrtsi.1670428764; Expires=Thu, 07-Dec-2023 15:59:24 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 07-Dec-2022 15:59:24 GMT
last-modified: Wed, 07-Dec-2022 15:59:24 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=c34apjnhupn2mzxqoflt
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=c34apjnhupn2mzxqoflt
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash caf33483167cc6a28994a501b478f8df
8b80faf52bdfda242a8a7c2d2cff45a26c43d031
070bf1d4556043cf533cca3e374c72481fb31525f9254c46a37031fb35f69f0e
GET /multiauth/test_cookie_get?testcookie=c34apjnhupn2mzxqoflt HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Cookie: test_cooke_c34apjnhupn2mzxqoflt=1; test_cooke_wutzz44wj49ek6e84uh4n=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 32bc501d80e744059309a1075fe4a528
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Wed, 07 Dec 2022 15:59:24 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mostauthor.com/multiauth/test_cookie_get?testcookie=wutzz44wj49ek6e84uh4n
185.26.99.196200 OK 21 B URL HTTP/2 mostauthor.com/multiauth/test_cookie_get?testcookie=wutzz44wj49ek6e84uh4n
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash caf33483167cc6a28994a501b478f8df
8b80faf52bdfda242a8a7c2d2cff45a26c43d031
070bf1d4556043cf533cca3e374c72481fb31525f9254c46a37031fb35f69f0e
GET /multiauth/test_cookie_get?testcookie=wutzz44wj49ek6e84uh4n HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Cookie: test_cooke_c34apjnhupn2mzxqoflt=1; test_cooke_wutzz44wj49ek6e84uh4n=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: b597db15b5f34341aa510307a1738b68
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 21
date: Wed, 07 Dec 2022 15:59:24 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7490
Expires: Wed, 07 Dec 2022 18:04:15 GMT
Date: Wed, 07 Dec 2022 15:59:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7490
Expires: Wed, 07 Dec 2022 18:04:15 GMT
Date: Wed, 07 Dec 2022 15:59:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7490
Expires: Wed, 07 Dec 2022 18:04:15 GMT
Date: Wed, 07 Dec 2022 15:59:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7490
Expires: Wed, 07 Dec 2022 18:04:15 GMT
Date: Wed, 07 Dec 2022 15:59:25 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 1ab1615b2c8cc26b12fc0cf41734ff07
a7d54b3709ce75a20210e20013e6f06b0aa88e2d
22b22118173565879d7c4a2d54a3546aeab6a4a30e69268b294a98019fbd6ba1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "22B22118173565879D7C4A2D54A3546AEAB6A4A30E69268B294A98019FBD6BA1"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7490
Expires: Wed, 07 Dec 2022 18:04:15 GMT
Date: Wed, 07 Dec 2022 15:59:25 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F079bc299-d390-4250-a91a-db3c535c9ca3.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F079bc299-d390-4250-a91a-db3c535c9ca3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 98d2cf29c710d25bd2f03ff216fdd369
b8eb2e11f9655f19334befc036f21489a6473827
614c9b4a7ace908c1ef807964709cb292b33b48ce1d81ccbd2959c2c0ee156ac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F079bc299-d390-4250-a91a-db3c535c9ca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8351
x-amzn-requestid: 607d07ab-6833-4001-82ed-699ea91f84c9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlitFk9oAMFakQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb611-3e5f14f833b332647ef7358d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:37:21 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0w5Usq-LJMNHxw9UrwUqSslSVROXVHTmY_UhSHNaGh4k4xqh-FSa0A==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:57:19 GMT
etag: "b8eb2e11f9655f19334befc036f21489a6473827"
content-type: image/jpeg
age: 64926
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
34.120.237.76200 OK 27 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg
IP 34.120.237.76:0
Hash ba09709e150bf15e453f61639c40c93c
18a7cd0543169f5e64c4dba5298c1f9a64109f3b
c903cc376c1627d77f24cc685602a5a0ec62ff5a7892be936218e5be742f0cff
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F962c65f4-b402-46b4-83ba-50f3159341f2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11224
x-amzn-requestid: 938de0b8-1055-4416-9ad7-162ab5f4db9f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: csUINEwdoAMFuOw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638e6701-38b079ef341bb17e567de773;Sampled=0
x-amzn-remapped-date: Mon, 05 Dec 2022 21:47:45 GMT
x-amz-cf-pop: YVR50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tGtiCE9C3j0BUruNaFN2j1mKxCSouLmocmTXpmLMBJaLNyVwkXu1gQ==
via: 1.1 f0ac467993db44dbfc36b778dfcaf73c.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 20:49:34 GMT
age: 68991
etag: "36082b7329d473829178f280cb71a83b1531e486"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 210b27f5f6310d8fad640acce3d9ae0e
08d241e56622cb900754d95bc5d58ed8826d9f32
64410e13759cdfa24976dcba0c64aca27edc3ee56358f344e55f60793422e3ea
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fffe93cbd-4506-4ab1-b0ea-94eabecae7b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6557
x-amzn-requestid: 0232ddcd-8274-431e-a55e-8298fbfd6dfc
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cmcuMG6bIAMFUng=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c0e5a-3cc17121425f87321ce7ae7e;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 03:04:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: va_vly0iX6rzm_aTWrryPRjoTWlI-_0m6rpS6VrTx-nsd71dk1cSZw==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 08:32:51 GMT
age: 26794
etag: "08d241e56622cb900754d95bc5d58ed8826d9f32"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22142ca2-85b4-47d4-8eaa-fcf2823b2c28.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22142ca2-85b4-47d4-8eaa-fcf2823b2c28.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e95ebce9d79ba46cb96af9a45af1762f
985c6761675e6bcc0186f64d55f94cf09352f05c
5837d6bf31e57f955ba2577f112281cc33a5502b358c83192f4e396b57042ac0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22142ca2-85b4-47d4-8eaa-fcf2823b2c28.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8438
x-amzn-requestid: 0f5d1b0e-1193-4006-8a54-555681d9f62e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cvlqVGMjoAMFS6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638fb641-6366ea6464122d857407cdff;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 21:38:09 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nm0qQpo75zvDYWxv8V3GvOSBFenh8ocfjV9d02Mc2l-ABieIb3h2uA==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 21:53:40 GMT
age: 65145
etag: "985c6761675e6bcc0186f64d55f94cf09352f05c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg
34.120.237.76200 OK 6.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a7ee62c5e846e8ad4808f4724f15146d
6d55b299f906908309f91eaf0a720ad65866db04
0d8f51d6f7f3bad4bb9d9c3000999739147f6dd718b290b0dca71a4cba85cb38
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80a12c85-454b-4e03-bf75-3fa8228659c0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6846
x-amzn-requestid: 53452103-6559-460c-ac40-4685e6816aa4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGx4E-mIAMFatg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a5-5327ec9a2f247cc91654df80;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:01 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: fo3lMa6shsclTxMwkqU7b-FdfADL1J2vHt8BNpEImo0gsmmI01BNTQ==
via: 1.1 030fe0607711293dda988e571617a9f2.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 07 Dec 2022 06:31:28 GMT
age: 34077
etag: "6d55b299f906908309f91eaf0a720ad65866db04"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
34.120.237.76200 OK 8.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 604a4132da78a0c013b5818644adb121
ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566
eecab519c33596c67f2d2021dfd1af24e7fd8f2ed403f99b4ba0c265c08a259f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F51c41646-4c8f-4a18-bf60-2b67be5db8d0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8701
x-amzn-requestid: 653284c3-ee7f-45f1-9513-3a6c81e1d6e3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cm3-2HRWIAMFjfg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638c39f8-6f8969a26787a9463ba6c2ec;Sampled=0
x-amzn-remapped-date: Sun, 04 Dec 2022 06:11:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: cmRvAOLmk_xZC4RKdin-lozUNeK9-icqkzsQmSjP9scXnnCLxkvJ5A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 22:01:53 GMT
age: 64652
etag: "ddf982c6ff7a0d8e5376c119b6642fe7e0ba8566"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash f75333eb2258449fe6c6c250df565358
ba581933d3df8fce436a4c092adba77ce271cd7f
47e2697a0cc7c3bef13aeee9442336ee9a49164deee33e6f645d37b1d24d2f47
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 836
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Wed, 07 Dec 2022 15:59:25 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7006286046388289537; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 1
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 6d7737802f93eeb14503d61c77c137bc
fa6861c298d00f879b9f16af4f05470cecfc80af
6b1b9763bcfaeb92a63ad6020651b3745e8279c634eb3505fc9fa875e772af42
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 1e181f9ed09fb72bf80535f26ad7b91a
df966a15abb5b870e71527d73592f7d977011eb2
741e73d12b0fa5e76d9b4a78e8e70dbe307e059a0018aca245da0db44c5a5958
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=630756433.1670428764&jid=813448947&uid=0&gjid=1037942254&_gid=803735565.1670428764&_u=YADAAEABAAAAACAEK~&z=399069249
108.177.14.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=630756433.1670428764&jid=813448947&uid=0&gjid=1037942254&_gid=803735565.1670428764&_u=YADAAEABAAAAACAEK~&z=399069249
IP 108.177.14.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=630756433.1670428764&jid=813448947&uid=0&gjid=1037942254&_gid=803735565.1670428764&_u=YADAAEABAAAAACAEK~&z=399069249 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 07 Dec 2022 15:59:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mostauthor.com/multiauth/ping
185.26.99.196200 OK 0 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-client-device-id,x-client-name,x-client-session,x-client-version,x-multiauth-version,x-requested-with
Referer: https://3rt7sgssxw0yj8wmst.com/
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: 9a7fc1f8a9af48aeb4de25b715183656
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
allow: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-length: 0
date: Wed, 07 Dec 2022 15:59:25 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=630756433.1670428764&jid=218803844&uid=0&gjid=1125156957&_gid=803735565.1670428764&_u=YADAAEAAAAAAACAEK~&z=1929352441
108.177.14.157200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=630756433.1670428764&jid=218803844&uid=0&gjid=1125156957&_gid=803735565.1670428764&_u=YADAAEAAAAAAACAEK~&z=1929352441
IP 108.177.14.157:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-79409907-1&cid=630756433.1670428764&jid=218803844&uid=0&gjid=1125156957&_gid=803735565.1670428764&_u=YADAAEAAAAAAACAEK~&z=1929352441 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Wed, 07 Dec 2022 15:59:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mostauthor.com/multiauth/ping
185.26.99.196401 Unauthorized 35 B URL HTTP/2 mostauthor.com/multiauth/ping
IP 185.26.99.196:0
ASN #44066 diva-e Datacenters GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash 56b7d88043e39baac118df00136b37fc
1a608988268ae1a633c14731692c9b7e2fc3fbb1
a18f5f834edec23ed17aa059a0eff28fe03ee6f2ecf37c596efe0b5f7cba3e3e
GET /multiauth/ping HTTP/1.1
Host: mostauthor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
X-Multiauth-Version: authy
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Cookie: test_cooke_c34apjnhupn2mzxqoflt=1; test_cooke_wutzz44wj49ek6e84uh4n=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 401 Unauthorized
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
access-control-allow-headers: authorization,x-client-device-id,x-client-name,content-type,x-client-session,x-client-version,x-requested-with,x-multiauth-version,x-multiauth-logout-reason,x-multiauth-disabled-reason,x-client-platform
access-control-max-age: 600
x-session-fingerprint: f4606d0655554bf39b530850a8d37e69
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
content-type: application/json
content-length: 35
date: Wed, 07 Dec 2022 15:59:25 GMT
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 1e181f9ed09fb72bf80535f26ad7b91a
df966a15abb5b870e71527d73592f7d977011eb2
741e73d12b0fa5e76d9b4a78e8e70dbe307e059a0018aca245da0db44c5a5958
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
node-sber1-az1-6.jivosite.com/widget/status/561276/l6Xq8In3Ej?rnd=0.4467381004396145
188.72.107.240200 OK 734 B URL HTTP/2 node-sber1-az1-6.jivosite.com/widget/status/561276/l6Xq8In3Ej?rnd=0.4467381004396145
IP 188.72.107.240:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (710), with no line terminators
Hash fa258743027c9279fc0d6ed0329d166c
f5af08304957eb32fad0b3a2c3059a7d53f82b8c
83929366cf86dfa3dbff5945b11a2cc34b65f6c6c393e4911fceab4c4a60c99c
GET /widget/status/561276/l6Xq8In3Ej?rnd=0.4467381004396145 HTTP/1.1
Host: node-sber1-az1-6.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-max-age: 1728000
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-expose-headers: X-Geoip, X-Botmode
cache-control: no-cache, no-store, must-revalidate
content-security-policy: frame-ancestors 'none';
content-type: application/json; charset=utf-8
pragma: no-cache
server: foxy/2.0.1
x-botmode: no
x-frame-options: DENY
x-geoip: NO;03;Oslo (Alna District)
content-length: 734
date: Wed, 07 Dec 2022 15:59:25 GMT
X-Firefox-Spdy: h2
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
142.250.74.35200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 06:30:11 GMT
expires: Sat, 02 Dec 2023 06:30:11 GMT
cache-control: public, max-age=31536000
age: 466154
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 0fa282ae07239f0cf04503485877d681
631aa2fff49d29c46341db6540d25917b3626ef5
9020928ea0c9addf3e0a04d78db4158b54b4f29577785b5adb4cf7f2949ced17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 0fa282ae07239f0cf04503485877d681
631aa2fff49d29c46341db6540d25917b3626ef5
9020928ea0c9addf3e0a04d78db4158b54b4f29577785b5adb4cf7f2949ced17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=630756433.1670428764&jid=813448947&_u=YADAAEABAAAAACAEK~&z=1924578720
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=630756433.1670428764&jid=813448947&_u=YADAAEABAAAAACAEK~&z=1924578720
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=630756433.1670428764&jid=813448947&_u=YADAAEABAAAAACAEK~&z=1924578720 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 15:59:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=630756433.1670428764&jid=218803844&_u=YADAAEAAAAAAACAEK~&z=2122657361
142.250.74.163200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=630756433.1670428764&jid=218803844&_u=YADAAEAAAAAAACAEK~&z=2122657361
IP 142.250.74.163:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-79409907-1&cid=630756433.1670428764&jid=218803844&_u=YADAAEAAAAAAACAEK~&z=2122657361 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Wed, 07 Dec 2022 15:59:25 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 0fa282ae07239f0cf04503485877d681
631aa2fff49d29c46341db6540d25917b3626ef5
9020928ea0c9addf3e0a04d78db4158b54b4f29577785b5adb4cf7f2949ced17
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 07 Dec 2022 15:59:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2
142.250.74.35200 OK 25 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 25036, version 1.0\012- data
Hash 9dd150fb7229e143e0f71ba1fe8c8f63
664abfc4941054600213dda51a3d6f0d05b3c312
cffe139366b3882387dddbd10d59e7d9aa29345793fdbf51ddde809ca6a0bec2
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 25036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 05:36:53 GMT
expires: Tue, 05 Dec 2023 05:36:53 GMT
cache-control: public, max-age=31536000
age: 210152
last-modified: Mon, 11 Jul 2022 18:59:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/auth/providers
18.184.136.169200 OK 24 kB URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/auth/providers
IP 18.184.136.169:0
File type JSON data\012- , ASCII text, with very long lines (39601)
Hash 4b1fb8de6e82d99272ee2c3d56d00007
9bb7184aa3e4c25bd015cf536799d46e08e5ebbf
8fa624093be0dd7b0b5b19ac448566c3e884ef6c75bb8faf901cf26a481fd573
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/auth/providers HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670428763.1.0.1670428764.0.0.0; _ga=GA1.2.630756433.1670428764; _gid=GA1.2.803735565.1670428764; _gaclientid=630756433.1670428764; _gasessionid=20221207|01422005; _gahitid=1670428763833; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=1grm6il565eg42a2edphqvqmfv; lunetics_locale=az; tz=Europe%2FOslo; _ym_uid=1670428764298854273; _ym_d=1670428764; _ym_isad=2; _fbp=fb.1.1670428764617.2073567723; rst-uid=7006286046388289537; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:25 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 2875a3c76c4c27cf8c01e0aa2ce7a78a
vary: Accept-Encoding, Accept-Language
expires: Wed, 07 Dec 2022 15:59:25 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/currencies.json
18.184.136.169200 OK 271 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/currencies.json
IP 18.184.136.169:0
Hash 54ab42f6ebcea11362558553a4fd6090
20c10e7799b3ea68fe9beb7ee983187b0c483a12
d6f2d4b10e706995aebad65d72f9c0ee3c39e86a6ce40461d60efe32a269687b
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/currencies.json HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670428763.1.0.1670428764.0.0.0; _ga=GA1.2.630756433.1670428764; _gid=GA1.2.803735565.1670428764; _gaclientid=630756433.1670428764; _gasessionid=20221207|01422005; _gahitid=1670428763833; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=1grm6il565eg42a2edphqvqmfv; lunetics_locale=az; tz=Europe%2FOslo; _ym_uid=1670428764298854273; _ym_d=1670428764; _ym_isad=2; _fbp=fb.1.1670428764617.2073567723; rst-uid=7006286046388289537; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:25 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 14 Dec 2022 15:59:25 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v2/translations?locales[]=az&domains[]=promo&domains[]=validators&fallback=1
18.184.136.169200 OK 269 kB URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v2/translations?locales[]=az&domains[]=promo&domains[]=validators&fallback=1
IP 18.184.136.169:0
Size 269 kB (269188 bytes)
Hash 2cd0cf84bf02b54dc705b4c97576fe75
a327c3f1fc28e3b2e09e684e5d958cb80fdc020b
a37d81d1b930b5eb31d2eeea626ef0bc67b08a4f75c03e8df848ac4724989479
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=az&domains[]=promo&domains[]=validators&fallback=1 HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
Connection: keep-alive
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670428763.1.0.1670428764.0.0.0; _ga=GA1.2.630756433.1670428764; _gid=GA1.2.803735565.1670428764; _gaclientid=630756433.1670428764; _gasessionid=20221207|01422005; _gahitid=1670428763833; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=1grm6il565eg42a2edphqvqmfv; lunetics_locale=az; tz=Europe%2FOslo; _ym_uid=1670428764298854273; _ym_d=1670428764; _ym_isad=2; _fbp=fb.1.1670428764617.2073567723; rst-uid=7006286046388289537
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:25 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 14 Dec 2022 15:59:25 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1670428765_79abdfb6ceae6dcbc33240b376951b6b1c55a3765b3538ab5ff127cac84d5810&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynzjpe2ysmhyiw5vig54s%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A803427655864%3Ahid%3A228624037%3Az%3A0%3Ai%3A20221207155924%3Aet%3A1670428765%3Ac%3A1%3Arn%3A929276019%3Arqn%3A3%3Au%3A1670428764298854273%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670428762473%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670428765&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_Agent%22%3A%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%5D%7D%7D
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1670428765_79abdfb6ceae6dcbc33240b376951b6b1c55a3765b3538ab5ff127cac84d5810&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynzjpe2ysmhyiw5vig54s%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A803427655864%3Ahid%3A228624037%3Az%3A0%3Ai%3A20221207155924%3Aet%3A1670428765%3Ac%3A1%3Arn%3A929276019%3Arqn%3A3%3Au%3A1670428764298854273%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670428762473%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670428765&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_Agent%22%3A%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%5D%7D%7D
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1670428765_79abdfb6ceae6dcbc33240b376951b6b1c55a3765b3538ab5ff127cac84d5810&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynzjpe2ysmhyiw5vig54s%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A803427655864%3Ahid%3A228624037%3Az%3A0%3Ai%3A20221207155924%3Aet%3A1670428765%3Ac%3A1%3Arn%3A929276019%3Arqn%3A3%3Au%3A1670428764298854273%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670428762473%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670428765&t=gdpr(14)mc(p-1)clc(0-0-0)rqnt(3)aw(1)ecs(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22User_Agent%22%3A%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%5D%7D%7D HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 07 Dec 2022 15:59:25 GMT
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 07-Dec-2022 15:59:25 GMT
last-modified: Wed, 07-Dec-2022 15:59:25 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1670428765_79abdfb6ceae6dcbc33240b376951b6b1c55a3765b3538ab5ff127cac84d5810&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynzjpe2ysmhyiw5vig54s%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A803427655864%3Ahid%3A228624037%3Az%3A0%3Ai%3A20221207155924%3Aet%3A1670428765%3Ac%3A1%3Arn%3A739476441%3Arqn%3A4%3Au%3A1670428764298854273%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670428762473%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670428765&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(4)aw(1)ecs(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Referrer%22%3A%5B%22%22%5D%7D%7D
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1670428765_79abdfb6ceae6dcbc33240b376951b6b1c55a3765b3538ab5ff127cac84d5810&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynzjpe2ysmhyiw5vig54s%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A803427655864%3Ahid%3A228624037%3Az%3A0%3Ai%3A20221207155924%3Aet%3A1670428765%3Ac%3A1%3Arn%3A739476441%3Arqn%3A4%3Au%3A1670428764298854273%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670428762473%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670428765&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(4)aw(1)ecs(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Referrer%22%3A%5B%22%22%5D%7D%7D
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /watch/37954615/1?page-url=https%3A%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&charset=utf-8&hittoken=1670428765_79abdfb6ceae6dcbc33240b376951b6b1c55a3765b3538ab5ff127cac84d5810&browser-info=pa%3A1%3Aar%3A1%3Avf%3Aynzjpe2ysmhyiw5vig54s%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A933%3Acn%3A1%3Adp%3A0%3Als%3A803427655864%3Ahid%3A228624037%3Az%3A0%3Ai%3A20221207155924%3Aet%3A1670428765%3Ac%3A1%3Arn%3A739476441%3Arqn%3A4%3Au%3A1670428764298854273%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Awv%3A2%3Aco%3A0%3Aeu%3A1%3Ans%3A1670428762473%3Aadb%3A2%3Arqnl%3A1%3Ast%3A1670428765&t=gdpr(14)mc(p-2)clc(0-0-0)rqnt(4)aw(1)ecs(1)ti(0)&force-urlencoded=1&site-info=%7B%22Additional_Data%22%3A%7B%22Referrer%22%3A%5B%22%22%5D%7D%7D HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 07 Dec 2022 15:59:25 GMT
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 07-Dec-2022 15:59:25 GMT
last-modified: Wed, 07-Dec-2022 15:59:25 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 21:48:03 GMT
expires: Fri, 01 Dec 2023 21:48:03 GMT
cache-control: public, max-age=31536000
age: 497483
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
142.250.74.35200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15340, version 1.0\012- data
Hash 19b7a0adfdd4f808b53af7e2ce2ad4e5
81d5d4c7b5035ad10cce63cf7100295e0c51fdda
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd
GET /s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15340
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Dec 2022 04:50:10 GMT
expires: Thu, 07 Dec 2023 04:50:10 GMT
cache-control: public, max-age=31536000
age: 40156
last-modified: Mon, 16 Oct 2017 17:33:16 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
142.250.74.35200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 11936, version 1.0\012- data
Hash 15d8ede0a816bc7a9838207747c6620c
f6e2e75f1277c66e282553ae6a22661e51f472b8
dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11936
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 09:38:03 GMT
expires: Sat, 02 Dec 2023 09:38:03 GMT
cache-control: public, max-age=31536000
age: 454883
last-modified: Mon, 16 Oct 2017 17:33:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Hash 285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 16:40:43 GMT
expires: Fri, 01 Dec 2023 16:40:43 GMT
cache-control: public, max-age=31536000
age: 515923
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
142.250.74.35200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 11804, version 1.0\012- data
Hash 16aedbf057fbb3da342211de2d071f11
fdee07631b40b264208caa8714faaa5b991d987b
7566a2f09ff8534334b7a44f72a1afaba6bdbb782209be8804636ee8b963c75f
GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11804
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 16:40:43 GMT
expires: Fri, 01 Dec 2023 16:40:43 GMT
cache-control: public, max-age=31536000
age: 515923
last-modified: Mon, 16 Oct 2017 17:32:58 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/favicon.png
18.184.136.169200 OK 2.8 kB URL HTTP/2 3rt7sgssxw0yj8wmst.com/favicon.png
IP 18.184.136.169:0
File type PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash f8cbfde8f3484f7a5f02189742f0f110
3eb0cec3e65d6cb0cc2744b5fa57ded1afb6e4d4
70504d4dc047aeac702b31e9290e9f5553e901d07d3844269cd966042988159a
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.png HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670428763.1.0.1670428764.0.0.0; _ga=GA1.2.630756433.1670428764; _gid=GA1.2.803735565.1670428764; _gaclientid=630756433.1670428764; _gasessionid=20221207|01422005; _gahitid=1670428763833; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=1grm6il565eg42a2edphqvqmfv; lunetics_locale=az; tz=Europe%2FOslo; _ym_uid=1670428764298854273; _ym_d=1670428764; _ym_isad=2; _fbp=fb.1.1670428764617.2073567723; rst-uid=7006286046388289537; _ym_visorc=b; multiAuthThirdPartyEnabled=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:27 GMT
content-type: image/png
content-length: 2810
last-modified: Tue, 06 Dec 2022 12:23:40 GMT
etag: "638f344c-afa"
accept-ranges: bytes
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 633564fb03d85cb0197a3a2a848b841f
818548f9103f54bb1931ea6191c45ab4cceaf24f
a89bd7fbadf89f1707dfba88a762460f0fabd97e89aac939c46314218729ab0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A89BD7FBADF89F1707DFBA88A762460F0FABD97E89AAC939C46314218729AB0D"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1419
Expires: Wed, 07 Dec 2022 16:23:08 GMT
Date: Wed, 07 Dec 2022 15:59:29 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 633564fb03d85cb0197a3a2a848b841f
818548f9103f54bb1931ea6191c45ab4cceaf24f
a89bd7fbadf89f1707dfba88a762460f0fabd97e89aac939c46314218729ab0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A89BD7FBADF89F1707DFBA88A762460F0FABD97E89AAC939C46314218729AB0D"
Last-Modified: Tue, 06 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1419
Expires: Wed, 07 Dec 2022 16:23:08 GMT
Date: Wed, 07 Dec 2022 15:59:29 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 44d1f8ef10a1b9018ee26c3fe79913e2
bcd5c0f723608ee2fd72e573af187e4c2108fe4b
d12698e72a44bfd85b0c1511e50fbdf296033825f395e197cbde0a4193a1dd71
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 07 Dec 2022 15:59:30 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 11 Dec 2022 13:43:28 GMT
ETag: "bcd5c0f723608ee2fd72e573af187e4c2108fe4b"
Last-Modified: Wed, 07 Dec 2022 13:43:29 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 426
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 775e7809fe3db515-OSL
webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&prev_url=&lang=en&uli=false
34.117.30.199200 OK 312 kB URL HTTP/2 webchannel-content.eservice.emarsys.net/customer/799213038/campaigns?url=https:%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&prev_url=&lang=en&uli=false
IP 34.117.30.199:0
Size 312 kB (311794 bytes)
Hash acbae163b5962cded44c8bbb8c61c460
c6593f44413b2a4091edde0b5833ff5e3988f4d6
dc43be8f38d0b66362b8410386bff513de813ee6aceb67170d8f0cce2686d783
GET /customer/799213038/campaigns?url=https:%2F%2F3rt7sgssxw0yj8wmst.com%2Fpartners%2Fcasino-reg&prev_url=&lang=en&uli=false HTTP/1.1
Host: webchannel-content.eservice.emarsys.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 15:59:29 GMT
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: *
content-type: application/json
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: 0
strict-transport-security: max-age=31536000 ; includeSubDomains
x-frame-options: DENY
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
code.jivo.ru/css/46b708d/widget.css
92.223.126.57200 OK 55 kB URL HTTP/2 code.jivo.ru/css/46b708d/widget.css
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (65536), with no line terminators
Hash cc6d9451d7f28ab59d3b1f7c08249cbd
1b557f40d36622d71127aabc45e2252a50102b49
dc9a2a5b966fc62a5947f084df3b98748cd9c7625ce84d0890f3261247e8ffb9
GET /css/46b708d/widget.css HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:31 GMT
content-type: text/css
content-length: 54820
cache-control: max-age=864000
content-encoding: br
etag: "639043d5-d624"
expires: Sat, 17 Dec 2022 13:36:35 GMT
last-modified: Wed, 07 Dec 2022 07:42:13 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-07T13:36:35+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/css/46b708d/omnichannelMenu.widget.css
92.223.126.57200 OK 946 B URL HTTP/2 code.jivo.ru/css/46b708d/omnichannelMenu.widget.css
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (3072), with no line terminators
Hash 49fba42db04b3bcbe39108bc21f0b5bd
94b678bee9dbec6c1ed70d07dcd8022d371161ab
60ced3ce9fede691eeef4557e3df1ba51dc15a7e0067d8f91ea0b8ee57d4e358
GET /css/46b708d/omnichannelMenu.widget.css HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:31 GMT
content-type: text/css
content-length: 946
cache-control: max-age=864000
content-encoding: gzip
etag: "639043d5-3b2"
expires: Sat, 17 Dec 2022 13:36:49 GMT
last-modified: Wed, 07 Dec 2022 07:42:13 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-07T13:36:49+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/js/46b708d/omnichannelMenu.js
92.223.126.57200 OK 3.1 kB URL HTTP/2 code.jivo.ru/js/46b708d/omnichannelMenu.js
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type ASCII text, with very long lines (11729), with no line terminators
Hash 17d6c4b02bd6dfea3095aeb77244ecde
5c10464977b920e77d9940d57638bfb4460e28a6
efc52e8fccb01399531c62f4a6b3c7a13bf0b6b64fb4b1bf381d1e4e5cf907b0
GET /js/46b708d/omnichannelMenu.js HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:31 GMT
content-type: application/javascript
content-length: 3115
access-control-allow-origin: *
cache-control: max-age=86400
content-encoding: br
etag: "639043d5-c2b"
last-modified: Wed, 07 Dec 2022 07:42:13 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-07T13:36:49+00:00
x-id: am3-up-gc95
accept-ranges: bytes
X-Firefox-Spdy: h2
code.jivo.ru/sounds/notification.mp3
92.223.126.57206 Partial Content 5.8 kB URL HTTP/2 code.jivo.ru/sounds/notification.mp3
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural\012- data
Hash 9aa341af370c4e59155717260ba0f282
0c1216ecead8d1409557c843d96202c063f3f252
1112436abea08c851302bba4d4e37a27e25e5ec26b20474667a3369d41154bab
GET /sounds/notification.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Wed, 07 Dec 2022 15:59:31 GMT
content-type: audio/mpeg
content-length: 5808
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "6384b5cb-16b0"
expires: Mon, 02 Jan 2023 12:11:24 GMT
last-modified: Mon, 28 Nov 2022 13:21:15 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-03T12:11:24+00:00
x-id: am3-up-gc95
content-range: bytes 0-5807/5808
X-Firefox-Spdy: h2
code.jivo.ru/sounds/agent_message.mp3
92.223.126.57206 Partial Content 3.8 kB URL HTTP/2 code.jivo.ru/sounds/agent_message.mp3
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Hash 8e9a165c4cb185ffd0b2658fa088e43b
195873e5e8bbb2f5ecc32d95f90d6fb75817a649
ff81aad05612f90cf97c238f219765884e5cbf49351d8dc96a4a063c598c3f43
GET /sounds/agent_message.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Wed, 07 Dec 2022 15:59:31 GMT
content-type: audio/mpeg
content-length: 3760
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "6384b5cb-eb0"
expires: Mon, 02 Jan 2023 12:20:47 GMT
last-modified: Mon, 28 Nov 2022 13:21:15 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-03T12:20:47+00:00
x-id: am3-up-gc95
content-range: bytes 0-3759/3760
X-Firefox-Spdy: h2
code.jivo.ru/sounds/outgoing_message.mp3
92.223.126.57206 Partial Content 5.0 kB URL HTTP/2 code.jivo.ru/sounds/outgoing_message.mp3
IP 92.223.126.57:0
ASN #199524 G-Core Labs S.A.
File type MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Stereo\012- data
Hash 7bf3e4962a5ecf1f8cbcc2ff3428f531
f75c694461a643d2e096ae8d0f6c1a9d19602eee
d44244617bf21df7a137694fa762d5cab3b82cb9fae8f33de5917977b02b2a11
GET /sounds/outgoing_message.mp3 HTTP/1.1
Host: code.jivo.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
date: Wed, 07 Dec 2022 15:59:31 GMT
content-type: audio/mpeg
content-length: 5014
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "6384b5cb-1396"
expires: Mon, 02 Jan 2023 12:20:47 GMT
last-modified: Mon, 28 Nov 2022 13:21:15 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-03T12:20:47+00:00
x-id: am3-up-gc95
content-range: bytes 0-5013/5014
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8e8fa64-7cd3-460d-9040-af3ca0e2a5f5.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8e8fa64-7cd3-460d-9040-af3ca0e2a5f5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b6f4dd03deb6114fec01808b034a711c
c74d29bba44dbb09158da4b9e1b490112c7db915
ddc6721d8a42821c458cf6d5c64ebd10ca0002c95a275be1732cd9ade7bf1b6d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc8e8fa64-7cd3-460d-9040-af3ca0e2a5f5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 10567
x-amzn-requestid: b9b16cdf-bfa2-4e3c-b00f-1704dd3473d1
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cgIC6EgLoAMF3hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638986df-3945eea57676d3f91f8f2b3c;Sampled=0
x-amzn-remapped-date: Fri, 02 Dec 2022 05:02:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Jq1EHQBqVeb9KBozcSUpieXUDHhouxr6YkJrhiqqZ4VP1ZwPV6LHEA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Tue, 06 Dec 2022 22:36:00 GMT
age: 62612
etag: "c74d29bba44dbb09158da4b9e1b490112c7db915"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
rstat.rockmostbet.com/band/t4k.json?
162.55.5.93200 OK 86 B URL HTTP/2 rstat.rockmostbet.com/band/t4k.json?
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with no line terminators
Hash c330596e33dc44bf5eb36d8ec177ef5c
336747acda387107bc5c834ef6aae4e50847e7e1
f8095b3594dcd6515a6085047ceb42d8d3750a16513c61428a8e9c788ffac3fe
POST /band/t4k.json? HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 839
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
date: Wed, 07 Dec 2022 15:59:32 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7006286046388289537; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 5
x-xss-protection: 1
content-type: text/plain; charset=utf-8
content-length: 86
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1039/static/css/main.687ea28c.chunk.css
172.67.160.69200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1039/static/css/main.687ea28c.chunk.css
IP 172.67.160.69:0
GET /spa-static/1.4.1039/static/css/main.687ea28c.chunk.css HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 15:59:23 GMT
content-type: text/css
last-modified: Tue, 06 Dec 2022 12:30:04 GMT
vary: Accept-Encoding
etag: W/"638f35cc-54"
expires: Wed, 07 Dec 2022 17:02:18 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 10625
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3uOj%2BqW%2Fx3Bo0X5bdfNcfz%2BHWu%2BU%2F9vEcm1aldAKYlVswYGitSojEeNfpZ8o3gUgYjnD0uEpnve7evl3G2Z9Pu7cw9tOrvcM7y%2FqxNK0JaiT9GIIQHri2NqI%2B7O3I7rKY9MB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775e77dc9aeefab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1039/static/js/main.ed5e3f25.chunk.js
172.67.160.69200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1039/static/js/main.ed5e3f25.chunk.js
IP 172.67.160.69:0
GET /spa-static/1.4.1039/static/js/main.ed5e3f25.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 15:59:23 GMT
content-type: application/javascript
last-modified: Tue, 06 Dec 2022 12:30:04 GMT
vary: Accept-Encoding
etag: W/"638f35cc-5bc5d"
expires: Wed, 07 Dec 2022 17:07:31 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 10311
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dfzcXISOE8EMuY7WdOpqaafRqmzTKMJyNtFkV%2Bn8iuhne1O0ji1RmpUG6GiSrNMnrPQ8pxPUjV5fF4HUnLfs%2B6oT0N1WpLwbMD1g39iGDZ4Lj0v0FwuFgeKgnNw2KH1TQuIM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775e77dc9aecfab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese
IP 142.250.74.74:0
GET /css?family=Montserrat:400,700,800|Roboto:400,500,700,900|Ubuntu:700,700i&display=swap&subset=cyrillic,vietnamese HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://front.cdn-mb.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 07 Dec 2022 15:59:25 GMT
date: Wed, 07 Dec 2022 15:59:25 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/partners/casino-reg
18.184.136.169200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/partners/casino-reg
IP 18.184.136.169:0
Analyzer Verdict Alert quad9 Sinkholed
GET /partners/casino-reg HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:23 GMT
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
front.cdn-mb.com/spa-static/1.4.1039/static/js/30.59254181.chunk.js
172.67.160.69200 OK 0 B URL HTTP/2 front.cdn-mb.com/spa-static/1.4.1039/static/js/30.59254181.chunk.js
IP 172.67.160.69:0
GET /spa-static/1.4.1039/static/js/30.59254181.chunk.js HTTP/1.1
Host: front.cdn-mb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 07 Dec 2022 15:59:23 GMT
content-type: application/javascript
last-modified: Tue, 06 Dec 2022 12:30:04 GMT
vary: Accept-Encoding
etag: W/"638f35cc-7ac62"
expires: Wed, 07 Dec 2022 17:07:32 GMT
cache-control: max-age=14400
access-control-allow-origin: *
cf-cache-status: HIT
age: 10311
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=69YpBO30RcO9U0SjrONe70%2FN9A096GYciNCJBkDDUqSY6c9JO8%2FJhhRQJ%2BP0cWfmRyYvIo1tGoDFUAB9f9V5LA0Ol0IxM%2FrN3jTZpGTNruXv5Np%2F1oVcPWtUvBagZTzMSDD8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 775e77dc9aedfab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rstat.rockmostbet.com/lib.js
162.55.5.93200 OK 0 B URL HTTP/2 rstat.rockmostbet.com/lib.js
IP 162.55.5.93:0
ASN #24940 Hetzner Online GmbH
GET /lib.js HTTP/1.1
Host: rstat.rockmostbet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-credentials: true
access-control-allow-origin: https://3rt7sgssxw0yj8wmst.com
access-control-expose-headers: Content-Length,Content-Type
cache-control: no-cache, no-store, must-revalidate
content-type: text/javascript
date: Wed, 07 Dec 2022 15:59:23 GMT
expires: Mon, 01 Jan 1990 21:00:12 GMT
last-modified: Sun, 17 May 1998 03:44:30 GMT
pragma: no-cache
server: Caddy
set-cookie: uid=7006286046388289537; Domain=.rockmostbet.com; Path=/; Expires=Sun, 30 Mar 2025 08:29:13 GMT; HttpOnly
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-response-time: 0
x-xss-protection: 1
content-length: 236698
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/settings
18.184.136.169200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/settings
IP 18.184.136.169:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/settings HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670428763.1.0.1670428763.0.0.0; _ga=GA1.1.630756433.1670428764
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:24 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
x-request-id: 803e4fc0e27936c76cf80dfc8bcc0d2d
vary: Accept-Encoding, Accept-Language
expires: Wed, 07 Dec 2022 15:59:24 GMT
set-cookie: PHPSESSID=9fb129pftfoe97j657oe3i9hv6; expires=Fri, 06-Jan-2023 15:59:24 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=az; expires=Thu, 08-Dec-2022 15:59:24 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Wed, 14-Dec-2022 15:59:24 GMT; Max-Age=604800; path=/; secure
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
code.jivosite.com/script/widget/config/l6Xq8In3Ej
92.223.124.24200 OK 0 B URL HTTP/2 code.jivosite.com/script/widget/config/l6Xq8In3Ej
IP 92.223.124.24:0
ASN #199524 G-Core Labs S.A.
GET /script/widget/config/l6Xq8In3Ej HTTP/1.1
Host: code.jivosite.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://3rt7sgssxw0yj8wmst.com
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:25 GMT
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=7200
content-encoding: gzip
expires: Wed, 07 Dec 2022 17:47:34 GMT
vary: Accept-Encoding
via: 1.1 sharxy
x-geo-shard: sber1
cache: HIT
x-cached-since: 2022-12-07T15:47:34+00:00
x-id: fr5-up-gc15
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/countries.json
18.184.136.169200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/countries.json
IP 18.184.136.169:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/countries.json HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670428763.1.0.1670428763.0.0.0; _ga=GA1.2.630756433.1670428764; _gid=GA1.2.803735565.1670428764; _gaclientid=630756433.1670428764; _gasessionid=20221207|01422005; _gahitid=1670428763833; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:24 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 14 Dec 2022 15:59:24 GMT
set-cookie: PHPSESSID=j665hnbgpc71lenv2a8nfh09nv; expires=Fri, 06-Jan-2023 15:59:24 GMT; Max-Age=2592000; path=/; secure; HttpOnly
lunetics_locale=az; expires=Thu, 08-Dec-2022 15:59:24 GMT; Max-Age=86400; path=/; secure
tz=Europe%2FOslo; expires=Wed, 14-Dec-2022 15:59:24 GMT; Max-Age=604800; path=/; secure
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v1/logo
18.184.136.169200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v1/logo
IP 18.184.136.169:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v1/logo HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
x-client-name: mostbet-com-spa
x-client-version: 1.4.1039
x-client-session: bei0fl1ksvsu0rp6izeq
x-client-device-id: mo9y63o1yqpt1gqkfnma
X-Requested-With: XMLHttpRequest
x-client-platform: desktop-web
Connection: keep-alive
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670428763.1.0.1670428763.0.0.0; _ga=GA1.2.630756433.1670428764; _gid=GA1.2.803735565.1670428764; _gaclientid=630756433.1670428764; _gasessionid=20221207|01422005; _gahitid=1670428763833; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=9fb129pftfoe97j657oe3i9hv6; lunetics_locale=az; tz=Europe%2FOslo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:24 GMT
content-type: application/json
cache-control: max-age=0, must-revalidate, private
etag: W/"9fae6e123baa3436bdbe37f62d18440c"
x-request-id: e296c26c574c3684f08dec9334c68641
vary: Accept-Encoding, Accept-Language
expires: Wed, 07 Dec 2022 15:59:24 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2
3rt7sgssxw0yj8wmst.com/api/v2/translations?locales[]=az&domains[]=messages&fallback=1
18.184.136.169200 OK 0 B URL HTTP/2 3rt7sgssxw0yj8wmst.com/api/v2/translations?locales[]=az&domains[]=messages&fallback=1
IP 18.184.136.169:0
Analyzer Verdict Alert quad9 Sinkholed
GET /api/v2/translations?locales[]=az&domains[]=messages&fallback=1 HTTP/1.1
Host: 3rt7sgssxw0yj8wmst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://3rt7sgssxw0yj8wmst.com/partners/casino-reg
Connection: keep-alive
Cookie: theme=desktop; _ga_9Q6VE8VYRH=GS1.1.1670428763.1.0.1670428763.0.0.0; _ga=GA1.2.630756433.1670428764; _gid=GA1.2.803735565.1670428764; _gaclientid=630756433.1670428764; _gasessionid=20221207|01422005; _gahitid=1670428763833; _gat_UA-79409907-1=1; _gat_UA-137363802-1=1; _gat=1; PHPSESSID=j665hnbgpc71lenv2a8nfh09nv; lunetics_locale=az; tz=Europe%2FOslo
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 07 Dec 2022 15:59:24 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Wed, 14 Dec 2022 15:59:24 GMT
cache-control: max-age=604800, public
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains; preload
X-Firefox-Spdy: h2