r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d4e95d0d8982bcd07804baf6fc88231c
5027abda0875bd2529dd4d6691784c74da71a9ee
373799b5749d2cb08b5721699a3e4c6b94b0d41604ac07d4ef7179e47dabc71f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "373799B5749D2CB08B5721699A3E4C6B94B0D41604AC07D4EF7179E47DABC71F"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10613
Expires: Fri, 03 Feb 2023 07:59:54 GMT
Date: Fri, 03 Feb 2023 05:03:01 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ec47f9eed203ae063b9c210009de54a9
19ff156471b9cffbc2432c5b65543bdd18e36271
3974208ce1840f6c9467287b7e220379ed881d76db64939f411dbc500c103d48
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3974208CE1840F6C9467287B7E220379ED881D76DB64939F411DBC500C103D48"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4007
Expires: Fri, 03 Feb 2023 06:09:48 GMT
Date: Fri, 03 Feb 2023 05:03:01 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Retry-After, Backoff, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 03 Feb 2023 04:36:09 GMT
content-type: application/json
age: 1612
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7d2222d41721947297aaeb5a6e3d0714
04cc1ee417c8bf6338657fd4c2e4e1c1ddfd3065
de0e45969a2ad95e52f7e2fbd0d021d9075dd7b14666c929346efe111f648f7c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DE0E45969A2AD95E52F7E2FBD0D021D9075DD7B14666C929346EFE111F648F7C"
Last-Modified: Thu, 02 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7054
Expires: Fri, 03 Feb 2023 07:00:35 GMT
Date: Fri, 03 Feb 2023 05:03:01 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: zZ7OM4q0/zLrGT5dUadV20jiUNxa9Az15ZdeeK19vYGO4EuwJl0fqyycbPtiUZyHHBIVdozlC6g=
x-amz-request-id: JAGAM2K94FXZR2DC
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 03 Feb 2023 04:23:24 GMT
age: 2377
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 03 Feb 2023 05:03:01 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Content-Type, ETag, Last-Modified, Alert, Retry-After, Content-Length, Cache-Control, Pragma, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 03 Feb 2023 04:07:19 GMT
age: 3342
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
amyhartmanc.blogspot.com/2015/12/the-glow-of-candles-merry-christmas-o.html
142.250.74.65200 OK 13 kB URL HTTP/1.1 amyhartmanc.blogspot.com/2015/12/the-glow-of-candles-merry-christmas-o.html
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (7816)
Hash 060505498e8af9ef8ef28f85fbbe8db1
ffc5e392215f889cd07268614a179314cf5af8f8
1beb16c53930bfc581f2357922a22548bbb61ad09867327ec7d83cd501385bcb
GET /2015/12/the-glow-of-candles-merry-christmas-o.html HTTP/1.1
Host: amyhartmanc.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Fri, 03 Feb 2023 05:03:01 GMT
Date: Fri, 03 Feb 2023 05:03:01 GMT
Cache-Control: private, max-age=0
Last-Modified: Thu, 02 Feb 2023 11:14:32 GMT
ETag: W/"afad130330df6d6d13f1712e1eb63ea3cc2287716cfad81c2dbd388f16e40c2d"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 13030
Server: GSE
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 8913af0be619500295008bb91f506660
a7b8068ba9aa506205a295b24458c2616997a0d1
6a9838d00256431807ca382fc205064b07c08d5054f2895c2ae3cc4e9094179a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A9838D00256431807CA382FC205064B07C08D5054F2895C2AE3CC4E9094179A"
Last-Modified: Wed, 01 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4661
Expires: Fri, 03 Feb 2023 06:20:42 GMT
Date: Fri, 03 Feb 2023 05:03:01 GMT
Connection: keep-alive
amyhartmanc.blogspot.com/js/cookienotice.js
142.250.74.65200 OK 2.0 kB URL HTTP/1.1 amyhartmanc.blogspot.com/js/cookienotice.js
IP 142.250.74.65:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
GET /js/cookienotice.js HTTP/1.1
Host: amyhartmanc.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://amyhartmanc.blogspot.com/2015/12/the-glow-of-candles-merry-christmas-o.html
HTTP/1.1 200 OK
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript
Cross-Origin-Resource-Policy: cross-origin
Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="blogger-tech"
Report-To: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
Content-Length: 2026
Date: Fri, 03 Feb 2023 05:03:01 GMT
Expires: Fri, 10 Feb 2023 05:03:01 GMT
Cache-Control: public, max-age=604800
Last-Modified: Fri, 03 Feb 2023 01:51:41 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 0
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js
104.17.25.14200 OK 22 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.slim.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (65241)
Hash 4adf3071d9c336f9f45a00f064e4607e
7cd00a057fdd3efddb1357bad8509172f093a8fc
bbc7ae78b342920166360e191a11d880758f57c077f1a52b1acb6e8891515d30
GET /ajax/libs/jquery/3.6.0/jquery.slim.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://amyhartmanc.blogspot.com
Connection: keep-alive
Referer: http://amyhartmanc.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 22329
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-11ab4"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 24366367
expires: Wed, 24 Jan 2024 05:03:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xR68I8fRpVyzzwj6LZZqu%2BwVkwmWcLEKFcdBXhbemLLyQL2pgtdVsD0BgfHjtGbVFzZBfQ0%2BRMUJ4q4dbi%2FIBPFKrgdCOvG5IZjxMPRv0%2FYMPp7LdFDGGYFwnY9kldrWrPZ51ZQn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79389e24bcce0b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js
104.17.25.14200 OK 3.2 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/lazysizes/5.3.0/lazysizes.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (7862)
Hash 84b29a85e9b1ac0f746206cf453253fa
bbd86752badc5d0e0b048c4b2098dd17072aca70
c10fce5f80054f9ce23b201029368b8804a504b84724479464fd0e906c4ae1eb
GET /ajax/libs/lazysizes/5.3.0/lazysizes.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://amyhartmanc.blogspot.com
Connection: keep-alive
Referer: http://amyhartmanc.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 3150
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5ff0b799-1ed1"
last-modified: Sat, 02 Jan 2021 18:12:41 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 20844727
expires: Wed, 24 Jan 2024 05:03:01 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mCqwWWVunecp2oNXtkD%2BsBt3fqPw%2B8C0EPxcvqixqgn%2F1RlXpOdH7KKxp6Bg1dpoGT8c2T0sUqFxI%2BSWsPYSBsSxtnGKkXCEPNIFrpvnotc0PagIVkbWivmH12j2%2Fb8NZIA27cMt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79389e24ccd20b06-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b4207b35a4aeef06bf85697809474c05
703f6b20c61b2dcfe404378e1f0f58bf8f8c40ef
2565a716264c931d102da5e54a98f10fe36bd5e550c1d450c86fe83d4d263018
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/1149436903-widgets.js
216.58.207.233200 OK 57 kB URL HTTP/2 www.blogger.com/static/v1/widgets/1149436903-widgets.js
IP 216.58.207.233:0
File type ASCII text, with very long lines (2221)
Hash b78721b4cce75b522d9ec0d1fae9e007
4ceaa4752e3e81867193004fe928875abc0af5ce
e85f67824ac9f31deedecf0b1d58878b6b3993bad9f2b48e8312928154012f06
GET /static/v1/widgets/1149436903-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://amyhartmanc.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56564
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 02:15:05 GMT
expires: Thu, 01 Feb 2024 02:15:05 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 31 Jan 2023 23:23:14 GMT
content-type: text/javascript
age: 182876
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash b4207b35a4aeef06bf85697809474c05
703f6b20c61b2dcfe404378e1f0f58bf8f8c40ef
2565a716264c931d102da5e54a98f10fe36bd5e550c1d450c86fe83d4d263018
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:01 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2f4ce3540961c410b3f000bc756b0398
4f322c8378b3f2f9efc69ed79d75eadd1dd7aab1
1f0df07cac1009ee0db87e82aa201e950f2b21666b6b40a3b6b110e2ca18525e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "1F0DF07CAC1009EE0DB87E82AA201E950F2B21666B6B40A3B6B110E2CA18525E"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15606
Expires: Fri, 03 Feb 2023 09:23:08 GMT
Date: Fri, 03 Feb 2023 05:03:02 GMT
Connection: keep-alive
push.services.mozilla.com/
35.164.243.166101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.164.243.166:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Q/VhPa0Yijo3qMFtx+/Ehg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: b6uz1mFxUVsGrexF1Ac0yoXrxSk=
4.bp.blogspot.com/_Kr5BRbidym8/SzMKK4HTDgI/AAAAAAAAA_o/BjBQrRFiucc/s400/christmas+christmas+christmas.jpg
142.250.74.161200 OK 44 kB URL HTTP/1.1 4.bp.blogspot.com/_Kr5BRbidym8/SzMKK4HTDgI/AAAAAAAAA_o/BjBQrRFiucc/s400/christmas+christmas+christmas.jpg
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=1, software=Google], baseline, precision 8, 400x208, components 3\012- data
Hash 8569e51908885370563f593ea68f65d7
83f1041d1297d0ef86d83e9abb6dbb2102834d85
527d0e999409bbd3ccb89dfecd2e50df7df283e9f14a42cc3e616bb9ff19b5ba
GET /_Kr5BRbidym8/SzMKK4HTDgI/AAAAAAAAA_o/BjBQrRFiucc/s400/christmas+christmas+christmas.jpg HTTP/1.1
Host: 4.bp.blogspot.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://amyhartmanc.blogspot.com/
HTTP/1.1 200 OK
Access-Control-Expose-Headers: Content-Length
ETag: "v3fa"
Expires: Sat, 04 Feb 2023 05:03:02 GMT
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="christmas christmas christmas.jpg"
Content-Type: image/jpeg
Vary: Origin
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Date: Fri, 03 Feb 2023 05:03:02 GMT
Server: fife
Content-Length: 43720
X-XSS-Protection: 0
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 4cf0ccf2909be74efd7a89dbe4228ffb
b4993da334b48312584d116a3de4be4cd71962cf
e81c8aa45d0707079d9eba798fb447059042453be4834d14467839688ca66f5d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjPnaO6huz8AhWwN0QIHaZUD9sQFnoECAkQAQ&url=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&usg=AOvVaw2yKwvVdEm4g2mTJKIHTiHH
142.250.74.164200 OK 715 B URL HTTP/2 www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjPnaO6huz8AhWwN0QIHaZUD9sQFnoECAkQAQ&url=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&usg=AOvVaw2yKwvVdEm4g2mTJKIHTiHH
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1312)
Hash c200c0210ca903db27046992fddbe8bd
a08846e578c40b9b939fef52fd559e168b1a67ff
9d89f1108ee9793b775bc1d6ee6494cf5a68e8a41976aaae8cd88f1cf2e34868
GET /url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjPnaO6huz8AhWwN0QIHaZUD9sQFnoECAkQAQ&url=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&usg=AOvVaw2yKwvVdEm4g2mTJKIHTiHH HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://amyhartmanc.blogspot.com/
Cookie: __Secure-ENID=5.SE=WgoywoGOUEmJadxoIB0r2lkzXHeKVqth1xGOa4ffzT7dUHt-ZXjx-iHV7oK7BCuj96T6WcNdOxtcPrvT6hvt4NQxsLWhAuRLpweU30AweJoV-BgqMIIyysdeq33RUY6ph26qQ9jBKSd0XSV6yoBSxOS9PmgWEsI53hUDjv_5qeI; CONSENT=PENDING+883
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:02 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="gws"
report-to: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/other"}]}
content-encoding: br
server: gws
content-length: 715
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 0c15fd84f4711d994724c35236542194
c47d77fe5b373a86bd9a116bd8baac07ec746add
a210a4599baaa980674b456f020282cd470559b319be263fdcf9eaec7cff0d3b
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:02 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e4431c4232b407967db38be3f1d8bf44
2a64cebd74a75389d793b8ede1bc7d24c8973220
ad199c7abc812a367a4afa6ffc82f7f5b0a09ef731e630f2606b6ecc2f3e4d11
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AD199C7ABC812A367A4AFA6FFC82F7F5B0A09EF731E630F2606B6ECC2F3E4D11"
Last-Modified: Fri, 03 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21514
Expires: Fri, 03 Feb 2023 11:01:37 GMT
Date: Fri, 03 Feb 2023 05:03:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5219
Expires: Fri, 03 Feb 2023 06:30:02 GMT
Date: Fri, 03 Feb 2023 05:03:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5219
Expires: Fri, 03 Feb 2023 06:30:02 GMT
Date: Fri, 03 Feb 2023 05:03:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5219
Expires: Fri, 03 Feb 2023 06:30:02 GMT
Date: Fri, 03 Feb 2023 05:03:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d719402de0cd695e55dab2767247da49
f12f4795987a284820f6785ec16b5032b9861d79
98a14bd950cec10aeb3d76fa956fe13514f52c742adbded7a0fcef218c7195ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "98A14BD950CEC10AEB3D76FA956FE13514F52C742ADBDED7A0FCEF218C7195BA"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5219
Expires: Fri, 03 Feb 2023 06:30:02 GMT
Date: Fri, 03 Feb 2023 05:03:03 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3490571dd2de0a747987b9a0e18cccc8
18e9f8f160d3515f1cb31fc7538ac762a6cab344
1c071d7f3b288b29254500f94f19c0db0633c6aa90812f2e92c4f64992f5221a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b4ea648-021a-44ef-a083-3ea03f73dca3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10796
x-amzn-requestid: 5c9b1a83-c99a-44b9-9a90-5edd7ef1e225
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi0XKG93oAMFtsA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76760-01bf754d6c725c3275c02a1b;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 06:44:48 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XTZJAn0LMAfFtaQ2bN8z58cCsUT5GzxDMnHVB_iw9E_NskHQ-BgbRQ==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 22:19:26 GMT
age: 84437
etag: "18e9f8f160d3515f1cb31fc7538ac762a6cab344"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e366b32074025aaf60bbae8bdb08d330
a52c2883bad98fa20333aa639a5dd3a5bf544c8e
9d661c26effaec9efee16833f6459d6ecbe4f77b822c9c46e2a6433bda816e5c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F64144d1c-f524-496f-8b52-ba63714dbfc5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11565
x-amzn-requestid: 87a84ffd-1176-4656-aac4-e98f38ec2cd9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fboIrFGboAMFyyQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d48704-162ed8114aa1809204500548;Sampled=0
x-amzn-remapped-date: Sat, 28 Jan 2023 02:23:00 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: w0Zm5V0TQxsQ7917U3fdhS_n7qKE143PuhI2JmNCDM_Pf0yPLyW6yA==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 26102
etag: "a52c2883bad98fa20333aa639a5dd3a5bf544c8e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c9d26d7-b28f-485c-91d6-67a0813a0f3c.jpeg
34.120.237.76200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c9d26d7-b28f-485c-91d6-67a0813a0f3c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0c1c2a5a291f23be6591c9b19db47b47
2f67cdba4a3d5a8cf6f6eb7951d2a1bda6e01619
327efb8c72421819992900ab0f8f267da7d28122c710b8694979116579d512c6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3c9d26d7-b28f-485c-91d6-67a0813a0f3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3083
x-amzn-requestid: 7a4f094b-a423-401e-a9e7-8d9f130e2e40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fi1drEtKIAMFuYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d76924-66751080608a6cd2650b853d;Sampled=0
x-amzn-remapped-date: Mon, 30 Jan 2023 06:52:20 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: UoXATdGOgEK3Unxszcp4ulAK3b1BuHS2MbUzTHe-qxjNZkb2eoxE-A==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:44:49 GMT
age: 26294
etag: "2f67cdba4a3d5a8cf6f6eb7951d2a1bda6e01619"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f58ae1f-1f79-4cc4-b12e-b11dde3b7e4d.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f58ae1f-1f79-4cc4-b12e-b11dde3b7e4d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4a92e881554205ebbe3721a7bbaeab40
b620fc82bd15b55b581bd8c3a699e1b16563ad2e
ff753b8411bfa0df54938a5f829ce25acbad863a2a3540b3bacca02baf9a2c7d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8f58ae1f-1f79-4cc4-b12e-b11dde3b7e4d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6398
x-amzn-requestid: 843fefd3-8cf4-44ee-bb7c-a010d4149442
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fuv1XFXQoAMFe5Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dc2cee-76739fd87b4c0d203eca4114;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2cGZEXolULcBUgvrZ55IWnR825LgkHDFmJFJ5i9lcl4KYbDte3-N1g==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:57:43 GMT
age: 25520
etag: "b620fc82bd15b55b581bd8c3a699e1b16563ad2e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91a53e95-81db-4f71-84bc-169a72e11b24.jpeg
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91a53e95-81db-4f71-84bc-169a72e11b24.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d4242d4999b7b033873b81a482c319c2
bc4c004065ce9f558f210d508844c123a85737a1
ab35a5c1a7c1a0a548aee3b9c301893799680ec1922c13e7a16d44ca457cd91d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F91a53e95-81db-4f71-84bc-169a72e11b24.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7237
x-amzn-requestid: f6aa0d26-8df4-40fe-8984-1aac7c76097e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fVr4jEdeIAMFTYA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d2269c-58a038d6491d8f461e9168d4;Sampled=0
x-amzn-remapped-date: Thu, 26 Jan 2023 07:07:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: XNO6ArxsjiZTxcoSn1Fmhso5bpWNIvzT9nplF6UGTiHVxXlJiv7bJA==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 ce71f64ad5dca81beca846466f2d5008.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:58:40 GMT
age: 25463
etag: "bc4c004065ce9f558f210d508844c123a85737a1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32d005c4-44bd-4c69-b179-e966a5e62bc4.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32d005c4-44bd-4c69-b179-e966a5e62bc4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 08efac01fbe2d2949d81cfa427e8f360
e354cd76c38a72a10eddad9298b43415f8f04ed1
a5edf287aefdfb2f4c33d19b322b2574553fc9f5646f147359a3dcf8c1d75cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F32d005c4-44bd-4c69-b179-e966a5e62bc4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7700
x-amzn-requestid: 11dd2ef1-f809-4a95-aeef-361cfa745eea
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fYyFIHUVIAMFgbA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d363ba-7841e2a6249f0e5d7aa91c8d;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 05:40:10 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gYmuJEgMngPXgeLlAQfRoP-EtCgH--hkvSt6OPTUlYXxetmf5zAtVg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Thu, 02 Feb 2023 21:48:01 GMT
age: 26102
etag: "e354cd76c38a72a10eddad9298b43415f8f04ed1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e4431c4232b407967db38be3f1d8bf44
2a64cebd74a75389d793b8ede1bc7d24c8973220
ad199c7abc812a367a4afa6ffc82f7f5b0a09ef731e630f2606b6ecc2f3e4d11
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "AD199C7ABC812A367A4AFA6FFC82F7F5B0A09EF731E630F2606B6ECC2F3E4D11"
Last-Modified: Fri, 03 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21514
Expires: Fri, 03 Feb 2023 11:01:37 GMT
Date: Fri, 03 Feb 2023 05:03:03 GMT
Connection: keep-alive
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js
104.17.25.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.0/jquery.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (65451)
Hash 391678ecd81abb89d767676563d04a0d
ca95c965bf5453f22a77969f650d82cc0495aedc
0688a8577842e3019d1880c5e32bf44ab58a93592218886291e05eb8a1907c7b
GET /ajax/libs/jquery/3.5.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Origin: https://teenatiyagi.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:03 GMT
content-type: application/javascript; charset=utf-8
content-length: 27964
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-15d95"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 4532553
expires: Wed, 24 Jan 2024 05:03:03 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZxpdxW8YP2zbIOdLZJK3vB%2BVIp57nif92iBngH84mvBuXDegw4e4Pqg7rPFkclP97raqESdqhkWzgeLmufYdoRABWSQxj6YsYMd5WoaStassKfLqUt%2FvwdJtijTGGFPcwQ%2FxcfN9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 79389e2f6fa0b50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash e35d67ef52ca9d47ddd887f53a5e5510
68b2d5526d3bee68d7808a01eef8cbdb4d9626bc
47ca00f1dcbdf708585c629fc112baf8874912a2b9bb42d7a68953c8778e2498
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5629
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:03 GMT
Last-Modified: Fri, 03 Feb 2023 03:29:14 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
swarthid.github.io/news/pop.js
185.199.108.153200 OK 1 B URL HTTP/2 swarthid.github.io/news/pop.js
IP 185.199.108.153:0
File type very short file (no magic)
Hash 68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
GET /news/pop.js HTTP/1.1
Host: swarthid.github.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Sat, 26 Nov 2022 21:03:59 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: "63827f3f-1"
expires: Wed, 01 Feb 2023 15:27:38 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 9AFA:E236:5689E9:5A1E43:63DA8292
accept-ranges: bytes
date: Fri, 03 Feb 2023 05:03:03 GMT
via: 1.1 varnish
age: 397
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1675400584.661395,VS0,VE2
vary: Accept-Encoding
x-fastly-request-id: 91e5b43ef1d146e97b2e66dec3f22f733d33fa8b
content-length: 1
X-Firefox-Spdy: h2
swarthid.github.io/news/social.js
185.199.108.153200 OK 1 B URL HTTP/2 swarthid.github.io/news/social.js
IP 185.199.108.153:0
File type very short file (no magic)
Hash 68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
GET /news/social.js HTTP/1.1
Host: swarthid.github.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: GitHub.com
content-type: application/javascript; charset=utf-8
permissions-policy: interest-cohort=()
last-modified: Sat, 26 Nov 2022 21:03:59 GMT
access-control-allow-origin: *
strict-transport-security: max-age=31556952
etag: "63827f3f-1"
expires: Wed, 01 Feb 2023 15:27:38 GMT
cache-control: max-age=600
x-proxy-cache: MISS
x-github-request-id: 44F0:01F1:F09BE6:F9F1B3:63DA8292
accept-ranges: bytes
date: Fri, 03 Feb 2023 05:03:03 GMT
via: 1.1 varnish
age: 397
x-served-by: cache-bma1667-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1675400584.662294,VS0,VE1
vary: Accept-Encoding
x-fastly-request-id: 3f31681db906b3d1867fb2d2823124f485ef364e
content-length: 1
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:03 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
216.58.207.227200 OK 24 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 23580, version 1.0\012- data
Hash e1b3b5908c9cf23dfb2b9c52b9a023ab
fcd4136085f2a03481d9958cc6793a5ed98e714c
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
GET /s/lato/v23/S6uyw4BMUTPHjx4wXg.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://teenatiyagi.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 04:29:08 GMT
expires: Wed, 31 Jan 2024 04:29:08 GMT
cache-control: public, max-age=31536000
age: 261236
last-modified: Tue, 26 Apr 2022 15:48:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2
216.58.207.227200 OK 20 kB URL HTTP/2 fonts.gstatic.com/s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 19740, version 1.0\012- data
Hash 101cf2a65d64322878605fa8472bb025
6dffc15e38c321e4bb567b4bd8107a2e8d97c61d
273c8613cdd2852dd5318f224d804ae6d2fc717c48d3f1dab587b6d396fb4fc8
GET /s/merriweather/v30/u-4n0qyriQwlOrhSvowK_l52xwNZWMf6.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://teenatiyagi.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 16:03:01 GMT
expires: Mon, 29 Jan 2024 16:03:01 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 26 Apr 2022 15:48:38 GMT
content-type: font/woff2
age: 392403
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 13fec69d5a3365cb19602f1746f2afd3
cc21bddbad952360c5bc2ac9647960fd55bb754f
d36d938ec74f2e29931054a112c81143e5fddc5c2ed0ef179bc473f44a0c4143
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D36D938EC74F2E29931054A112C81143E5FDDC5C2ED0EF179BC473F44A0C4143"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Fri, 03 Feb 2023 11:03:04 GMT
Date: Fri, 03 Feb 2023 05:03:04 GMT
Connection: keep-alive
melongetplume.com/5c2bdfa9dd187d33604b355863934a38/invoke.js
173.233.137.52200 OK 9.8 kB URL HTTP/1.1 melongetplume.com/5c2bdfa9dd187d33604b355863934a38/invoke.js
IP 173.233.137.52:0
File type exported SGML document, ASCII text, with very long lines (26969), with no line terminators
Hash 4c402355ec1e6b1bad10175acc43ceba
0cace170ddf1e937bd140dd2e947d229b7eb3394
9b4009ea16ecee6ce8de113edbc4719d4bac977def237b4104273c89efa7f5c4
Analyzer Verdict Alert quad9 Sinkholed
GET /5c2bdfa9dd187d33604b355863934a38/invoke.js HTTP/1.1
Host: melongetplume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 05:03:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 05d3c8eda831a604d249ae6358d472a2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fonts.gstatic.com/s/merriweather/v30/u-440qyriQwlOrhSvowK_l5-fCZM.woff2
216.58.207.227200 OK 20 kB URL HTTP/2 fonts.gstatic.com/s/merriweather/v30/u-440qyriQwlOrhSvowK_l5-fCZM.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 20028, version 1.0\012- data
Hash 2bfde17b9a1384ce64af78db1b87a82f
8effd23e482511e249c3f8e91cdc503729b93598
5c2d662e92bcbf1a5970b97040f901031295e79a96314db8302f549003022087
GET /s/merriweather/v30/u-440qyriQwlOrhSvowK_l5-fCZM.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://teenatiyagi.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 20028
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 10:06:02 GMT
expires: Mon, 29 Jan 2024 10:06:02 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 26 Apr 2022 16:41:08 GMT
content-type: font/woff2
age: 413822
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
216.58.207.227200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://teenatiyagi.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 10:25:03 GMT
expires: Mon, 29 Jan 2024 10:25:03 GMT
cache-control: public, max-age=31536000
age: 412681
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
melongetplume.com/f349db6125575591c998d04010914019/invoke.js
173.233.137.52200 OK 22 kB URL HTTP/1.1 melongetplume.com/f349db6125575591c998d04010914019/invoke.js
IP 173.233.137.52:0
Hash 90cb69d70ce8a5f2682a53addaf59777
760028339e3eccf082be95431c2d81352791dfd2
bd66505bbcd0c379694ce26ffca1ce6ebd5dcdc8c6106ac3d9dd85bd256f8ed6
Analyzer Verdict Alert quad9 Sinkholed
GET /f349db6125575591c998d04010914019/invoke.js HTTP/1.1
Host: melongetplume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 05:03:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: bc777c6dfad940aaafcdc95ff6eea79b
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 3f11c62617c2bee07a8ed3cf82151243
ba58aa99e6fda4e73216a5b6a382dfd4f1f5b33a
a0b39826bd54ed8244e2c90f71d51146feaba0b9100446256479344837c50228
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=120476
Date: Fri, 03 Feb 2023 05:03:04 GMT
Etag: "63dbbb1a-1d7"
Expires: Sat, 04 Feb 2023 14:31:00 GMT
Last-Modified: Thu, 02 Feb 2023 13:31:06 GMT
Server: ECS (nyb/1D2F)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: A_scGdITfX-anujxpzMmHydFRA0IMhlWOeaFh7xxbC2b9mHR_fSNfg==
Age: 3594
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash b9819740a6fa6c2bc0e37fecf52d50e8
98f5be33aa51be636c8b82f9f1dcd7703ab6cd03
0461e187c8333b0d3523e2dc5c48004f4e43e49b90309399367e9b02060754fc
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Origin: https://teenatiyagi.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:04 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://teenatiyagi.com
access-control-allow-credentials: true
set-cookie: uid_id2=cc968c0a-8133-4cde-b59a-1b59312e6c68:1:1; expires=Mon, 31 Jan 2033 05:03:04 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
melongetplume.com/f349db6125575591c998d04010914019/invoke.js
173.233.137.52200 OK 9.8 kB URL HTTP/1.1 melongetplume.com/f349db6125575591c998d04010914019/invoke.js
IP 173.233.137.52:0
File type exported SGML document, ASCII text, with very long lines (26951), with no line terminators
Hash 9f4dfc94cceae7aaa438453734879d62
14df41414781f55b80291c584ad2af2b3723cfbc
39dfa39e04cc14535332ff736ff57f5505f516c88a16923f64d373a026fe919f
Analyzer Verdict Alert quad9 Sinkholed
GET /f349db6125575591c998d04010914019/invoke.js HTTP/1.1
Host: melongetplume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 05:03:04 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 69ad8470fae1b7534fcb67e93e0851a3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 247946be1aaccf30121601a3b52e0abe
b7f2dfa8dba4c54861b8957e300eaa7363d07117
f41d042c5e3d4160220b65f1e36c90d39086104a258943217c9e77ff89142511
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Origin: https://teenatiyagi.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:05 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://teenatiyagi.com
access-control-allow-credentials: true
set-cookie: uid_id2=6f411ed3-231e-42a1-bd59-70423ce47233:2:1; expires=Mon, 31 Jan 2033 05:03:05 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
35.156.167.37200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 35.156.167.37:0
File type ASCII text, with no line terminators
Hash 247946be1aaccf30121601a3b52e0abe
b7f2dfa8dba4c54861b8957e300eaa7363d07117
f41d042c5e3d4160220b65f1e36c90d39086104a258943217c9e77ff89142511
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Origin: https://teenatiyagi.com
Connection: keep-alive
Cookie: uid_id2=6f411ed3-231e-42a1-bd59-70423ce47233:2:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:05 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://teenatiyagi.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
melongetplume.com/530f8870d8a0f24c43720d58b02daf83/invoke.js
173.233.137.52200 OK 9.8 kB URL HTTP/1.1 melongetplume.com/530f8870d8a0f24c43720d58b02daf83/invoke.js
IP 173.233.137.52:0
File type exported SGML document, ASCII text, with very long lines (26949), with no line terminators
Hash 8d34308964e23f3032d41b2c7360f184
6aa35f2832a5b754f1dc2f040354330b2ad5f9e9
02cc2f12f778d7c2a4c1f368cddbcaf053bb31c51fbf1c96619e585e2b057967
Analyzer Verdict Alert quad9 Sinkholed
GET /530f8870d8a0f24c43720d58b02daf83/invoke.js HTTP/1.1
Host: melongetplume.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 05:03:05 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9266b65cd7a55691da1d2316c32a6b91
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2d3991fce90e6e59af063d6b08f7c0a9
c8d50774d24f41e042bba8d7082c94913510e557
f637784915fa4ae87a169d0a3c5e8cce17f1fcbcba241b2f6103eb8fb2f2e32e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F637784915FA4AE87A169D0A3C5E8CCE17F1FCBCBA241B2F6103EB8FB2F2E32E"
Last-Modified: Thu, 02 Feb 2023 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18807
Expires: Fri, 03 Feb 2023 10:16:32 GMT
Date: Fri, 03 Feb 2023 05:03:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5edf06da7a0227d78287f1137f5790ec
2bc02cdaf7b531e47de186d5a548e3919aa71f6c
5d8d6286284a29aeb2396a779c60cdd70e7a45818170eca4e8531df436843473
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5D8D6286284A29AEB2396A779C60CDD70E7A45818170ECA4E8531DF436843473"
Last-Modified: Thu, 02 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1499
Expires: Fri, 03 Feb 2023 05:28:04 GMT
Date: Fri, 03 Feb 2023 05:03:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1bfe15ad4794fb1867a49ac52499cf45
479b64c64d36f54593854cade627c7758b3f4d03
5ad5ca2ca9dea6562afd2872e66a828373f203047e94df5151bf449173ee7027
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5AD5CA2CA9DEA6562AFD2872E66A828373F203047E94DF5151BF449173EE7027"
Last-Modified: Thu, 02 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4165
Expires: Fri, 03 Feb 2023 06:12:30 GMT
Date: Fri, 03 Feb 2023 05:03:05 GMT
Connection: keep-alive
helpedhandwritingintestine.com/watch.198435264994.js?key=5c2bdfa9dd187d33604b355863934a38&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=cc968c0a-8133-4cde-b59a-1b59312e6c68%3A1%3A1
173.233.137.44307 Temporary Redirect 0 B URL HTTP/1.1 helpedhandwritingintestine.com/watch.198435264994.js?key=5c2bdfa9dd187d33604b355863934a38&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=cc968c0a-8133-4cde-b59a-1b59312e6c68%3A1%3A1
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.198435264994.js?key=5c2bdfa9dd187d33604b355863934a38&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=cc968c0a-8133-4cde-b59a-1b59312e6c68%3A1%3A1 HTTP/1.1
Host: helpedhandwritingintestine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Origin: https://teenatiyagi.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 05:03:05 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://teenatiyagi.com
Access-Control-Allow-Origin: https://teenatiyagi.com
Access-Control-Allow-Credentials: true
Location: https://helpedhandwritingintestine.com/watch.198435264994.js?key=5c2bdfa9dd187d33604b355863934a38&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=cc968c0a-8133-4cde-b59a-1b59312e6c68%3A1%3A1&shu=567946865e7727750ee7a15beca85c7f2429986b9075d5a8669cb1081be727a904bf102ab12aa055daa4ed4fc83e63e8ed7d85bf398919d23ffc20d63a517319331377ea4509e313026c69f3c443493a30954883405cfd82f766efcc0d2a&pst=1675400645&rmtc=t
Set-Cookie: u_pl=17946688; expires=Sat, 04 Feb 2023 05:03:05 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk0NjY4OCwiayI6IjVjMmJkZmE5ZGQxODdkMzM2MDRiMzU1ODYzOTM0YTM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDY4MDg2LCJwaWQiOjE1NjM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoibmJkYXkxeGtqNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3RlZW5hdGl5YWdpLmNvbS8jdWFkcz1hSFIwY0RvdkwyRnRlV2hoY25SdFlXNWpMbUpzYjJkemNHOTBMbU52YlM4eU1ERTFMekV5TDNSb1pTMW5iRzkzTFc5bUxXTmhibVJzWlhNdGJXVnljbmt0WTJoeWFYTjBiV0Z6TFc4dWFIUnRiSHh6Y0d4cGRIeEVUMDAyT1RNeE1UQTRNalF6TXpRM09RPT0ifX0.eo7wtaXsKVEenWNoL6SUPBfjvj7MT5DFesJzEyuw3w0; expires=Fri, 03 Feb 2023 05:04:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8e0dbb0ee40ff5c3b005c82be4fde3f8
Strict-Transport-Security: max-age=0; includeSubdomains
publishercounting.com/watch.1481642452206.js?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1
192.243.59.13307 Temporary Redirect 0 B URL HTTP/1.1 publishercounting.com/watch.1481642452206.js?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1481642452206.js?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1 HTTP/1.1
Host: publishercounting.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Origin: https://teenatiyagi.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Fri, 03 Feb 2023 05:03:05 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://teenatiyagi.com
Access-Control-Allow-Origin: https://teenatiyagi.com
Access-Control-Allow-Credentials: true
Location: https://publishercounting.com/watch.1481642452206.js?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1&shu=d3d997e4d3445989d3b483b980a660af65ae1b6c467ddb515d759fd3d5c9e5c223666f4e0616a0da6c21939176b03c3a099b008bdb6c46f5ba50dd0a09b2b01dcf8f963d52bc15317b881e22581e92d41ef6e5b0&pst=1675400645&rmtc=t
Set-Cookie: u_pl=17953820; expires=Sat, 04 Feb 2023 05:03:05 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk1MzgyMCwiayI6ImYzNDlkYjYxMjU1NzU1OTFjOTk4ZDA0MDEwOTE0MDE5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDY4MDg2LCJwaWQiOjE1NjM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNiwicHQiOjQsInBrIjoiY2twNDFqOXl2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vdGVlbmF0aXlhZ2kuY29tLyN1YWRzPWFIUjBjRG92TDJGdGVXaGhjblJ0WVc1akxtSnNiMmR6Y0c5MExtTnZiUzh5TURFMUx6RXlMM1JvWlMxbmJHOTNMVzltTFdOaGJtUnNaWE10YldWeWNua3RZMmh5YVhOMGJXRnpMVzh1YUhSdGJIeHpjR3hwZEh4RVQwMDJPVE14TVRBNE1qUXpNelEzT1E9PSJ9fQ.mER1vpElQmGwUpcInI6LVse3orSqIHiHImEoBCV3JFY; expires=Fri, 03 Feb 2023 05:04:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 1dce4dd242432d5989666388cbcbefcb
Strict-Transport-Security: max-age=0; includeSubdomains
naveljutmistress.com/watch.319417161072.js?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1
192.243.59.20307 Temporary Redirect 0 B URL HTTP/1.1 naveljutmistress.com/watch.319417161072.js?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.319417161072.js?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1 HTTP/1.1
Host: naveljutmistress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Origin: https://teenatiyagi.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.9
Date: Fri, 03 Feb 2023 05:03:05 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://teenatiyagi.com
Access-Control-Allow-Origin: https://teenatiyagi.com
Access-Control-Allow-Credentials: true
Location: https://naveljutmistress.com/watch.319417161072.js?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1&shu=175fa0a4ba5fe8995441a2283765a9257809786bec27dbdf89e5c62c9cc882717920a4423fbeefae98a921d69e08e6935de2a479d4b0ce87a5f95e6580e9440293d85c73b17ee7b7b4fc153bc858d3d09e788de6&pst=1675400645&rmtc=t
Set-Cookie: u_pl=17953820; expires=Sat, 04 Feb 2023 05:03:05 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk1MzgyMCwiayI6ImYzNDlkYjYxMjU1NzU1OTFjOTk4ZDA0MDEwOTE0MDE5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDY4MDg2LCJwaWQiOjE1NjM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNiwicHQiOjQsInBrIjoiY2twNDFqOXl2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vdGVlbmF0aXlhZ2kuY29tLyN1YWRzPWFIUjBjRG92TDJGdGVXaGhjblJ0WVc1akxtSnNiMmR6Y0c5MExtTnZiUzh5TURFMUx6RXlMM1JvWlMxbmJHOTNMVzltTFdOaGJtUnNaWE10YldWeWNua3RZMmh5YVhOMGJXRnpMVzh1YUhSdGJIeHpjR3hwZEh4RVQwMDJPVE14TVRBNE1qUXpNelEzT1E9PSJ9fQ.mER1vpElQmGwUpcInI6LVse3orSqIHiHImEoBCV3JFY; expires=Fri, 03 Feb 2023 05:04:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 395686669bcf23df34065a2aabec245f
Strict-Transport-Security: max-age=0; includeSubdomains
helpedhandwritingintestine.com/watch.198435264994.js?key=5c2bdfa9dd187d33604b355863934a38&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=cc968c0a-8133-4cde-b59a-1b59312e6c68%3A1%3A1&shu=567946865e7727750ee7a15beca85c7f2429986b9075d5a8669cb1081be727a904bf102ab12aa055daa4ed4fc83e63e8ed7d85bf398919d23ffc20d63a517319331377ea4509e313026c69f3c443493a30954883405cfd82f766efcc0d2a&pst=1675400645&rmtc=t
173.233.137.44200 OK 634 B URL HTTP/1.1 helpedhandwritingintestine.com/watch.198435264994.js?key=5c2bdfa9dd187d33604b355863934a38&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=cc968c0a-8133-4cde-b59a-1b59312e6c68%3A1%3A1&shu=567946865e7727750ee7a15beca85c7f2429986b9075d5a8669cb1081be727a904bf102ab12aa055daa4ed4fc83e63e8ed7d85bf398919d23ffc20d63a517319331377ea4509e313026c69f3c443493a30954883405cfd82f766efcc0d2a&pst=1675400645&rmtc=t
IP 173.233.137.44:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (581)
Hash 732728d5cc0c9b004e5077d5cf0892ee
964fc080634bc6154c48d539c0e026b5a25ad012
c1be774c7ece713797c40f82d652bf9ce2d795da5dad59dd2c80feb28d393b05
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.198435264994.js?key=5c2bdfa9dd187d33604b355863934a38&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=cc968c0a-8133-4cde-b59a-1b59312e6c68%3A1%3A1&shu=567946865e7727750ee7a15beca85c7f2429986b9075d5a8669cb1081be727a904bf102ab12aa055daa4ed4fc83e63e8ed7d85bf398919d23ffc20d63a517319331377ea4509e313026c69f3c443493a30954883405cfd82f766efcc0d2a&pst=1675400645&rmtc=t HTTP/1.1
Host: helpedhandwritingintestine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://teenatiyagi.com
Referer: https://teenatiyagi.com/
Connection: keep-alive
Cookie: u_pl=17946688; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk0NjY4OCwiayI6IjVjMmJkZmE5ZGQxODdkMzM2MDRiMzU1ODYzOTM0YTM4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDY4MDg2LCJwaWQiOjE1NjM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoibmJkYXkxeGtqNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3RlZW5hdGl5YWdpLmNvbS8jdWFkcz1hSFIwY0RvdkwyRnRlV2hoY25SdFlXNWpMbUpzYjJkemNHOTBMbU52YlM4eU1ERTFMekV5TDNSb1pTMW5iRzkzTFc5bUxXTmhibVJzWlhNdGJXVnljbmt0WTJoeWFYTjBiV0Z6TFc4dWFIUnRiSHh6Y0d4cGRIeEVUMDAyT1RNeE1UQTRNalF6TXpRM09RPT0ifX0.eo7wtaXsKVEenWNoL6SUPBfjvj7MT5DFesJzEyuw3w0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 05:03:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://teenatiyagi.com
Access-Control-Allow-Origin: https://teenatiyagi.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=cc968c0a-8133-4cde-b59a-1b59312e6c68:1:1; expires=Fri, 10 Feb 2023 05:03:05 GMT; secure; SameSite=None
iprcad1828d577672da16b21aa424f579b79=2717343; expires=Sat, 04 Feb 2023 07:03:05 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 04 Feb 2023 05:03:05 GMT; secure; SameSite=None
uncs=1; expires=Sat, 04 Feb 2023 05:03:05 GMT; secure; SameSite=None
pdhtkv23=true; expires=Sat, 04 Feb 2023 05:03:05 GMT; secure; SameSite=None
uncs23=1; expires=Sat, 04 Feb 2023 05:03:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3e7e792f7699ef1923344562acd3368a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
publishercounting.com/watch.1481642452206?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1
192.243.59.13200 OK 1.3 kB URL HTTP/1.1 publishercounting.com/watch.1481642452206?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (636)
Hash 47356072f7ffe5959ed1ef829c6392d2
b3afb54f34a3ca968ab55ee478405bf932226379
585b6568b017692f6a3088cf7eb5bbb07a961c08f6a6ed5388872686539d19fe
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1481642452206?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1 HTTP/1.1
Host: publishercounting.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Connection: keep-alive
Cookie: u_pl=17953820; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk1MzgyMCwiayI6ImYzNDlkYjYxMjU1NzU1OTFjOTk4ZDA0MDEwOTE0MDE5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDY4MDg2LCJwaWQiOjE1NjM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNiwicHQiOjQsInBrIjoiY2twNDFqOXl2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vdGVlbmF0aXlhZ2kuY29tLyN1YWRzPWFIUjBjRG92TDJGdGVXaGhjblJ0WVc1akxtSnNiMmR6Y0c5MExtTnZiUzh5TURFMUx6RXlMM1JvWlMxbmJHOTNMVzltTFdOaGJtUnNaWE10YldWeWNua3RZMmh5YVhOMGJXRnpMVzh1YUhSdGJIeHpjR3hwZEh4RVQwMDJPVE14TVRBNE1qUXpNelEzT1E9PSJ9fQ.mER1vpElQmGwUpcInI6LVse3orSqIHiHImEoBCV3JFY
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 03 Feb 2023 05:03:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk1MzgyMCwiayI6ImYzNDlkYjYxMjU1NzU1OTFjOTk4ZDA0MDEwOTE0MDE5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDY4MDg2LCJwaWQiOjE1NjM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNiwicHQiOjQsInBrIjoiY2twNDFqOXl2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwczovL3RlZW5hdGl5YWdpLmNvbS8jdWFkcz1hSFIwY0RvdkwyRnRlV2hoY25SdFlXNWpMbUpzYjJkemNHOTBMbU52YlM4eU1ERTFMekV5TDNSb1pTMW5iRzkzTFc5bUxXTmhibVJzWlhNdGJXVnljbmt0WTJoeWFYTjBiV0Z6TFc4dWFIUnRiSHh6Y0d4cGRIeEVUMDAyT1RNeE1UQTRNalF6TXpRM09RPT0ifX0.ZT0lASe2cwjnEl7xlhUsiAm2RMq-miqQVhpkJyGTwbs; expires=Fri, 03 Feb 2023 05:04:05 GMT; secure; SameSite=None
uid_id2=6f411ed3-231e-42a1-bd59-70423ce47233:2:1; expires=Fri, 10 Feb 2023 05:03:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 842cc62ade02beaf16c7d2809716e6c1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
naveljutmistress.com/watch.319417161072?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1
192.243.59.20200 OK 1.3 kB URL HTTP/1.1 naveljutmistress.com/watch.319417161072?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (636)
Hash e1310acbf4f076ff3408722dd8ac8378
4893cea4574908178c9cddd74e71ba097dcf527d
ce8dbaa1dfd6bb3700a8e0281291f9f69edcfb12f67425dec76ba23f5076a34d
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.319417161072?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1 HTTP/1.1
Host: naveljutmistress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Connection: keep-alive
Cookie: u_pl=17953820; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk1MzgyMCwiayI6ImYzNDlkYjYxMjU1NzU1OTFjOTk4ZDA0MDEwOTE0MDE5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDY4MDg2LCJwaWQiOjE1NjM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNiwicHQiOjQsInBrIjoiY2twNDFqOXl2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vdGVlbmF0aXlhZ2kuY29tLyN1YWRzPWFIUjBjRG92TDJGdGVXaGhjblJ0WVc1akxtSnNiMmR6Y0c5MExtTnZiUzh5TURFMUx6RXlMM1JvWlMxbmJHOTNMVzltTFdOaGJtUnNaWE10YldWeWNua3RZMmh5YVhOMGJXRnpMVzh1YUhSdGJIeHpjR3hwZEh4RVQwMDJPVE14TVRBNE1qUXpNelEzT1E9PSJ9fQ.mER1vpElQmGwUpcInI6LVse3orSqIHiHImEoBCV3JFY
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 03 Feb 2023 05:03:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk1MzgyMCwiayI6ImYzNDlkYjYxMjU1NzU1OTFjOTk4ZDA0MDEwOTE0MDE5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDY4MDg2LCJwaWQiOjE1NjM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNiwicHQiOjQsInBrIjoiY2twNDFqOXl2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwczovL3RlZW5hdGl5YWdpLmNvbS8jdWFkcz1hSFIwY0RvdkwyRnRlV2hoY25SdFlXNWpMbUpzYjJkemNHOTBMbU52YlM4eU1ERTFMekV5TDNSb1pTMW5iRzkzTFc5bUxXTmhibVJzWlhNdGJXVnljbmt0WTJoeWFYTjBiV0Z6TFc4dWFIUnRiSHh6Y0d4cGRIeEVUMDAyT1RNeE1UQTRNalF6TXpRM09RPT0ifX0.ZT0lASe2cwjnEl7xlhUsiAm2RMq-miqQVhpkJyGTwbs; expires=Fri, 03 Feb 2023 05:04:05 GMT; secure; SameSite=None
uid_id2=6f411ed3-231e-42a1-bd59-70423ce47233:2:1; expires=Fri, 10 Feb 2023 05:03:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4f36a99cfd6ee83a2b5c7fe4e93d1231
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
naveljutmistress.com/watch.659075354118?key=530f8870d8a0f24c43720d58b02daf83&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1
192.243.59.20200 OK 1.3 kB URL HTTP/1.1 naveljutmistress.com/watch.659075354118?key=530f8870d8a0f24c43720d58b02daf83&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (636)
Hash 72bd24db197f286fe9e545e6740d17d0
a37a5f65e3a8db50c088c18d428e04cabfcc358f
39eea1b156325bbe86fc26e7a747db7ac5a604ebded6af7da92bf82b6052cc4f
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.659075354118?key=530f8870d8a0f24c43720d58b02daf83&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1 HTTP/1.1
Host: naveljutmistress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Connection: keep-alive
Cookie: u_pl=17953820; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk1MzgyMCwiayI6ImYzNDlkYjYxMjU1NzU1OTFjOTk4ZDA0MDEwOTE0MDE5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDY4MDg2LCJwaWQiOjE1NjM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNiwicHQiOjQsInBrIjoiY2twNDFqOXl2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vdGVlbmF0aXlhZ2kuY29tLyN1YWRzPWFIUjBjRG92TDJGdGVXaGhjblJ0WVc1akxtSnNiMmR6Y0c5MExtTnZiUzh5TURFMUx6RXlMM1JvWlMxbmJHOTNMVzltTFdOaGJtUnNaWE10YldWeWNua3RZMmh5YVhOMGJXRnpMVzh1YUhSdGJIeHpjR3hwZEh4RVQwMDJPVE14TVRBNE1qUXpNelEzT1E9PSJ9fQ.mER1vpElQmGwUpcInI6LVse3orSqIHiHImEoBCV3JFY
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 03 Feb 2023 05:03:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17953820,17941123; expires=Sat, 04 Feb 2023 05:03:05 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk0MTEyMywiayI6IjUzMGY4ODcwZDhhMGYyNGM0MzcyMGQ1OGIwMmRhZjgzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDY4MDg2LCJwaWQiOjE1NjM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJxaDR6dWp5YjdxIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vdGVlbmF0aXlhZ2kuY29tLyN1YWRzPWFIUjBjRG92TDJGdGVXaGhjblJ0WVc1akxtSnNiMmR6Y0c5MExtTnZiUzh5TURFMUx6RXlMM1JvWlMxbmJHOTNMVzltTFdOaGJtUnNaWE10YldWeWNua3RZMmh5YVhOMGJXRnpMVzh1YUhSdGJIeHpjR3hwZEh4RVQwMDJPVE14TVRBNE1qUXpNelEzT1E9PSJ9fQ.0WmsU2yH2qIzYLsa1_5W6dHI6aOFS_1DW_Omzxy9h8s; expires=Fri, 03 Feb 2023 05:04:05 GMT; secure; SameSite=None
uid_id2=6f411ed3-231e-42a1-bd59-70423ce47233:2:1; expires=Fri, 10 Feb 2023 05:03:05 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8a809a1e8841f4de01fdc95ca7acc50a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
publishercounting.com/watch.1481642452206?shu=f48c52afae88105c58671fd94e42a11d5435ea74b8d22cdd449a461511512abe24f23f5524a39a5166018e8efb071a5b9c4e5ad9fa22480f79bf781406bd94bc1f242c468a8ad9ce2d9a14de9382fcd8f5142f&pst=1675400645&rmtc=t&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1&pii=&in=false&key=f349db6125575591c998d04010914019&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D
192.243.59.13200 OK 1.8 kB URL HTTP/1.1 publishercounting.com/watch.1481642452206?shu=f48c52afae88105c58671fd94e42a11d5435ea74b8d22cdd449a461511512abe24f23f5524a39a5166018e8efb071a5b9c4e5ad9fa22480f79bf781406bd94bc1f242c468a8ad9ce2d9a14de9382fcd8f5142f&pst=1675400645&rmtc=t&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1&pii=&in=false&key=f349db6125575591c998d04010914019&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2582)
Hash bfc8cc6787405f20c4163e10000763c7
842d203c7cfd77ee050fc8d63d399e8b6c591344
92810ab9ed6a3cae1910c2939f890cee068fb5e1ae008078cfe173a55cd42719
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1481642452206?shu=f48c52afae88105c58671fd94e42a11d5435ea74b8d22cdd449a461511512abe24f23f5524a39a5166018e8efb071a5b9c4e5ad9fa22480f79bf781406bd94bc1f242c468a8ad9ce2d9a14de9382fcd8f5142f&pst=1675400645&rmtc=t&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1&pii=&in=false&key=f349db6125575591c998d04010914019&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D HTTP/1.1
Host: publishercounting.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publishercounting.com/watch.1481642452206?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1
Cookie: u_pl=17953820; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk1MzgyMCwiayI6ImYzNDlkYjYxMjU1NzU1OTFjOTk4ZDA0MDEwOTE0MDE5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDY4MDg2LCJwaWQiOjE1NjM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNiwicHQiOjQsInBrIjoiY2twNDFqOXl2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6ZmFsc2UsInIiOiJodHRwczovL3RlZW5hdGl5YWdpLmNvbS8jdWFkcz1hSFIwY0RvdkwyRnRlV2hoY25SdFlXNWpMbUpzYjJkemNHOTBMbU52YlM4eU1ERTFMekV5TDNSb1pTMW5iRzkzTFc5bUxXTmhibVJzWlhNdGJXVnljbmt0WTJoeWFYTjBiV0Z6TFc4dWFIUnRiSHh6Y0d4cGRIeEVUMDAyT1RNeE1UQTRNalF6TXpRM09RPT0ifX0.ZT0lASe2cwjnEl7xlhUsiAm2RMq-miqQVhpkJyGTwbs; uid_id2=6f411ed3-231e-42a1-bd59-70423ce47233:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Fri, 03 Feb 2023 05:03:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://teenatiyagi.com/#uads=aHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ==
Access-Control-Allow-Origin: https://teenatiyagi.com/#uads=aHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ==
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=6f411ed3-231e-42a1-bd59-70423ce47233:2:1; expires=Fri, 10 Feb 2023 05:03:06 GMT; secure; SameSite=None
iprc998966d686c7d4d5901b3f53ce5b1363=3569804; expires=Fri, 03 Feb 2023 09:03:06 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 04 Feb 2023 05:03:06 GMT; secure; SameSite=None
uncs=1; expires=Sat, 04 Feb 2023 05:03:06 GMT; secure; SameSite=None
pdhtkv26=true; expires=Sat, 04 Feb 2023 05:03:06 GMT; secure; SameSite=None
uncs26=1; expires=Sat, 04 Feb 2023 05:03:06 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 49cafe368b7748c40102bf92018eb6f8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
naveljutmistress.com/watch.319417161072?shu=d49b61508b0af5af352558345a49ddd46d74443421c039a10cd47abacb7ca84cdbfee9b221eb317435d63367c46caf61ebc9cae47918b0422101eb6fb39a3c09140c6dab4a88553412ffb0a98a1dff75a15169&pst=1675400645&rmtc=t&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1&pii=&in=false&key=f349db6125575591c998d04010914019&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&res=12.1055&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&tz=0&dev=e
192.243.59.20200 OK 1.8 kB URL HTTP/1.1 naveljutmistress.com/watch.319417161072?shu=d49b61508b0af5af352558345a49ddd46d74443421c039a10cd47abacb7ca84cdbfee9b221eb317435d63367c46caf61ebc9cae47918b0422101eb6fb39a3c09140c6dab4a88553412ffb0a98a1dff75a15169&pst=1675400645&rmtc=t&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1&pii=&in=false&key=f349db6125575591c998d04010914019&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&res=12.1055&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&tz=0&dev=e
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2585)
Hash 40ad158be252656726461f00867afa95
e7cb04de47da4633b69837b221d8a51b96e05bf9
0ec1116cc601da0bb5da92f78d026dd37a438ab71a85daadcc50058078caedeb
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.319417161072?shu=d49b61508b0af5af352558345a49ddd46d74443421c039a10cd47abacb7ca84cdbfee9b221eb317435d63367c46caf61ebc9cae47918b0422101eb6fb39a3c09140c6dab4a88553412ffb0a98a1dff75a15169&pst=1675400645&rmtc=t&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1&pii=&in=false&key=f349db6125575591c998d04010914019&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&res=12.1055&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&tz=0&dev=e HTTP/1.1
Host: naveljutmistress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://naveljutmistress.com/watch.319417161072?key=f349db6125575591c998d04010914019&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1
Cookie: u_pl=17953820,17941123; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk0MTEyMywiayI6IjUzMGY4ODcwZDhhMGYyNGM0MzcyMGQ1OGIwMmRhZjgzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDY4MDg2LCJwaWQiOjE1NjM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJxaDR6dWp5YjdxIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vdGVlbmF0aXlhZ2kuY29tLyN1YWRzPWFIUjBjRG92TDJGdGVXaGhjblJ0WVc1akxtSnNiMmR6Y0c5MExtTnZiUzh5TURFMUx6RXlMM1JvWlMxbmJHOTNMVzltTFdOaGJtUnNaWE10YldWeWNua3RZMmh5YVhOMGJXRnpMVzh1YUhSdGJIeHpjR3hwZEh4RVQwMDJPVE14TVRBNE1qUXpNelEzT1E9PSJ9fQ.0WmsU2yH2qIzYLsa1_5W6dHI6aOFS_1DW_Omzxy9h8s; uid_id2=6f411ed3-231e-42a1-bd59-70423ce47233:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 03 Feb 2023 05:03:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://teenatiyagi.com/#uads=aHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ==
Access-Control-Allow-Origin: https://teenatiyagi.com/#uads=aHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ==
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=6f411ed3-231e-42a1-bd59-70423ce47233:2:1; expires=Fri, 10 Feb 2023 05:03:06 GMT; secure; SameSite=None
iprc998966d686c7d4d5901b3f53ce5b1363=3569804; expires=Fri, 03 Feb 2023 09:03:06 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 04 Feb 2023 05:03:06 GMT; secure; SameSite=None
uncs=1; expires=Sat, 04 Feb 2023 05:03:06 GMT; secure; SameSite=None
pdhtkv26=true; expires=Sat, 04 Feb 2023 05:03:06 GMT; secure; SameSite=None
uncs26=1; expires=Sat, 04 Feb 2023 05:03:06 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c7527ddd3b57e6be762469ba41240857
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
naveljutmistress.com/watch.659075354118?shu=e8ffc25c2bc6368746aff63bc0fc1a752038aa83ee0f8b2414fd51cc1c978bb9bb85677b086c697cdcc701b70563b93eb0b488aa2c8359ebc0f524d2a2faf87bd7599110d5b47ff91fc1464e2376b1ad92e05123&pst=1675400645&rmtc=t&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1&pii=&in=false&key=530f8870d8a0f24c43720d58b02daf83&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&tz=0&dev=e&res=12.1055
192.243.59.20200 OK 1.8 kB URL HTTP/1.1 naveljutmistress.com/watch.659075354118?shu=e8ffc25c2bc6368746aff63bc0fc1a752038aa83ee0f8b2414fd51cc1c978bb9bb85677b086c697cdcc701b70563b93eb0b488aa2c8359ebc0f524d2a2faf87bd7599110d5b47ff91fc1464e2376b1ad92e05123&pst=1675400645&rmtc=t&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1&pii=&in=false&key=530f8870d8a0f24c43720d58b02daf83&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&tz=0&dev=e&res=12.1055
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2595)
Hash a4cb3e1c211cdc0c8ba95837a841e90b
9b07100264c92c6efaf0440eda55a2c65dcb77a3
25588b7725261add1040d91c8fceaedc608f28a3baaa6110057fde5410d05792
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.659075354118?shu=e8ffc25c2bc6368746aff63bc0fc1a752038aa83ee0f8b2414fd51cc1c978bb9bb85677b086c697cdcc701b70563b93eb0b488aa2c8359ebc0f524d2a2faf87bd7599110d5b47ff91fc1464e2376b1ad92e05123&pst=1675400645&rmtc=t&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1&pii=&in=false&key=530f8870d8a0f24c43720d58b02daf83&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&tz=0&dev=e&res=12.1055 HTTP/1.1
Host: naveljutmistress.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://naveljutmistress.com/watch.659075354118?key=530f8870d8a0f24c43720d58b02daf83&kw=%5B%22tech%22%2C%22news%22%2C%22-%22%2C%22the%22%2C%22leading%22%2C%22innovations%22%5D&refer=https%3A%2F%2Fteenatiyagi.com%2F%23uads%3DaHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ%3D%3D&tz=0&dev=e&res=12.1055&uuid=6f411ed3-231e-42a1-bd59-70423ce47233%3A2%3A1
Cookie: u_pl=17953820,17941123; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzk0MTEyMywiayI6IjUzMGY4ODcwZDhhMGYyNGM0MzcyMGQ1OGIwMmRhZjgzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDY4MDg2LCJwaWQiOjE1NjM0OCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJxaDR6dWp5YjdxIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vdGVlbmF0aXlhZ2kuY29tLyN1YWRzPWFIUjBjRG92TDJGdGVXaGhjblJ0WVc1akxtSnNiMmR6Y0c5MExtTnZiUzh5TURFMUx6RXlMM1JvWlMxbmJHOTNMVzltTFdOaGJtUnNaWE10YldWeWNua3RZMmh5YVhOMGJXRnpMVzh1YUhSdGJIeHpjR3hwZEh4RVQwMDJPVE14TVRBNE1qUXpNelEzT1E9PSJ9fQ.0WmsU2yH2qIzYLsa1_5W6dHI6aOFS_1DW_Omzxy9h8s; uid_id2=6f411ed3-231e-42a1-bd59-70423ce47233:2:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Fri, 03 Feb 2023 05:03:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://teenatiyagi.com/#uads=aHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ==
Access-Control-Allow-Origin: https://teenatiyagi.com/#uads=aHR0cDovL2FteWhhcnRtYW5jLmJsb2dzcG90LmNvbS8yMDE1LzEyL3RoZS1nbG93LW9mLWNhbmRsZXMtbWVycnktY2hyaXN0bWFzLW8uaHRtbHxzcGxpdHxET002OTMxMTA4MjQzMzQ3OQ==
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=6f411ed3-231e-42a1-bd59-70423ce47233:2:1; expires=Fri, 10 Feb 2023 05:03:06 GMT; secure; SameSite=None
iprc7ee2ebd7c92fe6db8edcca2d7d7d7bde=3569806; expires=Fri, 03 Feb 2023 09:03:06 GMT; secure; SameSite=None
pdhtkv=true; expires=Sat, 04 Feb 2023 05:03:06 GMT; secure; SameSite=None
uncs=1; expires=Sat, 04 Feb 2023 05:03:06 GMT; secure; SameSite=None
pdhtkv5=true; expires=Sat, 04 Feb 2023 05:03:06 GMT; secure; SameSite=None
uncs5=1; expires=Sat, 04 Feb 2023 05:03:06 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c15e198446fbb2c0c3514588fe5028ff
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ed38d0c095010beffbefd5493030dde6
283ec58d73589f555dd49c7fd2e19c1bc0ed8a92
4034b89955d03c028c1ccd0d9dda7b7528f34ad892996dc7bc420fb64366da02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4034B89955D03C028C1CCD0D9DDA7B7528F34AD892996DC7BC420FB64366DA02"
Last-Modified: Wed, 01 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5080
Expires: Fri, 03 Feb 2023 06:27:46 GMT
Date: Fri, 03 Feb 2023 05:03:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash d1ede23ab1ddbc0d7fa930fd3810e49e
879f79b820606c514ae97d5a3c2be12533440a51
7ec120a673fc6ae1a147829269069666ef47b0258b832030906da7dc97ab2a14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7EC120A673FC6AE1A147829269069666EF47B0258B832030906DA7DC97AB2A14"
Last-Modified: Tue, 31 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4036
Expires: Fri, 03 Feb 2023 06:10:22 GMT
Date: Fri, 03 Feb 2023 05:03:06 GMT
Connection: keep-alive
cdn.cloudimagesb.com/cti/82/55/fc/8255fca3bc9e7c9147b2ab36eb30d1b6/1658919989.png
45.133.44.9200 OK 95 kB URL HTTP/2 cdn.cloudimagesb.com/cti/82/55/fc/8255fca3bc9e7c9147b2ab36eb30d1b6/1658919989.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 160 x 300, 8-bit/color RGBA, non-interlaced\012- data
Hash 832954c4b42b06378bf4e58ba8e569f6
f6bc7a32bd139dbf5e42e20d96c4a94535f5eaa4
c9cfa61f5f0a9d16f87c1107ba7714ab5e5016892583567b6122670dcc796f68
GET /cti/82/55/fc/8255fca3bc9e7c9147b2ab36eb30d1b6/1658919989.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publishercounting.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:06 GMT
content-type: image/png
content-length: 94867
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:06:37 GMT
etag: "62e11c3d-17293"
expires: Sun, 05 Feb 2023 05:03:06 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
45.133.44.9200 OK 144 kB URL HTTP/2 cdn.cloudimagesb.com/cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Size 144 kB (144379 bytes)
Hash 33c304429dc1a4408a96e6a74ffa2feb
c45fa8e65528d1bb2b46bf8a28af9eeaa1903d04
dbed482e5948ead5587d30a22306a5b611305f704de940bd22c76daf90e0a314
GET /cti/7d/00/a0/7d00a008556ebc4e68d1de531274e928/1658920033.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://naveljutmistress.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:06 GMT
content-type: image/png
content-length: 144379
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:07:21 GMT
etag: "62e11c69-233fb"
expires: Sun, 05 Feb 2023 05:03:06 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17946688
173.233.137.52200 OK 1.3 kB URL HTTP/1.1 jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17946688
IP 173.233.137.52:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash cbc86bc5b4a06729b3bd1108977cad81
53e2daeba501aed11d7db20ddc6a127fda3d94cd
764e7cd3a2c2cfecc945ccf601dc021440313445c380e1913f4343d0f3ce97dd
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17946688 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 05:03:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Sat, 04 Feb 2023 05:03:06 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTc5NDY2ODgiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly90ZWVuYXRpeWFnaS5jb20vIn19.ojczw4LkNy6_rGbZxX_L6J-Btl30QBhJuttJp2xQ7r0; expires=Fri, 03 Feb 2023 05:04:06 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8c4be8f45ce12c541219f9482d3b2274
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
jennyvisits.com/dyfc1k09?shu=d7de17b689a6423cad3bab2a0341c7ba116db1523e00b183322e02fb65a3f585616f50d2077f9aa74b1996de46c9fbf24c498b642704c28b7ed76fc3cd3ce4c984282a5eeb7e5d9e539904f13c6ae5eec5feef245328124df73d30676b2b460f&pst=1675400646&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fteenatiyagi.com%2F&psid=17946688
173.233.137.52302 Found 0 B URL HTTP/1.1 jennyvisits.com/dyfc1k09?shu=d7de17b689a6423cad3bab2a0341c7ba116db1523e00b183322e02fb65a3f585616f50d2077f9aa74b1996de46c9fbf24c498b642704c28b7ed76fc3cd3ce4c984282a5eeb7e5d9e539904f13c6ae5eec5feef245328124df73d30676b2b460f&pst=1675400646&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fteenatiyagi.com%2F&psid=17946688
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?shu=d7de17b689a6423cad3bab2a0341c7ba116db1523e00b183322e02fb65a3f585616f50d2077f9aa74b1996de46c9fbf24c498b642704c28b7ed76fc3cd3ce4c984282a5eeb7e5d9e539904f13c6ae5eec5feef245328124df73d30676b2b460f&pst=1675400646&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fteenatiyagi.com%2F&psid=17946688 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jennyvisits.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTc5NDY2ODgiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly90ZWVuYXRpeWFnaS5jb20vIn19.ojczw4LkNy6_rGbZxX_L6J-Btl30QBhJuttJp2xQ7r0; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Fri, 03 Feb 2023 05:03:06 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CgjMit2N2tGU3Bp-GH0dEdHP3xP.00c%2CACpQMBTT23d934BSVZFaYUiWSswvJm2NqT67paBooyLH8h6ACHmWynoody6iyWDn1sdLhC6caCN1gv8EqhP46yyOXkPY1whPxhtiDRFKjTGLv1pMUnLKrVMOBRNaeTJSDSkcrP2509UFnWIRE1X8qpJLVwpgDLYz_sjV3_873lsYLbDNSt4DLDLkHaSJTiTUiZxmaR8Mow6IseAeOSrsFuyjKPLEFJJI2Jj5CQTqCOiuGkkMMRU5sxNzSUVaD9ojfOV5TJ4L5GWueLP83Ci1jdcmBa9v-8mNn68aH2kI1nHsePuDhyKug4_xBsIXPzApt07ZnSZgtvvt3goYEkulEw9wDxitWyplHedOHuKzkXpE69pF6kAap2B9XiZGyihiCI5z7-iVgLhnrNEGw1u4FJzEj1HIjMWNUNFlooc9FEfu9P35JHJeFkTPgodP5jhTi0GqxGhsjhd5ke5ksYXDNFvj8MBXRb0Dop0E4_oQRkNn-X2yh3SqD-coiI7rDEff1ismu2hhXNJ27g_OKWRfPA%2C%2C&csid=5202639&s1=16122660&md=0&crid=23364304
Set-Cookie: pdhtkv=true; expires=Sat, 04 Feb 2023 05:03:06 GMT
uncs=1; expires=Sat, 04 Feb 2023 05:03:06 GMT
pdhtkv28=true; expires=Sat, 04 Feb 2023 05:03:06 GMT
uncs28=1; expires=Sat, 04 Feb 2023 05:03:06 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 61ad8a7cac644c63212478c4885f3075
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 66bc985ffa4a28a89c7073bf77f93741
a1f0c1c03bb95caaeb50b90def3357ae96eeae29
60155958b2e0897e88ee3d17c0dfab5e16df30574e5439e70bda33fc3e09c05a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 05:03:06 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 20:07:27 GMT
Expires: Thu, 09 Feb 2023 20:07:26 GMT
Etag: "a1f0c1c03bb95caaeb50b90def3357ae96eeae29"
Cache-Control: max-age=572059,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79389e435ea0b4ff-OSL
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash 66bc985ffa4a28a89c7073bf77f93741
a1f0c1c03bb95caaeb50b90def3357ae96eeae29
60155958b2e0897e88ee3d17c0dfab5e16df30574e5439e70bda33fc3e09c05a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 03 Feb 2023 05:03:07 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2023 20:07:27 GMT
Expires: Thu, 09 Feb 2023 20:07:26 GMT
Etag: "a1f0c1c03bb95caaeb50b90def3357ae96eeae29"
Cache-Control: max-age=572058,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 79389e45b83fb4ff-OSL
adpointrtb.com/favicon.ico
34.160.190.227200 OK 0 B URL HTTP/2 adpointrtb.com/favicon.ico
IP 34.160.190.227:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Fri, 03 Feb 2023 05:03:07 GMT
content-type: image/x-icon
content-length: 0
last-modified: Thu, 10 Dec 2020 09:27:58 GMT
etag: "5fd1ea1e-0"
accept-ranges: bytes
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CgjMit2N2tGU3Bp-GH0dEdHP3xP.00c%2CACpQMBTT23d934BSVZFaYUiWSswvJm2NqT67paBooyLH8h6ACHmWynoody6iyWDn1sdLhC6caCN1gv8EqhP46yyOXkPY1whPxhtiDRFKjTGLv1pMUnLKrVMOBRNaeTJSDSkcrP2509UFnWIRE1X8qpJLVwpgDLYz_sjV3_873lsYLbDNSt4DLDLkHaSJTiTUiZxmaR8Mow6IseAeOSrsFuyjKPLEFJJI2Jj5CQTqCOiuGkkMMRU5sxNzSUVaD9ojfOV5TJ4L5GWueLP83Ci1jdcmBa9v-8mNn68aH2kI1nHsePuDhyKug4_xBsIXPzApt07ZnSZgtvvt3goYEkulEw9wDxitWyplHedOHuKzkXpE69pF6kAap2B9XiZGyihiCI5z7-iVgLhnrNEGw1u4FJzEj1HIjMWNUNFlooc9FEfu9P35JHJeFkTPgodP5jhTi0GqxGhsjhd5ke5ksYXDNFvj8MBXRb0Dop0E4_oQRkNn-X2yh3SqD-coiI7rDEff1ismu2hhXNJ27g_OKWRfPA%2C%2C&csid=5202639&s1=16122660&md=0&crid=23364304&treqn=42346345&rpn=1&cbrandom=0.31073964981377733&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fjennyvisits.com%2F
34.160.190.227302 Found 1 B URL HTTP/2 adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CgjMit2N2tGU3Bp-GH0dEdHP3xP.00c%2CACpQMBTT23d934BSVZFaYUiWSswvJm2NqT67paBooyLH8h6ACHmWynoody6iyWDn1sdLhC6caCN1gv8EqhP46yyOXkPY1whPxhtiDRFKjTGLv1pMUnLKrVMOBRNaeTJSDSkcrP2509UFnWIRE1X8qpJLVwpgDLYz_sjV3_873lsYLbDNSt4DLDLkHaSJTiTUiZxmaR8Mow6IseAeOSrsFuyjKPLEFJJI2Jj5CQTqCOiuGkkMMRU5sxNzSUVaD9ojfOV5TJ4L5GWueLP83Ci1jdcmBa9v-8mNn68aH2kI1nHsePuDhyKug4_xBsIXPzApt07ZnSZgtvvt3goYEkulEw9wDxitWyplHedOHuKzkXpE69pF6kAap2B9XiZGyihiCI5z7-iVgLhnrNEGw1u4FJzEj1HIjMWNUNFlooc9FEfu9P35JHJeFkTPgodP5jhTi0GqxGhsjhd5ke5ksYXDNFvj8MBXRb0Dop0E4_oQRkNn-X2yh3SqD-coiI7rDEff1ismu2hhXNJ27g_OKWRfPA%2C%2C&csid=5202639&s1=16122660&md=0&crid=23364304&treqn=42346345&rpn=1&cbrandom=0.31073964981377733&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fjennyvisits.com%2F
IP 34.160.190.227:0
File type very short file (no magic)
Hash 68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
GET /script/s2iurl.php?stamat=m%7C%2C%2CgjMit2N2tGU3Bp-GH0dEdHP3xP.00c%2CACpQMBTT23d934BSVZFaYUiWSswvJm2NqT67paBooyLH8h6ACHmWynoody6iyWDn1sdLhC6caCN1gv8EqhP46yyOXkPY1whPxhtiDRFKjTGLv1pMUnLKrVMOBRNaeTJSDSkcrP2509UFnWIRE1X8qpJLVwpgDLYz_sjV3_873lsYLbDNSt4DLDLkHaSJTiTUiZxmaR8Mow6IseAeOSrsFuyjKPLEFJJI2Jj5CQTqCOiuGkkMMRU5sxNzSUVaD9ojfOV5TJ4L5GWueLP83Ci1jdcmBa9v-8mNn68aH2kI1nHsePuDhyKug4_xBsIXPzApt07ZnSZgtvvt3goYEkulEw9wDxitWyplHedOHuKzkXpE69pF6kAap2B9XiZGyihiCI5z7-iVgLhnrNEGw1u4FJzEj1HIjMWNUNFlooc9FEfu9P35JHJeFkTPgodP5jhTi0GqxGhsjhd5ke5ksYXDNFvj8MBXRb0Dop0E4_oQRkNn-X2yh3SqD-coiI7rDEff1ismu2hhXNJ27g_OKWRfPA%2C%2C&csid=5202639&s1=16122660&md=0&crid=23364304&treqn=42346345&rpn=1&cbrandom=0.31073964981377733&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=https%3A%2F%2Fjennyvisits.com%2F HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: openresty
date: Fri, 03 Feb 2023 05:03:07 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
location: https://adserving.unibet.com/redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=5202639-640691165-0_Adsterra
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.mariacasino.nu/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&sref=ADC&ADC=5202639-640691165-0_Adsterra&affiliateId=1&pid=79053594&bid=37953
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.mariacasino.nu/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&sref=ADC&ADC=5202639-640691165-0_Adsterra&affiliateId=1&pid=79053594&bid=37953
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&sref=ADC&ADC=5202639-640691165-0_Adsterra&affiliateId=1&pid=79053594&bid=37953 HTTP/1.1
Host: www.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Fri, 03 Feb 2023 05:03:07 GMT
content-length: 0
location: https://www.mariacasino.nu:443/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&sref=ADC&ADC=5202639-640691165-0_Adsterra&affiliateId=1&pid=79053594&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A79053594-37953
set-cookie: JSESSIONID=node0ql6h4a5n3yul1vcsi2ki2hb9g1491494.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; Path=/; Domain=.mariacasino.nu; Expires=Sun, 02-Feb-2025 05:03:07 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.mariacasino.nu; Expires=Sun, 02-Feb-2025 05:03:07 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.mariacasino.nu; Expires=Sun, 02-Feb-2025 05:03:07 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=31341352; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Fri, 03-Feb-2023 05:03:22 GMT; Max-Age=15; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=31341352; Secure; SameSite=None
B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=31341352; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37953; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=31341352; Secure; SameSite=None
PID=79053594; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=31341352; Secure; SameSite=None
CHID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=31341352; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=31341352; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Fri, 03-Feb-2023 05:03:22 GMT; Max-Age=15; Secure; SameSite=None
campaignId=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=31341352; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Fri, 03-Feb-2023 05:03:22 GMT; Max-Age=15; Secure; SameSite=None
clientId=browser_desktop; Domain=www.mariacasino.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Fri, 03 Feb 2023 05:03:07 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2
www.mariacasino.nu/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&sref=ADC&ADC=5202639-640691165-0_Adsterra&affiliateId=1&pid=79053594&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A79053594-37953
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.mariacasino.nu/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&sref=ADC&ADC=5202639-640691165-0_Adsterra&affiliateId=1&pid=79053594&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A79053594-37953
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&sref=ADC&ADC=5202639-640691165-0_Adsterra&affiliateId=1&pid=79053594&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A79053594-37953 HTTP/1.1
Host: www.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; BID=37953; PID=79053594; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; clientId=browser_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 03 Feb 2023 05:03:08 GMT
content-length: 0
location: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:79053594-37953&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&bid=37953&campaignId=2397257&pid=79053594
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Fri, 03 Feb 2023 05:03:08 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7ffa60092eb40b56c7c215ee964648af
8bc96888f2af7744b8900b0e321b8eb8f15e271a
c09c8db69d9ba290e8d10acb30c55fb860faee1a7b468a625d3ddf7c9e4c5f4d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:08 GMT
Etag: "63db3f52-118"
Server: ECS (amb/6BAD)
Content-Length: 279
welcome.mariacasino.nu/no/pop/casino/2022/livecasino.png
104.18.24.188200 OK 21 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/livecasino.png
IP 104.18.24.188:0
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 87dc3fc9a40a9b0e8fd7c0519ac24f54
908b0ca475f8da1d0380a6cb5caabafce2466aec
a0fd031aa160b2679253c5952576a692e002c6be963c5935af3692ff50206eb4
GET /no/pop/casino/2022/livecasino.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:79053594-37953&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&bid=37953&campaignId=2397257&pid=79053594
Cookie: __ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; BID=37953; PID=79053594; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:08 GMT
content-type: image/png
content-length: 20783
cache-control: public, max-age=900, immutable
content-md5: h9w/yaQKmw6P18BRmsJPVA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4DF7B00"
x-ms-request-id: 2a37beda-301e-0078-10f7-03b1fa000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 228232
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e4dbf00b523-OSL
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/slots.png
104.18.24.188200 OK 6.3 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/slots.png
IP 104.18.24.188:0
File type PNG image data, 151 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 6be047bdf3d103b2414f7f6ab64d96b8
57818bdfe16383abe584b5c30de5f35eb55ebf20
38e2d3e7f261032cf0c558e28555c6425c30aa14014f31bbaad7d5176b7d4449
GET /no/pop/casino/2022/slots.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:79053594-37953&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&bid=37953&campaignId=2397257&pid=79053594
Cookie: __ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; BID=37953; PID=79053594; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:08 GMT
content-type: image/png
content-length: 6303
cache-control: public, max-age=900, immutable
content-md5: a+BHvfPRA7JBT39qtk2WuA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4ED5BA7"
x-ms-request-id: da131072-401e-003f-7bf7-03daa1000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 228232
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e4dbeffb523-OSL
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/mga.png
104.18.24.188200 OK 1.5 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/mga.png
IP 104.18.24.188:0
File type PNG image data, 152 x 60, 8-bit colormap, non-interlaced\012- data
Hash f34e781d7ad22dc774b98ac82a2b46f6
b66cb9753b0f76a7590f62d3c6b8f645bdbae786
7898ba2cec328d50a75400c1e5a6f1f23974f4c0cc433472a24f28a82c7d01c7
GET /no/pop/casino/2022/mga.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:79053594-37953&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&bid=37953&campaignId=2397257&pid=79053594
Cookie: __ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; BID=37953; PID=79053594; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:08 GMT
content-type: image/png
content-length: 1454
cache-control: public, max-age=900, immutable
content-md5: 8054HXrSLcd0uYrIKitG9g==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4FEBE45"
x-ms-request-id: aeb20fbe-701e-0034-08f7-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 228232
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e4dbf04b523-OSL
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/games.png
104.18.24.188200 OK 8.8 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/games.png
IP 104.18.24.188:0
File type PNG image data, 234 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash fbd364c184d1c2af246dd5a3079ce9ed
5c572431ced831a518e0c4adfed4372254f1eac1
2a09f891fb138e893fbc2fe522761e47307376143582e41016bf8aa54c4fdb77
GET /no/pop/casino/2022/games.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:79053594-37953&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&bid=37953&campaignId=2397257&pid=79053594
Cookie: __ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; BID=37953; PID=79053594; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:08 GMT
content-type: image/png
content-length: 8838
cache-control: public, max-age=900, immutable
content-md5: +9NkwYTRwq8kbdWjB5zp7Q==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4D87720"
x-ms-request-id: 56be89e7-801e-0020-22f7-0369a5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 228232
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e4dbf02b523-OSL
X-Firefox-Spdy: h2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:08 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bbeb609cbf32a8842bf96a124588e65e
40c0f548bcb714731f62df5a27cad21adef0463d
502c60a18a13b84598933731d182aafd4b83576bfc56451b36f9238c621a571d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js
142.250.74.138200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (32030)
Hash 04ba0252a9f264db106d4eaab8df4ccb
cf52d9b3df7839c5c64fbf33aafeced74b3db750
397852429e768ffbd12a78ce4b94f14e3ab4afabf84acb07c0bb5b7798e6e0b2
GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 13:13:42 GMT
expires: Fri, 02 Feb 2024 13:13:42 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 56966
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js
2.18.172.233200 OK 44 kB URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js
IP 2.18.172.233:0
File type exported SGML document, ASCII text, with very long lines (32764)
Hash 57198fa839fd954656487c5a3bef02a7
060e710714194b067e8a17554de1f056f3c5fa64
0144349d38a845bda08cbc2654f89da13986be57ce76fa7f49488907aa392edd
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "bf8d7656a2457e257e3cf75a01e6a4b7:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 43737
cache-control: max-age=3600
expires: Fri, 03 Feb 2023 06:03:08 GMT
date: Fri, 03 Feb 2023 05:03:08 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js
2.18.172.233200 OK 228 B URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js
IP 2.18.172.233:0
Hash f9f61cf08520dbe652f9085c0c5e1a43
f9333020f4b2f0446c5ce4fd69f14433102a71c5
b27cb6d5a43aa222ba4bb45dfeec4211d1ed558d1d552ec160660c01db213782
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "accfdd9d5be1d7142fabad440365d15f:1554112916"
last-modified: Mon, 01 Apr 2019 10:01:56 GMT
server: AkamaiNetStorage
unused62: 8096267
vary: Accept-Encoding
content-encoding: gzip
content-length: 228
cache-control: max-age=3600
expires: Fri, 03 Feb 2023 06:03:08 GMT
date: Fri, 03 Feb 2023 05:03:08 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/maria-logo.svg
104.18.24.188200 OK 14 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/maria-logo.svg
IP 104.18.24.188:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 8a4d95fe1123b14c324eddd10866573c
a18a32f5dd0e1fa457ed6f6860b6a051d13149b3
40d1f794a579abee9e9c6e998dca75b79d532e872e184fec20f4e2da2658ecdc
GET /no/pop/casino/2022/maria-logo.svg HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:79053594-37953&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&bid=37953&campaignId=2397257&pid=79053594
Cookie: __ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; BID=37953; PID=79053594; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:08 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: A/evXSZJMSEi63VEXU58wA==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: W/"0x8DAD20EA476B63E"
x-ms-request-id: 5a1280b9-401e-0062-10f7-03d025000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 228232
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e4dbefeb523-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.optimizely.com/js/10682170820.js
2.18.172.152200 OK 154 kB URL HTTP/2 cdn.optimizely.com/js/10682170820.js
IP 2.18.172.152:0
File type ASCII text, with very long lines (65468)
Size 154 kB (153652 bytes)
Hash f3612fded39fc2d9aee516e239507b42
60fb57bbead0fbf566790dacb431fa0b8113a1ca
eecaf45739463198e5b6c4211f492b10011b0d3b1643e5d5a9c8bc5687649b2a
GET /js/10682170820.js HTTP/1.1
Host: cdn.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: qV2YUdGLGputKiIdG6abUobqqj7JfvBxzdHirK+r+v+KgcupXxglTfPKWtj1ZLBHkigMoRAXRW8=
x-amz-request-id: X1N0JAYNQX3YP62C
x-amz-replication-status: PENDING
last-modified: Thu, 02 Feb 2023 16:34:42 GMT
etag: "f3612fded39fc2d9aee516e239507b42"
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 470833
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: EIRAjN0H7TOUmgYZqjSwTEbjSJeFxsd2
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
server: AmazonS3
content-length: 153652
vary: Accept-Encoding
cache-control: max-age=120
date: Fri, 03 Feb 2023 05:03:08 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, cdn;desc="AkamaiION";dur=0,rtt;desc="3";dur=0,cdnip;desc="2.18.172.152";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
access-control-max-age: 86400
access-control-expose-headers: x-amz-meta-revision
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 376568ad565582b9a012526b079e1d15
8a3d0933e4ad5e6b4942abc856e2b06bd518cb86
8638da6b826ab2e28955fa6963b3fbac2fb85c937e5eb0e629b8a10b3e029498
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3398
Cache-Control: max-age=93624
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:08 GMT
Etag: "63db52fe-1d7"
Expires: Sat, 04 Feb 2023 07:03:32 GMT
Last-Modified: Thu, 02 Feb 2023 06:06:54 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=3.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1675400617931
34.251.149.144200 OK 498 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=3.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1675400617931
IP 34.251.149.144:0
File type JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Hash f04833be6b07c17b064a3170227ed82e
76b43a2569e205bcf45d80d2496e29c751fe0a25
e988b421922e19395fee8a0608f19b0f1fd431de88dd4fe84fa27ad5d453586d
GET /id?d_visid_ver=3.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1675400617931 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0f45dc272.edge-irl1.demdex.com 1 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=88360125291140384634365369036201218739; Max-Age=15552000; Expires=Wed, 02 Aug 2023 05:03:08 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: yILH3fDCRmU=
Content-Length: 498
Connection: keep-alive
service.maxymiser.net/cdn/unibet/js/mmcore.js
104.110.7.230404 Not Found 10 B URL HTTP/2 service.maxymiser.net/cdn/unibet/js/mmcore.js
IP 104.110.7.230:0
Hash 7605968e79d0ca095ab1231486d2b814
a007b420d19ceefa840f0373e050e3b51a4ab480
493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b
GET /cdn/unibet/js/mmcore.js HTTP/1.1
Host: service.maxymiser.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Fri, 03 Feb 2023 05:03:08 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 50 kB URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash 806f5f97058193d3c82e8461e9035087
1b1a14fde573868f6f589ab15e27abd7ec273d58
24055680844fe360f50a0988021c2a2d966e30ab02c016ca382d8417c8acd89e
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:08 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/background.jpg
104.18.24.188200 OK 162 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/background.jpg
IP 104.18.24.188:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x800, components 3\012- data
Size 162 kB (161606 bytes)
Hash aa279ee357b415f50a16127d5c1a7c4d
d1375a6cb87e60f31f609769044af9e6d47775cd
6aa6656d951b443674e2795a2174f6ba5fa711a0f2943830eab9f07cb1e1a809
GET /no/pop/casino/2022/background.jpg HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/styles.css
Cookie: __ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; BID=37953; PID=79053594; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19392%7CMCMID%7C88318748503371441004366844518925872936%7CMCAAMLH-1676005418%7C6%7CMCAAMB-1676005418%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1675407818s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1675400618133r0.32029978576818174; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:08 GMT
content-type: image/jpeg
content-length: 161606
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
cf-bgj: h2pri
content-md5: qiee41e0FfUKFhJ9XBp8TQ==
etag: "0x8DAD20EA4B90CD2"
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5e1e980c-701e-001b-01f7-032c01000000
x-ms-version: 2014-02-14
cf-cache-status: HIT
age: 228297
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e50e89cb523-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 627 B IP 93.184.220.29:0
Hash e2fd427b01546b44045925f0b3df7bab
d403b15ab4027574448d1d5e6e92526b7daf3192
7326f23b425db610c6d151e84a9502b1fb5dfee76e829b63492c5ecee49b1d89
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6077
Cache-Control: max-age=101701
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:08 GMT
Etag: "63db6814-1d7"
Expires: Sat, 04 Feb 2023 09:18:09 GMT
Last-Modified: Thu, 02 Feb 2023 07:36:52 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 471
welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-MediumWeb.woff
104.18.24.188200 OK 53 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-MediumWeb.woff
IP 104.18.24.188:0
Hash 34a3bee36bf44d41682b6ce59c6d377a
1864303df022d3e0762a053caca5f684b367913d
a84f5897f8216cbc991e975aef8026314cc54418917f906f4eb31af43e9e5f2e
GET /no/pop/casino/2022/BlenderPro-MediumWeb.woff HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/styles.css
Cookie: __ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; BID=37953; PID=79053594; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19392%7CMCMID%7C88318748503371441004366844518925872936%7CMCAAMLH-1676005418%7C6%7CMCAAMB-1676005418%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1675407818s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1675400618133r0.32029978576818174; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:08 GMT
content-type: application/font-woff
content-length: 48766
cache-control: public, max-age=900, immutable
content-md5: 9ieTyut+WxEddQiwDAgmwg==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: "0x8DAD20EA49C613A"
x-ms-request-id: d866c426-a01e-0018-6bf7-03cd65000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 227979
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e5108aeb523-OSL
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js
2.18.172.233200 OK 30 kB URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js
IP 2.18.172.233:0
File type ASCII text, with very long lines (543)
Hash d994c7b5e7b348492e630f9e201eed6c
927a06e00f5a9c23d2f9348c013cec4b459effac
7ca2a3f0bb133f07fb5c826b58e48089d90b0ce6e5ab0dce5de73550c5110d80
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "9c4992909a83d52617e9948d1d1c4141:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
unused62: 8096267
content-length: 29629
cache-control: max-age=3600
expires: Fri, 03 Feb 2023 06:03:09 GMT
date: Fri, 03 Feb 2023 05:03:09 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js
2.18.172.233200 OK 1.2 kB URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js
IP 2.18.172.233:0
File type ASCII text, with very long lines (502)
Hash 0fc50fe0077c2d091ca05aa91daba75f
6a05d944d25fe2dbf36c1fb33a5096bcb1ada25c
4b469a08c52c411065253103c02ea37609c225f2b4c7c3842d90d0c6caa694f3
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "5e8dc588959123c3ee5de9ac168d5c74:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1199
cache-control: max-age=3600
expires: Fri, 03 Feb 2023 06:03:09 GMT
date: Fri, 03 Feb 2023 05:03:09 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=88318748503371441004366844518925872936&ts=1675400618224
15.236.117.205200 OK 2 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=88318748503371441004366844518925872936&ts=1675400618224
IP 15.236.117.205:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=88318748503371441004366844518925872936&ts=1675400618224 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://welcome.mariacasino.nu
access-control-allow-credentials: true
date: Fri, 03 Feb 2023 05:03:09 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CgjMit2N2tGU3Bp-GH0dEdHP3xP.00c%2CACpQMBTT23d934BSVZFaYUiWSswvJm2NqT67paBooyLH8h6ACHmWynoody6iyWDn1sdLhC6caCN1gv8EqhP46yyOXkPY1whPxhtiDRFKjTGLv1pMUnLKrVMOBRNaeTJSDSkcrP2509UFnWIRE1X8qpJLVwpgDLYz_sjV3_873lsYLbDNSt4DLDLkHaSJTiTUiZxmaR8Mow6IseAeOSrsFuyjKPLEFJJI2Jj5CQTqCOiuGkkMMRU5sxNzSUVaD9ojfOV5TJ4L5GWueLP83Ci1jdcmBa9v-8mNn68aH2kI1nHsePuDhyKug4_xBsIXPzApt07ZnSZgtvvt3goYEkulEw9wDxitWyplHedOHuKzkXpE69pF6kAap2B9XiZGyihiCI5z7-iVgLhnrNEGw1u4FJzEj1HIjMWNUNFlooc9FEfu9P35JHJeFkTPgodP5jhTi0GqxGhsjhd5ke5ksYXDNFvj8MBXRb0Dop0E4_oQRkNn-X2yh3SqD-coiI7rDEff1ismu2hhXNJ27g_OKWRfPA%2C%2C&csid=5202639&s1=16122660&md=0&crid=23364304
34.160.190.227200 OK 2.4 kB URL HTTP/2 adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CgjMit2N2tGU3Bp-GH0dEdHP3xP.00c%2CACpQMBTT23d934BSVZFaYUiWSswvJm2NqT67paBooyLH8h6ACHmWynoody6iyWDn1sdLhC6caCN1gv8EqhP46yyOXkPY1whPxhtiDRFKjTGLv1pMUnLKrVMOBRNaeTJSDSkcrP2509UFnWIRE1X8qpJLVwpgDLYz_sjV3_873lsYLbDNSt4DLDLkHaSJTiTUiZxmaR8Mow6IseAeOSrsFuyjKPLEFJJI2Jj5CQTqCOiuGkkMMRU5sxNzSUVaD9ojfOV5TJ4L5GWueLP83Ci1jdcmBa9v-8mNn68aH2kI1nHsePuDhyKug4_xBsIXPzApt07ZnSZgtvvt3goYEkulEw9wDxitWyplHedOHuKzkXpE69pF6kAap2B9XiZGyihiCI5z7-iVgLhnrNEGw1u4FJzEj1HIjMWNUNFlooc9FEfu9P35JHJeFkTPgodP5jhTi0GqxGhsjhd5ke5ksYXDNFvj8MBXRb0Dop0E4_oQRkNn-X2yh3SqD-coiI7rDEff1ismu2hhXNJ27g_OKWRfPA%2C%2C&csid=5202639&s1=16122660&md=0&crid=23364304
IP 34.160.190.227:0
Hash 95eed0d4f5af4f92e445b9887be044fd
4f01cac61d7f25844d4b31792fb387fd7b7a0022
bd3f16a0b466537eecfb093bc2d175de6ae97bcb7ddfeeca5dad1f0daf734723
GET /script/s2iurl.php?stamat=m%7C%2C%2CgjMit2N2tGU3Bp-GH0dEdHP3xP.00c%2CACpQMBTT23d934BSVZFaYUiWSswvJm2NqT67paBooyLH8h6ACHmWynoody6iyWDn1sdLhC6caCN1gv8EqhP46yyOXkPY1whPxhtiDRFKjTGLv1pMUnLKrVMOBRNaeTJSDSkcrP2509UFnWIRE1X8qpJLVwpgDLYz_sjV3_873lsYLbDNSt4DLDLkHaSJTiTUiZxmaR8Mow6IseAeOSrsFuyjKPLEFJJI2Jj5CQTqCOiuGkkMMRU5sxNzSUVaD9ojfOV5TJ4L5GWueLP83Ci1jdcmBa9v-8mNn68aH2kI1nHsePuDhyKug4_xBsIXPzApt07ZnSZgtvvt3goYEkulEw9wDxitWyplHedOHuKzkXpE69pF6kAap2B9XiZGyihiCI5z7-iVgLhnrNEGw1u4FJzEj1HIjMWNUNFlooc9FEfu9P35JHJeFkTPgodP5jhTi0GqxGhsjhd5ke5ksYXDNFvj8MBXRb0Dop0E4_oQRkNn-X2yh3SqD-coiI7rDEff1ismu2hhXNJ27g_OKWRfPA%2C%2C&csid=5202639&s1=16122660&md=0&crid=23364304 HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://jennyvisits.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Fri, 03 Feb 2023 05:03:07 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash e3383a870b280d28b1d924543e6128af
0e9ccaf308e10ae68774fe0d32e10d063f379e7d
093a4523b327faf080d2d200d6e8d9e615abe6e048a72d70c3bc8e9f89cc50bf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
Hash 595f311bc90db107b2f4a41d58e94419
f1dea5932aa1141c7ae57f638f50eefb1816ab74
8d011f50b68602550f9751d76912376d87f0f2106f739e8eeb53dc6cbaa3e3bc
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 29 Jan 2023 22:02:00 GMT
expires: Mon, 29 Jan 2024 22:02:00 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 370869
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
142.250.74.168200 OK 81 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP 142.250.74.168:0
File type ASCII text, with very long lines (62112)
Hash c4ebc203c10a51cf30b3892836379d53
1cbffd8566277f281da0d47a64e7f9008eeac2e3
96231a03df313ea120ca26c325ac85e744469d4312d946b08d554139200dee2c
GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 03 Feb 2023 05:03:09 GMT
expires: Fri, 03 Feb 2023 05:03:09 GMT
cache-control: private, max-age=900
last-modified: Fri, 03 Feb 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81070
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
teenatiyagi.com/
172.67.131.107200 OK 28 kB IP 172.67.131.107:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Hash b7a43a97041a8a30a3a80ab54376a4dd
f587c9cd12c5a1e1fd3f2798fdec7e614a30e996
e11b456e12ff096c4bb1bba85529001ec679b56a060cbd435afb96efefe32d7f
GET / HTTP/1.1
Host: teenatiyagi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.google.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:03 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
content-security-policy: upgrade-insecure-requests;
x-xss-protection: 0, 1; mode=block
x-content-type-options: nosniff, nosniff
referrer-policy: strict-origin-when-cross-origin
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
link: <https://teenatiyagi.com/wp-json/>; rel="https://api.w.org/"
last-modified: Friday, 03-Feb-2023 05:03:03 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-cache: HIT From teenatiyagi.com
cache-control: max-age=0
nginx-cache: HIT
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3oN52sca6DNIlJzFzh%2FawZuESMBhasKezbQ3xGoOiMHfASB7mP6dmv%2FhTyT1rZTw2UasnPoHFQT7dwawu2nMVtQZuibkwhJ%2BoeNvH57BKCadMac%2B41ue7bU1%2Bzvbd4EjT58%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79389e2d49961c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 9c45ea25709afbea416f215ee34611b0
117c52c0ee3ff15a2485c0b1e39cc12c7c2021ed
7fbc3c806c7fc6d70d70b55723dbbfc00698b14fcad55014218bc5e03e92a118
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash a62fb196730dab6ac28eab662fcbbc25
6ebf23821a92ee8fb4b1b1407549cff3bcee7723
2509e4cd4cd3dc8149a22a79f78be468d1ca3649d4b58bbedf969019a177c619
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6335
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 03 Feb 2023 05:03:09 GMT
Last-Modified: Fri, 03 Feb 2023 03:17:35 GMT
Server: ECS (ska/F71B)
X-Cache: HIT
Content-Length: 278
unibet.demdex.net/dest5.html?d_nsid=0
34.243.64.240200 OK 14 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP 34.243.64.240:0
Hash 983b7190556036f0769bdf6e11ae2f4c
26915756b05d518810dda91eb9f100685dfc2306
f87fae1f8af71ebc3355a518476bfb71b9080af300582626a255d5ee47b24c78
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Fri, 3 Feb 2023 05:03:09 GMT
DCS: dcs-prod-irl1-2-v045-0df7a788e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 11:26:52 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: W461enYfT/w=
transfer-encoding: chunked
Connection: keep-alive
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s9379941262671?AQB=1&ndh=1&pf=1&t=3%2F1%2F2023%205%3A3%3A38%205%200&mid=88318748503371441004366844518925872936&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A79053594-37953%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26bid%3D37953%26campaignId%3D2397257%26pid%3D79053594&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A79053594-37953%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26bid%3D37953%26campaignId%3D2397257%26pid%3D79053594&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=5%3A03%20AM%7CFriday&v6=5%3A03%20AM%7CFriday&v11=GBP&c14=New&v14=New&c16=1675400619&v21=Not%20Logged-In&c73=maria&c74=88318748503371441004366844518925872936&v99=88318748503371441004366844518925872936&v120=popunder&v121=1%3A81750185%3A79053594-37953&v122=NONE&v124=2397257&v125=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&v126=79053594&v127=37953&v134=1675400618&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
15.236.117.205200 OK 43 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s9379941262671?AQB=1&ndh=1&pf=1&t=3%2F1%2F2023%205%3A3%3A38%205%200&mid=88318748503371441004366844518925872936&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A79053594-37953%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26bid%3D37953%26campaignId%3D2397257%26pid%3D79053594&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A79053594-37953%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26bid%3D37953%26campaignId%3D2397257%26pid%3D79053594&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=5%3A03%20AM%7CFriday&v6=5%3A03%20AM%7CFriday&v11=GBP&c14=New&v14=New&c16=1675400619&v21=Not%20Logged-In&c73=maria&c74=88318748503371441004366844518925872936&v99=88318748503371441004366844518925872936&v120=popunder&v121=1%3A81750185%3A79053594-37953&v122=NONE&v124=2397257&v125=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&v126=79053594&v127=37953&v134=1675400618&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP 15.236.117.205:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s9379941262671?AQB=1&ndh=1&pf=1&t=3%2F1%2F2023%205%3A3%3A38%205%200&mid=88318748503371441004366844518925872936&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A79053594-37953%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26bid%3D37953%26campaignId%3D2397257%26pid%3D79053594&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A79053594-37953%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26bid%3D37953%26campaignId%3D2397257%26pid%3D79053594&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=5%3A03%20AM%7CFriday&v6=5%3A03%20AM%7CFriday&v11=GBP&c14=New&v14=New&c16=1675400619&v21=Not%20Logged-In&c73=maria&c74=88318748503371441004366844518925872936&v99=88318748503371441004366844518925872936&v120=popunder&v121=1%3A81750185%3A79053594-37953&v122=NONE&v124=2397257&v125=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&v126=79053594&v127=37953&v134=1675400618&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Fri, 03 Feb 2023 05:03:09 GMT
expires: Thu, 02 Feb 2023 05:03:09 GMT
last-modified: Sat, 04 Feb 2023 05:03:09 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3597895369461104640-4619680329295116601
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
a10682170820.cdn.optimizely.com/client_storage/a10682170820.html
104.110.8.48200 OK 1.0 kB URL HTTP/2 a10682170820.cdn.optimizely.com/client_storage/a10682170820.html
IP 104.110.8.48:0
File type HTML document, ASCII text, with very long lines (1979)
Hash 742e155d16b153b32a6122e0a1f9ff2f
b2d28881ba6a69f7e2f6800fba5619d1637ba982
45937bb143dc3304ec902f390a76756c9b0f0c6767e56d91d18e51c969256853
GET /client_storage/a10682170820.html HTTP/1.1
Host: a10682170820.cdn.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: TAHtN5e4Qpn7aWn9pAo27qMQB0gKF5bglG+CjYGd67NIdvDqNW0GD4ydviBc8HBgOh959axsUeI=
x-amz-request-id: 2K3G10HXQ4FFP9HN
x-amz-replication-status: COMPLETED
last-modified: Thu, 02 Feb 2023 16:34:05 GMT
etag: "b52dcf6901d78f062a56d7cf9195fbaf"
x-amz-server-side-encryption: AES256
x-amz-meta-pci_enabled: False
x-amz-version-id: xYJGspkmZjQ0lYC_w1xG_MYtUbV8UMGG
accept-ranges: bytes
content-type: text/html; charset=utf-8
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=120
x-akamai-transformed: 9 - 0 pmb=mRUM,2
content-encoding: gzip
date: Fri, 03 Feb 2023 05:03:09 GMT
content-length: 1041
server-timing: cdn-cache; desc=HIT, edge; dur=1, cdn;desc="AkamaiION";dur=0,rtt;desc="5";dur=0,cdnip;desc="104.110.8.48";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.mariacasino.nu.json?t=1
104.19.147.8200 OK 365 B URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.mariacasino.nu.json?t=1
IP 104.19.147.8:0
File type JSON data\012- , ASCII text, with very long lines (704), with no line terminators
Hash c934efbe3f74361b39d758bd1d0ebc43
639bc6975c15ec675b2a6b2496a9ada3f1e35d5a
8e344f53c23cf84d5bdeb65da4187ef893cd87020d7585caec23f406d230e86a
GET /pages/data-scripts/0012/9242/site/welcome.mariacasino.nu.json?t=1 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:09 GMT
content-type: application/json
content-length: 365
access-control-expose-headers: CE-Version
ce-version: 11.5.22
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Thu, 02 Feb 2023 17:00:20 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 43369
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e52cbcf1c12-OSL
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 8c94c7e326283ffcf1579151b5f5091d
9d17acbbdac6431aa5f55ade4991614cfb404bf3
3b15a0cee8a7848e9ba91bf6aefdc79419d1f0502930e1206c5705b7c2ba1bc2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=121616
Date: Fri, 03 Feb 2023 05:03:09 GMT
Etag: "63dbc220-1d7"
Expires: Sat, 04 Feb 2023 14:50:05 GMT
Last-Modified: Thu, 02 Feb 2023 14:01:04 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 2Y92Aeu88zBLOO3adgn8M5-mICHZMHNLnFzuf-JEnmb5Hng-wupr4A==
Age: 2941
cm.everesttech.net/cm/dd?d_uuid=88360125291140384634365369036201218739
18.203.152.154302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=88360125291140384634365369036201218739
IP 18.203.152.154:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=88360125291140384634365369036201218739 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Fri, 03 Feb 2023 05:03:09 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y9yVjQAAAIyq_wNn; Domain=.everesttech.net; Expires=Sat, 03-Feb-2024 05:03:09 GMT; Path=/
everest_session_v2=Y9yVjQAAAIyq-ANn; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y9yVjQAAAIyq_wNn
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y9yVjQAAAIyq_wNn
34.251.149.144302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y9yVjQAAAIyq_wNn
IP 34.251.149.144:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y9yVjQAAAIyq_wNn HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.mariacasino.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-02fbabcd7.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9yVjQAAAIyq_wNn
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=88754423205500871022426496665006431733; Max-Age=15552000; Expires=Wed, 02 Aug 2023 05:03:09 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: pceZSwVMTws=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9yVjQAAAIyq_wNn
34.251.149.144200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9yVjQAAAIyq_wNn
IP 34.251.149.144:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y9yVjQAAAIyq_wNn HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.mariacasino.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-2-v045-0cc0feb7f.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: fbYjVVCnQQI=
Content-Length: 59
Connection: keep-alive
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js
2.18.172.233200 OK 1.4 kB URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js
IP 2.18.172.233:0
Hash ab8cdc21adb95a3014aae857022fdce6
c90f3f115de66b8809a88a667225fa5746ca3dfa
2e3db22559903bd6ba695a18b440ff7eeb0a645dc4ab9257c3605f22d144ca51
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "6444bceb1b767bea75b4f47d793f7b05:1554112917"
last-modified: Mon, 01 Apr 2019 10:01:57 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1388
cache-control: max-age=3600
expires: Fri, 03 Feb 2023 06:03:09 GMT
date: Fri, 03 Feb 2023 05:03:09 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
unibet.demdex.net/event?_ts=1675400618877
34.243.64.240200 OK 28 B URL HTTP/1.1 unibet.demdex.net/event?_ts=1675400618877
IP 34.243.64.240:0
File type JSON data\012- , ASCII text, with no line terminators
Hash e5bd7bffaebc3b6f39a51600d7d98448
3126b0beaa77359162cadfebc3ae83b4cf5d04f8
3f4e5ede55abc3d3c77d99cdc5019ccfaf8107ac33328b1e4d3b022cb10b15d8
POST /event?_ts=1675400618877 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 63
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-2-v045-0df7a788e.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=11358194135895449481941736929794400471; Max-Age=15552000; Expires=Wed, 02 Aug 2023 05:03:09 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: lZ/m0OsGSEI=
Content-Length: 28
Connection: keep-alive
tapi.optimizely.com/api/targeting/10682170820/11101493565/oeu1675400618133r0.32029978576818174
95.100.12.199200 OK 3.0 kB URL HTTP/1.1 tapi.optimizely.com/api/targeting/10682170820/11101493565/oeu1675400618133r0.32029978576818174
IP 95.100.12.199:0
Hash 363cf0e1c28a4f5b397dbc69d2820765
7aa190b4f7f403d925496dc85c5f57036ce38059
ff0d584b35a566a31c1d5d66dbd34a96fc38fedd1a04da939167ebb72ae38094
GET /api/targeting/10682170820/11101493565/oeu1675400618133r0.32029978576818174 HTTP/1.1
Host: tapi.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Server: nginx/1.15.12
X-Powered-By: Express
Content-Encoding: gzip
Cache-Control: max-age=1200
Date: Fri, 03 Feb 2023 05:03:09 GMT
Content-Length: 2621
Connection: keep-alive
Vary: Origin
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash f804adf4f1ed6d0855a8222378a4ca16
910adcd5e2611563ff0ef7c93bf8d2da712c5d39
080bfb537085957a1b7e5890b91a3f841188aab1df2d367bc18ba96c46b6faa0
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 03 Feb 2023 05:03:09 GMT
Last-Modified: Fri, 03 Feb 2023 03:46:13 GMT
Server: ECS (nyb/1D12)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: L0GvWOzZ4c3MrF2xvyiZJqJqqcak0FGq9oKQaH-DBR_w3mw6YmeTzw==
Age: 4616
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash f804adf4f1ed6d0855a8222378a4ca16
910adcd5e2611563ff0ef7c93bf8d2da712c5d39
080bfb537085957a1b7e5890b91a3f841188aab1df2d367bc18ba96c46b6faa0
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=88835
Date: Fri, 03 Feb 2023 05:03:09 GMT
Etag: "63db39bd-1d7"
Expires: Sat, 04 Feb 2023 05:43:44 GMT
Last-Modified: Thu, 02 Feb 2023 04:19:09 GMT
Server: ECS (nyb/1D35)
X-Cache: Miss from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: N5UN7VxF2233ntOp19LxNEhYs-n9UbCKerpPril5_pRHbHt5UGi8Lw==
Age: 5075
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash f804adf4f1ed6d0855a8222378a4ca16
910adcd5e2611563ff0ef7c93bf8d2da712c5d39
080bfb537085957a1b7e5890b91a3f841188aab1df2d367bc18ba96c46b6faa0
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 03 Feb 2023 05:03:09 GMT
Last-Modified: Fri, 03 Feb 2023 03:41:05 GMT
Server: ECS (nyb/1D2F)
X-Cache: Miss from cloudfront
Via: 1.1 ee04daa979e7a02cc5ca472521bc18a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: kETd9i1nOvFP34dKaAW1RmKWOF086JobBlEHAjA-GlBuipINd9WYug==
Age: 4924
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash f804adf4f1ed6d0855a8222378a4ca16
910adcd5e2611563ff0ef7c93bf8d2da712c5d39
080bfb537085957a1b7e5890b91a3f841188aab1df2d367bc18ba96c46b6faa0
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 03 Feb 2023 05:03:09 GMT
Etag: "63db39bd-1d7"
Last-Modified: Fri, 03 Feb 2023 03:38:29 GMT
Server: ECS (nyb/1D2B)
X-Cache: Miss from cloudfront
Via: 1.1 6a0f63864791329e89a4b233ec4c3a36.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: OWmdJWCpYMx6gAmWAgWnk46sdfGUuSLVdWIaH2T1mrfROU-1ReJPzw==
Age: 5081
errors.client.optimizely.com/log
23.23.59.25200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 23.23.59.25:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Fri, 03 Feb 2023 05:03:09 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
23.23.59.25200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 23.23.59.25:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Fri, 03 Feb 2023 05:03:09 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
23.23.59.25204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 23.23.59.25:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 435
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Fri, 03 Feb 2023 05:03:09 GMT
Connection: keep-alive
errors.client.optimizely.com/log
23.23.59.25204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 23.23.59.25:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 480
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Fri, 03 Feb 2023 05:03:10 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.100200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.100:0
Hash 589912fa6ba849574a149a93c384c4ba
e176bd5d7d5dad6d93a85cf758ea3aaca9407126
96e239da049374c25039016840ce4d86d6c88160af81a1ca9a676afc900ff5a4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=100401
Date: Fri, 03 Feb 2023 05:03:10 GMT
Etag: "63db6291-1d7"
Expires: Sat, 04 Feb 2023 08:56:31 GMT
Last-Modified: Thu, 02 Feb 2023 07:13:21 GMT
Server: ECS (nyb/1D05)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: IRcSwHXkghEslumVDQ_R5aLU8ykYYrbpfH8dJF1fsX_ArrRJt1dcJA==
Age: 6190
script.crazyegg.com/pages/scripts/0012/9242.js?465389
104.19.147.8200 OK 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?465389
IP 104.19.147.8:0
GET /pages/scripts/0012/9242.js?465389 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:09 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.22
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Thu, 02 Feb 2023 17:00:20 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 43369
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e524cfbb500-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/styles.css
104.18.24.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/styles.css
IP 104.18.24.188:0
GET /no/pop/casino/2022/styles.css HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:79053594-37953&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&bid=37953&campaignId=2397257&pid=79053594
Cookie: __ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; BID=37953; PID=79053594; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:08 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: nHGY+uZf3VZaIBaHkSPKCQ==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: W/"0x8DAD20EA45DDAAB"
x-ms-request-id: 4ad10bc9-001e-002e-3ef7-034015000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 228232
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e4daeebb523-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/main.js
104.18.24.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/main.js
IP 104.18.24.188:0
GET /no/pop/casino/2022/main.js HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:79053594-37953&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&bid=37953&campaignId=2397257&pid=79053594
Cookie: __ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; BID=37953; PID=79053594; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:08 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: HUKMSjGdEVR6I7ylcruk3g==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: W/"0x8DAD20EA4F7BA6F"
x-ms-request-id: 5a127d26-401e-0062-37f7-03d025000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 89730
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e4daef0b523-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/no-payments.svg
104.18.24.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/no-payments.svg
IP 104.18.24.188:0
GET /no/pop/casino/2022/no-payments.svg HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:79053594-37953&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&bid=37953&campaignId=2397257&pid=79053594
Cookie: __ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; BID=37953; PID=79053594; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19392%7CMCMID%7C88318748503371441004366844518925872936%7CMCAAMLH-1676005418%7C6%7CMCAAMB-1676005418%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1675407818s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1675400618133r0.32029978576818174; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:09 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: W/"0x8DAD20EA5185D10"
x-ms-request-id: 6aee9ace-401e-005d-3bf7-031886000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 228260
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e5178e4b523-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500,700,900
142.250.74.138200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500,700,900
IP 142.250.74.138:0
GET /css?family=Roboto:300,400,500,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 Feb 2023 05:03:08 GMT
date: Fri, 03 Feb 2023 05:03:08 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/favicon.ico
104.18.24.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/favicon.ico
IP 104.18.24.188:0
GET /no/pop/casino/2022/favicon.ico HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:79053594-37953&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&bid=37953&campaignId=2397257&pid=79053594
Cookie: __ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; BID=37953; PID=79053594; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19392%7CMCMID%7C88318748503371441004366844518925872936%7CMCAAMLH-1676005418%7C6%7CMCAAMB-1676005418%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1675407818s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1675400618133r0.32029978576818174; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:09 GMT
content-type: image/x-icon
cache-control: public, max-age=900, immutable
content-md5: dUZ66nye8JES1X2nEnkvHA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: W/"0x8DAD20EA4D12531"
x-ms-request-id: 1b22010b-f01e-0058-65f7-03ca5d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 228027
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e52193bb523-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:79053594-37953&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&bid=37953&campaignId=2397257&pid=79053594
104.18.24.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:79053594-37953&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&bid=37953&campaignId=2397257&pid=79053594
IP 104.18.24.188:0
GET /no/pop/casino/2022/index.html?mktid=1:81750185:79053594-37953&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&bid=37953&campaignId=2397257&pid=79053594 HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; BID=37953; PID=79053594; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:08 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: L2akXslp2trAwResQfYe7w==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
x-ms-request-id: 3981a990-e01e-0044-658c-37983d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
set-cookie: btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1;max-age=2592000; domain=.mariacasino.nu;path=/;secure;samesite=none;httponly
server: cloudflare
cf-ray: 79389e4bcde4b523-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.mariacasino.nu/custom.js
104.18.24.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/custom.js
IP 104.18.24.188:0
GET /custom.js HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:79053594-37953&btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1&bid=37953&campaignId=2397257&pid=79053594
Cookie: __ucbt=node0ql6h4a5n3yul1vcsi2ki2hb9g; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1; BID=37953; PID=79053594; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1%26sref%3DADC%26ADC%3D5202639-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D79053594%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_E3A6D6D6AC2440B1BCCCF845BE077BA1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:08 GMT
content-type: application/javascript
content-md5: AaOIILzruhXFCZo/dsUAMw==
last-modified: Tue, 31 May 2022 08:03:43 GMT
etag: W/"0x8DA42DC14A64A3D"
x-ms-request-id: 56b93167-801e-0020-39f6-0369a5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 228849
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e4dbefdb523-OSL
content-encoding: br
X-Firefox-Spdy: h2
108429888439787693110.uads.cc/client.js
104.26.5.39200 OK 0 B URL HTTP/2 108429888439787693110.uads.cc/client.js
IP 104.26.5.39:0
GET /client.js HTTP/1.1
Host: 108429888439787693110.uads.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://amyhartmanc.blogspot.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:02 GMT
content-type: application/javascript; charset=utf-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, no-store, max-age=0, no-cache
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: BYPASS
set-cookie: ci_session=4n6cqlq9pj6gnh63buugej9osrocibjk; expires=Fri, 03-Feb-2023 07:03:02 GMT; Max-Age=7200; path=/; HttpOnly; SameSite=Lax
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uKVWOJvu7LNGJGilDIOsKKfz7PzHwD6JPFTqi2S2Zd7VAqvPB2U61hX0dNVzV5RiiPNdzVSuWxDISfOVwTHJjIUmiekjTlHsA8cOgz1lPmAyF1NVCy%2FmjoYivSel5YG2ec4IORdpdy%2BosW9d33AF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 79389e259d8bb4fd-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%7CMerriweather%3A400%2C700&display=swap
142.250.74.138200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%7CMerriweather%3A400%2C700&display=swap
IP 142.250.74.138:0
GET /css?family=Lato%3A300%2C400%2C700%2C900%7CMerriweather%3A400%2C700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 03 Feb 2023 05:03:03 GMT
date: Fri, 03 Feb 2023 05:03:03 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
104.16.56.101200 OK 0 B URL HTTP/2 static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993
IP 104.16.56.101:0
GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://teenatiyagi.com/
Origin: https://teenatiyagi.com
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 03 Feb 2023 05:03:03 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2022.10.1
last-modified: Fri, 21 Oct 2022 01:56:09 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 79389e2fa9ea1bfe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 0 B URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 07:51:59 GMT
expires: Thu, 01 Feb 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 162670
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2