Report - get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html

Report Overview

Submitted URL
get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html
IP
104.21.0.207
ASN
#13335 CLOUDFLARENET
Submitted
2022-12-04 15:17:47
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
8

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.1 kB	8.6 kB	93.184.220.29
d26adrx9c3n0mq.cloudfront.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	852 B	56 kB	54.230.245.45
www.googletagmanager.com	75	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	388 B	82 kB	142.250.74.40
s4.histats.com	12782	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	735 B	183 B	149.56.240.129
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	54 kB	34.120.237.76
docs.google.com	122	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	551 B	8.8 kB	142.250.74.142
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
lassistslegisten.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.5 kB	108.157.229.115
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.8 kB	8.0 kB	143.204.42.156
s10.histats.com	15211	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	278 B	5.0 kB	46.105.201.240
accounts.google.com	81	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	960 B	3.8 kB	142.250.74.109
tapi.optimizely.com	8027	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	511 B	2.8 kB	95.100.12.199
fonts.googleapis.com	8877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	839 B	1.5 kB	142.250.74.74
lynormationpas.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	826 B	1.2 kB	188.114.97.1
pogothere.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	801 B	3.0 kB	172.64.172.27
adpointrtb.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.3 kB	2.6 kB	34.160.190.227
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	8.0 kB	95.101.11.115
get.myboek.xyz	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.0 kB	308 kB	104.21.0.207
ajax.googleapis.com	12905	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	787 B	62 kB	216.58.207.234
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.9 kB	74 kB	142.250.74.35
www.highperformancedisplayformat.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	331 B	10 kB	173.233.137.36
www.mariacasino.nu	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	6.5 kB	85.184.96.0
welcome.mariacasino.nu	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	18 kB	309 kB	104.18.25.188
script.crazyegg.com	1992	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	32 kB	104.19.147.8
logx.optimizely.com	1233	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	469 B	365 B	52.22.248.237
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
is1-ssl.mzstatic.com	1597	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	496 B	26 kB	23.38.200.24
www.spikereekvelocity.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	1.5 kB	173.233.139.164
cdnjs.cloudflare.com	235	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	421 B	6.7 kB	104.17.24.14
cdn.optimizely.com	694	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	378 B	158 kB	2.18.172.152
maxcdn.bootstrapcdn.com	724	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	800 B	1.8 kB	104.18.11.207
reproductiontape.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.8 kB	4.5 kB	192.243.61.225
unibet.demdex.net	338024	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	981 B	4.3 kB	3.248.39.194
cm.everesttech.net	996	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	433 B	475 B	99.80.65.0
errors.client.optimizely.com	7604	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	12 kB	7.9 kB	54.85.30.47
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	6.2 kB	13 kB	142.250.74.131
simplewebanalysis.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	387 B	406 B	52.28.211.11
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	44.240.57.100
assets.adobedtm.com	512	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.8 kB	92 kB	23.38.200.237
dpm.demdex.net	204	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.6 kB	34.251.90.149
a10682170820.cdn.optimizely.com	325426	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	519 B	1.9 kB	104.110.8.48
a1s.unibet.com	297625	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	388 B	713 B	85.184.96.5
www.facebook.com	99	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	441 B	3.0 kB	31.13.72.36
e1.o.lencr.org	6159	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	3.0 kB	23.33.119.27
adserving.unibet.com	98000	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	513 B	1.3 kB	23.36.79.11
a1s-cdn.unibet.com	283505	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	400 B	1.7 kB	85.184.96.5
service.maxymiser.net	8733	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	788 B	436 B	104.110.7.230
unibetlondonltd.d3.sc.omtrdc.net	444877	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.5 kB	996 B	15.188.95.229

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-04	medium	highperformancedisplayformat.com	Sinkholed
2022-12-04	medium	reproductiontape.com	Sinkholed
2022-12-04	medium	reproductiontape.com	Sinkholed
2022-12-04	medium	spikereekvelocity.com	Sinkholed

JavaScript (63)

	URL	Size	First Seen	Last Seen
	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	277 B	2023-03-07	2023-09-21
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-09-21 14:18:09 Times Seen1576 Hash a06048fa305b7e3bd9b89366aee69071 05699ca86b944c67a0fc3240aeace995d9563200 4bdeff956fa33cb08c22fb884ba60fbb1f06c137b1df07e5f493ae4e3d6f88ff Loading...

	get.myboek.xyz/js/jquery.js	84 kB	2023-03-07	2024-04-25
Pretty URL get.myboek.xyz/js/jquery.js IP 104.21.0.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-25 14:41:35 Times Seen13723 Hash e40ec2161fe7993196f23c8a07346306 afb90752e0a90c24b7f724faca86c5f3d15d1178 874706b2b1311a0719b5267f7d1cf803057e367e94ae1ff7bf78c5450d30f5d4 Loading...

	get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html	424 B	2023-03-07	2024-02-23
Pretty URL get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html IP 104.21.0.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:58:52 Last Seen2024-02-23 00:35:12 Times Seen36 Hash a930cf49fd17adf3449908e0bf3c6aa6 7ec6fd322e0cc960756bd1d44e18b929737ebf1a 02f3bddaee4137a7c16fd084c2a9fd26dbf05ea742725453e9ba9bbc38b64cf2 Loading...

	cdn.optimizely.com/js/10682170820.js	739 kB	2023-03-08	2023-03-08
Pretty URL cdn.optimizely.com/js/10682170820.js IP 2.18.172.152 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:21:08 Last Seen2023-03-08 16:07:00 Times Seen1 Hash 71d473198914e6a5afc9dc7849b2fe4e 1f4d14f00573f899e50991d9156e907b0a614fd9 6f6427d6b30094c46592a00e9224a3a0a3dbebc14ce141f9637acd2183639b74 Loading...

	a1s.unibet.com/orval/tracking/lastclick.min.js	1.8 kB	2023-03-07	2024-02-01
Pretty URL a1s.unibet.com/orval/tracking/lastclick.min.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2024-02-01 12:23:48 Times Seen5726 Hash 8027969a31091dd0d3a7813f95ee7e10 591677c488b8b98532778e11adc9348253a014a4 5166be250f7de7d316b5fb9778843cc3268ce3e00f917530f65e99dcdb355b60 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	254 B	2023-03-07	2024-01-01
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen26 Hash f170cd805025c85681b29e0050f512cc a4ef72d85818bc21f6e1c88a077c0c18bc6e1381 bd5188e507cf55e7c15eb20cbd8d0236dc43e19ae230a3317f452b57435a1dd2 Loading...

	welcome.mariacasino.nu/custom.js	2.3 kB	2023-03-07	2024-01-01
Pretty URL welcome.mariacasino.nu/custom.js IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen38 Hash 01a38820bcebba15c5099a3f76c50033 0dc0dc1fe9789baadc34781115c3de455306a4a6 6d7d9f4e9a44937c4330f759caf658bd1608f1fdac0b3b5bfee3a72af799638b Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	5.4 kB	2023-03-07	2023-08-08
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-08-08 14:09:19 Times Seen1025 Hash 26c5eb641d4b8e7a86948e5a397d4203 9bf9b195284806ae56e32f7a0531ad91ad7bf731 aee310721d3d1cb60cdb3e4d714451c5ef94b93e820d0f08bdbb1b04f00d9b73 Loading...

	unibet.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26bid%3D37953%26campaignId%3D2397257%26pid%3D68593099	6.7 kB	2023-03-07	2024-03-23
Pretty URL unibet.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26bid%3D37953%26campaignId%3D2397257%26pid%3D68593099 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-03-23 05:26:10 Times Seen1169 Hash bea2f42512935b636558e81988e2d51f 2c9772b62f6eb8a3cec9c3a6fb9c0b22c927e59d 0cc5ff21c24654308609656ebcfda2d792d15f6fda17c0a88b551fcf8e456fdb Loading...

	www.highperformancedisplayformat.com/13aa6aedbddbb1de073176615e26a748/invoke.js	27 kB	2023-03-08	2023-03-11
Pretty URL www.highperformancedisplayformat.com/13aa6aedbddbb1de073176615e26a748/invoke.js IP 173.233.137.36 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:31:38 Last Seen2023-03-11 22:55:27 Times Seen1 Hash 5ba7b8b1f0cc98cb4e5cce95e9ef04a8 90778feb954047db321709edc5f841d6215724a5 fc90a41f1fa787e56cc7345bc77b9b2e3ec00265966109f6db2b21545fed1387 Loading...

	s4.histats.com/stats/0.php?4593886&@f16&@g1&@h1&@i1&@j1670167054915&@k0&@l1&@mPromesse%20sotto%20la%20luna%20(I%20Romanzi%20Classic)%20-%20Julia%20Quinn%20%7C%20eBooks%20Library%20Online&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:13121173&@b3:1670167055&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&@w	51 B	2023-03-07	2023-03-11
Pretty URL s4.histats.com/stats/0.php?4593886&@f16&@g1&@h1&@i1&@j1670167054915&@k0&@l1&@mPromesse%20sotto%20la%20luna%20(I%20Romanzi%20Classic)%20-%20Julia%20Quinn%20%7C%20eBooks%20Library%20Online&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:13121173&@b3:1670167055&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&@w IP 149.56.240.129 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 23:53:31 Last Seen2023-03-11 12:19:32 Times Seen1 Hash a0b8d389954eda7885388d9c70d5c66e cf0ad9e46dc0b3f186964606948827f4e64ae612 dec560aaf9b776c0d28b5e1559dcac466c1cbd0ba21444e553fd503a01cfb1b5 Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js	37 kB	2023-03-07	2024-01-01
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:03 Times Seen66 Hash 18eab16a639a4773572307713440a929 75bd72f7058b2d1d3ede541b2129267b438a73d4 358c5899627cc60f849ddc6860c01aa67b122f478e0d4ef42efd48a4b38c305b Loading...

	adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304	3.9 kB	2023-03-08	2023-03-08
Pretty URL adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304 IP 34.160.190.227 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:07:00 Last Seen2023-03-08 16:07:00 Times Seen1 Hash f5eebfe72e95957e0c60406e5e172980 46330d8ad957cfa4b3024633c2c13ad4fb3bdad3 a917129a9197a5304db557804b7cb9208c7892f2187d3538948a3e65701af2f7 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/main.js	20 kB	2023-03-08	2024-01-01
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/main.js IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:29 Last Seen2024-01-01 00:01:30 Times Seen10 Hash 1d428c4a319d11547a23bca572bba4de f835ad41e9292b07c44d71b42340dbc6bf9a7117 1b8e1c70d65803f31689475ef7d7f6614bb9773bbb475283883e803005f8cc42 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js	87 kB	2023-03-07	2024-04-25
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js IP 216.58.207.234 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-25 15:21:10 Times Seen263614 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC	239 kB	2023-03-08	2023-03-08
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:49:58 Last Seen2023-03-08 16:40:46 Times Seen1 Hash 9553c163be4f096a1fbeac14880f075d 38a4584f3b1d22922702a99629ead3a55a5ab135 e649f10e8227ca5c1d97471f1d45ecf7b27c0a80724483fe453ce95c487dea0e Loading...

	get.myboek.xyz/js/callme.js	153 kB	2023-03-07	2023-11-08
Pretty URL get.myboek.xyz/js/callme.js IP 104.21.0.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 13:58:52 Last Seen2023-11-08 05:27:23 Times Seen51 Hash 1496262efb69c0c20ea042a827d2922f 187ec2e193f5047c774f970913bb8ca5e0c0aa19 8d129888dee49e872d4e3430a63e6b1f96e2b57892a3e329f0fb8d8a8321dc35 Loading...

	lassistslegisten.com/d1VGeVoWNyUUZRZoJF8vBTl7XGgxcHQ/PkVjJx0oD2wlSjRHODdXORs6Mx08BTooDXQZMDJcaDEgHxc5DjF3LBgwEzErOx8MIy8xByYTLG4wBBE/Hz8AAyAVDx8NGgtPDQgeEBQHEkEUNRQlLBwzEw4/GzojBBI1NAASEh4wAxAyOQA2HCwPBz4UOwAgExERDSIAHzEVEDkNLiIAcHQ/HA89DT4JPgIDAQs0GwBBOy8EdkEeHyESLDcUPhcRIj82ADsSMDIHQR41GyI4GS0dFCgTLRwTHRw2PhwVDjI2HisYEx0UKBM2BQcBGDU5DBQTMRwHKyNGABcBdxMQAEk+MRQhLDAlZRQDCBoDHi4LPTAlPxg/AxQwaDQHISEIJRsXKy05HRwvFD8UdzM0Ij0AGxgjFAM+HwcGHAAIMBQtM20iOQAxCRoEYBMpGDs2RBkPFxIMNEU/KQpvFBQVSQ	3.0 kB	2023-03-08	2023-03-08
Pretty URL lassistslegisten.com/d1VGeVoWNyUUZRZoJF8vBTl7XGgxcHQ/PkVjJx0oD2wlSjRHODdXORs6Mx08BTooDXQZMDJcaDEgHxc5DjF3LBgwEzErOx8MIy8xByYTLG4wBBE/Hz8AAyAVDx8NGgtPDQgeEBQHEkEUNRQlLBwzEw4/GzojBBI1NAASEh4wAxAyOQA2HCwPBz4UOwAgExERDSIAHzEVEDkNLiIAcHQ/HA89DT4JPgIDAQs0GwBBOy8EdkEeHyESLDcUPhcRIj82ADsSMDIHQR41GyI4GS0dFCgTLRwTHRw2PhwVDjI2HisYEx0UKBM2BQcBGDU5DBQTMRwHKyNGABcBdxMQAEk+MRQhLDAlZRQDCBoDHi4LPTAlPxg/AxQwaDQHISEIJRsXKy05HRwvFD8UdzM0Ij0AGxgjFAM+HwcGHAAIMBQtM20iOQAxCRoEYBMpGDs2RBkPFxIMNEU/KQpvFBQVSQ IP 108.157.229.115 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:07:00 Last Seen2023-03-08 16:07:00 Times Seen1 Hash 8173aed403079fdd9f463ba0daadd91a 197f1907d08ea1087e68626540445219bdaf005e f7053a3d7eeaba4838328e70700e2654783f1a67d335a11b50bc74ab1a7ff85e Loading...

	www.spikereekvelocity.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660	2.1 kB	2023-03-07	2023-04-05
Pretty URL www.spikereekvelocity.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:21 Last Seen2023-04-05 02:12:07 Times Seen388 Hash 4fd91164aa79d34ae401150b9f112bbe a09fe46ece27e06c82f059c481090481804461bc e717b18eba32145b270f89fb30d50c51c6fdd7060deff6f467fc8621973123f8 Loading...

	adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304	79 B	2023-03-07	2023-04-05
Pretty URL adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304 IP 34.160.190.227 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12:05 Last Seen2023-04-05 01:37:54 Times Seen15 Hash 168378fe54826b995d0aae9ab6676290 2a82588190238e48352c29ff7e2fc8a6198efe4c 5f6ad2059e46fd0c6ab8ab5045e53cba17654b1037b42fca1779b8f73a4d2a57 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	59 kB	2023-03-07	2023-10-02
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1702 Hash b7fb41ed89500bb6a8f482f91216cfac caf092ff1935a3a13e8608d56ce60c008b498d68 4a2dbda07d552ad5d425033fcd10ccb1addc5140a177cbb0d11bb3f2f7974a8c Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	235 B	2023-03-07	2023-06-27
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-06-27 14:28:54 Times Seen842 Hash d7e6cfa80c6d4f83e56972a515a7bc87 54da9ec648815ef2ef225e69c698f4d8a21363bf 94782f5573acd5c9f8a8131ea8ec3e313d02f077e9766508af6aecd952572c58 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	37 kB	2023-03-07	2023-11-06
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-11-06 09:27:16 Times Seen2374 Hash 93db3dee4c43b7d39a245c49591ba4b5 e22687abedfc3b2496fa1b3ba61a2f567f1211b8 0dc951e8d75c93a7d625da52744fcecb22b197c2f92783dd71f1cfead1b9b043 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	2.6 kB	2023-03-07	2024-02-01
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2024-02-01 12:23:48 Times Seen6831 Hash cd03538fc58df8693fe9af9337788f0f 408a15551710117d0538fc9442a55b5678bb85a5 cc933dd733a6db1a1a9ff1d7c0adb26717fa27d4d177b7a5a2cab0bfdb353562 Loading...

	ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js	84 kB	2023-03-07	2024-04-25
Pretty URL ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js IP 216.58.207.234 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-25 13:58:07 Times Seen14075 Hash 32015dd42e9582a80a84736f5d9a44d7 41b4bfbaa96be6d1440db6e78004ade1c134e276 8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3 Loading...

	a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js	956 B	2023-03-07	2024-02-01
Pretty URL a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12:05 Last Seen2024-02-01 12:23:48 Times Seen10503 Hash fd48e87ecd4d06d9c5df490b91dc813e a65a437db44444634e4f41732c590c1d14433b3f 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	499 B	2023-03-07	2024-01-01
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen26 Hash 4b6d2b6491b6df0ef583f49d0882a26e 7fea1a1658513f5bf789a0b42c73f7b6fdcc7f67 2d71070f24532c8088a6e66ef3ce8559809fb60328937057496edc6a24a90a64 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	99 B	2023-03-07	2024-01-01
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen26 Hash a0b71a61570e0a349dfee786c9541984 887208153363db9fb19e9818c0fb921e0493f589 7ba916908ab7207eb14152417dca7da44907f0d08c6ea4b6526fb5800d0ac5eb Loading...

	script.crazyegg.com/pages/scripts/0012/9242.js?463935	6.1 kB	2023-03-08	2023-03-13
Pretty URL script.crazyegg.com/pages/scripts/0012/9242.js?463935 IP 104.19.147.8 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:29 Last Seen2023-03-13 18:10:20 Times Seen1 Hash 946921b8d60d7a78753f012bc08e1839 c4e4a57a66468574b1c2c676775c75b3ff23fbbf 764977a345624aa95b09b69269aba4cc20d26a715fae0c0f395394008afc0e1a Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js	4.3 kB	2023-03-07	2024-01-01
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen55 Hash 6444bceb1b767bea75b4f47d793f7b05 173a21cbce9a9c8b73088df59efa6049690a9cbb 7386df477cd87905ec5e618f0d3df193963ec801ff64404cc5023529b16c4d6f Loading...

	s10.histats.com/js15_as.js	11 kB	2023-03-07	2024-03-25
Pretty URL s10.histats.com/js15_as.js IP 46.105.201.240 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-03-25 09:24:29 Times Seen1978 Hash e959fbdd13def4b9a9d0a5fc9a7de4d4 1e39712307e3673b40c0bdb8c7d3e86a3e8b60a0 2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede Loading...

	get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html	1.4 kB	2023-03-08	2023-03-11
Pretty URL get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html IP 104.21.0.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:37:07 Last Seen2023-03-11 22:05:39 Times Seen1 Hash 2ae8f0bc1205b9cf8bdd07206be57525 d7a95256bfb69ea2bc8d6b85e49fbf8734838922 cde7329c9f02ad1467779f31e3de0d5b6e982868e01124aa25869a09cfa57e22 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	371 B	2023-03-07	2024-01-01
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen26 Hash 0e334c7783ee94b7972386c2b90fc1f5 7ad33ae7aca94796fa4ef67b4c10ac23a9f468f6 1548d1cfdb809ed4c6261e9c9bbadd8dde82c3d3ef8137ff3ff6f6c606677db8 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	2.2 kB	2023-03-07	2023-10-02
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1647 Hash c0f99959e76a9ae3302a785606121738 b7121b4e8dfd06a376a210933831917cf22131a7 8635426cb6fbc3d728559ba093c8aa5455f2d5338aefb695ef68aa88a406f615 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	721 B	2023-03-07	2023-06-27
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-06-27 14:28:54 Times Seen839 Hash 9c83e2435e1e8d72ce6b63ef2ff44894 bd04a958ae23aaf1b3d427b9bffaf4d041956be1 3c5e987ccf5ca2a1dbf43e2d257bf114e113add7d384d433055c1261722b06fb Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	7.5 kB	2023-03-07	2023-04-27
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-04-27 00:24:56 Times Seen338 Hash f11aa08db800dc0e89f963fb3043f461 565fea671f23ae5189aa25ffcc5d0f2e548f72b2 b494d197c2e32274ca7543dd7828afb81a72db96a88da514f5f8ec45f73649ac Loading...

	a10682170820.cdn.optimizely.com/client_storage/a10682170820.html	3.3 kB	2023-03-08	2023-03-13
Pretty URL a10682170820.cdn.optimizely.com/client_storage/a10682170820.html IP 104.110.8.48 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:29 Last Seen2023-03-13 05:55:58 Times Seen1 Hash 91370f64046bd8bf4fed31d63f5e47d9 653bf58006a12239eb68f107b4db3d620ae7cf46 bea07fb4e431a57f76c00e5fa97d71020fa8be55e28192c893746c846023b1a7 Loading...

	script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js	79 kB	2023-03-08	2023-03-11
Pretty URL script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js IP 104.19.147.8 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:29 Last Seen2023-03-11 23:05:02 Times Seen1 Hash c9e70248546954143cc97e895e1fcd61 24be664e0054b48af754ac1c05b97f08155a649f 24d256e41daf93aa8f841558593376434d6f1ba705376eb33d2e34ad6fea5d27 Loading...

	get.myboek.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-04-25
Pretty URL get.myboek.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 104.21.0.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-25 15:21:39 Times Seen54931 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	d26adrx9c3n0mq.cloudfront.net/uYncyd1UBGFwRahYeVkpsUU4GQWFEHUEYOxJKcQ8XNgJcRT8NBAcUFDFHFAMvBkoCUTkDGVVKcwcZUUpkRBZWFWhWUUYHOglKWxw/FxhKGSIWExQCNF8aXQ08DhtTUmckQhxHcFBHGgA8DBNdACZHRQIZIUdFAkZlTEcXRBdHRQIAPAxBBlJmIFIARy1UQx-dEF0dFAgUjR0RzRmVXWQJecFBHVRI2CRgXRRNQRwNHZVNHA1JnUhFbBTAEGEpSZyRGAkJ7UlFHSmQ	819 B	2023-03-08	2023-03-08
Pretty URL d26adrx9c3n0mq.cloudfront.net/uYncyd1UBGFwRahYeVkpsUU4GQWFEHUEYOxJKcQ8XNgJcRT8NBAcUFDFHFAMvBkoCUTkDGVVKcwcZUUpkRBZWFWhWUUYHOglKWxw/FxhKGSIWExQCNF8aXQ08DhtTUmckQhxHcFBHGgA8DBNdACZHRQIZIUdFAkZlTEcXRBdHRQIAPAxBBlJmIFIARy1UQx-dEF0dFAgUjR0RzRmVXWQJecFBHVRI2CRgXRRNQRwNHZVNHA1JnUhFbBTAEGEpSZyRGAkJ7UlFHSmQ IP 54.230.245.45 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 16:07:00 Last Seen2023-03-08 16:07:00 Times Seen1 Hash 73eea5124541a122ee2fdb1839edb64e 209974af5d61fe0a15adf1cdf71f368e94e3c52d 863b61e1d5b068fbf72f68b023c6f8d89739513d6b2b7cff3a8ecf308647ee10 Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js	83 kB	2023-03-07	2024-01-01
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:03 Times Seen66 Hash 9c4992909a83d52617e9948d1d1c4141 587bbaea138857f086b03f43120795332fe28523 b53ed597b15301969858b376e9946d1664eff3a03549485ea678e9b8c6deaf63 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	667 B	2023-03-07	2023-09-21
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-09-21 14:18:09 Times Seen1578 Hash 2d41aac452b14ef4b388a79a47791b35 cee1071dcf7b8095fe214afc02177dc39bd4f973 44ed144c670270401a2ba9d624c2d98dc2e31c3df30ce612a7c94041cb2210de Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js	567 B	2023-03-07	2024-01-01
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:03 Times Seen61 Hash accfdd9d5be1d7142fabad440365d15f 728b540ea47087d04d502079c76b3f3db8ea289a 32ebaaa3078816891a9efa129824d6ee11c4c8b0ef6e441b28781e7d82b95305 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	218 B	2023-03-07	2024-01-01
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen26 Hash 9d40d7ddb60f4cb29327b156428e3bd5 88becc38eb4e649c2a9aec175f37b5f8c5016588 8c7e60bea5c4cfc5e2ff1c26e5a7ecbe3efb4452b6f07886ece394031c8682c1 Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js	2.9 kB	2023-03-07	2024-01-01
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:03 Times Seen62 Hash 5e8dc588959123c3ee5de9ac168d5c74 a9aed3325d14a8af844706025abbf7076c2d6df8 8bc787ce4fbc3bec820a859ce9a02388d9b923d06227c5614ea771a62ad05dec Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099	2.7 kB	2023-03-07	2023-06-27
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 IP 104.18.25.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-06-27 14:28:54 Times Seen838 Hash 4f81620c61dcee3796fd3363a5338651 1739f9bd67e9cb64b61159e14a698c4ace82fe69 b7b20a7ae40fdd82ac83c2ed9064230801e050eaccfa28c2c5cc847d34dec6a9 Loading...

	maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js	36 kB	2023-03-07	2024-04-25
Pretty URL maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js IP 104.18.11.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-25 13:47:30 Times Seen7793 Hash 8c237312864d2e4c4f03544cd4f9b195 253711c6d825de55a8360552573be950da180614 d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8 Loading...

	get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html	355 B	2023-03-08	2023-03-11
Pretty URL get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html IP 104.21.0.207 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 06:25:51 Last Seen2023-03-11 22:53:14 Times Seen1 Hash 1a60115d685c626c0c1613287731cb1c fc0f8707fbc796430700edad52d3be37806acb4c 77863872a1eb26f0046921737e6ac3183dc216c8561debb0bff61c9a596f7a8d Loading...

	www.spikereekvelocity.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=16169044	357 B	2023-03-07	2023-04-05
Pretty URL www.spikereekvelocity.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=16169044 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:21:39 Last Seen2023-04-05 02:08:58 Times Seen138 Hash 7901f5d3ff7ad16e7c532afe4cbd0fdc 7f923233aa6f62ef5897c7700f4d57e0a4c3ead1 fa514b84f8c6fdfcac78e966f7bcf5834de5f364862494cf608d2f637c824db6 Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js	162 kB	2023-03-07	2024-01-01
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:03 Times Seen66 Hash bf8d7656a2457e257e3cf75a01e6a4b7 7c7835b4632ac21ddea281bd2454e4faf08f0ff7 e2992637a3fd258ae2bd64fb199a77155aed36554a4bed9e34ce1bc2958ada1d Loading...

		Size	First Seen	Last Seen
	#1 Eval - 127ac839a41bdd9ab92ad47b7411cdaf	29 B	2023-03-08	2024-01-15
Pretty Observations First Seen2023-03-08 14:23:53 Last Seen2024-01-15 00:09:04 Times Seen889 Hash 127ac839a41bdd9ab92ad47b7411cdaf c2f81b12778c909f055c3967caa638b643c4916a b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4 Loading...

	#2 Eval - 84b2cd04a3e6a53dd1e2d2281b4ec9d0	55 B	2023-03-07	2023-10-02
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1711 Hash 84b2cd04a3e6a53dd1e2d2281b4ec9d0 453fd8561e4859d9adbbe37e66110d2584bc2c1d 14986cbd70f8b8a1770adf9800c113847daf392c2999dfff9dc71d2be98f3282 Loading...

	#3 Eval - add2d829cf386f4838b0cdef5348451c	71 B	2023-03-07	2023-10-02
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1710 Hash add2d829cf386f4838b0cdef5348451c c8295463ce81113f7396d77c108349f473285c49 dcdd7e7e286c45c94638f28053384616d6ca9a1b396b0109cb51f1298ba342bb Loading...

	#4 Eval - 0df47f7ec8a7025bea46266133fe90c1	54 B	2023-03-07	2024-04-17
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2024-04-17 03:22:10 Times Seen1724 Hash 0df47f7ec8a7025bea46266133fe90c1 407aeb860ef834517df3dfa568905e7c95d42d9f fc490a09c28110ae2a7c965801ebeb5c572587f55c3524889f547dbcc34c1d81 Loading...

	#5 Eval - a2bcebb48aaee0300030cf8123020f69	135 B	2023-03-07	2023-10-02
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1711 Hash a2bcebb48aaee0300030cf8123020f69 365d67c7f5ce945805339efb40c083cc97d1f9b2 fc7b851f30df68c5cc6d1fb3f06c300b2b1d7271f76cc187224050270141f0ed Loading...

	#6 Eval - 4b4768884dd164bcabacb4edf182609a	61 B	2023-03-07	2023-10-02
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1711 Hash 4b4768884dd164bcabacb4edf182609a 881cdbd84f94dc256c40f2ee489d83f956c1b36b 9259355921509ced00b4d7d3e76c151037a06c88a646cd7d47d5d9c96984697c Loading...

	#7 Eval - 52a838bf9957f0cff2021c034f169cb0	88 B	2023-03-07	2023-11-06
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-11-06 09:27:16 Times Seen2384 Hash 52a838bf9957f0cff2021c034f169cb0 30a7327c54334eb310944b6fd01ddf34b4e2ad9d 5e05e2cf30322e8f71d65a22aa5f4a095923b67286a61d83b7787e3468f42f62 Loading...

	#8 Eval - c56e34a3311f3a48eab96305d4b4d6d4	469 B	2023-03-08	2023-03-11
Pretty Observations First Seen2023-03-08 14:37:07 Last Seen2023-03-11 22:05:39 Times Seen1 Hash c56e34a3311f3a48eab96305d4b4d6d4 76cb44c01b0b10649265e7dfa136b0815dd9b824 3aeb76574dca9482d3225545287edefccc8ca51d45fb49847d308fbe9fc34ad9 Loading...

	#9 Eval - d66a51311c2681be9b2814403d8e8308	60 B	2023-03-07	2023-10-02
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1711 Hash d66a51311c2681be9b2814403d8e8308 284b626b87d046fe1adfc6899ade214d57f09655 9d51544cc513110b130345a977b1e9e630b5a7aa01518f7f7898758b79a9699f Loading...

	#10 Eval - dddc8519e9834ad5d3074584ccf9f8b7	132 B	2023-03-07	2023-10-02
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1711 Hash dddc8519e9834ad5d3074584ccf9f8b7 829d5d1a21eff85f38994e567322cc3bcce9c9cd 0a23e511994a2c03a725773de07810ff171878b9c0177f40a663038e4e251168 Loading...

	#11 Eval - 596da5f7bb09f22c58c4073eb41d604e	62 B	2023-03-07	2023-10-02
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1711 Hash 596da5f7bb09f22c58c4073eb41d604e 66603b30823c3a560dae4f1b6afb92ab5a0f91d5 adf0ca592504ef680d5ea02d5161b15be0572fd3e5b41d152b74f0c76aea6c42 Loading...

		Size	First Seen	Last Seen
	#1 Write - 2f53c3ef2c83a2cc76d70157cd31840f	133 B	2023-03-08	2023-03-11
Pretty Observations First Seen2023-03-08 06:25:51 Last Seen2023-03-11 22:53:14 Times Seen1 Hash 2f53c3ef2c83a2cc76d70157cd31840f b880b3c32a596487c148f7bc46fa3fdc16552e94 d2a1fc84aca57a122ef598cd776768183352d7a18654d7615feb773dab9e740c Loading...

	#2 Write - 2121cd2a93ea9851057f6734a08c1130	68 B	2023-03-07	2024-01-01
Pretty Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen36 Hash 2121cd2a93ea9851057f6734a08c1130 68e2ee70c921266930c95e2a4b791d3f1fbb7f16 6604e7359d43375f74af46ce09c369432a8512c1e42b8d301a38091cb668301a Loading...

HTTP Transactions (170)

URL IP Response Size

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9067
Expires: Sun, 04 Dec 2022 17:48:43 GMT
Date: Sun, 04 Dec 2022 15:17:36 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2135
Cache-Control: max-age=157756
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:06:52 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 14:20:07 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3449
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16574
Expires: Sun, 04 Dec 2022 19:53:50 GMT
Date: Sun, 04 Dec 2022 15:17:36 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 8JW6yjr6w7EqSZnzIumjVC4VZTIVgcUYPbYlLft1UqmWrk3ON1QIGd7LHEp+ZcTkn3WPtyvVioY=
x-amz-request-id: 93A8CMT9F9XJ0BZD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 14:47:35 GMT
age: 1801
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html

104.21.0.207

200 OK

9.4 kB

URL HTTP/1.1
get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html
IP
104.21.0.207:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (815), with LF, NEL line terminators
Size
9.4 kB (9432 bytes)
Hash
7caf83f9225c54794b3f8eac140601ce
53dca43c7e1ee7a9fe422eb32967ced458a3e011
aa96754e5d00f35b3e068d2db098c689bfd6f671921675654f3e9ff49205775e

HTTP Headers

GET /downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Se2X2mQiYRSgEvxblyUh0vg9JTJ7VkCE5F8O0RcFrR9qhwLt3EhNGmeAl6LrpPszaTXzEldo1wXg8H9eJa8o9DdXlgNp5gehx%2BBacb2GDaKRpOkA%2FpjifbzWHckszS04%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77458282dc62b509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 15:17:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

get.myboek.xyz/css/landing-page.css

104.21.0.207

200 OK

1.2 kB

URL HTTP/1.1
get.myboek.xyz/css/landing-page.css
IP
104.21.0.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
1.2 kB (1185 bytes)
Hash
c7c8e332c3a5c99ab0da78a8e7236657
cb5faccb4ec48149f4b46f1629f4bb13f6ccb5b0
d5e09c8dcb317727fe87f31b06eabc9c457445651c85683bb62cad7687528dba

HTTP Headers

GET /css/landing-page.css HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 16 Apr 2022 21:28:44 GMT
ETag: W/"e6e00d5-fa9-5dccc363b23ba"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4068
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5YO45wfXii%2By19tARMjezwvgk1jnOU%2B1sdRlcQ5WAkZoYiLMYec6cYDzrBlzG8iKpHqexjwm%2BgnU6I43c9WyYSQUeo8TMa6HeZ01063nBQii9pPh21A7u1tWVMP%2FF7HfbA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77458285e87bb509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

get.myboek.xyz/js/jquery.js

104.21.0.207

200 OK

30 kB

URL HTTP/1.1
get.myboek.xyz/js/jquery.js
IP
104.21.0.207:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (32061)
Size
30 kB (29555 bytes)
Hash
d43d9c8994e689c2c8fe87bee9468063
9323698f5f833b26bff48f546039e78ed8cd9d2a
f83ea4825e5f029508df880f483dd8f795681d4aa1ccc4bce5d1ad521ef40461

HTTP Headers

GET /js/jquery.js HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 16 Apr 2022 21:28:45 GMT
ETag: W/"e6e041f-14915-5dccc363f4652"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4066
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uOF1tNSqYCKvBBUsmgL0QWRGSjUlFmlxXE4IYtPvMyInjcSa3YWuOcE%2BawvMITYJhjoE6BvxgiTLGnZMyCW1nTcDHTxPiKvD2RNrYMapyTPnBQSmq5C%2B%2FRXvD9XC%2Fd4klw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774582860899b509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

get.myboek.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

104.21.0.207

200 OK

655 B

URL HTTP/1.1
get.myboek.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
104.21.0.207:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (1238)
Size
655 B (655 bytes)
Hash
bc3ba461c8a309acf61b6d9c41cb6236
88482306ecc9258d5e9cbb9ba5314dab223a5db4
31331f1b1519882d2f2fb60367708fd56a7a1ec0bddd0554c635547179c7dc8f

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 18:31:41 GMT
ETag: W/"6387a18d-4d7"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PbJxw7fyknowKfbyLrXcY8jBKexioogEo3eusV%2B758arxwOMkfV7LJuyB7sjMi1mWH47F1Av5HFBXiZ8uSo6d8npOcB0xXoiFVCsVHCl6bOQQKkkea1KQeoNBJC5j3mI9g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774582860fafb50b-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Tue, 06 Dec 2022 15:17:36 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip

get.myboek.xyz/js/callme.js

104.21.0.207

200 OK

39 kB

URL HTTP/1.1
get.myboek.xyz/js/callme.js
IP
104.21.0.207:0
ASN
#13335 CLOUDFLARENET

File type
HTML document, ASCII text, with very long lines (843)
Size
39 kB (38749 bytes)
Hash
2b2ac76acffca45dd09a840cf3303f57
ee3abeb1593602a0f21caada1cdb184c9456aab2
2b824cfe7a065fce89040d61ad623def5f8e73fa848cdf8a4fe272ea407cdbaf

HTTP Headers

GET /js/callme.js HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 16 Apr 2022 21:28:45 GMT
ETag: W/"e6e041b-256bb-5dccc363f1b5a"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4066
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q4gDciVG%2FDOH05bMEYbGoGxRFv%2BuY3%2F9gNHdN8e9RO8BDCzPFNxWwrMhGxQ%2Fkgpa319%2Bq7Bj7KBIzpAQMBqdVRp7e%2FU%2FlfCJzOCbjLgAlmF%2Fw7AjT09GADNrR8kGq96EdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774582861c960b41-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
1a56736cf1f02c2242946ca0170c2c3a
a47ca5cfc4667a1466875542da0de22f64862f86
0fdd7486e01858e490d7c08343c7a861c5fe856fc0debc08df0541ccc89f80b1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1971
Cache-Control: max-age=145001
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Etag: "638c45c6-118"
Expires: Tue, 06 Dec 2022 07:34:17 GMT
Last-Modified: Sun, 04 Dec 2022 07:01:26 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
1a56736cf1f02c2242946ca0170c2c3a
a47ca5cfc4667a1466875542da0de22f64862f86
0fdd7486e01858e490d7c08343c7a861c5fe856fc0debc08df0541ccc89f80b1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1971
Cache-Control: max-age=145001
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Etag: "638c45c6-118"
Expires: Tue, 06 Dec 2022 07:34:17 GMT
Last-Modified: Sun, 04 Dec 2022 07:01:26 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280

cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css

104.17.24.14

200 OK

5.6 kB

URL HTTP/2
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP
104.17.24.14:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (30837)
Size
5.6 kB (5631 bytes)
Hash
109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc

HTTP Headers

GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:36 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 408244
expires: Fri, 24 Nov 2023 15:17:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l0MCQn67Q01T6DqBIlQTks6ZieifkQfz164xDtIm4U4J6sUSJ2mW9a97HSthn%2FTFzWK603f9jsc2Tf1SxiaCrZgczSeaNBaytK7gM05SxlhQYRO881BqO6nUrYKN7QUXgbYiILyA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 774582866c8f0b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1a316e781745b26419024bb9e52f9950
55028725d16f8af1a7375ddf8480f5ecb21fc686
a534d37407feeffbce1afe59436190c9897bbf124ff2c3a4c29075862051721b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1076
Cache-Control: max-age=92622
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Etag: "638b7caa-1d7"
Expires: Mon, 05 Dec 2022 17:01:18 GMT
Last-Modified: Sat, 03 Dec 2022 16:43:22 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js

216.58.207.234

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP
216.58.207.234:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32180)
Size
30 kB (29707 bytes)
Hash
f16500423cc2867eff8b773df637c48f
1cd32d75b59a89c3a70274e383151a61ce0594f4
6ca5dc8ad67639c69117ace46c93703cf5fff82824cfc0bada0cf0fb3b2d41d7

HTTP Headers

GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29707
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 04 Dec 2022 07:58:22 GMT
expires: Mon, 04 Dec 2023 07:58:22 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 26354
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

get.myboek.xyz/img/disclaimer-old.png

104.21.0.207

200 OK

4.9 kB

URL HTTP/1.1
get.myboek.xyz/img/disclaimer-old.png
IP
104.21.0.207:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 194 x 35, 8-bit/color RGBA, non-interlaced\012- data
Size
4.9 kB (4851 bytes)
Hash
416fb822ead23141840f9485735a336c
74f45bbbd452f64b2e50ba5f6f81e039b37cd426
2055f554a9dc8085971c8d412f420e21b09f24d9229d770f4cf2b7fad79fc301

HTTP Headers

GET /img/disclaimer-old.png HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: image/png
Content-Length: 4851
Connection: keep-alive
Last-Modified: Sat, 16 Apr 2022 21:28:45 GMT
ETag: "e6e03ea-12f3-5dccc363ed8f2"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4066
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xPUhtvFv1zcR3Afqz94wc1Sd5Nylgv2JIg3m5ESCL3qJXwAb4wV6Qdhm1PG3xDXCHLnID3pN903i2sj%2BmGh1qbnCAAyhGRdTV5fwGXIwJ7AlEJEiDnC2gDB2H60Q60V9zw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774582870d8d0b41-OSL
alt-svc: h2=":443"; ma=60

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
1a56736cf1f02c2242946ca0170c2c3a
a47ca5cfc4667a1466875542da0de22f64862f86
0fdd7486e01858e490d7c08343c7a861c5fe856fc0debc08df0541ccc89f80b1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1971
Cache-Control: max-age=145001
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Etag: "638c45c6-118"
Expires: Tue, 06 Dec 2022 07:34:17 GMT
Last-Modified: Sun, 04 Dec 2022 07:01:26 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280

is1-ssl.mzstatic.com/image/thumb/Publication113/v4/82/6a/eb/826aeb7a-ea6f-7bfe-14f9-03c61e7d6e62/9788852096105.jpg/300x300bb.jpg

23.38.200.24

200 OK

24 kB

URL HTTP/2
is1-ssl.mzstatic.com/image/thumb/Publication113/v4/82/6a/eb/826aeb7a-ea6f-7bfe-14f9-03c61e7d6e62/9788852096105.jpg/300x300bb.jpg
IP
23.38.200.24:0
ASN
#16625 AKAMAI-AS

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 180x300, components 3\012- data
Size
24 kB (24353 bytes)
Hash
91e8e6cff1ac5bd12fe0bd2a5a74d39e
516856787177b2cac00aa8b5db54c36e49462453
8c7c90bd7c757acaa747fea66d7a26551c35cf175ec68a26f04f2080a58c1b75

HTTP Headers

GET /image/thumb/Publication113/v4/82/6a/eb/826aeb7a-ea6f-7bfe-14f9-03c61e7d6e62/9788852096105.jpg/300x300bb.jpg HTTP/1.1
Host: is1-ssl.mzstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: daiquiri/3.0.0
content-type: image/jpeg
content-length: 24353
x-apple-jingle-correlation-key: 63LNRUEGBBXF2P6ARYAW34BOQI
x-apple-request-uuid: f6d6d8d0-8608-6e5d-3fc0-8e016df02e82
b3: f6d6d8d086086e5d3fc08e016df02e82-d77653521079653c
x-b3-traceid: f6d6d8d086086e5d3fc08e016df02e82
x-b3-spanid: d77653521079653c
apple-seq: 0.0
apple-tk: false
apple-originating-system: UnknownOriginatingSystem
last-modified: Tue, 18 Oct 2022 16:12:22 GMT
etag: "MSwxLjI4LTIySCxWZXJzaW9uIDEyLjEgKEJ1aWxkIDIxQzUyKSwxNjY2MTA5NTQyNTM3LGlzQnVpbGRWZXJzaW9uTm90U2V0LDcwNTEyLG5vRWZmZWN0"
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Type,ETag,Cache-Control,Expires,Last-Modified
timing-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
x-daiquiri-instance: daiquiri:43624002:st44p00it-hyhk15014701:7987:22RELEASE148:daiquiri-amp-processing-shared-int-001-st
cdnuuid: 3f46d3e7-2e87-463d-bcb6-0d3e8d1b24fc-6977273895
cache-control: no-transform, max-age=15284881
date: Sun, 04 Dec 2022 15:17:36 GMT
x-cache: TCP_MISS from a23-36-79-6.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
x-cache-remote: TCP_MISS from a2-21-243-218.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
X-Firefox-Spdy: h2

get.myboek.xyz/img/reading.jpg

104.21.0.207

200 OK

83 kB

URL HTTP/1.1
get.myboek.xyz/img/reading.jpg
IP
104.21.0.207:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x638, components 3\012- data
Size
83 kB (83234 bytes)
Hash
65acc4fd8284fe45e4a3eeb978b8df3c
2bbe7c281e239514f6260c982417083885f7233f
4fc8d5719b839c0c0bc84be2068b650b3772b0270a72ee96f52a0f79e7f31fa1

HTTP Headers

GET /img/reading.jpg HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/css/landing-page.css

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: image/jpeg
Content-Length: 83234
Connection: keep-alive
Last-Modified: Sat, 16 Apr 2022 21:28:45 GMT
ETag: "e6e03ed-14522-5dccc363edcda"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4065
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P%2FJ9I1qAWo2dgG65w%2BGoKxf4%2Fgs99W8rShi%2Fji5sbjukKhl3QwRf42ye6Wpl1TWDxZQ3J5JHKCI4Qgw%2Bpy8zL53O6lmpBYCEDHfA5jE8WvrIW55AR5LBet5CK7Bu5hzF%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774582875dcb0b41-OSL
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

d26adrx9c3n0mq.cloudfront.net/?xrdad=939464

54.230.245.45

200 OK

54 kB

URL HTTP/1.1
d26adrx9c3n0mq.cloudfront.net/?xrdad=939464
IP
54.230.245.45:0
ASN
#16509 AMAZON-02

File type
Unicode text, UTF-8 text, with very long lines (15945)
Size
54 kB (54088 bytes)
Hash
7d0e896e093b6508b077236015110738
a45a4ca3a8c2849b0e08d4308e59d416817b9ac6
fea4c62ef88c808b54af4112170cd8bb52c13dff594dea0206215b0d9e3d1726

HTTP Headers

GET /?xrdad=939464 HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/

HTTP/1.1 200 OK
Content-Length: 54088
Connection: keep-alive
Date: Sun, 04 Dec 2022 15:17:36 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 7j6S_6mJ6PWOKSaJAgWuRUd3IMLxVfquxJe31exJpXasxwFe4bR6TA==

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2

142.250.74.35

200 OK

23 kB

URL HTTP/2
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Size
23 kB (23040 bytes)
Hash
de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

HTTP Headers

GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://get.myboek.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 12:29:22 GMT
expires: Fri, 01 Dec 2023 12:29:22 GMT
cache-control: public, max-age=31536000
age: 269294
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.highperformancedisplayformat.com/13aa6aedbddbb1de073176615e26a748/invoke.js

173.233.137.36

200 OK

9.8 kB

URL HTTP/1.1
www.highperformancedisplayformat.com/13aa6aedbddbb1de073176615e26a748/invoke.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (26949), with no line terminators
Size
9.8 kB (9777 bytes)
Hash
2110d7153b493064cd1a9dfaef190af6
f947123d6536a9f49d4a00a34a8ef0eb4feff90f
e9fd21bec879b843e3c72324df2f02061f93eaf706947cfea215122edb367cf8

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /13aa6aedbddbb1de073176615e26a748/invoke.js HTTP/1.1
Host: www.highperformancedisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4f1f6d1421de44e467c90dbd1cb9e330
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 15:11:19 GMT
cache-control: public,max-age=3600
age: 377
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f54a71942ab5d7fdc54672cf84aa76db
e03db706ad371c93ddd3cc4a3e4c329777bb5f4b
87453ee6a206085c9b82594123a30bf59f7354733d19f21e388dea70768198c9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2129
Cache-Control: max-age=152683
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 09:42:20 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

lassistslegisten.com/d1VGeVoWNyUUZRZoJF8vBTl7XGgxcHQ/PkVjJx0oD2wlSjRHODdXORs6Mx08BTooDXQZMDJcaDEgHxc5DjF3LBgwEzErOx8MIy8xByYTLG4wBBE/Hz8AAyAVDx8NGgtPDQgeEBQHEkEUNRQlLBwzEw4/GzojBBI1NAASEh4wAxAyOQA2HCwPBz4UOwAgExERDSIAHzEVEDkNLiIAcHQ/HA89DT4JPgIDAQs0GwBBOy8EdkEeHyESLDcUPhcRIj82ADsSMDIHQR41GyI4GS0dFCgTLRwTHRw2PhwVDjI2HisYEx0UKBM2BQcBGDU5DBQTMRwHKyNGABcBdxMQAEk+MRQhLDAlZRQDCBoDHi4LPTAlPxg/AxQwaDQHISEIJRsXKy05HRwvFD8UdzM0Ij0AGxgjFAM+HwcGHAAIMBQtM20iOQAxCRoEYBMpGDs2RBkPFxIMNEU/KQpvFBQVSQ

108.157.229.115

200 OK

1.2 kB

URL HTTP/1.1
lassistslegisten.com/d1VGeVoWNyUUZRZoJF8vBTl7XGgxcHQ/PkVjJx0oD2wlSjRHODdXORs6Mx08BTooDXQZMDJcaDEgHxc5DjF3LBgwEzErOx8MIy8xByYTLG4wBBE/Hz8AAyAVDx8NGgtPDQgeEBQHEkEUNRQlLBwzEw4/GzojBBI1NAASEh4wAxAyOQA2HCwPBz4UOwAgExERDSIAHzEVEDkNLiIAcHQ/HA89DT4JPgIDAQs0GwBBOy8EdkEeHyESLDcUPhcRIj82ADsSMDIHQR41GyI4GS0dFCgTLRwTHRw2PhwVDjI2HisYEx0UKBM2BQcBGDU5DBQTMRwHKyNGABcBdxMQAEk+MRQhLDAlZRQDCBoDHi4LPTAlPxg/AxQwaDQHISEIJRsXKy05HRwvFD8UdzM0Ij0AGxgjFAM+HwcGHAAIMBQtM20iOQAxCRoEYBMpGDs2RBkPFxIMNEU/KQpvFBQVSQ
IP
108.157.229.115:0
ASN
#0

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Size
1.2 kB (1197 bytes)
Hash
95e3ff1369ea839f401a53038a234567
9a0cb7058d696123e4dd834ab6cd42e0a44c6a9c
86b1bab4e89df1005b1527b9806f3f63d75d4cf385860e08630f004a9df6ee08

HTTP Headers

GET /d1VGeVoWNyUUZRZoJF8vBTl7XGgxcHQ/PkVjJx0oD2wlSjRHODdXORs6Mx08BTooDXQZMDJcaDEgHxc5DjF3LBgwEzErOx8MIy8xByYTLG4wBBE/Hz8AAyAVDx8NGgtPDQgeEBQHEkEUNRQlLBwzEw4/GzojBBI1NAASEh4wAxAyOQA2HCwPBz4UOwAgExERDSIAHzEVEDkNLiIAcHQ/HA89DT4JPgIDAQs0GwBBOy8EdkEeHyESLDcUPhcRIj82ADsSMDIHQR41GyI4GS0dFCgTLRwTHRw2PhwVDjI2HisYEx0UKBM2BQcBGDU5DBQTMRwHKyNGABcBdxMQAEk+MRQhLDAlZRQDCBoDHi4LPTAlPxg/AxQwaDQHISEIJRsXKy05HRwvFD8UdzM0Ij0AGxgjFAM+HwcGHAAIMBQtM20iOQAxCRoEYBMpGDs2RBkPFxIMNEU/KQpvFBQVSQ HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1197
Connection: keep-alive
Date: Sun, 04 Dec 2022 15:17:37 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 296d9c953cfde68911b6645bdd6877b2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: 4491hln4BHJriM1DNlEWlTdmsDfI-Qtn0VjYShkUqsp9frqsJE1S_g==

ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14

HTTP Headers

POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.sca1b.amazontrust.com/

143.204.42.156

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.156:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
f0f8b0d8806166791f6d6d9a9aa908ca
e30099fed67b541c022984b41b6de1e9ca8e01bb
c8d3589546edd372653dbcc6fe1bc48340d7bf5dc3b0f37324a9ff8014aa912b

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 04 Dec 2022 15:17:37 GMT
Last-Modified: Sun, 04 Dec 2022 14:53:01 GMT
Server: ECS (nyb/1D14)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nkNB8HnusCnZ1y1m6BiUhedRblAwTpJhw8g_5mfXyn0aCG3WgTyYAg==
Age: 1476

get.myboek.xyz/img/fav.png

104.21.0.207

200 OK

134 kB

URL HTTP/1.1
get.myboek.xyz/img/fav.png
IP
104.21.0.207:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size
134 kB (134310 bytes)
Hash
b4beaed55f59e1874a49dff6d1cd2ed9
6ae9d4b8fba14a7f059f7bf72c4baa543e7d18b3
f4d219645452fbc4e33a80985a355e6c4af33a78da58723a58c77f37bc86f793

HTTP Headers

GET /img/fav.png HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:37 GMT
Content-Type: image/png
Content-Length: 134310
Connection: keep-alive
Last-Modified: Sat, 16 Apr 2022 21:28:45 GMT
ETag: "e6e03eb-20ca6-5dccc363ed8f2"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4068
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YNOvwD57z3CQWs1OVeazx5hWHZFkPLXqrSKCu5S%2FI62bmF5Ev9AanI%2FibTWJjrB1vUaMeXCSXh0%2BczET2wWbLii8FzAUbubSL%2BCAV6YZJRhQnwjqcpz83V9GtjkU0SQvew%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7745828b797c0b41-OSL
alt-svc: h2=":443"; ma=60

simplewebanalysis.com/stats

52.28.211.11

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
52.28.211.11:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
78247452ec66089dc91abc9be7d11ab6
64642c00e629f17c75c4647ec2dc5d919d55a113
b1ffe88dbaf80dd5da425fd947c0fa73aa95bdd180615da0b2712d740d4f5bcb

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://get.myboek.xyz
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:37 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://get.myboek.xyz
access-control-allow-credentials: true
set-cookie: uid_id2=8a0b377b-e063-4362-ba69-1b6dfb4bb79d:1:1; expires=Wed, 01 Dec 2032 15:17:37 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
cb439dd80ba82164b879c340b9778147
2bbd26b48daa0b8d2a190f7e8857c716dea279ca
3ab3afbcebe7c744b6446fbb471bda45722313cae36b3020e152e75425a3f760

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

s10.histats.com/js15_as.js

46.105.201.240

200 OK

4.5 kB

URL HTTP/1.1
s10.histats.com/js15_as.js
IP
46.105.201.240:0
ASN
#16276 OVH SAS

File type
HTML document, ASCII text, with very long lines (11440), with no line terminators
Size
4.5 kB (4547 bytes)
Hash
2b153cb2287eac49566b32fce9c385f8
206074b038daff8bc66d86bca0c5ff35f9f72655
7398435bd3f0dae8206173dd66954ae029dc8787962d5f089bcb548f53409869

HTTP Headers

GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/

HTTP/1.1 200 OK
date: Sun, 04 Dec 2022 15:11:06 GMT
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 147326959
etag: W/"-375139978"
content-type: application/javascript; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4547
x-iplb-request-id: 5B5A2A9A:074B_2E69C9F0:0050_638CBA11_5D6DD:2DAA9
x-iplb-instance: 42474

lynormationpas.com/WFlKQVl3ZikyZD03GAsXMgsGFQEvHAsqKR0/PXkfCxx7dh0/DGw1MDxkc3JgbG9+ZykxPXdwfystKzUsK2R7ZzA2PyV8fy5ke29qbHd5cHdpfz98aH4tOiA+ZWhsMS0sNXdwb29pe3duaGx+dGBq

188.114.97.1

204 No Content

0 B

URL HTTP/2
lynormationpas.com/WFlKQVl3ZikyZD03GAsXMgsGFQEvHAsqKR0/PXkfCxx7dh0/DGw1MDxkc3JgbG9+ZykxPXdwfystKzUsK2R7ZzA2PyV8fy5ke29qbHd5cHdpfz98aH4tOiA+ZWhsMS0sNXdwb29pe3duaGx+dGBq
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /WFlKQVl3ZikyZD03GAsXMgsGFQEvHAsqKR0/PXkfCxx7dh0/DGw1MDxkc3JgbG9+ZykxPXdwfystKzUsK2R7ZzA2PyV8fy5ke29qbHd5cHdpfz98aH4tOiA+ZWhsMS0sNXdwb29pe3duaGx+dGBq HTTP/1.1
Host: lynormationpas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sun, 04 Dec 2022 15:17:37 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3QLpwc8JCO9ZTQppW1PjZuiYasNbtTOawQPcX94jpkF5Y2i320SC6EUZTDBmv8ICjkc9h9O%2BDJoMeS3l5nerDfIvggim7dkcPg7HcAY4ZIu7NT%2FPMUbLjWHR50M9GE8AR8onnlo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7745828b5d27b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fd0b48347644ddc60fb16b04140cfcb7
ef8d6c8e3c979e98c82655290150aa14fe5d44d1
f3d27c16653ed979a7cce2dc6239a48a86c7dab2fc34949b540802e50b05275a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5250
Cache-Control: max-age=104724
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Etag: "638b9ba3-1d7"
Expires: Mon, 05 Dec 2022 20:23:01 GMT
Last-Modified: Sat, 03 Dec 2022 18:55:31 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
cb439dd80ba82164b879c340b9778147
2bbd26b48daa0b8d2a190f7e8857c716dea279ca
3ab3afbcebe7c744b6446fbb471bda45722313cae36b3020e152e75425a3f760

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail

142.250.74.109

302 Found

389 B

URL HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP
142.250.74.109:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Size
389 B (389 bytes)
Hash
db13cb4e38bd00eb48376c1b048b734e
d4237098d92aaad27b724d119053d685e259b380
71cee01515af46410246f520e20632afd1cb089700719ce0444fa48b001fc2c8

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Dec 2022 15:17:37 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S2030274078%3A1670167057312498&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvpIK5543u19CQV2DD6aro5nROZ2tOqXOYiC-MumbNenmWBDc5tGd43Td7P7AydC8x7KL5z3A
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-YoGvrNfsBTGp-3wLNKJhmQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 389
server: GSE
set-cookie: __Host-GAPS=1:9pPnF1vHENERhnZOXXSNbSry42q8LQ:N9jwM_Jfn55a2Bt_;Path=/;Expires=Tue, 03-Dec-2024 15:17:37 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube

142.250.74.109

302 Found

395 B

URL HTTP/2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
142.250.74.109:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Size
395 B (395 bytes)
Hash
dd3cd7841e777b16dbbab704daef0a2a
f49c593858c45011e031e25c69d4fce35ddd0169
8fe108e3d669f28c3558b1ce8f3985fe2f9c47cad0e5dff8f843d92625103b04

HTTP Headers

GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Dec 2022 15:17:37 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-704191492%3A1670167057346505&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAu0h6oJNyI-OmUGnMq93pDwIbJvBfsxJ1Zn1CWyP5JMRcIVLnmdFrZfny19K6ZIHjnpkZ9HOQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-djbhEw7Zzw4g_-9InnwnPA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:IWo7cRYIZB_t9C8_pQeSR7YPwe-Zwg:nG4vWEa0tFAxxQu7;Path=/;Expires=Tue, 03-Dec-2024 15:17:37 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
f54a71942ab5d7fdc54672cf84aa76db
e03db706ad371c93ddd3cc4a3e4c329777bb5f4b
87453ee6a206085c9b82594123a30bf59f7354733d19f21e388dea70768198c9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
71a45d8a5362743aa24608a11f9d5cd8
4cdf403c8dd502021c4751c0e6356edfcb2c4b6f
bacbb522c01bbe210e502ed5c3f7af2ff7cbb24de26d0d0b38e0f213f3af8d24

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BACBB522C01BBE210E502ED5C3F7AF2FF7CBB24DE26D0D0B38E0F213F3AF8D24"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18576
Expires: Sun, 04 Dec 2022 20:27:13 GMT
Date: Sun, 04 Dec 2022 15:17:37 GMT
Connection: keep-alive

e1.o.lencr.org/

23.33.119.27

200 OK

345 B

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
345 B (345 bytes)
Hash
71a45d8a5362743aa24608a11f9d5cd8
4cdf403c8dd502021c4751c0e6356edfcb2c4b6f
bacbb522c01bbe210e502ed5c3f7af2ff7cbb24de26d0d0b38e0f213f3af8d24

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BACBB522C01BBE210E502ED5C3F7AF2FF7CBB24DE26D0D0B38E0F213F3AF8D24"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18576
Expires: Sun, 04 Dec 2022 20:27:13 GMT
Date: Sun, 04 Dec 2022 15:17:37 GMT
Connection: keep-alive

d26adrx9c3n0mq.cloudfront.net/uYncyd1UBGFwRahYeVkpsUU4GQWFEHUEYOxJKcQ8XNgJcRT8NBAcUFDFHFAMvBkoCUTkDGVVKcwcZUUpkRBZWFWhWUUYHOglKWxw/FxhKGSIWExQCNF8aXQ08DhtTUmckQhxHcFBHGgA8DBNdACZHRQIZIUdFAkZlTEcXRBdHRQIAPAxBBlJmIFIARy1UQx-dEF0dFAgUjR0RzRmVXWQJecFBHVRI2CRgXRRNQRwNHZVNHA1JnUhFbBTAEGEpSZyRGAkJ7UlFHSmQ

54.230.245.45

200 OK

574 B

URL HTTP/1.1
d26adrx9c3n0mq.cloudfront.net/uYncyd1UBGFwRahYeVkpsUU4GQWFEHUEYOxJKcQ8XNgJcRT8NBAcUFDFHFAMvBkoCUTkDGVVKcwcZUUpkRBZWFWhWUUYHOglKWxw/FxhKGSIWExQCNF8aXQ08DhtTUmckQhxHcFBHGgA8DBNdACZHRQIZIUdFAkZlTEcXRBdHRQIAPAxBBlJmIFIARy1UQx-dEF0dFAgUjR0RzRmVXWQJecFBHVRI2CRgXRRNQRwNHZVNHA1JnUhFbBTAEGEpSZyRGAkJ7UlFHSmQ
IP
54.230.245.45:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (819), with no line terminators
Size
574 B (574 bytes)
Hash
24cab3d41273f96d886a53c81d06ebaf
d33d18cdfbb42db40091dae02943908676b0e224
f9e8cd586e658c2baeacc26fc521d524318ad01897135ffc2b0d73e3063aa08f

HTTP Headers

GET /uYncyd1UBGFwRahYeVkpsUU4GQWFEHUEYOxJKcQ8XNgJcRT8NBAcUFDFHFAMvBkoCUTkDGVVKcwcZUUpkRBZWFWhWUUYHOglKWxw/FxhKGSIWExQCNF8aXQ08DhtTUmckQhxHcFBHGgA8DBNdACZHRQIZIUdFAkZlTEcXRBdHRQIAPAxBBlJmIFIARy1UQx-dEF0dFAgUjR0RzRmVXWQJecFBHVRI2CRgXRRNQRwNHZVNHA1JnUhFbBTAEGEpSZyRGAkJ7UlFHSmQ HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lassistslegisten.com/

HTTP/1.1 200 OK
Content-Length: 574
Connection: keep-alive
Date: Sun, 04 Dec 2022 15:17:37 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rG2oShjrg3S43IJuaZohDop0gdqzlGINzoLKltdlN6_9Dsd8RhYPyw==

ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14

HTTP Headers

POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

push.services.mozilla.com/

44.240.57.100

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
44.240.57.100:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: j9l3JjckCMJlAQZNH6N4TQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RGt8aMWpaw0DfhsGMct7h55W3qw=

lassistslegisten.com/utx?cb=usVmePTmVh8C&top=get.myboek.xyz&tid=939464

108.157.229.115

204 No Content

0 B

URL HTTP/2
lassistslegisten.com/utx?cb=usVmePTmVh8C&top=get.myboek.xyz&tid=939464
IP
108.157.229.115:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /utx?cb=usVmePTmVh8C&top=get.myboek.xyz&tid=939464 HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://get.myboek.xyz
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 204 No Content
date: Sun, 04 Dec 2022 15:17:37 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://get.myboek.xyz
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 04 Dec 2022 15:18:37 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 471577f2b3efe669f21e138a1621a8ca.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: pjOkJK1Q2aRg3uAagxmqJ279Pm_xUcBthgwsH0IiXuqAyfeh4XHnJA==
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
fd0b48347644ddc60fb16b04140cfcb7
ef8d6c8e3c979e98c82655290150aa14fe5d44d1
f3d27c16653ed979a7cce2dc6239a48a86c7dab2fc34949b540802e50b05275a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5250
Cache-Control: max-age=104724
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Etag: "638b9ba3-1d7"
Expires: Mon, 05 Dec 2022 20:23:01 GMT
Last-Modified: Sat, 03 Dec 2022 18:55:31 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

e1.o.lencr.org/

23.33.119.27

200 OK

1.2 kB

URL HTTP/1.1
e1.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
gzip compressed data, max compression\012- data
Size
1.2 kB (1151 bytes)
Hash
b631ee8491d0409d59a457e77d4a8229
e5d62e41c4d3e8ed882aac4fdfd9357dc02e3b48
08bf4e62ee737fbd98c5c547138f1025298ca01fa968b7d4ce249e27caf3760b

HTTP Headers

POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BACBB522C01BBE210E502ED5C3F7AF2FF7CBB24DE26D0D0B38E0F213F3AF8D24"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18576
Expires: Sun, 04 Dec 2022 20:27:13 GMT
Date: Sun, 04 Dec 2022 15:17:37 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
408b9ba72dc83c47c6821c825897d586
39c533b3ecadd39dcc4be7e5d6b1a5fece62de8b
3b1904ae01a75c6c530b0d4e952f53b823b8ebc3bd4eaf62794dac74999d6b23

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3B1904AE01A75C6C530B0D4E952F53B823B8EBC3BD4EAF62794DAC74999D6B23"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16486
Expires: Sun, 04 Dec 2022 19:52:23 GMT
Date: Sun, 04 Dec 2022 15:17:37 GMT
Connection: keep-alive

lynormationpas.com/popunder.gif

188.114.97.1

301 Moved Permanently

0 B

URL HTTP/1.1
lynormationpas.com/popunder.gif
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /popunder.gif HTTP/1.1
Host: lynormationpas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/

HTTP/1.1 301 Moved Permanently
Date: Sun, 04 Dec 2022 15:17:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 04 Dec 2022 16:17:37 GMT
Location: https://lynormationpas.com/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HbHeqFtiltCsdXk%2FpOi3F0m1oMw4dvE3ERhGdr7XsvXN6JCRIEH5ujI5k6Y4c%2FDUJAMq1odbEyUkgGVGf%2BTrm7GghwvL1BDZ8AWdDW6ZH6B6nmi8XFNujovytaPanOgeAw5vYmE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7745828ddaddb505-OSL
alt-svc: h2=":443"; ma=60

s4.histats.com/stats/0.php?4593886&@f16&@g1&@h1&@i1&@j1670167054915&@k0&@l1&@mPromesse%20sotto%20la%20luna%20(I%20Romanzi%20Classic)%20-%20Julia%20Quinn%20%7C%20eBooks%20Library%20Online&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:13121173&@b3:1670167055&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&@w

149.56.240.129

200 OK

51 B

URL HTTP/1.1
s4.histats.com/stats/0.php?4593886&@f16&@g1&@h1&@i1&@j1670167054915&@k0&@l1&@mPromesse%20sotto%20la%20luna%20(I%20Romanzi%20Classic)%20-%20Julia%20Quinn%20%7C%20eBooks%20Library%20Online&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:13121173&@b3:1670167055&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&@w
IP
149.56.240.129:0
ASN
#16276 OVH SAS

File type
ASCII text, with no line terminators
Size
51 B (51 bytes)
Hash
a0b8d389954eda7885388d9c70d5c66e
cf0ad9e46dc0b3f186964606948827f4e64ae612
dec560aaf9b776c0d28b5e1559dcac466c1cbd0ba21444e553fd503a01cfb1b5

HTTP Headers

GET /stats/0.php?4593886&@f16&@g1&@h1&@i1&@j1670167054915&@k0&@l1&@mPromesse%20sotto%20la%20luna%20(I%20Romanzi%20Classic)%20-%20Julia%20Quinn%20%7C%20eBooks%20Library%20Online&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:13121173&@b3:1670167055&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:37 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 51
Connection: close

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1e1a9a27fa5363a2e9b21492101b97cf
4b866eb99708f520a547bfc2054e8920a0871e82
115a36ff6ec059154ac8c8627bb347444fd66d3be50aa0d156dbf63160a5a5bb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "115A36FF6EC059154AC8C8627BB347444FD66D3BE50AA0D156DBF63160A5A5BB"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2706
Expires: Sun, 04 Dec 2022 16:02:43 GMT
Date: Sun, 04 Dec 2022 15:17:37 GMT
Connection: keep-alive

192.243.61.225

307 Temporary Redirect

0 B

URL HTTP/1.1
reproductiontape.com/watch.1049375488054.js?key=13aa6aedbddbb1de073176615e26a748&kw=%5B%22promesse%22%2C%22sotto%22%2C%22la%22%2C%22luna%22%2C%22i%22%2C%22romanzi%22%2C%22classic%22%2C%22-%22%2C%22julia%22%2C%22quinn%22%2C%22ebooks%22%2C%22library%22%2C%22online%22%5D&refer=http%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&tz=0&dev=e&res=12.1053&uuid=8a0b377b-e063-4362-ba69-1b6dfb4bb79d%3A1%3A1
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.1049375488054.js?key=13aa6aedbddbb1de073176615e26a748&kw=%5B%22promesse%22%2C%22sotto%22%2C%22la%22%2C%22luna%22%2C%22i%22%2C%22romanzi%22%2C%22classic%22%2C%22-%22%2C%22julia%22%2C%22quinn%22%2C%22ebooks%22%2C%22library%22%2C%22online%22%5D&refer=http%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&tz=0&dev=e&res=12.1053&uuid=8a0b377b-e063-4362-ba69-1b6dfb4bb79d%3A1%3A1 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://get.myboek.xyz
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Sun, 04 Dec 2022 15:17:37 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://get.myboek.xyz
Access-Control-Allow-Origin: http://get.myboek.xyz
Access-Control-Allow-Credentials: true
Location: https://reproductiontape.com/watch.1049375488054.js?key=13aa6aedbddbb1de073176615e26a748&kw=%5B%22promesse%22%2C%22sotto%22%2C%22la%22%2C%22luna%22%2C%22i%22%2C%22romanzi%22%2C%22classic%22%2C%22-%22%2C%22julia%22%2C%22quinn%22%2C%22ebooks%22%2C%22library%22%2C%22online%22%5D&refer=http%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&tz=0&dev=e&res=12.1053&uuid=8a0b377b-e063-4362-ba69-1b6dfb4bb79d%3A1%3A1&shu=6fb4aebb8f2b282d8ec3fff3d609116b779e95d311ade94395ab7b816b3631e96b500d5efc66956cbf46d07f5843834d542ef90c83caba732db02f8e9d318cb191bb1a99c1589744c52204beeb84455460c4f85d01f6df4d05aaa233c8c914&pst=1670167117&rmtc=t
Set-Cookie: u_pl=16169044; expires=Mon, 05 Dec 2022 15:17:37 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjE2OTA0NCwiayI6IjEzYWE2YWVkYmRkYmIxZGUwNzMxNzY2MTVlMjZhNzQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTE5OTc5LCJwaWQiOjM2MjU0LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjI3LCJhaWQiOjI2LCJwdCI6NCwicGsiOiJqN3JoNzIybjM2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9nZXQubXlib2VrLnh5ei9kb3dubG9hZHMvcHJvbWVzc2Utc290dG8tbGEtbHVuYS1pLXJvbWFuemktY2xhc3NpYy1saWJyaS1ncmF0aXMtaXQxNDcwNzIzMjM4Lmh0bWwifX0.EKsbXP6p-dk4mda3NqEPhV3c-Q45irKQRUL5mIWtjfE; expires=Sun, 04 Dec 2022 15:18:37 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: deb32d73605e741afcc56a4926039121
Strict-Transport-Security: max-age=0; includeSubdomains

reproductiontape.com/watch.1049375488054.js?key=13aa6aedbddbb1de073176615e26a748&kw=%5B%22promesse%22%2C%22sotto%22%2C%22la%22%2C%22luna%22%2C%22i%22%2C%22romanzi%22%2C%22classic%22%2C%22-%22%2C%22julia%22%2C%22quinn%22%2C%22ebooks%22%2C%22library%22%2C%22online%22%5D&refer=http%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&tz=0&dev=e&res=12.1053&uuid=8a0b377b-e063-4362-ba69-1b6dfb4bb79d%3A1%3A1&shu=6fb4aebb8f2b282d8ec3fff3d609116b779e95d311ade94395ab7b816b3631e96b500d5efc66956cbf46d07f5843834d542ef90c83caba732db02f8e9d318cb191bb1a99c1589744c52204beeb84455460c4f85d01f6df4d05aaa233c8c914&pst=1670167117&rmtc=t

192.243.61.225

200 OK

640 B

URL HTTP/1.1
reproductiontape.com/watch.1049375488054.js?key=13aa6aedbddbb1de073176615e26a748&kw=%5B%22promesse%22%2C%22sotto%22%2C%22la%22%2C%22luna%22%2C%22i%22%2C%22romanzi%22%2C%22classic%22%2C%22-%22%2C%22julia%22%2C%22quinn%22%2C%22ebooks%22%2C%22library%22%2C%22online%22%5D&refer=http%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&tz=0&dev=e&res=12.1053&uuid=8a0b377b-e063-4362-ba69-1b6dfb4bb79d%3A1%3A1&shu=6fb4aebb8f2b282d8ec3fff3d609116b779e95d311ade94395ab7b816b3631e96b500d5efc66956cbf46d07f5843834d542ef90c83caba732db02f8e9d318cb191bb1a99c1589744c52204beeb84455460c4f85d01f6df4d05aaa233c8c914&pst=1670167117&rmtc=t
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document, ASCII text, with very long lines (602)
Size
640 B (640 bytes)
Hash
6dbc1dab1a7680a7656e877660992b4e
f1f42e59fc3221ab18e158cb8d83d1a5d58ef80d
77c077d01918bd3ead48e7c616eb1c74d639e95387f84afed93bae5ff591add9

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.1049375488054.js?key=13aa6aedbddbb1de073176615e26a748&kw=%5B%22promesse%22%2C%22sotto%22%2C%22la%22%2C%22luna%22%2C%22i%22%2C%22romanzi%22%2C%22classic%22%2C%22-%22%2C%22julia%22%2C%22quinn%22%2C%22ebooks%22%2C%22library%22%2C%22online%22%5D&refer=http%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&tz=0&dev=e&res=12.1053&uuid=8a0b377b-e063-4362-ba69-1b6dfb4bb79d%3A1%3A1&shu=6fb4aebb8f2b282d8ec3fff3d609116b779e95d311ade94395ab7b816b3631e96b500d5efc66956cbf46d07f5843834d542ef90c83caba732db02f8e9d318cb191bb1a99c1589744c52204beeb84455460c4f85d01f6df4d05aaa233c8c914&pst=1670167117&rmtc=t HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://get.myboek.xyz
Referer: http://get.myboek.xyz/
Connection: keep-alive
Cookie: u_pl=16169044; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjE2OTA0NCwiayI6IjEzYWE2YWVkYmRkYmIxZGUwNzMxNzY2MTVlMjZhNzQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTE5OTc5LCJwaWQiOjM2MjU0LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjI3LCJhaWQiOjI2LCJwdCI6NCwicGsiOiJqN3JoNzIybjM2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9nZXQubXlib2VrLnh5ei9kb3dubG9hZHMvcHJvbWVzc2Utc290dG8tbGEtbHVuYS1pLXJvbWFuemktY2xhc3NpYy1saWJyaS1ncmF0aXMtaXQxNDcwNzIzMjM4Lmh0bWwifX0.EKsbXP6p-dk4mda3NqEPhV3c-Q45irKQRUL5mIWtjfE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 04 Dec 2022 15:17:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://get.myboek.xyz
Access-Control-Allow-Origin: http://get.myboek.xyz
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8a0b377b-e063-4362-ba69-1b6dfb4bb79d:1:1; expires=Sun, 11 Dec 2022 15:17:38 GMT; secure; SameSite=None
iprca26444e3e72bfabd5ad35714678d9d51=2717338; expires=Mon, 05 Dec 2022 17:17:38 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 05 Dec 2022 15:17:38 GMT; secure; SameSite=None
uncs=1; expires=Mon, 05 Dec 2022 15:17:38 GMT; secure; SameSite=None
pdhtkv26=true; expires=Mon, 05 Dec 2022 15:17:38 GMT; secure; SameSite=None
uncs26=1; expires=Mon, 05 Dec 2022 15:17:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c0655e7acaf94a59d1ca070168d2fc80
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1a13d9c721e7f13832668c8edefbd95d
f45b7e666c11f9926b0987ea92832c3b6f7b9935
35ccaf676571586c43a2f5056fddbf0d4f5572807c24075af2a3b0c625fa8013

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CCAF676571586C43A2F5056FDDBF0D4F5572807C24075AF2A3B0C625FA8013"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=178
Expires: Sun, 04 Dec 2022 15:20:36 GMT
Date: Sun, 04 Dec 2022 15:17:38 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4031
Expires: Sun, 04 Dec 2022 16:24:49 GMT
Date: Sun, 04 Dec 2022 15:17:38 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4031
Expires: Sun, 04 Dec 2022 16:24:49 GMT
Date: Sun, 04 Dec 2022 15:17:38 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4031
Expires: Sun, 04 Dec 2022 16:24:49 GMT
Date: Sun, 04 Dec 2022 15:17:38 GMT
Connection: keep-alive

r3.o.lencr.org/

95.101.11.115

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
95.101.11.115:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4031
Expires: Sun, 04 Dec 2022 16:24:49 GMT
Date: Sun, 04 Dec 2022 15:17:38 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16143 bytes)
Hash
14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 33738
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.7 kB (4666 bytes)
Hash
c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 63217
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8315 bytes)
Hash
db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JuY0xcLDiERwrVhq33d4PP64liDqFfk9bc9xX1H62o0tOwrt1ek7Pg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:42:39 GMT
age: 63299
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

pogothere.xyz/

172.64.172.27

200 OK

1.3 kB

URL HTTP/2
pogothere.xyz/
IP
172.64.172.27:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with no line terminators
Size
1.3 kB (1290 bytes)
Hash
8b50ce7d73b9dafcdc35e424a36b7c5c
f80d3561bf038ce9af68c0db7dc6b142035a4905
887db4226f754274744269b34a25d1f506f0188f66f8e77f1e4a3f89b14638bb

HTTP Headers

GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://get.myboek.xyz/
Origin: http://get.myboek.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:37 GMT
content-type: text/plain
set-cookie: csu=453543728838053@1@1670167057; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://get.myboek.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IGT4rW0lpYqhQj3S2q%2B5VgCwGMleLWA8IjXJ%2B%2Bingr6Zs6OCkks7Zpf41FzJ6FzkL7TY7zEzfqJ3FNMQz9FhMS7Tt5M6h9ZM3vRdyP9jXP7Ud5awPHCh2eVm4jwnwIvB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7745828ce80c76c3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.0 kB (8989 bytes)
Hash
a6e7b32ac999cf3c899a234c621fa91a
fc5d4f3163ebb9faf85968cbb1d194e8e68418be
f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 62857
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

10 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
10 kB (10431 bytes)
Hash
2636f91bb8fa4d9bb7bef114c248a9ae
8637105f41058bc0d2b259d462b560881928adb6
3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PQ7xh995cd1UVi3z42EVZGjQjHLLvtAP5BBC-xLEEGr4mEiXS6fC-w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:06 GMT
age: 63032
etag: "8637105f41058bc0d2b259d462b560881928adb6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

docs.google.com/forms/d/e/1FAIpQLSd80WI9j3dJR1Yx7iLbpxzG0AjodOzXtaV8QxEfgJsrcx10og/viewform?embedded=true

142.250.74.142

403 Forbidden

7.0 kB

URL HTTP/2
docs.google.com/forms/d/e/1FAIpQLSd80WI9j3dJR1Yx7iLbpxzG0AjodOzXtaV8QxEfgJsrcx10og/viewform?embedded=true
IP
142.250.74.142:0
ASN
#15169 GOOGLE

File type
data
Size
7.0 kB (7015 bytes)
Hash
a4485daec9ded52e629e9d112b99d2ba
0753956677dbe93f089c0b663502c0707dff31dd
fdcd0e9657734f9c8f3a9ce117db926d96fb800115a23f919dd3c6c0a898aa8f

HTTP Headers

GET /forms/d/e/1FAIpQLSd80WI9j3dJR1Yx7iLbpxzG0AjodOzXtaV8QxEfgJsrcx10og/viewform?embedded=true HTTP/1.1
Host: docs.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 403 Forbidden
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Dec 2022 15:17:37 GMT
content-type: text/html; charset=utf-8
content-encoding: gzip
x-chromium-appcache-fallback-override: disallow-fallback
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
referrer-policy: strict-origin-when-cross-origin
content-security-policy: base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'nonce-M875SfYtkB8MZHhy1IsiHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: S=spreadsheet_forms=3vKH7MDftjSpiqVh5R60Mjiam5MyceXgyJK-q8nZHg4; Domain=.docs.google.com; Expires=Sun, 04-Dec-2022 16:17:37 GMT; Path=/forms/d/e/1FAIpQLSd80WI9j3dJR1Yx7iLbpxzG0AjodOzXtaV8QxEfgJsrcx10og; Secure; HttpOnly; SameSite=none
COMPASS=spreadsheet_forms=CjIACWuJV-Hk8aC0OMYZGEJhPAU7qDvgoe27U5jjqkZiw4RyP1dF8s3EbL_z-n8p_PPUDBChkLOcBho0AAlriVdnWLbyEGB2TKbbtq35BTbr-o68hr_xRn8bLhh6WvlAkw5fYY2fo7LV5xUPBOnekw==; Domain=.docs.google.com; Expires=Sun, 04-Dec-2022 16:17:37 GMT; Path=/forms/d/e/1FAIpQLSd80WI9j3dJR1Yx7iLbpxzG0AjodOzXtaV8QxEfgJsrcx10og; Secure; HttpOnly; SameSite=none
NID=511=HLsafvIshZw2-No7sPvSkWDAFWScTvoZticaN1-b4kqjR-iwk__1VkaeLKrQX3SWvwFaurp2JvrBvl82A3mV6v1krYt3Q1RAYktFsikOKJxtTaFprLk3fOysCoE5dqBR8M8lLgqsVT6_HcGmKnI-9Ez69zSH29meHTyGYrvTKt0; expires=Mon, 05-Jun-2023 15:17:37 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.spikereekvelocity.com/dyfc1k09?shu=6e026387585e8c05dfb97a08bc723b18a79b692513cfbe171ed7b84c9f3230b345ca45fb0f9b35f13cf447369808f1daa0f7acaeea6fe26dcc1fcd445d76e92e36f9876c85501757fd7b929484d72a49def2c53f819579273c8cb882bdc0&pst=1670167118&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fget.myboek.xyz%2F&psid=16169044

173.233.139.164

302 Found

0 B

URL HTTP/1.1
www.spikereekvelocity.com/dyfc1k09?shu=6e026387585e8c05dfb97a08bc723b18a79b692513cfbe171ed7b84c9f3230b345ca45fb0f9b35f13cf447369808f1daa0f7acaeea6fe26dcc1fcd445d76e92e36f9876c85501757fd7b929484d72a49def2c53f819579273c8cb882bdc0&pst=1670167118&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fget.myboek.xyz%2F&psid=16169044
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /dyfc1k09?shu=6e026387585e8c05dfb97a08bc723b18a79b692513cfbe171ed7b84c9f3230b345ca45fb0f9b35f13cf447369808f1daa0f7acaeea6fe26dcc1fcd445d76e92e36f9876c85501757fd7b929484d72a49def2c53f819579273c8cb882bdc0&pst=1670167118&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fget.myboek.xyz%2F&psid=16169044 HTTP/1.1
Host: www.spikereekvelocity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.spikereekvelocity.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTYxNjkwNDQiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2dldC5teWJvZWsueHl6LyJ9fQ.pyPlm4p0arEWIHzZvd-VgnoaExA9haWz-BhJlNEhfuU; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 15:17:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: http://adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304
Set-Cookie: pdhtkv=true; expires=Mon, 05 Dec 2022 15:17:39 GMT
uncs=1; expires=Mon, 05 Dec 2022 15:17:39 GMT
pdhtkv28=true; expires=Mon, 05 Dec 2022 15:17:39 GMT
uncs28=1; expires=Mon, 05 Dec 2022 15:17:39 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4fe0a5eea811e454b00a35185a91c2da
Strict-Transport-Security: max-age=0; includeSubdomains

adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304

34.160.190.227

200 OK

1.9 kB

URL HTTP/1.1
adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304
IP
34.160.190.227:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (710)
Size
1.9 kB (1864 bytes)
Hash
2c684baa034a2725d78f7bc1652e10ce
400482195eb0eee2ecf30d341e9630c5bc62f447
f2c07a1bd8515c3506cc6fe4f9e1dfa7aac5e61965e453c6733eff971699718e

HTTP Headers

GET /script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304 HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: openresty
Date: Sun, 04 Dec 2022 15:17:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 google

34.160.190.227

302 Moved Temporarily

1 B

URL HTTP/1.1
adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304&treqn=42346345&rpn=1&cbrandom=0.6515605131757707&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=
IP
34.160.190.227:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

HTTP Headers

GET /script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304&treqn=42346345&rpn=1&cbrandom=0.6515605131757707&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref= HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Sun, 04 Dec 2022 15:17:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Location: https://adserving.unibet.com/redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=3930943-640691165-0_Adsterra
Via: 1.1 google

adpointrtb.com/favicon.ico

34.160.190.227

200 OK

0 B

URL HTTP/1.1
adpointrtb.com/favicon.ico
IP
34.160.190.227:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: openresty
Date: Sun, 04 Dec 2022 15:17:39 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Thu, 10 Dec 2020 09:27:58 GMT
ETag: "5fd1ea1e-0"
Accept-Ranges: bytes
Via: 1.1 google

adserving.unibet.com/redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=3930943-640691165-0_Adsterra

23.36.79.11

307 Temporary Redirect

0 B

URL HTTP/2
adserving.unibet.com/redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=3930943-640691165-0_Adsterra
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=3930943-640691165-0_Adsterra HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.mariacasino.nu/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sun, 04 Dec 2022 15:17:39 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 04 Dec 2022 15:17:39 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68593099%2c%22BID%22%3a37953%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670167059814)%5c%2f%22%2c%22CookieTag%22%3a%223795368593099451240919C20221241517%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228519688824%7c1%22%7d%5d; domain=.unibet.com; expires=Tue, 04-Dec-3021 15:17:39 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=20, origin; dur=36
X-Firefox-Spdy: h2

www.mariacasino.nu/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953

85.184.96.0

301 Moved Permanently

0 B

URL HTTP/2
www.mariacasino.nu/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953
IP
85.184.96.0:0
ASN
#47171 Unibet Services Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953 HTTP/1.1
Host: www.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
date: Sun, 04 Dec 2022 15:17:39 GMT
content-length: 0
location: https://www.mariacasino.nu:443/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953
set-cookie: JSESSIONID=node0cbye0uoygr461gy6cvc3fhgsv2747148.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0cbye0uoygr461gy6cvc3fhgsv; Path=/; Domain=.mariacasino.nu; Expires=Tue, 03-Dec-2024 15:17:39 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.mariacasino.nu; Expires=Tue, 03-Dec-2024 15:17:39 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.mariacasino.nu; Expires=Tue, 03-Dec-2024 15:17:39 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Sun, 04-Dec-2022 15:17:54 GMT; Max-Age=15; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37953; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
PID=68593099; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
CHID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Sun, 04-Dec-2022 15:17:54 GMT; Max-Age=15; Secure; SameSite=None
campaignId=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Sun, 04-Dec-2022 15:17:54 GMT; Max-Age=15; Secure; SameSite=None
clientId=browser_desktop; Domain=www.mariacasino.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Sun, 04 Dec 2022 15:17:39 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2

www.mariacasino.nu/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953

85.184.96.0

301 Moved Permanently

0 B

URL HTTP/2
www.mariacasino.nu/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953
IP
85.184.96.0:0
ASN
#47171 Unibet Services Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953 HTTP/1.1
Host: www.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; clientId=browser_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 301 Moved Permanently
date: Sun, 04 Dec 2022 15:17:40 GMT
content-length: 0
location: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Sun, 04 Dec 2022 15:17:40 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
f18a55c82e7eb10a724285c83332723f
9ca46d1a1904ebb92c9525ac116f81dc3f1e8b27
5faa072e204c4892d95b8a58d309ef9f850954bfdae627a37c7a37e069c225ad

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=134715
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:40 GMT
Etag: "638c254f-117"
Expires: Tue, 06 Dec 2022 04:42:55 GMT
Last-Modified: Sun, 04 Dec 2022 04:42:55 GMT
Server: nginx
Content-Length: 279

welcome.mariacasino.nu/no/pop/casino/2022/slots.png

104.18.25.188

200 OK

6.3 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/slots.png
IP
104.18.25.188:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 151 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
6.3 kB (6303 bytes)
Hash
6be047bdf3d103b2414f7f6ab64d96b8
57818bdfe16383abe584b5c30de5f35eb55ebf20
38e2d3e7f261032cf0c558e28555c6425c30aa14014f31bbaad7d5176b7d4449

HTTP Headers

GET /no/pop/casino/2022/slots.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: image/png
content-length: 6303
cache-control: public, max-age=900, immutable
content-md5: a+BHvfPRA7JBT39qtk2WuA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4ED5BA7"
x-ms-request-id: da131072-401e-003f-7bf7-03daa1000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437982
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a18abab517-OSL
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/games.png

104.18.25.188

200 OK

8.8 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/games.png
IP
104.18.25.188:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 234 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
8.8 kB (8838 bytes)
Hash
fbd364c184d1c2af246dd5a3079ce9ed
5c572431ced831a518e0c4adfed4372254f1eac1
2a09f891fb138e893fbc2fe522761e47307376143582e41016bf8aa54c4fdb77

HTTP Headers

GET /no/pop/casino/2022/games.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: image/png
content-length: 8838
cache-control: public, max-age=900, immutable
content-md5: +9NkwYTRwq8kbdWjB5zp7Q==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4D87720"
x-ms-request-id: 56be89e7-801e-0020-22f7-0369a5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437982
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a18abfb517-OSL
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/livecasino.png

104.18.25.188

200 OK

21 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/livecasino.png
IP
104.18.25.188:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
21 kB (20783 bytes)
Hash
87dc3fc9a40a9b0e8fd7c0519ac24f54
908b0ca475f8da1d0380a6cb5caabafce2466aec
a0fd031aa160b2679253c5952576a692e002c6be963c5935af3692ff50206eb4

HTTP Headers

GET /no/pop/casino/2022/livecasino.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: image/png
content-length: 20783
cache-control: public, max-age=900, immutable
content-md5: h9w/yaQKmw6P18BRmsJPVA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4DF7B00"
x-ms-request-id: 2a37beda-301e-0078-10f7-03b1fa000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437983
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a18abeb517-OSL
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/mga.png

104.18.25.188

200 OK

1.5 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/mga.png
IP
104.18.25.188:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 152 x 60, 8-bit colormap, non-interlaced\012- data
Size
1.5 kB (1454 bytes)
Hash
f34e781d7ad22dc774b98ac82a2b46f6
b66cb9753b0f76a7590f62d3c6b8f645bdbae786
7898ba2cec328d50a75400c1e5a6f1f23974f4c0cc433472a24f28a82c7d01c7

HTTP Headers

GET /no/pop/casino/2022/mga.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: image/png
content-length: 1454
cache-control: public, max-age=900, immutable
content-md5: 8054HXrSLcd0uYrIKitG9g==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4FEBE45"
x-ms-request-id: aeb20fbe-701e-0034-08f7-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437983
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a18ac9b517-OSL
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099

104.18.25.188

200 OK

3.4 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
IP
104.18.25.188:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1020)
Size
3.4 kB (3446 bytes)
Hash
33aae0d4a7408cad03d12e3ee669148e
3b507cc61446eaf3a74bdc5ac33dff7d479e0ff1
bbbd25e49b8b956acbe90ae6709cc3f47ee637aa4174a046e5e58d3be10df44a

HTTP Headers

GET /no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: L2akXslp2trAwResQfYe7w==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
x-ms-request-id: e26312d9-f01e-0077-47f3-07c796000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 7745829fa86fb517-OSL
content-encoding: br
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js

216.58.207.234

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js
IP
216.58.207.234:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32030)
Size
30 kB (30244 bytes)
Hash
04ba0252a9f264db106d4eaab8df4ccb
cf52d9b3df7839c5c64fbf33aafeced74b3db750
397852429e768ffbd12a78ce4b94f14e3ab4afabf84acb07c0bb5b7798e6e0b2

HTTP Headers

GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 06:39:52 GMT
expires: Sat, 02 Dec 2023 06:39:52 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 203868
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js

23.38.200.237

200 OK

44 kB

URL HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
exported SGML document, ASCII text, with very long lines (32764)
Size
44 kB (43737 bytes)
Hash
57198fa839fd954656487c5a3bef02a7
060e710714194b067e8a17554de1f056f3c5fa64
0144349d38a845bda08cbc2654f89da13986be57ce76fa7f49488907aa392edd

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "bf8d7656a2457e257e3cf75a01e6a4b7:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 43737
cache-control: max-age=3600
expires: Sun, 04 Dec 2022 16:17:40 GMT
date: Sun, 04 Dec 2022 15:17:40 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2

a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js

85.184.96.5

200 OK

956 B

URL HTTP/2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
85.184.96.5:0
ASN
#47171 Unibet Services Limited

File type
ASCII text
Size
956 B (956 bytes)
Hash
fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47

HTTP Headers

GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js

23.38.200.237

200 OK

228 B

URL HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
228 B (228 bytes)
Hash
f9f61cf08520dbe652f9085c0c5e1a43
f9333020f4b2f0446c5ce4fd69f14433102a71c5
b27cb6d5a43aa222ba4bb45dfeec4211d1ed558d1d552ec160660c01db213782

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "accfdd9d5be1d7142fabad440365d15f:1554112916"
last-modified: Mon, 01 Apr 2019 10:01:56 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 228
cache-control: max-age=3600
expires: Sun, 04 Dec 2022 16:17:40 GMT
date: Sun, 04 Dec 2022 15:17:40 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js

23.38.200.237

200 OK

13 kB

URL HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (558)
Size
13 kB (12666 bytes)
Hash
fbdf335868cbf423af02de87750c1a45
8405d2f9b1b98d830e1b5bb2d8b9cf31460a9cc4
ddc30198d101ed4d7f85eb14fcc0331154807320fe2b2443b814bedc43c4ace4

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "18eab16a639a4773572307713440a929:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 04 Dec 2022 16:17:40 GMT
date: Sun, 04 Dec 2022 15:17:40 GMT
content-length: 12666
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2

cdn.optimizely.com/js/10682170820.js

2.18.172.152

200 OK

157 kB

URL HTTP/2
cdn.optimizely.com/js/10682170820.js
IP
2.18.172.152:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (65468)
Size
157 kB (157172 bytes)
Hash
9f28659d68e37340a034b3e470f005a3
3315e665c0a02d1e2510b621bc3f2b67d3525e2f
b1c830602d62327c97e68fffe8a9ac411e74ec52969009704b40353f0d3fd20c

HTTP Headers

GET /js/10682170820.js HTTP/1.1
Host: cdn.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: i9NY+MXWfN3aktUaRMpZ0LxplbV1IpacNgM87ckdEWRPDKUVGo+O58seYMXe6K9cVb/MqVV576o=
x-amz-request-id: WKQ9BG53RBKFBEB1
x-amz-replication-status: PENDING
last-modified: Sat, 03 Dec 2022 14:56:40 GMT
etag: "9f28659d68e37340a034b3e470f005a3"
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 470034
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: QI_NyISKakqzlmogHcoKUEKqZg4azszI
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
server: AmazonS3
content-length: 157172
vary: Accept-Encoding
cache-control: max-age=120
date: Sun, 04 Dec 2022 15:17:40 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="1";dur=0,cdnip;desc="2.18.172.152";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
access-control-max-age: 86400
access-control-expose-headers: x-amz-meta-revision
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

service.maxymiser.net/cdn/unibet/js/mmcore.js

104.110.7.230

404 Not Found

10 B

URL HTTP/2
service.maxymiser.net/cdn/unibet/js/mmcore.js
IP
104.110.7.230:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
10 B (10 bytes)
Hash
7605968e79d0ca095ab1231486d2b814
a007b420d19ceefa840f0373e050e3b51a4ab480
493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b

HTTP Headers

GET /cdn/unibet/js/mmcore.js HTTP/1.1
Host: service.maxymiser.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Sun, 04 Dec 2022 15:17:41 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e471e4415d227aa6441e48d6543b2f5d
5d31fde87a692fcde1747dfeec56d42caa2338e9
691eac9590299d938d2b2722a1a3ca784a1f2d7b49b2982f372c3becdcb631ca

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1923
Cache-Control: max-age=141678
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Etag: "638c3900-1d7"
Expires: Tue, 06 Dec 2022 06:38:59 GMT
Last-Modified: Sun, 04 Dec 2022 06:06:56 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

dpm.demdex.net/id?d_visid_ver=3.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1670167058532

34.251.90.149

200 OK

498 B

URL HTTP/1.1
dpm.demdex.net/id?d_visid_ver=3.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1670167058532
IP
34.251.90.149:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Size
498 B (498 bytes)
Hash
4646f1655a587b1a35a3b5df8eabc7d3
5208f70a2b12e7fa7330819c458b3197a17f05bf
cbc1006e81b8568cf8570877a770ec52c607d566f322252c385744034c7aedab

HTTP Headers

GET /id?d_visid_ver=3.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1670167058532 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-093556e0f.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=10865127923594887872335575816589493533; Max-Age=15552000; Expires=Fri, 02 Jun 2023 15:17:41 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: GbrUQDj5Tfs=
Content-Length: 498
Connection: keep-alive

service.maxymiser.net/cdn/unibet/js/mmcore.js

104.110.7.230

404 Not Found

10 B

URL HTTP/2
service.maxymiser.net/cdn/unibet/js/mmcore.js
IP
104.110.7.230:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
10 B (10 bytes)
Hash
7605968e79d0ca095ab1231486d2b814
a007b420d19ceefa840f0373e050e3b51a4ab480
493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b

HTTP Headers

GET /cdn/unibet/js/mmcore.js HTTP/1.1
Host: service.maxymiser.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 404 Not Found
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Sun, 04 Dec 2022 15:17:41 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js

23.38.200.237

200 OK

30 kB

URL HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (543)
Size
30 kB (29629 bytes)
Hash
d994c7b5e7b348492e630f9e201eed6c
927a06e00f5a9c23d2f9348c013cec4b459effac
7ca2a3f0bb133f07fb5c826b58e48089d90b0ce6e5ab0dce5de73550c5110d80

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "9c4992909a83d52617e9948d1d1c4141:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 29629
cache-control: max-age=3600
expires: Sun, 04 Dec 2022 16:17:41 GMT
date: Sun, 04 Dec 2022 15:17:41 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js

23.38.200.237

200 OK

1.2 kB

URL HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (502)
Size
1.2 kB (1199 bytes)
Hash
0fc50fe0077c2d091ca05aa91daba75f
6a05d944d25fe2dbf36c1fb33a5096bcb1ada25c
4b469a08c52c411065253103c02ea37609c225f2b4c7c3842d90d0c6caa694f3

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "5e8dc588959123c3ee5de9ac168d5c74:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1199
cache-control: max-age=3600
expires: Sun, 04 Dec 2022 16:17:41 GMT
date: Sun, 04 Dec 2022 15:17:41 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/background.jpg

104.18.25.188

200 OK

162 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/background.jpg
IP
104.18.25.188:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x800, components 3\012- data
Size
162 kB (161606 bytes)
Hash
aa279ee357b415f50a16127d5c1a7c4d
d1375a6cb87e60f31f609769044af9e6d47775cd
6aa6656d951b443674e2795a2174f6ba5fa711a0f2943830eab9f07cb1e1a809

HTTP Headers

GET /no/pop/casino/2022/background.jpg HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/styles.css
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19331%7CMCMID%7C10884245246937785682334953828362500230%7CMCAAMLH-1670771858%7C6%7CMCAAMB-1670771858%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670174258s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1670167058694r0.9806060578266829; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: image/jpeg
content-length: 161606
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
cf-bgj: h2pri
content-md5: qiee41e0FfUKFhJ9XBp8TQ==
etag: "0x8DAD20EA4B90CD2"
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5e1e980c-701e-001b-01f7-032c01000000
x-ms-version: 2014-02-14
cf-cache-status: HIT
age: 438065
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a47e8ab517-OSL
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-ThinWeb.woff

104.18.25.188

200 OK

50 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-ThinWeb.woff
IP
104.18.25.188:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 49636, version 3.6\012- data
Size
50 kB (49636 bytes)
Hash
37ba84aebad11c2e0acd496eedb0bb76
42942446e1cfab8d0eaf7d23899203b2b2b64fe7
2d7cc2c9c9fef717010fcfa8fa6518079eaec1e63975a74b4fb78afb14d6ee5e

HTTP Headers

GET /no/pop/casino/2022/BlenderPro-ThinWeb.woff HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/styles.css
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19331%7CMCMID%7C10884245246937785682334953828362500230%7CMCAAMLH-1670771858%7C6%7CMCAAMB-1670771858%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670174258s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1670167058694r0.9806060578266829; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: application/font-woff
content-length: 49636
cache-control: public, max-age=900, immutable
content-md5: N7qErrrRHC4KzUlu7bC7dg==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4AE38F0"
x-ms-request-id: aeb213ea-701e-0034-5af7-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437981
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a47e99b517-OSL
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-MediumWeb.woff

104.18.25.188

200 OK

49 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-MediumWeb.woff
IP
104.18.25.188:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 48766, version 3.6\012- data
Size
49 kB (48766 bytes)
Hash
f62793caeb7e5b111d7508b00c0826c2
d003c52a07685156de00186014c777b7dde81573
bac888a26184354a6038eb4ba3d87fdc3315c6e7fe0c19ec7cd1737f1720fc5a

HTTP Headers

GET /no/pop/casino/2022/BlenderPro-MediumWeb.woff HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/styles.css
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19331%7CMCMID%7C10884245246937785682334953828362500230%7CMCAAMLH-1670771858%7C6%7CMCAAMB-1670771858%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670174258s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1670167058694r0.9806060578266829; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: application/font-woff
content-length: 48766
cache-control: public, max-age=900, immutable
content-md5: 9ieTyut+WxEddQiwDAgmwg==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: "0x8DAD20EA49C613A"
x-ms-request-id: d866c426-a01e-0018-6bf7-03cd65000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437981
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a47e9ab517-OSL
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
c553c0a8ab2b420ad3360281248ad3fb
07634c89c3334df80ea7d5f353585e07a766082c
f9ff3ebbfb7d15c9151e91e77efdbe06d4cb597c3e8d31cc16f56b8f2d204ec1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4150
Cache-Control: max-age=149325
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Etag: "638c4e2c-1d7"
Expires: Tue, 06 Dec 2022 08:46:26 GMT
Last-Modified: Sun, 04 Dec 2022 07:37:16 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 330227
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=10884245246937785682334953828362500230&ts=1670167058777

15.188.95.229

200 OK

2 B

URL HTTP/2
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=10884245246937785682334953828362500230&ts=1670167058777
IP
15.188.95.229:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

GET /id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=10884245246937785682334953828362500230&ts=1670167058777 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://welcome.mariacasino.nu
access-control-allow-credentials: true
date: Sun, 04 Dec 2022 15:17:41 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:56 GMT
expires: Thu, 30 Nov 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 330225
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 330206
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC

142.250.74.40

200 OK

81 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (62112)
Size
81 kB (80802 bytes)
Hash
b824c54d9d6b4ad00eb71a808e806994
9ae751d3fcfbbe43e033a0567d7fe63653915a50
7107779460335c5f4a653d0557d9fd580c73065e4613d840fc12f93ce8f3f0d9

HTTP Headers

GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Dec 2022 15:17:41 GMT
expires: Sun, 04 Dec 2022 15:17:41 GMT
cache-control: private, max-age=900
last-modified: Sun, 04 Dec 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 80802
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
71603bd1d94bcd618ae379faa78b0202
db9d93670ddd32ec66940ccef4e0cc53c0ddde78
855ae3a14e17b4c4a151b644e1bc9bd01a5adfc1a92487c2882897a6018b3da6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5988
Cache-Control: max-age=160118
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Etag: "638c7127-117"
Expires: Tue, 06 Dec 2022 11:46:19 GMT
Last-Modified: Sun, 04 Dec 2022 10:06:31 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

a10682170820.cdn.optimizely.com/client_storage/a10682170820.html

104.110.8.48

200 OK

1.0 kB

URL HTTP/2
a10682170820.cdn.optimizely.com/client_storage/a10682170820.html
IP
104.110.8.48:0
ASN
#16625 AKAMAI-AS

File type
HTML document, ASCII text, with very long lines (1934)
Size
1.0 kB (1029 bytes)
Hash
a023a314b1991cc1a88674e2a8ed8502
fd6475fdba0c9d0ee0110972fdf7e88958cf925c
d3d04450c7f7c0f0aee8f24a25ffae0e219995067f5ecadce88680af06358a64

HTTP Headers

GET /client_storage/a10682170820.html HTTP/1.1
Host: a10682170820.cdn.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: tbT4naf6AzXnSVUsnWK5op8eWQxqVCEiW06s3d7Zzj8BugQWldvfbF6IH6Zv53JwHLd2/Akzx8o=
x-amz-request-id: X7AHX6K9WCW1SE5F
x-amz-replication-status: PENDING
last-modified: Sat, 03 Dec 2022 14:56:05 GMT
etag: "a023a314b1991cc1a88674e2a8ed8502"
x-amz-server-side-encryption: AES256
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: JF.WKgHW2RoJAyf6LN1zyNW5_HzWW7MT
accept-ranges: bytes
content-type: text/html; charset=utf-8
server: AmazonS3
content-length: 1029
vary: Accept-Encoding
cache-control: max-age=120
date: Sun, 04 Dec 2022 15:17:41 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="2";dur=0,cdnip;desc="104.110.8.48";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.mariacasino.nu.json?t=1

104.19.147.8

200 OK

2.4 kB

URL HTTP/2
script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.mariacasino.nu.json?t=1
IP
104.19.147.8:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with very long lines (22367), with no line terminators
Size
2.4 kB (2350 bytes)
Hash
e9ec56e07ecc8b05ee311bc8b7787ae0
d3c9452775c745d91d937152d9c2367750885792
a5589785e4d68c4ea83552ab9dd5ad093fa5cf055e05cbf147723bdeb5681b67

HTTP Headers

GET /pages/data-scripts/0012/9242/site/welcome.mariacasino.nu.json?t=1 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: application/json
content-length: 2350
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Sun, 04 Dec 2022 11:06:53 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 15048
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a63f790b02-OSL
X-Firefox-Spdy: h2

unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s51694340332328?AQB=1&ndh=1&pf=1&t=4%2F11%2F2022%2015%3A17%3A39%200%200&mid=10884245246937785682334953828362500230&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26bid%3D37953%26campaignId%3D2397257%26pid%3D68593099&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26bid%3D37953%26campaignId%3D2397257%26pid%3D68593099&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=3%3A17%20PM%7CSunday&v6=3%3A17%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1670167059&v21=Not%20Logged-In&c73=maria&c74=10884245246937785682334953828362500230&v99=10884245246937785682334953828362500230&v120=popunder&v121=1%3A81750185%3A68593099-37953&v122=NONE&v124=2397257&v125=81750185_4557F843A16A4B26B7BFA736FA23A444&v126=68593099&v127=37953&v134=1670167059&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1

15.188.95.229

200 OK

43 B

URL HTTP/2
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s51694340332328?AQB=1&ndh=1&pf=1&t=4%2F11%2F2022%2015%3A17%3A39%200%200&mid=10884245246937785682334953828362500230&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26bid%3D37953%26campaignId%3D2397257%26pid%3D68593099&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26bid%3D37953%26campaignId%3D2397257%26pid%3D68593099&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=3%3A17%20PM%7CSunday&v6=3%3A17%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1670167059&v21=Not%20Logged-In&c73=maria&c74=10884245246937785682334953828362500230&v99=10884245246937785682334953828362500230&v120=popunder&v121=1%3A81750185%3A68593099-37953&v122=NONE&v124=2397257&v125=81750185_4557F843A16A4B26B7BFA736FA23A444&v126=68593099&v127=37953&v134=1670167059&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP
15.188.95.229:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 2 x 2\012- data
Size
43 B (43 bytes)
Hash
ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

HTTP Headers

GET /b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s51694340332328?AQB=1&ndh=1&pf=1&t=4%2F11%2F2022%2015%3A17%3A39%200%200&mid=10884245246937785682334953828362500230&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26bid%3D37953%26campaignId%3D2397257%26pid%3D68593099&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26bid%3D37953%26campaignId%3D2397257%26pid%3D68593099&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=3%3A17%20PM%7CSunday&v6=3%3A17%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1670167059&v21=Not%20Logged-In&c73=maria&c74=10884245246937785682334953828362500230&v99=10884245246937785682334953828362500230&v120=popunder&v121=1%3A81750185%3A68593099-37953&v122=NONE&v124=2397257&v125=81750185_4557F843A16A4B26B7BFA736FA23A444&v126=68593099&v127=37953&v134=1670167059&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
date: Sun, 04 Dec 2022 15:17:41 GMT
expires: Sat, 03 Dec 2022 15:17:41 GMT
last-modified: Mon, 05 Dec 2022 15:17:41 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3586656454056411136-4619386632317679598
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.156

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.156:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
f7e6c18ac741ce0a40cad7986443bc91
6c39775555f8645529b1654b4fa1f5076a87934d
9826753d2448b7f4e720e6bea0bce61078953fe8eba169d7f66a92582a7918cc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=170086
Date: Sun, 04 Dec 2022 15:17:41 GMT
Etag: "638ca81f-1d7"
Expires: Tue, 06 Dec 2022 14:32:27 GMT
Last-Modified: Sun, 04 Dec 2022 14:01:03 GMT
Server: ECS (bsa/EB1D)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: UshfpQH1ArxajKGSX78_R7TL_S4fds2XKPBPVlIYwDSRAYc0-ovSEA==
Age: 1884

script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js

104.19.147.8

200 OK

27 kB

URL HTTP/2
script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js
IP
104.19.147.8:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text, with very long lines (63889)
Size
27 kB (26836 bytes)
Hash
40a61971f3342753b240df82579098d2
75a44689092cd59612c3c77f4c3f353f5898c4b9
c53652de8d763aa53a2226f899e6c57434675b324a4e22b91bea1f217e99504a

HTTP Headers

GET /pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: text/javascript
content-length: 26836
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
last-modified: Fri, 18 Nov 2022 16:53:01 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 769966
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a6ba5f0afe-OSL
X-Firefox-Spdy: h2

unibet.demdex.net/dest5.html?d_nsid=0

3.248.39.194

200 OK

2.8 kB

URL HTTP/1.1
unibet.demdex.net/dest5.html?d_nsid=0
IP
3.248.39.194:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size
2.8 kB (2791 bytes)
Hash
ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12

HTTP Headers

GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sun, 4 Dec 2022 15:17:41 GMT
DCS: dcs-prod-irl1-2-v045-0e1f48b6d.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 13:34:31 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: WZUGSB36T+8=
Content-Length: 2791
Connection: keep-alive

cm.everesttech.net/cm/dd?d_uuid=10865127923594887872335575816589493533

99.80.65.0

302

0 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=10865127923594887872335575816589493533
IP
99.80.65.0:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cm/dd?d_uuid=10865127923594887872335575816589493533 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 
Date: Sun, 04 Dec 2022 15:17:41 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4y6FQAAADkRfAMx; Domain=.everesttech.net; Expires=Mon, 04-Dec-2023 15:17:41 GMT; Path=/
everest_session_v2=Y4y6FQAAADkRfQMx; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4y6FQAAADkRfAMx
Server: AMO-cookiemap/1.1

script.crazyegg.com/pages/data-scripts/0012/9242/sampling/welcome.mariacasino.nu.json?t=463935

104.19.147.8

200 OK

415 B

URL HTTP/2
script.crazyegg.com/pages/data-scripts/0012/9242/sampling/welcome.mariacasino.nu.json?t=463935
IP
104.19.147.8:0
ASN
#13335 CLOUDFLARENET

File type
JSON data\012- , ASCII text, with very long lines (1550), with no line terminators
Size
415 B (415 bytes)
Hash
cf97bbe8a907ba374a88ce4bbd0218c1
f1ee33ed8c1028440683becb8868e3636a40a545
a03f3935e5ca78c04ac086ec2e7f2b3f282f738056221c67e3a7485dbbb2ab07

HTTP Headers

GET /pages/data-scripts/0012/9242/sampling/welcome.mariacasino.nu.json?t=463935 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: application/json
content-length: 415
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Sun, 04 Dec 2022 11:06:53 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 15048
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a7183d0b02-OSL
X-Firefox-Spdy: h2

tapi.optimizely.com/api/targeting/10682170820/11101493565/oeu1670167058694r0.9806060578266829

95.100.12.199

200 OK

2.5 kB

URL HTTP/1.1
tapi.optimizely.com/api/targeting/10682170820/11101493565/oeu1670167058694r0.9806060578266829
IP
95.100.12.199:0
ASN
#16625 AKAMAI-AS

File type
JSON data\012- , ASCII text, with very long lines (26267), with no line terminators
Size
2.5 kB (2488 bytes)
Hash
a398ef84190dd60a71389ae3e22743ca
b72f9d47fc6b63983898f59bcae72afa754ea1bf
6789e6d1cd959a89cd878fc0de401e69dbbafbf117ffc2683bfe5755878cd926

HTTP Headers

GET /api/targeting/10682170820/11101493565/oeu1670167058694r0.9806060578266829 HTTP/1.1
Host: tapi.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Server: nginx/1.15.12
X-Powered-By: Express
Content-Encoding: gzip
Cache-Control: max-age=1200
Date: Sun, 04 Dec 2022 15:17:41 GMT
Content-Length: 2488
Connection: keep-alive
Vary: Origin
Access-Control-Allow-Origin: https://welcome.mariacasino.nu

dpm.demdex.net/ibs:dpid=411&dpuuid=Y4y6FQAAADkRfAMx

34.251.90.149

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y4y6FQAAADkRfAMx
IP
34.251.90.149:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ibs:dpid=411&dpuuid=Y4y6FQAAADkRfAMx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.mariacasino.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-0a2056b15.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4y6FQAAADkRfAMx
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=51086064177209866270160965722098122881; Max-Age=15552000; Expires=Fri, 02 Jun 2023 15:17:41 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: CZ0YsVmOQx0=
Content-Length: 0
Connection: keep-alive

dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4y6FQAAADkRfAMx

34.251.90.149

200 OK

59 B

URL HTTP/1.1
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4y6FQAAADkRfAMx
IP
34.251.90.149:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
59 B (59 bytes)
Hash
1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13

HTTP Headers

GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4y6FQAAADkRfAMx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.mariacasino.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-0ced04f65.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: QisTwre/SXk=
Content-Length: 59
Connection: keep-alive

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js

23.38.200.237

200 OK

1.4 kB

URL HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
1.4 kB (1388 bytes)
Hash
ab8cdc21adb95a3014aae857022fdce6
c90f3f115de66b8809a88a667225fa5746ca3dfa
2e3db22559903bd6ba695a18b440ff7eeb0a645dc4ab9257c3605f22d144ca51

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "6444bceb1b767bea75b4f47d793f7b05:1554112917"
last-modified: Mon, 01 Apr 2019 10:01:57 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1388
cache-control: max-age=3600
expires: Sun, 04 Dec 2022 16:17:41 GMT
date: Sun, 04 Dec 2022 15:17:41 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2

unibet.demdex.net/event?_ts=1670167059394

3.248.39.194

200 OK

28 B

URL HTTP/1.1
unibet.demdex.net/event?_ts=1670167059394
IP
3.248.39.194:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
28 B (28 bytes)
Hash
e5bd7bffaebc3b6f39a51600d7d98448
3126b0beaa77359162cadfebc3ae83b4cf5d04f8
3f4e5ede55abc3d3c77d99cdc5019ccfaf8107ac33328b1e4d3b022cb10b15d8

HTTP Headers

POST /event?_ts=1670167059394 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 63
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-02fc48b13.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=49265289935435375282316025095545806944; Max-Age=15552000; Expires=Fri, 02 Jun 2023 15:17:42 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: 0QZm5NVdTkE=
Content-Length: 28
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

143.204.42.156

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.156:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
b6a600af72b661c90aa7507d1614b577
94b7673ee0af609a0be5de6bbccf9598b2a298ea
da9853340ea24c7a33cd64337c23850e23c86843f70509a6f49d80432b4ed8e1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135310
Date: Sun, 04 Dec 2022 15:17:42 GMT
Etag: "638c1fba-1d7"
Expires: Tue, 06 Dec 2022 04:52:52 GMT
Last-Modified: Sun, 04 Dec 2022 04:19:06 GMT
Server: ECS (nyb/1D32)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vZuVdWdIwAOQfhMs3hS5XiksH95CIgDjmvXhZRgtLoi9kHVvHx4SEQ==
Age: 2026

ocsp.sca1b.amazontrust.com/

143.204.42.156

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.156:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
b6a600af72b661c90aa7507d1614b577
94b7673ee0af609a0be5de6bbccf9598b2a298ea
da9853340ea24c7a33cd64337c23850e23c86843f70509a6f49d80432b4ed8e1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135292
Date: Sun, 04 Dec 2022 15:17:42 GMT
Etag: "638c1fba-1d7"
Expires: Tue, 06 Dec 2022 04:52:34 GMT
Last-Modified: Sun, 04 Dec 2022 04:19:06 GMT
Server: ECS (nyb/1D04)
X-Cache: Miss from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GjoEh0qXObVlG8mQB56VRrcVgrQl4hUeE5npw8ehJ2da2sj--mNJ3A==
Age: 2008

ocsp.sca1b.amazontrust.com/

143.204.42.156

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.156:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
b6a600af72b661c90aa7507d1614b577
94b7673ee0af609a0be5de6bbccf9598b2a298ea
da9853340ea24c7a33cd64337c23850e23c86843f70509a6f49d80432b4ed8e1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135543
Date: Sun, 04 Dec 2022 15:17:42 GMT
Etag: "638c1fba-1d7"
Expires: Tue, 06 Dec 2022 04:56:45 GMT
Last-Modified: Sun, 04 Dec 2022 04:19:06 GMT
Server: ECS (nyb/1D2B)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: BygM7yh8iDbcaUidQndbslSjlsS2KKt06P5eax-rACHcz5v2xcbhIA==
Age: 2259

ocsp.sca1b.amazontrust.com/

143.204.42.156

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.156:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
b6a600af72b661c90aa7507d1614b577
94b7673ee0af609a0be5de6bbccf9598b2a298ea
da9853340ea24c7a33cd64337c23850e23c86843f70509a6f49d80432b4ed8e1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135317
Date: Sun, 04 Dec 2022 15:17:42 GMT
Etag: "638c1fba-1d7"
Expires: Tue, 06 Dec 2022 04:52:59 GMT
Last-Modified: Sun, 04 Dec 2022 04:19:06 GMT
Server: ECS (nyb/1D33)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bIKiit8GpNaL0PeXrhVzyr1ONIK1uWg5pAIiEtit7JyyswlpmqnhUw==
Age: 2033

ocsp.sca1b.amazontrust.com/

143.204.42.156

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.156:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
b6a600af72b661c90aa7507d1614b577
94b7673ee0af609a0be5de6bbccf9598b2a298ea
da9853340ea24c7a33cd64337c23850e23c86843f70509a6f49d80432b4ed8e1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135301
Date: Sun, 04 Dec 2022 15:17:42 GMT
Etag: "638c1fba-1d7"
Expires: Tue, 06 Dec 2022 04:52:43 GMT
Last-Modified: Sun, 04 Dec 2022 04:19:06 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: pdQJZob6b8oru1nWUsg0m0vz8LL1B3-r93ZhwaSq9FRDIHioBuJM1Q==
Age: 2017

errors.client.optimizely.com/log

54.85.30.47

200 OK

13 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

HTTP Headers

OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

200 OK

13 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

HTTP Headers

OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

200 OK

13 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

HTTP Headers

OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

200 OK

13 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

HTTP Headers

OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

200 OK

13 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

HTTP Headers

OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

200 OK

13 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

HTTP Headers

OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

200 OK

13 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

HTTP Headers

OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

204 No Content

0 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: 
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

204 No Content

0 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: 
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

204 No Content

0 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: 
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

204 No Content

0 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: 
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

204 No Content

0 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 435
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: 
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

204 No Content

0 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 480
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: 
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

200 OK

13 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

HTTP Headers

OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

204 No Content

0 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: 
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

200 OK

13 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

HTTP Headers

OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

200 OK

13 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

HTTP Headers

OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

200 OK

13 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

HTTP Headers

OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

143.204.42.156

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.156:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
f66542146711d899471a22aeccb1c5b4
7c999e013eb4fd912ef072c15756af4d8f40211e
9502a64dfd9f4d06cbb095cff6001f27e30986fd0cbb0f52d0bead85f4cdfe94

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=145752
Date: Sun, 04 Dec 2022 15:17:42 GMT
Etag: "638c4896-1d7"
Expires: Tue, 06 Dec 2022 07:46:54 GMT
Last-Modified: Sun, 04 Dec 2022 07:13:26 GMT
Server: ECS (nyb/1D0B)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: u0eHmgtwTomZy2-hJjoqOJFBqrq1IvmiDc0qhudzzxnXBpff-2Fpxg==
Age: 2008

errors.client.optimizely.com/log

54.85.30.47

200 OK

13 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

HTTP Headers

OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

204 No Content

0 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 422
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: 
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

204 No Content

0 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: 
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

204 No Content

0 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: 
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

204 No Content

0 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: 
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive

logx.optimizely.com/v1/events

52.22.248.237

204 No Content

0 B

URL HTTP/1.1
logx.optimizely.com/v1/events
IP
52.22.248.237:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /v1/events HTTP/1.1
Host: logx.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 740
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: X-Results-Data-Source
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Server: nginx/1.21.0
Timing-Allow-Origin: *
X-Request-Id: abfdc87a-0969-494f-b8bf-56002f5bd4a6
Connection: keep-alive

errors.client.optimizely.com/log

54.85.30.47

204 No Content

0 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
54.85.30.47:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 439
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: 
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive

fonts.googleapis.com/css?family=Roboto:300,400,500,700,900

142.250.74.74

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500,700,900
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:300,400,500,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Dec 2022 15:17:40 GMT
date: Sun, 04 Dec 2022 15:17:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic

142.250.74.74

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic
IP
142.250.74.74:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Lato:300,400,700,300italic,400italic,700italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Dec 2022 15:17:36 GMT
date: Sun, 04 Dec 2022 15:17:36 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

a1s.unibet.com/orval/tracking/lastclick.min.js

85.184.96.5

200 OK

0 B

URL HTTP/2
a1s.unibet.com/orval/tracking/lastclick.min.js
IP
85.184.96.5:0
ASN
#47171 Unibet Services Limited

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp

31.13.72.36

200 OK

0 B

URL HTTP/2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP
31.13.72.36:0
ASN
#32934 FACEBOOK

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: Y4/5dtInM7ytJCtvkKf1dj99Eq8fuy27NLVz7Otk63n05X5vjBGA0LTC14pGrE5QpO3etS+7KJ2gQRxT7ibLUA==
date: Sun, 04 Dec 2022 15:17:37 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/maria-logo.svg

104.18.25.188

200 OK

0 B

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/maria-logo.svg
IP
104.18.25.188:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /no/pop/casino/2022/maria-logo.svg HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: A/evXSZJMSEi63VEXU58wA==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: W/"0x8DAD20EA476B63E"
x-ms-request-id: 5a1280b9-401e-0062-10f7-03d025000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437983
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a17ab8b517-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/main.js

104.18.25.188

200 OK

0 B

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/main.js
IP
104.18.25.188:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /no/pop/casino/2022/main.js HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: HUKMSjGdEVR6I7ylcruk3g==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: W/"0x8DAD20EA4F7BA6F"
x-ms-request-id: 5a127d26-401e-0062-37f7-03d025000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437984
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a17ab2b517-OSL
content-encoding: br
X-Firefox-Spdy: h2

script.crazyegg.com/pages/scripts/0012/9242.js?463935

104.19.147.8

200 OK

0 B

URL HTTP/2
script.crazyegg.com/pages/scripts/0012/9242.js?463935
IP
104.19.147.8:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /pages/scripts/0012/9242.js?463935 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Sun, 04 Dec 2022 11:06:50 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 15050
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a5c9a10afe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js

104.18.11.207

200 OK

0 B

URL HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bootstrap/3.3.4/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:36 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:03:58 GMT
cdn-cachedat: 2021-06-08 21:21:50
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: f1a63d5f30f27f962c892e22b614a26b
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 15611245
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 774582869efa1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

pogothere.xyz/asd100.bin

172.64.172.27

200 OK

0 B

URL HTTP/2
pogothere.xyz/asd100.bin
IP
172.64.172.27:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://get.myboek.xyz/
Origin: http://get.myboek.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:37 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://get.myboek.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3375
last-modified: Sun, 04 Dec 2022 14:21:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3gtuussUHIhmiOdUYozKXQDYBhcaXmkzetNf7njLVyS0Kr0PQ2UJI3SOoiYpDRy1ZyJkwn8ImoqLySiQ64dXGr5WDDGo0TYntIHECWHQuTq%2Fsaxy3vgyLWTo%2B1lD3RIy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7745828ceff976c3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/no-payments.svg

104.18.25.188

200 OK

0 B

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/no-payments.svg
IP
104.18.25.188:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /no/pop/casino/2022/no-payments.svg HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19331%7CMCMID%7C10884245246937785682334953828362500230%7CMCAAMLH-1670771858%7C6%7CMCAAMB-1670771858%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670174258s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1670167058694r0.9806060578266829; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: W/"0x8DAD20EA5185D10"
x-ms-request-id: 6aee9ace-401e-005d-3bf7-031886000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437983
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a4aef7b517-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/favicon.ico

104.18.25.188

200 OK

0 B

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/favicon.ico
IP
104.18.25.188:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /no/pop/casino/2022/favicon.ico HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19331%7CMCMID%7C10884245246937785682334953828362500230%7CMCAAMLH-1670771858%7C6%7CMCAAMB-1670771858%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670174258s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1670167058694r0.9806060578266829; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: image/x-icon
cache-control: public, max-age=900, immutable
content-md5: dUZ66nye8JES1X2nEnkvHA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: W/"0x8DAD20EA4D12531"
x-ms-request-id: 1b22010b-f01e-0058-65f7-03ca5d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437983
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a59839b517-OSL
content-encoding: br
X-Firefox-Spdy: h2

maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css

104.18.11.207

200 OK

0 B

URL HTTP/2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP
104.18.11.207:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:36 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 2021-04-23 06:29:02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 6a91d2c867066733b6d92a7a528c5c2e
cdn-cache: HIT
cf-cache-status: HIT
age: 18277393
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 774582867ee71bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/styles.css

104.18.25.188

200 OK

0 B

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/styles.css
IP
104.18.25.188:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /no/pop/casino/2022/styles.css HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: nHGY+uZf3VZaIBaHkSPKCQ==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: W/"0x8DAD20EA45DDAAB"
x-ms-request-id: 4ad10bc9-001e-002e-3ef7-034015000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437984
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a17ab0b517-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.mariacasino.nu/custom.js

104.18.25.188

200 OK

0 B

URL HTTP/2
welcome.mariacasino.nu/custom.js
IP
104.18.25.188:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /custom.js HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: application/javascript
content-md5: AaOIILzruhXFCZo/dsUAMw==
last-modified: Tue, 31 May 2022 08:03:43 GMT
etag: W/"0x8DA42DC14A64A3D"
x-ms-request-id: 56b93167-801e-0020-39f6-0369a5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 438587
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a17ab5b517-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (63)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations