r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash cfec3d7283a9b66d2be426ce54d210f3
808c1feb1ba918951d1928c1f6bfc0c253262774
1bad6c06aa3e88dcbc125fc98a6cb753eb2b18d2c8dd61da21d12209aeeda3f9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1BAD6C06AA3E88DCBC125FC98A6CB753EB2B18D2C8DD61DA21D12209AEEDA3F9"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9067
Expires: Sun, 04 Dec 2022 17:48:43 GMT
Date: Sun, 04 Dec 2022 15:17:36 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fb2c0697c6d9a96a5411dd2952947458
79e57f831ec396bbdaa5bfe9472a05e6c9fb31f4
3fd7edcc349ab4402f62e54a142be6b4cecf0e7ee3f431d3168bdf0643ba4d92
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2135
Cache-Control: max-age=157756
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Etag: "638c76f5-1d7"
Expires: Tue, 06 Dec 2022 11:06:52 GMT
Last-Modified: Sun, 04 Dec 2022 10:31:17 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Retry-After, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 04 Dec 2022 14:20:07 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3449
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1ea206ac3c440825741687351f8c6e4e
2f38dafd8c43dcce2411a0590bc5c02cd6286735
7d7232c8c91bcd18161ba2c9d23e3bff159604e058bd5b3fc1c7fcbcd03a7ee3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D7232C8C91BCD18161BA2C9D23E3BFF159604E058BD5B3FC1C7FCBCD03A7EE3"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16574
Expires: Sun, 04 Dec 2022 19:53:50 GMT
Date: Sun, 04 Dec 2022 15:17:36 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: 8JW6yjr6w7EqSZnzIumjVC4VZTIVgcUYPbYlLft1UqmWrk3ON1QIGd7LHEp+ZcTkn3WPtyvVioY=
x-amz-request-id: 93A8CMT9F9XJ0BZD
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 04 Dec 2022 14:47:35 GMT
age: 1801
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html
104.21.0.207200 OK 9.4 kB URL HTTP/1.1 get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html
IP 104.21.0.207:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (815), with LF, NEL line terminators
Hash 7caf83f9225c54794b3f8eac140601ce
53dca43c7e1ee7a9fe422eb32967ced458a3e011
aa96754e5d00f35b3e068d2db098c689bfd6f671921675654f3e9ff49205775e
GET /downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Se2X2mQiYRSgEvxblyUh0vg9JTJ7VkCE5F8O0RcFrR9qhwLt3EhNGmeAl6LrpPszaTXzEldo1wXg8H9eJa8o9DdXlgNp5gehx%2BBacb2GDaKRpOkA%2FpjifbzWHckszS04%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 77458282dc62b509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 04 Dec 2022 15:17:36 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
get.myboek.xyz/css/landing-page.css
104.21.0.207200 OK 1.2 kB URL HTTP/1.1 get.myboek.xyz/css/landing-page.css
IP 104.21.0.207:0
Hash c7c8e332c3a5c99ab0da78a8e7236657
cb5faccb4ec48149f4b46f1629f4bb13f6ccb5b0
d5e09c8dcb317727fe87f31b06eabc9c457445651c85683bb62cad7687528dba
GET /css/landing-page.css HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 16 Apr 2022 21:28:44 GMT
ETag: W/"e6e00d5-fa9-5dccc363b23ba"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4068
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5YO45wfXii%2By19tARMjezwvgk1jnOU%2B1sdRlcQ5WAkZoYiLMYec6cYDzrBlzG8iKpHqexjwm%2BgnU6I43c9WyYSQUeo8TMa6HeZ01063nBQii9pPh21A7u1tWVMP%2FF7HfbA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77458285e87bb509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
get.myboek.xyz/js/jquery.js
104.21.0.207200 OK 30 kB URL HTTP/1.1 get.myboek.xyz/js/jquery.js
IP 104.21.0.207:0
File type ASCII text, with very long lines (32061)
Hash d43d9c8994e689c2c8fe87bee9468063
9323698f5f833b26bff48f546039e78ed8cd9d2a
f83ea4825e5f029508df880f483dd8f795681d4aa1ccc4bce5d1ad521ef40461
GET /js/jquery.js HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 16 Apr 2022 21:28:45 GMT
ETag: W/"e6e041f-14915-5dccc363f4652"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4066
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uOF1tNSqYCKvBBUsmgL0QWRGSjUlFmlxXE4IYtPvMyInjcSa3YWuOcE%2BawvMITYJhjoE6BvxgiTLGnZMyCW1nTcDHTxPiKvD2RNrYMapyTPnBQSmq5C%2B%2FRXvD9XC%2Fd4klw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774582860899b509-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
get.myboek.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.21.0.207200 OK 655 B URL HTTP/1.1 get.myboek.xyz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.21.0.207:0
File type HTML document, ASCII text, with very long lines (1238)
Hash bc3ba461c8a309acf61b6d9c41cb6236
88482306ecc9258d5e9cbb9ba5314dab223a5db4
31331f1b1519882d2f2fb60367708fd56a7a1ec0bddd0554c635547179c7dc8f
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 30 Nov 2022 18:31:41 GMT
ETag: W/"6387a18d-4d7"
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PbJxw7fyknowKfbyLrXcY8jBKexioogEo3eusV%2B758arxwOMkfV7LJuyB7sjMi1mWH47F1Av5HFBXiZ8uSo6d8npOcB0xXoiFVCsVHCl6bOQQKkkea1KQeoNBJC5j3mI9g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774582860fafb50b-OSL
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Expires: Tue, 06 Dec 2022 15:17:36 GMT
Cache-Control: max-age=172800, public
Content-Encoding: gzip
get.myboek.xyz/js/callme.js
104.21.0.207200 OK 39 kB URL HTTP/1.1 get.myboek.xyz/js/callme.js
IP 104.21.0.207:0
File type HTML document, ASCII text, with very long lines (843)
Hash 2b2ac76acffca45dd09a840cf3303f57
ee3abeb1593602a0f21caada1cdb184c9456aab2
2b824cfe7a065fce89040d61ad623def5f8e73fa848cdf8a4fe272ea407cdbaf
GET /js/callme.js HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 16 Apr 2022 21:28:45 GMT
ETag: W/"e6e041b-256bb-5dccc363f1b5a"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4066
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q4gDciVG%2FDOH05bMEYbGoGxRFv%2BuY3%2F9gNHdN8e9RO8BDCzPFNxWwrMhGxQ%2Fkgpa319%2Bq7Bj7KBIzpAQMBqdVRp7e%2FU%2FlfCJzOCbjLgAlmF%2Fw7AjT09GADNrR8kGq96EdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774582861c960b41-OSL
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1a56736cf1f02c2242946ca0170c2c3a
a47ca5cfc4667a1466875542da0de22f64862f86
0fdd7486e01858e490d7c08343c7a861c5fe856fc0debc08df0541ccc89f80b1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1971
Cache-Control: max-age=145001
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Etag: "638c45c6-118"
Expires: Tue, 06 Dec 2022 07:34:17 GMT
Last-Modified: Sun, 04 Dec 2022 07:01:26 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1a56736cf1f02c2242946ca0170c2c3a
a47ca5cfc4667a1466875542da0de22f64862f86
0fdd7486e01858e490d7c08343c7a861c5fe856fc0debc08df0541ccc89f80b1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1971
Cache-Control: max-age=145001
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Etag: "638c45c6-118"
Expires: Tue, 06 Dec 2022 07:34:17 GMT
Last-Modified: Sun, 04 Dec 2022 07:01:26 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
104.17.24.14200 OK 5.6 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.17.24.14:0
File type ASCII text, with very long lines (30837)
Hash 109d1ed85cd01f9cdab73a4cac5bf80d
d6c6498ad46de2d8e2008a8ff68e364ae7f16b32
8b3a74fe462f5b3c0635995fd721a60eb640e237680b0b532b96711f2823e8bc
GET /ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:36 GMT
content-type: text/css; charset=utf-8
content-length: 5631
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e5f-7918"
last-modified: Mon, 04 May 2020 16:10:07 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 408244
expires: Fri, 24 Nov 2023 15:17:36 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l0MCQn67Q01T6DqBIlQTks6ZieifkQfz164xDtIm4U4J6sUSJ2mW9a97HSthn%2FTFzWK603f9jsc2Tf1SxiaCrZgczSeaNBaytK7gM05SxlhQYRO881BqO6nUrYKN7QUXgbYiILyA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 774582866c8f0b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1a316e781745b26419024bb9e52f9950
55028725d16f8af1a7375ddf8480f5ecb21fc686
a534d37407feeffbce1afe59436190c9897bbf124ff2c3a4c29075862051721b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1076
Cache-Control: max-age=92622
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Etag: "638b7caa-1d7"
Expires: Mon, 05 Dec 2022 17:01:18 GMT
Last-Modified: Sat, 03 Dec 2022 16:43:22 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
216.58.207.234200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
IP 216.58.207.234:0
File type ASCII text, with very long lines (32180)
Hash f16500423cc2867eff8b773df637c48f
1cd32d75b59a89c3a70274e383151a61ce0594f4
6ca5dc8ad67639c69117ace46c93703cf5fff82824cfc0bada0cf0fb3b2d41d7
GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29707
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 04 Dec 2022 07:58:22 GMT
expires: Mon, 04 Dec 2023 07:58:22 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 26354
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
get.myboek.xyz/img/disclaimer-old.png
104.21.0.207200 OK 4.9 kB URL HTTP/1.1 get.myboek.xyz/img/disclaimer-old.png
IP 104.21.0.207:0
File type PNG image data, 194 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 416fb822ead23141840f9485735a336c
74f45bbbd452f64b2e50ba5f6f81e039b37cd426
2055f554a9dc8085971c8d412f420e21b09f24d9229d770f4cf2b7fad79fc301
GET /img/disclaimer-old.png HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: image/png
Content-Length: 4851
Connection: keep-alive
Last-Modified: Sat, 16 Apr 2022 21:28:45 GMT
ETag: "e6e03ea-12f3-5dccc363ed8f2"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4066
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xPUhtvFv1zcR3Afqz94wc1Sd5Nylgv2JIg3m5ESCL3qJXwAb4wV6Qdhm1PG3xDXCHLnID3pN903i2sj%2BmGh1qbnCAAyhGRdTV5fwGXIwJ7AlEJEiDnC2gDB2H60Q60V9zw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774582870d8d0b41-OSL
alt-svc: h2=":443"; ma=60
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 1a56736cf1f02c2242946ca0170c2c3a
a47ca5cfc4667a1466875542da0de22f64862f86
0fdd7486e01858e490d7c08343c7a861c5fe856fc0debc08df0541ccc89f80b1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1971
Cache-Control: max-age=145001
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Etag: "638c45c6-118"
Expires: Tue, 06 Dec 2022 07:34:17 GMT
Last-Modified: Sun, 04 Dec 2022 07:01:26 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 280
is1-ssl.mzstatic.com/image/thumb/Publication113/v4/82/6a/eb/826aeb7a-ea6f-7bfe-14f9-03c61e7d6e62/9788852096105.jpg/300x300bb.jpg
23.38.200.24200 OK 24 kB URL HTTP/2 is1-ssl.mzstatic.com/image/thumb/Publication113/v4/82/6a/eb/826aeb7a-ea6f-7bfe-14f9-03c61e7d6e62/9788852096105.jpg/300x300bb.jpg
IP 23.38.200.24:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 180x300, components 3\012- data
Hash 91e8e6cff1ac5bd12fe0bd2a5a74d39e
516856787177b2cac00aa8b5db54c36e49462453
8c7c90bd7c757acaa747fea66d7a26551c35cf175ec68a26f04f2080a58c1b75
GET /image/thumb/Publication113/v4/82/6a/eb/826aeb7a-ea6f-7bfe-14f9-03c61e7d6e62/9788852096105.jpg/300x300bb.jpg HTTP/1.1
Host: is1-ssl.mzstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: daiquiri/3.0.0
content-type: image/jpeg
content-length: 24353
x-apple-jingle-correlation-key: 63LNRUEGBBXF2P6ARYAW34BOQI
x-apple-request-uuid: f6d6d8d0-8608-6e5d-3fc0-8e016df02e82
b3: f6d6d8d086086e5d3fc08e016df02e82-d77653521079653c
x-b3-traceid: f6d6d8d086086e5d3fc08e016df02e82
x-b3-spanid: d77653521079653c
apple-seq: 0.0
apple-tk: false
apple-originating-system: UnknownOriginatingSystem
last-modified: Tue, 18 Oct 2022 16:12:22 GMT
etag: "MSwxLjI4LTIySCxWZXJzaW9uIDEyLjEgKEJ1aWxkIDIxQzUyKSwxNjY2MTA5NTQyNTM3LGlzQnVpbGRWZXJzaW9uTm90U2V0LDcwNTEyLG5vRWZmZWN0"
access-control-allow-origin: *
access-control-expose-headers: Content-Length,Content-Type,ETag,Cache-Control,Expires,Last-Modified
timing-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains
x-daiquiri-instance: daiquiri:43624002:st44p00it-hyhk15014701:7987:22RELEASE148:daiquiri-amp-processing-shared-int-001-st
cdnuuid: 3f46d3e7-2e87-463d-bcb6-0d3e8d1b24fc-6977273895
cache-control: no-transform, max-age=15284881
date: Sun, 04 Dec 2022 15:17:36 GMT
x-cache: TCP_MISS from a23-36-79-6.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
x-cache-remote: TCP_MISS from a2-21-243-218.deploy.akamaitechnologies.com (AkamaiGHost/10.10.2-45048955) (-)
X-Firefox-Spdy: h2
get.myboek.xyz/img/reading.jpg
104.21.0.207200 OK 83 kB URL HTTP/1.1 get.myboek.xyz/img/reading.jpg
IP 104.21.0.207:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 960x638, components 3\012- data
Hash 65acc4fd8284fe45e4a3eeb978b8df3c
2bbe7c281e239514f6260c982417083885f7233f
4fc8d5719b839c0c0bc84be2068b650b3772b0270a72ee96f52a0f79e7f31fa1
GET /img/reading.jpg HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/css/landing-page.css
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: image/jpeg
Content-Length: 83234
Connection: keep-alive
Last-Modified: Sat, 16 Apr 2022 21:28:45 GMT
ETag: "e6e03ed-14522-5dccc363edcda"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4065
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P%2FJ9I1qAWo2dgG65w%2BGoKxf4%2Fgs99W8rShi%2Fji5sbjukKhl3QwRf42ye6Wpl1TWDxZQ3J5JHKCI4Qgw%2Bpy8zL53O6lmpBYCEDHfA5jE8WvrIW55AR5LBet5CK7Bu5hzF%2Bw%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 774582875dcb0b41-OSL
alt-svc: h2=":443"; ma=60
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
d26adrx9c3n0mq.cloudfront.net/?xrdad=939464
54.230.245.45200 OK 54 kB URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/?xrdad=939464
IP 54.230.245.45:0
File type Unicode text, UTF-8 text, with very long lines (15945)
Hash 7d0e896e093b6508b077236015110738
a45a4ca3a8c2849b0e08d4308e59d416817b9ac6
fea4c62ef88c808b54af4112170cd8bb52c13dff594dea0206215b0d9e3d1726
GET /?xrdad=939464 HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/
HTTP/1.1 200 OK
Content-Length: 54088
Connection: keep-alive
Date: Sun, 04 Dec 2022 15:17:36 GMT
access-control-allow-origin: *
Cache-Control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform
Content-Encoding: gzip
Pragma: no-cache
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 7j6S_6mJ6PWOKSaJAgWuRUd3IMLxVfquxJe31exJpXasxwFe4bR6TA==
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
142.250.74.35200 OK 23 kB URL HTTP/2 fonts.gstatic.com/s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 23040, version 1.0\012- data
Hash de69cf9e514df447d1b0bb16f49d2457
2ac78601179c3a63ba3f3f3081556b12ddcaf655
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
GET /s/lato/v23/S6u9w4BMUTPHh6UVSwiPGQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://get.myboek.xyz
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 23040
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 01 Dec 2022 12:29:22 GMT
expires: Fri, 01 Dec 2023 12:29:22 GMT
cache-control: public, max-age=31536000
age: 269294
last-modified: Tue, 26 Apr 2022 15:56:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.highperformancedisplayformat.com/13aa6aedbddbb1de073176615e26a748/invoke.js
173.233.137.36200 OK 9.8 kB URL HTTP/1.1 www.highperformancedisplayformat.com/13aa6aedbddbb1de073176615e26a748/invoke.js
IP 173.233.137.36:0
File type exported SGML document, ASCII text, with very long lines (26949), with no line terminators
Hash 2110d7153b493064cd1a9dfaef190af6
f947123d6536a9f49d4a00a34a8ef0eb4feff90f
e9fd21bec879b843e3c72324df2f02061f93eaf706947cfea215122edb367cf8
Analyzer Verdict Alert quad9 Sinkholed
GET /13aa6aedbddbb1de073176615e26a748/invoke.js HTTP/1.1
Host: www.highperformancedisplayformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 15:17:36 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4f1f6d1421de44e467c90dbd1cb9e330
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 04 Dec 2022 15:11:19 GMT
cache-control: public,max-age=3600
age: 377
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f54a71942ab5d7fdc54672cf84aa76db
e03db706ad371c93ddd3cc4a3e4c329777bb5f4b
87453ee6a206085c9b82594123a30bf59f7354733d19f21e388dea70768198c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 31b129c94a90b1e695b21395cb54e378
a3cae46b48d469cc61ab0581303bcd5f5b654db9
fac3f681be358a20f78958dff10c89b7a91365c5114c81246c1bc34c1362ba1e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2129
Cache-Control: max-age=152683
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Etag: "638c632b-1d7"
Expires: Tue, 06 Dec 2022 09:42:20 GMT
Last-Modified: Sun, 04 Dec 2022 09:06:51 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
lassistslegisten.com/d1VGeVoWNyUUZRZoJF8vBTl7XGgxcHQ/PkVjJx0oD2wlSjRHODdXORs6Mx08BTooDXQZMDJcaDEgHxc5DjF3LBgwEzErOx8MIy8xByYTLG4wBBE/Hz8AAyAVDx8NGgtPDQgeEBQHEkEUNRQlLBwzEw4/GzojBBI1NAASEh4wAxAyOQA2HCwPBz4UOwAgExERDSIAHzEVEDkNLiIAcHQ/HA89DT4JPgIDAQs0GwBBOy8EdkEeHyESLDcUPhcRIj82ADsSMDIHQR41GyI4GS0dFCgTLRwTHRw2PhwVDjI2HisYEx0UKBM2BQcBGDU5DBQTMRwHKyNGABcBdxMQAEk+MRQhLDAlZRQDCBoDHi4LPTAlPxg/AxQwaDQHISEIJRsXKy05HRwvFD8UdzM0Ij0AGxgjFAM+HwcGHAAIMBQtM20iOQAxCRoEYBMpGDs2RBkPFxIMNEU/KQpvFBQVSQ
108.157.229.115200 OK 1.2 kB URL HTTP/1.1 lassistslegisten.com/d1VGeVoWNyUUZRZoJF8vBTl7XGgxcHQ/PkVjJx0oD2wlSjRHODdXORs6Mx08BTooDXQZMDJcaDEgHxc5DjF3LBgwEzErOx8MIy8xByYTLG4wBBE/Hz8AAyAVDx8NGgtPDQgeEBQHEkEUNRQlLBwzEw4/GzojBBI1NAASEh4wAxAyOQA2HCwPBz4UOwAgExERDSIAHzEVEDkNLiIAcHQ/HA89DT4JPgIDAQs0GwBBOy8EdkEeHyESLDcUPhcRIj82ADsSMDIHQR41GyI4GS0dFCgTLRwTHRw2PhwVDjI2HisYEx0UKBM2BQcBGDU5DBQTMRwHKyNGABcBdxMQAEk+MRQhLDAlZRQDCBoDHi4LPTAlPxg/AxQwaDQHISEIJRsXKy05HRwvFD8UdzM0Ij0AGxgjFAM+HwcGHAAIMBQtM20iOQAxCRoEYBMpGDs2RBkPFxIMNEU/KQpvFBQVSQ
IP 108.157.229.115:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3049), with no line terminators
Hash 95e3ff1369ea839f401a53038a234567
9a0cb7058d696123e4dd834ab6cd42e0a44c6a9c
86b1bab4e89df1005b1527b9806f3f63d75d4cf385860e08630f004a9df6ee08
GET /d1VGeVoWNyUUZRZoJF8vBTl7XGgxcHQ/PkVjJx0oD2wlSjRHODdXORs6Mx08BTooDXQZMDJcaDEgHxc5DjF3LBgwEzErOx8MIy8xByYTLG4wBBE/Hz8AAyAVDx8NGgtPDQgeEBQHEkEUNRQlLBwzEw4/GzojBBI1NAASEh4wAxAyOQA2HCwPBz4UOwAgExERDSIAHzEVEDkNLiIAcHQ/HA89DT4JPgIDAQs0GwBBOy8EdkEeHyESLDcUPhcRIj82ADsSMDIHQR41GyI4GS0dFCgTLRwTHRw2PhwVDjI2HisYEx0UKBM2BQcBGDU5DBQTMRwHKyNGABcBdxMQAEk+MRQhLDAlZRQDCBoDHi4LPTAlPxg/AxQwaDQHISEIJRsXKy05HRwvFD8UdzM0Ij0AGxgjFAM+HwcGHAAIMBQtM20iOQAxCRoEYBMpGDs2RBkPFxIMNEU/KQpvFBQVSQ HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1197
Connection: keep-alive
Date: Sun, 04 Dec 2022 15:17:37 GMT
Server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
Pragma: no-cache
P3P: CP="NID DSP ALL COR"
content-encoding: gzip
Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
X-Cache: Miss from cloudfront
Via: 1.1 296d9c953cfde68911b6645bdd6877b2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: ARN56-P2
X-Amz-Cf-Id: 4491hln4BHJriM1DNlEWlTdmsDfI-Qtn0VjYShkUqsp9frqsJE1S_g==
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP 142.250.74.131:0
Hash fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14
POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash f0f8b0d8806166791f6d6d9a9aa908ca
e30099fed67b541c022984b41b6de1e9ca8e01bb
c8d3589546edd372653dbcc6fe1bc48340d7bf5dc3b0f37324a9ff8014aa912b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 04 Dec 2022 15:17:37 GMT
Last-Modified: Sun, 04 Dec 2022 14:53:01 GMT
Server: ECS (nyb/1D14)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nkNB8HnusCnZ1y1m6BiUhedRblAwTpJhw8g_5mfXyn0aCG3WgTyYAg==
Age: 1476
get.myboek.xyz/img/fav.png
104.21.0.207200 OK 134 kB URL HTTP/1.1 get.myboek.xyz/img/fav.png
IP 104.21.0.207:0
File type PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced\012- data
Size 134 kB (134310 bytes)
Hash b4beaed55f59e1874a49dff6d1cd2ed9
6ae9d4b8fba14a7f059f7bf72c4baa543e7d18b3
f4d219645452fbc4e33a80985a355e6c4af33a78da58723a58c77f37bc86f793
GET /img/fav.png HTTP/1.1
Host: get.myboek.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/downloads/promesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:37 GMT
Content-Type: image/png
Content-Length: 134310
Connection: keep-alive
Last-Modified: Sat, 16 Apr 2022 21:28:45 GMT
ETag: "e6e03eb-20ca6-5dccc363ed8f2"
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 4068
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YNOvwD57z3CQWs1OVeazx5hWHZFkPLXqrSKCu5S%2FI62bmF5Ev9AanI%2FibTWJjrB1vUaMeXCSXh0%2BczET2wWbLii8FzAUbubSL%2BCAV6YZJRhQnwjqcpz83V9GtjkU0SQvew%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7745828b797c0b41-OSL
alt-svc: h2=":443"; ma=60
simplewebanalysis.com/stats
52.28.211.11200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.211.11:0
File type ASCII text, with no line terminators
Hash 78247452ec66089dc91abc9be7d11ab6
64642c00e629f17c75c4647ec2dc5d919d55a113
b1ffe88dbaf80dd5da425fd947c0fa73aa95bdd180615da0b2712d740d4f5bcb
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://get.myboek.xyz
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:37 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://get.myboek.xyz
access-control-allow-credentials: true
set-cookie: uid_id2=8a0b377b-e063-4362-ba69-1b6dfb4bb79d:1:1; expires=Wed, 01 Dec 2032 15:17:37 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cb439dd80ba82164b879c340b9778147
2bbd26b48daa0b8d2a190f7e8857c716dea279ca
3ab3afbcebe7c744b6446fbb471bda45722313cae36b3020e152e75425a3f760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.5 kB URL HTTP/1.1 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash 2b153cb2287eac49566b32fce9c385f8
206074b038daff8bc66d86bca0c5ff35f9f72655
7398435bd3f0dae8206173dd66954ae029dc8787962d5f089bcb548f53409869
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/
HTTP/1.1 200 OK
date: Sun, 04 Dec 2022 15:11:06 GMT
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 147326959
etag: W/"-375139978"
content-type: application/javascript; charset=UTF-8
content-encoding: gzip
vary: Accept-Encoding
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4547
x-iplb-request-id: 5B5A2A9A:074B_2E69C9F0:0050_638CBA11_5D6DD:2DAA9
x-iplb-instance: 42474
lynormationpas.com/WFlKQVl3ZikyZD03GAsXMgsGFQEvHAsqKR0/PXkfCxx7dh0/DGw1MDxkc3JgbG9+ZykxPXdwfystKzUsK2R7ZzA2PyV8fy5ke29qbHd5cHdpfz98aH4tOiA+ZWhsMS0sNXdwb29pe3duaGx+dGBq
188.114.97.1204 No Content 0 B URL HTTP/2 lynormationpas.com/WFlKQVl3ZikyZD03GAsXMgsGFQEvHAsqKR0/PXkfCxx7dh0/DGw1MDxkc3JgbG9+ZykxPXdwfystKzUsK2R7ZzA2PyV8fy5ke29qbHd5cHdpfz98aH4tOiA+ZWhsMS0sNXdwb29pe3duaGx+dGBq
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /WFlKQVl3ZikyZD03GAsXMgsGFQEvHAsqKR0/PXkfCxx7dh0/DGw1MDxkc3JgbG9+ZykxPXdwfystKzUsK2R7ZzA2PyV8fy5ke29qbHd5cHdpfz98aH4tOiA+ZWhsMS0sNXdwb29pe3duaGx+dGBq HTTP/1.1
Host: lynormationpas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 15:17:37 GMT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3QLpwc8JCO9ZTQppW1PjZuiYasNbtTOawQPcX94jpkF5Y2i320SC6EUZTDBmv8ICjkc9h9O%2BDJoMeS3l5nerDfIvggim7dkcPg7HcAY4ZIu7NT%2FPMUbLjWHR50M9GE8AR8onnlo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7745828b5d27b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd0b48347644ddc60fb16b04140cfcb7
ef8d6c8e3c979e98c82655290150aa14fe5d44d1
f3d27c16653ed979a7cce2dc6239a48a86c7dab2fc34949b540802e50b05275a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5250
Cache-Control: max-age=104724
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Etag: "638b9ba3-1d7"
Expires: Mon, 05 Dec 2022 20:23:01 GMT
Last-Modified: Sat, 03 Dec 2022 18:55:31 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash cb439dd80ba82164b879c340b9778147
2bbd26b48daa0b8d2a190f7e8857c716dea279ca
3ab3afbcebe7c744b6446fbb471bda45722313cae36b3020e152e75425a3f760
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
142.250.74.109302 Found 389 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (380)
Hash db13cb4e38bd00eb48376c1b048b734e
d4237098d92aaad27b724d119053d685e259b380
71cee01515af46410246f520e20632afd1cb089700719ce0444fa48b001fc2c8
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&uilel=3&hl=en&service=mail HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Dec 2022 15:17:37 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S2030274078%3A1670167057312498&continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico&hl=en&passive=true&service=mail&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAvpIK5543u19CQV2DD6aro5nROZ2tOqXOYiC-MumbNenmWBDc5tGd43Td7P7AydC8x7KL5z3A
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-security-policy: script-src 'nonce-YoGvrNfsBTGp-3wLNKJhmQ' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 389
server: GSE
set-cookie: __Host-GAPS=1:9pPnF1vHENERhnZOXXSNbSry42q8LQ:N9jwM_Jfn55a2Bt_;Path=/;Expires=Tue, 03-Dec-2024 15:17:37 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
142.250.74.109302 Found 395 B URL HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 142.250.74.109:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (384)
Hash dd3cd7841e777b16dbbab704daef0a2a
f49c593858c45011e031e25c69d4fce35ddd0169
8fe108e3d669f28c3558b1ce8f3985fe2f9c47cad0e5dff8f843d92625103b04
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Dec 2022 15:17:37 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S-704191492%3A1670167057346505&continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico&hl=en&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&ifkv=ARgdvAu0h6oJNyI-OmUGnMq93pDwIbJvBfsxJ1Zn1CWyP5JMRcIVLnmdFrZfny19K6ZIHjnpkZ9HOQ
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: require-trusted-types-for 'script';report-uri /cspreport, script-src 'nonce-djbhEw7Zzw4g_-9InnwnPA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 395
server: GSE
set-cookie: __Host-GAPS=1:IWo7cRYIZB_t9C8_pQeSR7YPwe-Zwg:nG4vWEa0tFAxxQu7;Path=/;Expires=Tue, 03-Dec-2024 15:17:37 GMT;Secure;HttpOnly;Priority=HIGH
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash f54a71942ab5d7fdc54672cf84aa76db
e03db706ad371c93ddd3cc4a3e4c329777bb5f4b
87453ee6a206085c9b82594123a30bf59f7354733d19f21e388dea70768198c9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 71a45d8a5362743aa24608a11f9d5cd8
4cdf403c8dd502021c4751c0e6356edfcb2c4b6f
bacbb522c01bbe210e502ed5c3f7af2ff7cbb24de26d0d0b38e0f213f3af8d24
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BACBB522C01BBE210E502ED5C3F7AF2FF7CBB24DE26D0D0B38E0F213F3AF8D24"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18576
Expires: Sun, 04 Dec 2022 20:27:13 GMT
Date: Sun, 04 Dec 2022 15:17:37 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 71a45d8a5362743aa24608a11f9d5cd8
4cdf403c8dd502021c4751c0e6356edfcb2c4b6f
bacbb522c01bbe210e502ed5c3f7af2ff7cbb24de26d0d0b38e0f213f3af8d24
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BACBB522C01BBE210E502ED5C3F7AF2FF7CBB24DE26D0D0B38E0F213F3AF8D24"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18576
Expires: Sun, 04 Dec 2022 20:27:13 GMT
Date: Sun, 04 Dec 2022 15:17:37 GMT
Connection: keep-alive
d26adrx9c3n0mq.cloudfront.net/uYncyd1UBGFwRahYeVkpsUU4GQWFEHUEYOxJKcQ8XNgJcRT8NBAcUFDFHFAMvBkoCUTkDGVVKcwcZUUpkRBZWFWhWUUYHOglKWxw/FxhKGSIWExQCNF8aXQ08DhtTUmckQhxHcFBHGgA8DBNdACZHRQIZIUdFAkZlTEcXRBdHRQIAPAxBBlJmIFIARy1UQx-dEF0dFAgUjR0RzRmVXWQJecFBHVRI2CRgXRRNQRwNHZVNHA1JnUhFbBTAEGEpSZyRGAkJ7UlFHSmQ
54.230.245.45200 OK 574 B URL HTTP/1.1 d26adrx9c3n0mq.cloudfront.net/uYncyd1UBGFwRahYeVkpsUU4GQWFEHUEYOxJKcQ8XNgJcRT8NBAcUFDFHFAMvBkoCUTkDGVVKcwcZUUpkRBZWFWhWUUYHOglKWxw/FxhKGSIWExQCNF8aXQ08DhtTUmckQhxHcFBHGgA8DBNdACZHRQIZIUdFAkZlTEcXRBdHRQIAPAxBBlJmIFIARy1UQx-dEF0dFAgUjR0RzRmVXWQJecFBHVRI2CRgXRRNQRwNHZVNHA1JnUhFbBTAEGEpSZyRGAkJ7UlFHSmQ
IP 54.230.245.45:0
File type ASCII text, with very long lines (819), with no line terminators
Hash 24cab3d41273f96d886a53c81d06ebaf
d33d18cdfbb42db40091dae02943908676b0e224
f9e8cd586e658c2baeacc26fc521d524318ad01897135ffc2b0d73e3063aa08f
GET /uYncyd1UBGFwRahYeVkpsUU4GQWFEHUEYOxJKcQ8XNgJcRT8NBAcUFDFHFAMvBkoCUTkDGVVKcwcZUUpkRBZWFWhWUUYHOglKWxw/FxhKGSIWExQCNF8aXQ08DhtTUmckQhxHcFBHGgA8DBNdACZHRQIZIUdFAkZlTEcXRBdHRQIAPAxBBlJmIFIARy1UQx-dEF0dFAgUjR0RzRmVXWQJecFBHVRI2CRgXRRNQRwNHZVNHA1JnUhFbBTAEGEpSZyRGAkJ7UlFHSmQ HTTP/1.1
Host: d26adrx9c3n0mq.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://lassistslegisten.com/
HTTP/1.1 200 OK
Content-Length: 574
Connection: keep-alive
Date: Sun, 04 Dec 2022 15:17:37 GMT
access-control-allow-origin: *
Cache-Control: max-age=31556926
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: rG2oShjrg3S43IJuaZohDop0gdqzlGINzoLKltdlN6_9Dsd8RhYPyw==
ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
142.250.74.131200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/-NEEmvIaLMU
IP 142.250.74.131:0
Hash fc4e76a103a4f70c624614924be90683
21e5e147bead13162bad5a5339e6e704c973fde1
fec1f76aa1f402e7099cd4656e59be8f625bcccd6cdef9f514dffc771cc60b14
POST /s/gts1p5/-NEEmvIaLMU HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
44.240.57.100101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.240.57.100:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: j9l3JjckCMJlAQZNH6N4TQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RGt8aMWpaw0DfhsGMct7h55W3qw=
lassistslegisten.com/utx?cb=usVmePTmVh8C&top=get.myboek.xyz&tid=939464
108.157.229.115204 No Content 0 B URL HTTP/2 lassistslegisten.com/utx?cb=usVmePTmVh8C&top=get.myboek.xyz&tid=939464
IP 108.157.229.115:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /utx?cb=usVmePTmVh8C&top=get.myboek.xyz&tid=939464 HTTP/1.1
Host: lassistslegisten.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://get.myboek.xyz
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Sun, 04 Dec 2022 15:17:37 GMT
server: openresty/1.17.8.2
access-control-allow-credentials: true
access-control-allow-origin: http://get.myboek.xyz
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: ut=x; Expires=Sun, 04 Dec 2022 15:18:37 GMT; Max-Age=60
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 471577f2b3efe669f21e138a1621a8ca.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: pjOkJK1Q2aRg3uAagxmqJ279Pm_xUcBthgwsH0IiXuqAyfeh4XHnJA==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash fd0b48347644ddc60fb16b04140cfcb7
ef8d6c8e3c979e98c82655290150aa14fe5d44d1
f3d27c16653ed979a7cce2dc6239a48a86c7dab2fc34949b540802e50b05275a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5250
Cache-Control: max-age=104724
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:37 GMT
Etag: "638b9ba3-1d7"
Expires: Mon, 05 Dec 2022 20:23:01 GMT
Last-Modified: Sat, 03 Dec 2022 18:55:31 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.33.119.27200 OK 1.2 kB IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
File type gzip compressed data, max compression\012- data
Hash b631ee8491d0409d59a457e77d4a8229
e5d62e41c4d3e8ed882aac4fdfd9357dc02e3b48
08bf4e62ee737fbd98c5c547138f1025298ca01fa968b7d4ce249e27caf3760b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "BACBB522C01BBE210E502ED5C3F7AF2FF7CBB24DE26D0D0B38E0F213F3AF8D24"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18576
Expires: Sun, 04 Dec 2022 20:27:13 GMT
Date: Sun, 04 Dec 2022 15:17:37 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 408b9ba72dc83c47c6821c825897d586
39c533b3ecadd39dcc4be7e5d6b1a5fece62de8b
3b1904ae01a75c6c530b0d4e952f53b823b8ebc3bd4eaf62794dac74999d6b23
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3B1904AE01A75C6C530B0D4E952F53B823B8EBC3BD4EAF62794DAC74999D6B23"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16486
Expires: Sun, 04 Dec 2022 19:52:23 GMT
Date: Sun, 04 Dec 2022 15:17:37 GMT
Connection: keep-alive
lynormationpas.com/popunder.gif
188.114.97.1301 Moved Permanently 0 B URL HTTP/1.1 lynormationpas.com/popunder.gif
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /popunder.gif HTTP/1.1
Host: lynormationpas.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://get.myboek.xyz/
HTTP/1.1 301 Moved Permanently
Date: Sun, 04 Dec 2022 15:17:37 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Sun, 04 Dec 2022 16:17:37 GMT
Location: https://lynormationpas.com/popunder.gif
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HbHeqFtiltCsdXk%2FpOi3F0m1oMw4dvE3ERhGdr7XsvXN6JCRIEH5ujI5k6Y4c%2FDUJAMq1odbEyUkgGVGf%2BTrm7GghwvL1BDZ8AWdDW6ZH6B6nmi8XFNujovytaPanOgeAw5vYmE%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7745828ddaddb505-OSL
alt-svc: h2=":443"; ma=60
s4.histats.com/stats/0.php?4593886&@f16&@g1&@h1&@i1&@j1670167054915&@k0&@l1&@mPromesse%20sotto%20la%20luna%20(I%20Romanzi%20Classic)%20-%20Julia%20Quinn%20%7C%20eBooks%20Library%20Online&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:13121173&@b3:1670167055&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&@w
149.56.240.129200 OK 51 B URL HTTP/1.1 s4.histats.com/stats/0.php?4593886&@f16&@g1&@h1&@i1&@j1670167054915&@k0&@l1&@mPromesse%20sotto%20la%20luna%20(I%20Romanzi%20Classic)%20-%20Julia%20Quinn%20%7C%20eBooks%20Library%20Online&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:13121173&@b3:1670167055&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&@w
IP 149.56.240.129:0
File type ASCII text, with no line terminators
Hash a0b8d389954eda7885388d9c70d5c66e
cf0ad9e46dc0b3f186964606948827f4e64ae612
dec560aaf9b776c0d28b5e1559dcac466c1cbd0ba21444e553fd503a01cfb1b5
GET /stats/0.php?4593886&@f16&@g1&@h1&@i1&@j1670167054915&@k0&@l1&@mPromesse%20sotto%20la%20luna%20(I%20Romanzi%20Classic)%20-%20Julia%20Quinn%20%7C%20eBooks%20Library%20Online&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:13121173&@b3:1670167055&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Sun, 04 Dec 2022 15:17:37 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 51
Connection: close
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1e1a9a27fa5363a2e9b21492101b97cf
4b866eb99708f520a547bfc2054e8920a0871e82
115a36ff6ec059154ac8c8627bb347444fd66d3be50aa0d156dbf63160a5a5bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "115A36FF6EC059154AC8C8627BB347444FD66D3BE50AA0D156DBF63160A5A5BB"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2706
Expires: Sun, 04 Dec 2022 16:02:43 GMT
Date: Sun, 04 Dec 2022 15:17:37 GMT
Connection: keep-alive
reproductiontape.com/watch.1049375488054.js?key=13aa6aedbddbb1de073176615e26a748&kw=%5B%22promesse%22%2C%22sotto%22%2C%22la%22%2C%22luna%22%2C%22i%22%2C%22romanzi%22%2C%22classic%22%2C%22-%22%2C%22julia%22%2C%22quinn%22%2C%22ebooks%22%2C%22library%22%2C%22online%22%5D&refer=http%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&tz=0&dev=e&res=12.1053&uuid=8a0b377b-e063-4362-ba69-1b6dfb4bb79d%3A1%3A1
192.243.61.225307 Temporary Redirect 0 B URL HTTP/1.1 reproductiontape.com/watch.1049375488054.js?key=13aa6aedbddbb1de073176615e26a748&kw=%5B%22promesse%22%2C%22sotto%22%2C%22la%22%2C%22luna%22%2C%22i%22%2C%22romanzi%22%2C%22classic%22%2C%22-%22%2C%22julia%22%2C%22quinn%22%2C%22ebooks%22%2C%22library%22%2C%22online%22%5D&refer=http%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&tz=0&dev=e&res=12.1053&uuid=8a0b377b-e063-4362-ba69-1b6dfb4bb79d%3A1%3A1
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1049375488054.js?key=13aa6aedbddbb1de073176615e26a748&kw=%5B%22promesse%22%2C%22sotto%22%2C%22la%22%2C%22luna%22%2C%22i%22%2C%22romanzi%22%2C%22classic%22%2C%22-%22%2C%22julia%22%2C%22quinn%22%2C%22ebooks%22%2C%22library%22%2C%22online%22%5D&refer=http%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&tz=0&dev=e&res=12.1053&uuid=8a0b377b-e063-4362-ba69-1b6dfb4bb79d%3A1%3A1 HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://get.myboek.xyz
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.22.0
Date: Sun, 04 Dec 2022 15:17:37 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://get.myboek.xyz
Access-Control-Allow-Origin: http://get.myboek.xyz
Access-Control-Allow-Credentials: true
Location: https://reproductiontape.com/watch.1049375488054.js?key=13aa6aedbddbb1de073176615e26a748&kw=%5B%22promesse%22%2C%22sotto%22%2C%22la%22%2C%22luna%22%2C%22i%22%2C%22romanzi%22%2C%22classic%22%2C%22-%22%2C%22julia%22%2C%22quinn%22%2C%22ebooks%22%2C%22library%22%2C%22online%22%5D&refer=http%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&tz=0&dev=e&res=12.1053&uuid=8a0b377b-e063-4362-ba69-1b6dfb4bb79d%3A1%3A1&shu=6fb4aebb8f2b282d8ec3fff3d609116b779e95d311ade94395ab7b816b3631e96b500d5efc66956cbf46d07f5843834d542ef90c83caba732db02f8e9d318cb191bb1a99c1589744c52204beeb84455460c4f85d01f6df4d05aaa233c8c914&pst=1670167117&rmtc=t
Set-Cookie: u_pl=16169044; expires=Mon, 05 Dec 2022 15:17:37 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjE2OTA0NCwiayI6IjEzYWE2YWVkYmRkYmIxZGUwNzMxNzY2MTVlMjZhNzQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTE5OTc5LCJwaWQiOjM2MjU0LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjI3LCJhaWQiOjI2LCJwdCI6NCwicGsiOiJqN3JoNzIybjM2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9nZXQubXlib2VrLnh5ei9kb3dubG9hZHMvcHJvbWVzc2Utc290dG8tbGEtbHVuYS1pLXJvbWFuemktY2xhc3NpYy1saWJyaS1ncmF0aXMtaXQxNDcwNzIzMjM4Lmh0bWwifX0.EKsbXP6p-dk4mda3NqEPhV3c-Q45irKQRUL5mIWtjfE; expires=Sun, 04 Dec 2022 15:18:37 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: deb32d73605e741afcc56a4926039121
Strict-Transport-Security: max-age=0; includeSubdomains
reproductiontape.com/watch.1049375488054.js?key=13aa6aedbddbb1de073176615e26a748&kw=%5B%22promesse%22%2C%22sotto%22%2C%22la%22%2C%22luna%22%2C%22i%22%2C%22romanzi%22%2C%22classic%22%2C%22-%22%2C%22julia%22%2C%22quinn%22%2C%22ebooks%22%2C%22library%22%2C%22online%22%5D&refer=http%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&tz=0&dev=e&res=12.1053&uuid=8a0b377b-e063-4362-ba69-1b6dfb4bb79d%3A1%3A1&shu=6fb4aebb8f2b282d8ec3fff3d609116b779e95d311ade94395ab7b816b3631e96b500d5efc66956cbf46d07f5843834d542ef90c83caba732db02f8e9d318cb191bb1a99c1589744c52204beeb84455460c4f85d01f6df4d05aaa233c8c914&pst=1670167117&rmtc=t
192.243.61.225200 OK 640 B URL HTTP/1.1 reproductiontape.com/watch.1049375488054.js?key=13aa6aedbddbb1de073176615e26a748&kw=%5B%22promesse%22%2C%22sotto%22%2C%22la%22%2C%22luna%22%2C%22i%22%2C%22romanzi%22%2C%22classic%22%2C%22-%22%2C%22julia%22%2C%22quinn%22%2C%22ebooks%22%2C%22library%22%2C%22online%22%5D&refer=http%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&tz=0&dev=e&res=12.1053&uuid=8a0b377b-e063-4362-ba69-1b6dfb4bb79d%3A1%3A1&shu=6fb4aebb8f2b282d8ec3fff3d609116b779e95d311ade94395ab7b816b3631e96b500d5efc66956cbf46d07f5843834d542ef90c83caba732db02f8e9d318cb191bb1a99c1589744c52204beeb84455460c4f85d01f6df4d05aaa233c8c914&pst=1670167117&rmtc=t
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (602)
Hash 6dbc1dab1a7680a7656e877660992b4e
f1f42e59fc3221ab18e158cb8d83d1a5d58ef80d
77c077d01918bd3ead48e7c616eb1c74d639e95387f84afed93bae5ff591add9
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1049375488054.js?key=13aa6aedbddbb1de073176615e26a748&kw=%5B%22promesse%22%2C%22sotto%22%2C%22la%22%2C%22luna%22%2C%22i%22%2C%22romanzi%22%2C%22classic%22%2C%22-%22%2C%22julia%22%2C%22quinn%22%2C%22ebooks%22%2C%22library%22%2C%22online%22%5D&refer=http%3A%2F%2Fget.myboek.xyz%2Fdownloads%2Fpromesse-sotto-la-luna-i-romanzi-classic-libri-gratis-it1470723238.html&tz=0&dev=e&res=12.1053&uuid=8a0b377b-e063-4362-ba69-1b6dfb4bb79d%3A1%3A1&shu=6fb4aebb8f2b282d8ec3fff3d609116b779e95d311ade94395ab7b816b3631e96b500d5efc66956cbf46d07f5843834d542ef90c83caba732db02f8e9d318cb191bb1a99c1589744c52204beeb84455460c4f85d01f6df4d05aaa233c8c914&pst=1670167117&rmtc=t HTTP/1.1
Host: reproductiontape.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://get.myboek.xyz
Referer: http://get.myboek.xyz/
Connection: keep-alive
Cookie: u_pl=16169044; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjE2OTA0NCwiayI6IjEzYWE2YWVkYmRkYmIxZGUwNzMxNzY2MTVlMjZhNzQ4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNTE5OTc5LCJwaWQiOjM2MjU0LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjI3LCJhaWQiOjI2LCJwdCI6NCwicGsiOiJqN3JoNzIybjM2IiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHA6Ly9nZXQubXlib2VrLnh5ei9kb3dubG9hZHMvcHJvbWVzc2Utc290dG8tbGEtbHVuYS1pLXJvbWFuemktY2xhc3NpYy1saWJyaS1ncmF0aXMtaXQxNDcwNzIzMjM4Lmh0bWwifX0.EKsbXP6p-dk4mda3NqEPhV3c-Q45irKQRUL5mIWtjfE
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Sun, 04 Dec 2022 15:17:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://get.myboek.xyz
Access-Control-Allow-Origin: http://get.myboek.xyz
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8a0b377b-e063-4362-ba69-1b6dfb4bb79d:1:1; expires=Sun, 11 Dec 2022 15:17:38 GMT; secure; SameSite=None
iprca26444e3e72bfabd5ad35714678d9d51=2717338; expires=Mon, 05 Dec 2022 17:17:38 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 05 Dec 2022 15:17:38 GMT; secure; SameSite=None
uncs=1; expires=Mon, 05 Dec 2022 15:17:38 GMT; secure; SameSite=None
pdhtkv26=true; expires=Mon, 05 Dec 2022 15:17:38 GMT; secure; SameSite=None
uncs26=1; expires=Mon, 05 Dec 2022 15:17:38 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c0655e7acaf94a59d1ca070168d2fc80
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 1a13d9c721e7f13832668c8edefbd95d
f45b7e666c11f9926b0987ea92832c3b6f7b9935
35ccaf676571586c43a2f5056fddbf0d4f5572807c24075af2a3b0c625fa8013
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CCAF676571586C43A2F5056FDDBF0D4F5572807C24075AF2A3B0C625FA8013"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=178
Expires: Sun, 04 Dec 2022 15:20:36 GMT
Date: Sun, 04 Dec 2022 15:17:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4031
Expires: Sun, 04 Dec 2022 16:24:49 GMT
Date: Sun, 04 Dec 2022 15:17:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4031
Expires: Sun, 04 Dec 2022 16:24:49 GMT
Date: Sun, 04 Dec 2022 15:17:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4031
Expires: Sun, 04 Dec 2022 16:24:49 GMT
Date: Sun, 04 Dec 2022 15:17:38 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 83e0936435ad95a15c9ec5ff9520f4fe
a8225ee0d8ae117f977f7ff817c342c62e91b5a9
ef0f5b2ab2055446d4ea8b738f605c3bf835cf72e872d6a9c9a6c9b2917737e7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EF0F5B2AB2055446D4EA8B738F605C3BF835CF72E872D6A9C9A6C9B2917737E7"
Last-Modified: Sat, 03 Dec 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4031
Expires: Sun, 04 Dec 2022 16:24:49 GMT
Date: Sun, 04 Dec 2022 15:17:38 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 14dcca2a9c4792d835ee709bcd947402
1d702df3a64258628f4124eafd580695f2d350af
da01dcd8fef7c50bdb6f7a8a6a4955694092f479df3dba72f7fa69d7280d07b2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d571e0e-b14e-436b-8156-2e49aad75d4f.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 16143
x-amzn-requestid: dc86fad4-4e53-42c9-9b0a-5e4d2cfcd087
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdGyLGqmoAMFnaA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851a7-0ea324b31e8c6578098b8ab9;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:03 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: KHd4ajJWl-8TDH5HGbkuJXI4NL6I83IwSUBKzfq85cxpyRH_LGl6OA==
via: 1.1 4f87745990545c1ac0195c157e1668f8.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sun, 04 Dec 2022 05:55:20 GMT
age: 33738
etag: "1d702df3a64258628f4124eafd580695f2d350af"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c01fe1cccdb3b672bbade6d98217ffe9
a9a529dc9894827f6243a1bf57f81caa4fe88fc2
c43da6212c79a08e22e78e04e99e8f5422e64b4b0a87f30b7907f1b4bc675c71
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fae18d1b5-3b75-4897-bd1b-03651e437c2e.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4666
x-amzn-requestid: 850d341f-5ccb-453c-8adf-a8194f8fbdad
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clr_-GiboAMFwww=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc066-766293f2526e637235067aca;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: z5uqgjB-Bsl0U55a8aFi37cpJ65Vnbjm6bJ2GnMpaO7RXsMZsOCbPQ==
via: 1.1 112c6b3f9aea37a6cb00b7d933e5af6e.cloudfront.net (CloudFront), 1.1 b2f9564ebf9c745cc2ceae96d434977e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:44:01 GMT
age: 63217
etag: "a9a529dc9894827f6243a1bf57f81caa4fe88fc2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
34.120.237.76200 OK 8.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash db1701b7b9d161a0c935bb6e10b17893
22a8c4bd58c729c1abcf794466e8f3231dfb034b
b495524a33e5b1d3ba34cfbe867ada0da956c061370b1fcde06b23a6194a9787
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd528f6ee-d348-431d-8220-5c8b154b2941.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8315
x-amzn-requestid: f1bcc33b-aad9-4d3b-b1f9-49282f2d4fb9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsAMGVboAMFfxg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc067-13472a097177d4751c8f7a8c;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JuY0xcLDiERwrVhq33d4PP64liDqFfk9bc9xX1H62o0tOwrt1ek7Pg==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:42:39 GMT
age: 63299
etag: "22a8c4bd58c729c1abcf794466e8f3231dfb034b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
pogothere.xyz/
172.64.172.27200 OK 1.3 kB IP 172.64.172.27:0
File type ASCII text, with no line terminators
Hash 8b50ce7d73b9dafcdc35e424a36b7c5c
f80d3561bf038ce9af68c0db7dc6b142035a4905
887db4226f754274744269b34a25d1f506f0188f66f8e77f1e4a3f89b14638bb
GET / HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://get.myboek.xyz/
Origin: http://get.myboek.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:37 GMT
content-type: text/plain
set-cookie: csu=453543728838053@1@1670167057; Max-Age=31104000; Secure; SameSite=None
access-control-allow-origin: http://get.myboek.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IGT4rW0lpYqhQj3S2q%2B5VgCwGMleLWA8IjXJ%2B%2Bingr6Zs6OCkks7Zpf41FzJ6FzkL7TY7zEzfqJ3FNMQz9FhMS7Tt5M6h9ZM3vRdyP9jXP7Ud5awPHCh2eVm4jwnwIvB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7745828ce80c76c3-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash a6e7b32ac999cf3c899a234c621fa91a
fc5d4f3163ebb9faf85968cbb1d194e8e68418be
f12db3aed126006fee00649aba0b3eaae900de200b85b9523866a90b5494f18e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F19c9bb39-be15-49f9-aad9-2cc511601111.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8989
x-amzn-requestid: abce0b01-f70c-42ad-b242-5a24735fe4c2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cltl4Gk2oAMFSWQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc2f2-1cccffff5199dffe70264a95;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:43:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PFl7VUrzRkMFNnTiIw_cbGCyrEFn43eUSlZfT0nUhUmjjyXT7JfjMA==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d8792dbd3191bbe722eba5b536b979c8.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:50:01 GMT
age: 62857
etag: "fc5d4f3163ebb9faf85968cbb1d194e8e68418be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 2636f91bb8fa4d9bb7bef114c248a9ae
8637105f41058bc0d2b259d462b560881928adb6
3d93fd8fcf1af31d00ccbd453142dbea5f2b91d7f58373095943ed40a31ed1f7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F61cc2744-b517-4404-bfa2-25fadadfa3f3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10431
x-amzn-requestid: f79ab5e7-8c1b-4827-a531-aaa19c1d80aa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: clsCGEwxIAMF34g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638bc073-6358d2950955884c470c0a89;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 21:32:35 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: PQ7xh995cd1UVi3z42EVZGjQjHLLvtAP5BBC-xLEEGr4mEiXS6fC-w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sat, 03 Dec 2022 21:47:06 GMT
age: 63032
etag: "8637105f41058bc0d2b259d462b560881928adb6"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
docs.google.com/forms/d/e/1FAIpQLSd80WI9j3dJR1Yx7iLbpxzG0AjodOzXtaV8QxEfgJsrcx10og/viewform?embedded=true
142.250.74.142403 Forbidden 7.0 kB URL HTTP/2 docs.google.com/forms/d/e/1FAIpQLSd80WI9j3dJR1Yx7iLbpxzG0AjodOzXtaV8QxEfgJsrcx10og/viewform?embedded=true
IP 142.250.74.142:0
Hash a4485daec9ded52e629e9d112b99d2ba
0753956677dbe93f089c0b663502c0707dff31dd
fdcd0e9657734f9c8f3a9ce117db926d96fb800115a23f919dd3c6c0a898aa8f
GET /forms/d/e/1FAIpQLSd80WI9j3dJR1Yx7iLbpxzG0AjodOzXtaV8QxEfgJsrcx10og/viewform?embedded=true HTTP/1.1
Host: docs.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 403 Forbidden
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 04 Dec 2022 15:17:37 GMT
content-type: text/html; charset=utf-8
content-encoding: gzip
x-chromium-appcache-fallback-override: disallow-fallback
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
referrer-policy: strict-origin-when-cross-origin
content-security-policy: base-uri 'self';object-src 'none';report-uri https://csp.withgoogle.com/csp/forms/prod;script-src 'nonce-M875SfYtkB8MZHhy1IsiHA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
set-cookie: S=spreadsheet_forms=3vKH7MDftjSpiqVh5R60Mjiam5MyceXgyJK-q8nZHg4; Domain=.docs.google.com; Expires=Sun, 04-Dec-2022 16:17:37 GMT; Path=/forms/d/e/1FAIpQLSd80WI9j3dJR1Yx7iLbpxzG0AjodOzXtaV8QxEfgJsrcx10og; Secure; HttpOnly; SameSite=none
COMPASS=spreadsheet_forms=CjIACWuJV-Hk8aC0OMYZGEJhPAU7qDvgoe27U5jjqkZiw4RyP1dF8s3EbL_z-n8p_PPUDBChkLOcBho0AAlriVdnWLbyEGB2TKbbtq35BTbr-o68hr_xRn8bLhh6WvlAkw5fYY2fo7LV5xUPBOnekw==; Domain=.docs.google.com; Expires=Sun, 04-Dec-2022 16:17:37 GMT; Path=/forms/d/e/1FAIpQLSd80WI9j3dJR1Yx7iLbpxzG0AjodOzXtaV8QxEfgJsrcx10og; Secure; HttpOnly; SameSite=none
NID=511=HLsafvIshZw2-No7sPvSkWDAFWScTvoZticaN1-b4kqjR-iwk__1VkaeLKrQX3SWvwFaurp2JvrBvl82A3mV6v1krYt3Q1RAYktFsikOKJxtTaFprLk3fOysCoE5dqBR8M8lLgqsVT6_HcGmKnI-9Ez69zSH29meHTyGYrvTKt0; expires=Mon, 05-Jun-2023 15:17:37 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.spikereekvelocity.com/dyfc1k09?shu=6e026387585e8c05dfb97a08bc723b18a79b692513cfbe171ed7b84c9f3230b345ca45fb0f9b35f13cf447369808f1daa0f7acaeea6fe26dcc1fcd445d76e92e36f9876c85501757fd7b929484d72a49def2c53f819579273c8cb882bdc0&pst=1670167118&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fget.myboek.xyz%2F&psid=16169044
173.233.139.164302 Found 0 B URL HTTP/1.1 www.spikereekvelocity.com/dyfc1k09?shu=6e026387585e8c05dfb97a08bc723b18a79b692513cfbe171ed7b84c9f3230b345ca45fb0f9b35f13cf447369808f1daa0f7acaeea6fe26dcc1fcd445d76e92e36f9876c85501757fd7b929484d72a49def2c53f819579273c8cb882bdc0&pst=1670167118&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fget.myboek.xyz%2F&psid=16169044
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?shu=6e026387585e8c05dfb97a08bc723b18a79b692513cfbe171ed7b84c9f3230b345ca45fb0f9b35f13cf447369808f1daa0f7acaeea6fe26dcc1fcd445d76e92e36f9876c85501757fd7b929484d72a49def2c53f819579273c8cb882bdc0&pst=1670167118&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fget.myboek.xyz%2F&psid=16169044 HTTP/1.1
Host: www.spikereekvelocity.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.spikereekvelocity.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTYxNjkwNDQiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL2dldC5teWJvZWsueHl6LyJ9fQ.pyPlm4p0arEWIHzZvd-VgnoaExA9haWz-BhJlNEhfuU; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Sun, 04 Dec 2022 15:17:39 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: http://adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304
Set-Cookie: pdhtkv=true; expires=Mon, 05 Dec 2022 15:17:39 GMT
uncs=1; expires=Mon, 05 Dec 2022 15:17:39 GMT
pdhtkv28=true; expires=Mon, 05 Dec 2022 15:17:39 GMT
uncs28=1; expires=Mon, 05 Dec 2022 15:17:39 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4fe0a5eea811e454b00a35185a91c2da
Strict-Transport-Security: max-age=0; includeSubdomains
adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304
34.160.190.227200 OK 1.9 kB URL HTTP/1.1 adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304
IP 34.160.190.227:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (710)
Hash 2c684baa034a2725d78f7bc1652e10ce
400482195eb0eee2ecf30d341e9630c5bc62f447
f2c07a1bd8515c3506cc6fe4f9e1dfa7aac5e61965e453c6733eff971699718e
GET /script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304 HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 04 Dec 2022 15:17:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 google
adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304&treqn=42346345&rpn=1&cbrandom=0.6515605131757707&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=
34.160.190.227302 Moved Temporarily 1 B URL HTTP/1.1 adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304&treqn=42346345&rpn=1&cbrandom=0.6515605131757707&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=
IP 34.160.190.227:0
File type very short file (no magic)
Hash 68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
GET /script/s2iurl.php?stamat=m%7C%2C%2CQie_NjYrtGU3Bv-GH0dEdHP3xP.28b%2CQWs4yRHvKJrqjpTne0Btuyi1n2dKQ9Q_FOEQSlTq4KTczM91sYvTGQftwIHEt1r6X3ASmn-wqfH7g6oi61qUjiZX85pCijOm79gP6qScThXu7aP5MTRxUJiI9dxkcgL9hS4ZVW_zadFrH16EF6C1VbUzAQYebgBUbxr-0fbugrSWpHE6OWEUOcCf34GDWisrHxMlYXUQ4Yc4dz9_nDjT5gxnqdFSy9IKHMqENjfuY9yNNddittPkhc3_N1RIj2B2ObzBEoIQRIedUcEaMeC38jGFYW0O_d30pbMuetNcIn_N3wO2qTXx_2SH0c8Mka-QBCKnqh0YuaICUMyVTkk5TYKBLWlbwyUObs53qq6svA3tahxw6YjzPQoGyQbRQEPWd76jOPTMyxw_l1HbEbwhz2xP7ppeniUFW_NPCBpjR00AVzWstXQqnBBtTQiMlqXZ8XmK7NvP8TrTPLEADYk2ZQ6LY6ZlCH8EksVqTlZfHdXepfWU0VOpt7yMGqHHhpaD&csid=3930943&s1=16122660&md=0&crid=23364304&treqn=42346345&rpn=1&cbrandom=0.6515605131757707&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref= HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Sun, 04 Dec 2022 15:17:39 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Location: https://adserving.unibet.com/redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=3930943-640691165-0_Adsterra
Via: 1.1 google
adpointrtb.com/favicon.ico
34.160.190.227200 OK 0 B URL HTTP/1.1 adpointrtb.com/favicon.ico
IP 34.160.190.227:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Server: openresty
Date: Sun, 04 Dec 2022 15:17:39 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Thu, 10 Dec 2020 09:27:58 GMT
ETag: "5fd1ea1e-0"
Accept-Ranges: bytes
Via: 1.1 google
adserving.unibet.com/redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=3930943-640691165-0_Adsterra
23.36.79.11307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=3930943-640691165-0_Adsterra
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=3930943-640691165-0_Adsterra HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.mariacasino.nu/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sun, 04 Dec 2022 15:17:39 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 04 Dec 2022 15:17:39 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68593099%2c%22BID%22%3a37953%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1670167059814)%5c%2f%22%2c%22CookieTag%22%3a%223795368593099451240919C20221241517%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228519688824%7c1%22%7d%5d; domain=.unibet.com; expires=Tue, 04-Dec-3021 15:17:39 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=20, origin; dur=36
X-Firefox-Spdy: h2
www.mariacasino.nu/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.mariacasino.nu/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953 HTTP/1.1
Host: www.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 04 Dec 2022 15:17:39 GMT
content-length: 0
location: https://www.mariacasino.nu:443/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953
set-cookie: JSESSIONID=node0cbye0uoygr461gy6cvc3fhgsv2747148.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0cbye0uoygr461gy6cvc3fhgsv; Path=/; Domain=.mariacasino.nu; Expires=Tue, 03-Dec-2024 15:17:39 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.mariacasino.nu; Expires=Tue, 03-Dec-2024 15:17:39 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.mariacasino.nu; Expires=Tue, 03-Dec-2024 15:17:39 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Sun, 04-Dec-2022 15:17:54 GMT; Max-Age=15; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37953; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
PID=68593099; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
CHID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Sun, 04-Dec-2022 15:17:54 GMT; Max-Age=15; Secure; SameSite=None
campaignId=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=36574880; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Sun, 04-Dec-2022 15:17:54 GMT; Max-Age=15; Secure; SameSite=None
clientId=browser_desktop; Domain=www.mariacasino.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Sun, 04 Dec 2022 15:17:39 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2
www.mariacasino.nu/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.mariacasino.nu/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&sref=ADC&ADC=3930943-640691165-0_Adsterra&affiliateId=1&pid=68593099&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953 HTTP/1.1
Host: www.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; clientId=browser_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sun, 04 Dec 2022 15:17:40 GMT
content-length: 0
location: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Sun, 04 Dec 2022 15:17:40 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash f18a55c82e7eb10a724285c83332723f
9ca46d1a1904ebb92c9525ac116f81dc3f1e8b27
5faa072e204c4892d95b8a58d309ef9f850954bfdae627a37c7a37e069c225ad
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=134715
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:40 GMT
Etag: "638c254f-117"
Expires: Tue, 06 Dec 2022 04:42:55 GMT
Last-Modified: Sun, 04 Dec 2022 04:42:55 GMT
Server: nginx
Content-Length: 279
welcome.mariacasino.nu/no/pop/casino/2022/slots.png
104.18.25.188200 OK 6.3 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/slots.png
IP 104.18.25.188:0
File type PNG image data, 151 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 6be047bdf3d103b2414f7f6ab64d96b8
57818bdfe16383abe584b5c30de5f35eb55ebf20
38e2d3e7f261032cf0c558e28555c6425c30aa14014f31bbaad7d5176b7d4449
GET /no/pop/casino/2022/slots.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: image/png
content-length: 6303
cache-control: public, max-age=900, immutable
content-md5: a+BHvfPRA7JBT39qtk2WuA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4ED5BA7"
x-ms-request-id: da131072-401e-003f-7bf7-03daa1000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437982
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a18abab517-OSL
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/games.png
104.18.25.188200 OK 8.8 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/games.png
IP 104.18.25.188:0
File type PNG image data, 234 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash fbd364c184d1c2af246dd5a3079ce9ed
5c572431ced831a518e0c4adfed4372254f1eac1
2a09f891fb138e893fbc2fe522761e47307376143582e41016bf8aa54c4fdb77
GET /no/pop/casino/2022/games.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: image/png
content-length: 8838
cache-control: public, max-age=900, immutable
content-md5: +9NkwYTRwq8kbdWjB5zp7Q==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4D87720"
x-ms-request-id: 56be89e7-801e-0020-22f7-0369a5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437982
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a18abfb517-OSL
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/livecasino.png
104.18.25.188200 OK 21 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/livecasino.png
IP 104.18.25.188:0
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 87dc3fc9a40a9b0e8fd7c0519ac24f54
908b0ca475f8da1d0380a6cb5caabafce2466aec
a0fd031aa160b2679253c5952576a692e002c6be963c5935af3692ff50206eb4
GET /no/pop/casino/2022/livecasino.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: image/png
content-length: 20783
cache-control: public, max-age=900, immutable
content-md5: h9w/yaQKmw6P18BRmsJPVA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4DF7B00"
x-ms-request-id: 2a37beda-301e-0078-10f7-03b1fa000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437983
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a18abeb517-OSL
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/mga.png
104.18.25.188200 OK 1.5 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/mga.png
IP 104.18.25.188:0
File type PNG image data, 152 x 60, 8-bit colormap, non-interlaced\012- data
Hash f34e781d7ad22dc774b98ac82a2b46f6
b66cb9753b0f76a7590f62d3c6b8f645bdbae786
7898ba2cec328d50a75400c1e5a6f1f23974f4c0cc433472a24f28a82c7d01c7
GET /no/pop/casino/2022/mga.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: image/png
content-length: 1454
cache-control: public, max-age=900, immutable
content-md5: 8054HXrSLcd0uYrIKitG9g==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4FEBE45"
x-ms-request-id: aeb20fbe-701e-0034-08f7-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437983
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a18ac9b517-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 122124f83967c12700f5a6f5546b0f1f
d7acd2db61ad811c388a44b7bd407fa5f4aea8ee
b6b9e0b6c241b4eeb5161b1c297dec2aa6188032017074ee7f8e5533fab87a4d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:40 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
104.18.25.188200 OK 3.4 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
IP 104.18.25.188:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1020)
Hash 33aae0d4a7408cad03d12e3ee669148e
3b507cc61446eaf3a74bdc5ac33dff7d479e0ff1
bbbd25e49b8b956acbe90ae6709cc3f47ee637aa4174a046e5e58d3be10df44a
GET /no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099 HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: L2akXslp2trAwResQfYe7w==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
x-ms-request-id: e26312d9-f01e-0077-47f3-07c796000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 7745829fa86fb517-OSL
content-encoding: br
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js
216.58.207.234200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js
IP 216.58.207.234:0
File type ASCII text, with very long lines (32030)
Hash 04ba0252a9f264db106d4eaab8df4ccb
cf52d9b3df7839c5c64fbf33aafeced74b3db750
397852429e768ffbd12a78ce4b94f14e3ab4afabf84acb07c0bb5b7798e6e0b2
GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Dec 2022 06:39:52 GMT
expires: Sat, 02 Dec 2023 06:39:52 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 203868
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js
23.38.200.237200 OK 44 kB URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js
IP 23.38.200.237:0
File type exported SGML document, ASCII text, with very long lines (32764)
Hash 57198fa839fd954656487c5a3bef02a7
060e710714194b067e8a17554de1f056f3c5fa64
0144349d38a845bda08cbc2654f89da13986be57ce76fa7f49488907aa392edd
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "bf8d7656a2457e257e3cf75a01e6a4b7:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 43737
cache-control: max-age=3600
expires: Sun, 04 Dec 2022 16:17:40 GMT
date: Sun, 04 Dec 2022 15:17:40 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js
23.38.200.237200 OK 228 B URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js
IP 23.38.200.237:0
Hash f9f61cf08520dbe652f9085c0c5e1a43
f9333020f4b2f0446c5ce4fd69f14433102a71c5
b27cb6d5a43aa222ba4bb45dfeec4211d1ed558d1d552ec160660c01db213782
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "accfdd9d5be1d7142fabad440365d15f:1554112916"
last-modified: Mon, 01 Apr 2019 10:01:56 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 228
cache-control: max-age=3600
expires: Sun, 04 Dec 2022 16:17:40 GMT
date: Sun, 04 Dec 2022 15:17:40 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js
23.38.200.237200 OK 13 kB URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (558)
Hash fbdf335868cbf423af02de87750c1a45
8405d2f9b1b98d830e1b5bb2d8b9cf31460a9cc4
ddc30198d101ed4d7f85eb14fcc0331154807320fe2b2443b814bedc43c4ace4
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "18eab16a639a4773572307713440a929:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Sun, 04 Dec 2022 16:17:40 GMT
date: Sun, 04 Dec 2022 15:17:40 GMT
content-length: 12666
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
cdn.optimizely.com/js/10682170820.js
2.18.172.152200 OK 157 kB URL HTTP/2 cdn.optimizely.com/js/10682170820.js
IP 2.18.172.152:0
File type ASCII text, with very long lines (65468)
Size 157 kB (157172 bytes)
Hash 9f28659d68e37340a034b3e470f005a3
3315e665c0a02d1e2510b621bc3f2b67d3525e2f
b1c830602d62327c97e68fffe8a9ac411e74ec52969009704b40353f0d3fd20c
GET /js/10682170820.js HTTP/1.1
Host: cdn.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: i9NY+MXWfN3aktUaRMpZ0LxplbV1IpacNgM87ckdEWRPDKUVGo+O58seYMXe6K9cVb/MqVV576o=
x-amz-request-id: WKQ9BG53RBKFBEB1
x-amz-replication-status: PENDING
last-modified: Sat, 03 Dec 2022 14:56:40 GMT
etag: "9f28659d68e37340a034b3e470f005a3"
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 470034
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: QI_NyISKakqzlmogHcoKUEKqZg4azszI
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
server: AmazonS3
content-length: 157172
vary: Accept-Encoding
cache-control: max-age=120
date: Sun, 04 Dec 2022 15:17:40 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="1";dur=0,cdnip;desc="2.18.172.152";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
access-control-max-age: 86400
access-control-expose-headers: x-amz-meta-revision
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
service.maxymiser.net/cdn/unibet/js/mmcore.js
104.110.7.230404 Not Found 10 B URL HTTP/2 service.maxymiser.net/cdn/unibet/js/mmcore.js
IP 104.110.7.230:0
Hash 7605968e79d0ca095ab1231486d2b814
a007b420d19ceefa840f0373e050e3b51a4ab480
493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b
GET /cdn/unibet/js/mmcore.js HTTP/1.1
Host: service.maxymiser.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Sun, 04 Dec 2022 15:17:41 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e471e4415d227aa6441e48d6543b2f5d
5d31fde87a692fcde1747dfeec56d42caa2338e9
691eac9590299d938d2b2722a1a3ca784a1f2d7b49b2982f372c3becdcb631ca
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1923
Cache-Control: max-age=141678
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Etag: "638c3900-1d7"
Expires: Tue, 06 Dec 2022 06:38:59 GMT
Last-Modified: Sun, 04 Dec 2022 06:06:56 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
dpm.demdex.net/id?d_visid_ver=3.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1670167058532
34.251.90.149200 OK 498 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=3.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1670167058532
IP 34.251.90.149:0
File type JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Hash 4646f1655a587b1a35a3b5df8eabc7d3
5208f70a2b12e7fa7330819c458b3197a17f05bf
cbc1006e81b8568cf8570877a770ec52c607d566f322252c385744034c7aedab
GET /id?d_visid_ver=3.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1670167058532 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-093556e0f.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=10865127923594887872335575816589493533; Max-Age=15552000; Expires=Fri, 02 Jun 2023 15:17:41 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: GbrUQDj5Tfs=
Content-Length: 498
Connection: keep-alive
service.maxymiser.net/cdn/unibet/js/mmcore.js
104.110.7.230404 Not Found 10 B URL HTTP/2 service.maxymiser.net/cdn/unibet/js/mmcore.js
IP 104.110.7.230:0
Hash 7605968e79d0ca095ab1231486d2b814
a007b420d19ceefa840f0373e050e3b51a4ab480
493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b
GET /cdn/unibet/js/mmcore.js HTTP/1.1
Host: service.maxymiser.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 404 Not Found
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Sun, 04 Dec 2022 15:17:41 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js
23.38.200.237200 OK 30 kB URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (543)
Hash d994c7b5e7b348492e630f9e201eed6c
927a06e00f5a9c23d2f9348c013cec4b459effac
7ca2a3f0bb133f07fb5c826b58e48089d90b0ce6e5ab0dce5de73550c5110d80
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "9c4992909a83d52617e9948d1d1c4141:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 29629
cache-control: max-age=3600
expires: Sun, 04 Dec 2022 16:17:41 GMT
date: Sun, 04 Dec 2022 15:17:41 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js
23.38.200.237200 OK 1.2 kB URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (502)
Hash 0fc50fe0077c2d091ca05aa91daba75f
6a05d944d25fe2dbf36c1fb33a5096bcb1ada25c
4b469a08c52c411065253103c02ea37609c225f2b4c7c3842d90d0c6caa694f3
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "5e8dc588959123c3ee5de9ac168d5c74:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1199
cache-control: max-age=3600
expires: Sun, 04 Dec 2022 16:17:41 GMT
date: Sun, 04 Dec 2022 15:17:41 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/background.jpg
104.18.25.188200 OK 162 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/background.jpg
IP 104.18.25.188:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x800, components 3\012- data
Size 162 kB (161606 bytes)
Hash aa279ee357b415f50a16127d5c1a7c4d
d1375a6cb87e60f31f609769044af9e6d47775cd
6aa6656d951b443674e2795a2174f6ba5fa711a0f2943830eab9f07cb1e1a809
GET /no/pop/casino/2022/background.jpg HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/styles.css
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19331%7CMCMID%7C10884245246937785682334953828362500230%7CMCAAMLH-1670771858%7C6%7CMCAAMB-1670771858%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670174258s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1670167058694r0.9806060578266829; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: image/jpeg
content-length: 161606
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
cf-bgj: h2pri
content-md5: qiee41e0FfUKFhJ9XBp8TQ==
etag: "0x8DAD20EA4B90CD2"
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5e1e980c-701e-001b-01f7-032c01000000
x-ms-version: 2014-02-14
cf-cache-status: HIT
age: 438065
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a47e8ab517-OSL
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-ThinWeb.woff
104.18.25.188200 OK 50 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-ThinWeb.woff
IP 104.18.25.188:0
File type Web Open Font Format, TrueType, length 49636, version 3.6\012- data
Hash 37ba84aebad11c2e0acd496eedb0bb76
42942446e1cfab8d0eaf7d23899203b2b2b64fe7
2d7cc2c9c9fef717010fcfa8fa6518079eaec1e63975a74b4fb78afb14d6ee5e
GET /no/pop/casino/2022/BlenderPro-ThinWeb.woff HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/styles.css
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19331%7CMCMID%7C10884245246937785682334953828362500230%7CMCAAMLH-1670771858%7C6%7CMCAAMB-1670771858%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670174258s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1670167058694r0.9806060578266829; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: application/font-woff
content-length: 49636
cache-control: public, max-age=900, immutable
content-md5: N7qErrrRHC4KzUlu7bC7dg==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4AE38F0"
x-ms-request-id: aeb213ea-701e-0034-5af7-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437981
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a47e99b517-OSL
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-MediumWeb.woff
104.18.25.188200 OK 49 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-MediumWeb.woff
IP 104.18.25.188:0
File type Web Open Font Format, TrueType, length 48766, version 3.6\012- data
Hash f62793caeb7e5b111d7508b00c0826c2
d003c52a07685156de00186014c777b7dde81573
bac888a26184354a6038eb4ba3d87fdc3315c6e7fe0c19ec7cd1737f1720fc5a
GET /no/pop/casino/2022/BlenderPro-MediumWeb.woff HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/styles.css
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19331%7CMCMID%7C10884245246937785682334953828362500230%7CMCAAMLH-1670771858%7C6%7CMCAAMB-1670771858%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670174258s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1670167058694r0.9806060578266829; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: application/font-woff
content-length: 48766
cache-control: public, max-age=900, immutable
content-md5: 9ieTyut+WxEddQiwDAgmwg==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: "0x8DAD20EA49C613A"
x-ms-request-id: d866c426-a01e-0018-6bf7-03cd65000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437981
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a47e9ab517-OSL
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash c553c0a8ab2b420ad3360281248ad3fb
07634c89c3334df80ea7d5f353585e07a766082c
f9ff3ebbfb7d15c9151e91e77efdbe06d4cb597c3e8d31cc16f56b8f2d204ec1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4150
Cache-Control: max-age=149325
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Etag: "638c4e2c-1d7"
Expires: Tue, 06 Dec 2022 08:46:26 GMT
Last-Modified: Sun, 04 Dec 2022 07:37:16 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:54 GMT
expires: Thu, 30 Nov 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 330227
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash da9700d928847bca71f73dc9ca89bd1c
2f156a1557a7504da776ed9a82dc52563662be6f
428ed39905a42b1fc7aaf84f2144caf58ddcb53ac2fbda9af61784ca7394a344
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=10884245246937785682334953828362500230&ts=1670167058777
15.188.95.229200 OK 2 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=10884245246937785682334953828362500230&ts=1670167058777
IP 15.188.95.229:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=10884245246937785682334953828362500230&ts=1670167058777 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://welcome.mariacasino.nu
access-control-allow-credentials: true
date: Sun, 04 Dec 2022 15:17:41 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:33:56 GMT
expires: Thu, 30 Nov 2023 19:33:56 GMT
cache-control: public, max-age=31536000
age: 330225
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 30 Nov 2022 19:34:15 GMT
expires: Thu, 30 Nov 2023 19:34:15 GMT
cache-control: public, max-age=31536000
age: 330206
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
142.250.74.40200 OK 81 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP 142.250.74.40:0
File type ASCII text, with very long lines (62112)
Hash b824c54d9d6b4ad00eb71a808e806994
9ae751d3fcfbbe43e033a0567d7fe63653915a50
7107779460335c5f4a653d0557d9fd580c73065e4613d840fc12f93ce8f3f0d9
GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 04 Dec 2022 15:17:41 GMT
expires: Sun, 04 Dec 2022 15:17:41 GMT
cache-control: private, max-age=900
last-modified: Sun, 04 Dec 2022 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 80802
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 71603bd1d94bcd618ae379faa78b0202
db9d93670ddd32ec66940ccef4e0cc53c0ddde78
855ae3a14e17b4c4a151b644e1bc9bd01a5adfc1a92487c2882897a6018b3da6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5988
Cache-Control: max-age=160118
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Etag: "638c7127-117"
Expires: Tue, 06 Dec 2022 11:46:19 GMT
Last-Modified: Sun, 04 Dec 2022 10:06:31 GMT
Server: ECS (ska/F710)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 3c4319f54a5675ee9acda96c58f97ac6
210ea86db1836d430b321d59b4bd1b016c914f22
cb20ad3ec895ed3a2ae9b1a90dda6b7cc174d8851f3a15ba054a435746cbdc65
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 04 Dec 2022 15:17:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
a10682170820.cdn.optimizely.com/client_storage/a10682170820.html
104.110.8.48200 OK 1.0 kB URL HTTP/2 a10682170820.cdn.optimizely.com/client_storage/a10682170820.html
IP 104.110.8.48:0
File type HTML document, ASCII text, with very long lines (1934)
Hash a023a314b1991cc1a88674e2a8ed8502
fd6475fdba0c9d0ee0110972fdf7e88958cf925c
d3d04450c7f7c0f0aee8f24a25ffae0e219995067f5ecadce88680af06358a64
GET /client_storage/a10682170820.html HTTP/1.1
Host: a10682170820.cdn.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: tbT4naf6AzXnSVUsnWK5op8eWQxqVCEiW06s3d7Zzj8BugQWldvfbF6IH6Zv53JwHLd2/Akzx8o=
x-amz-request-id: X7AHX6K9WCW1SE5F
x-amz-replication-status: PENDING
last-modified: Sat, 03 Dec 2022 14:56:05 GMT
etag: "a023a314b1991cc1a88674e2a8ed8502"
x-amz-server-side-encryption: AES256
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: JF.WKgHW2RoJAyf6LN1zyNW5_HzWW7MT
accept-ranges: bytes
content-type: text/html; charset=utf-8
server: AmazonS3
content-length: 1029
vary: Accept-Encoding
cache-control: max-age=120
date: Sun, 04 Dec 2022 15:17:41 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="2";dur=0,cdnip;desc="104.110.8.48";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.mariacasino.nu.json?t=1
104.19.147.8200 OK 2.4 kB URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.mariacasino.nu.json?t=1
IP 104.19.147.8:0
File type JSON data\012- , ASCII text, with very long lines (22367), with no line terminators
Hash e9ec56e07ecc8b05ee311bc8b7787ae0
d3c9452775c745d91d937152d9c2367750885792
a5589785e4d68c4ea83552ab9dd5ad093fa5cf055e05cbf147723bdeb5681b67
GET /pages/data-scripts/0012/9242/site/welcome.mariacasino.nu.json?t=1 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: application/json
content-length: 2350
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Sun, 04 Dec 2022 11:06:53 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 15048
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a63f790b02-OSL
X-Firefox-Spdy: h2
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s51694340332328?AQB=1&ndh=1&pf=1&t=4%2F11%2F2022%2015%3A17%3A39%200%200&mid=10884245246937785682334953828362500230&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26bid%3D37953%26campaignId%3D2397257%26pid%3D68593099&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26bid%3D37953%26campaignId%3D2397257%26pid%3D68593099&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=3%3A17%20PM%7CSunday&v6=3%3A17%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1670167059&v21=Not%20Logged-In&c73=maria&c74=10884245246937785682334953828362500230&v99=10884245246937785682334953828362500230&v120=popunder&v121=1%3A81750185%3A68593099-37953&v122=NONE&v124=2397257&v125=81750185_4557F843A16A4B26B7BFA736FA23A444&v126=68593099&v127=37953&v134=1670167059&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
15.188.95.229200 OK 43 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s51694340332328?AQB=1&ndh=1&pf=1&t=4%2F11%2F2022%2015%3A17%3A39%200%200&mid=10884245246937785682334953828362500230&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26bid%3D37953%26campaignId%3D2397257%26pid%3D68593099&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26bid%3D37953%26campaignId%3D2397257%26pid%3D68593099&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=3%3A17%20PM%7CSunday&v6=3%3A17%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1670167059&v21=Not%20Logged-In&c73=maria&c74=10884245246937785682334953828362500230&v99=10884245246937785682334953828362500230&v120=popunder&v121=1%3A81750185%3A68593099-37953&v122=NONE&v124=2397257&v125=81750185_4557F843A16A4B26B7BFA736FA23A444&v126=68593099&v127=37953&v134=1670167059&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP 15.188.95.229:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s51694340332328?AQB=1&ndh=1&pf=1&t=4%2F11%2F2022%2015%3A17%3A39%200%200&mid=10884245246937785682334953828362500230&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26bid%3D37953%26campaignId%3D2397257%26pid%3D68593099&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A68593099-37953%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26bid%3D37953%26campaignId%3D2397257%26pid%3D68593099&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=3%3A17%20PM%7CSunday&v6=3%3A17%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1670167059&v21=Not%20Logged-In&c73=maria&c74=10884245246937785682334953828362500230&v99=10884245246937785682334953828362500230&v120=popunder&v121=1%3A81750185%3A68593099-37953&v122=NONE&v124=2397257&v125=81750185_4557F843A16A4B26B7BFA736FA23A444&v126=68593099&v127=37953&v134=1670167059&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Sun, 04 Dec 2022 15:17:41 GMT
expires: Sat, 03 Dec 2022 15:17:41 GMT
last-modified: Mon, 05 Dec 2022 15:17:41 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3586656454056411136-4619386632317679598
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash f7e6c18ac741ce0a40cad7986443bc91
6c39775555f8645529b1654b4fa1f5076a87934d
9826753d2448b7f4e720e6bea0bce61078953fe8eba169d7f66a92582a7918cc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=170086
Date: Sun, 04 Dec 2022 15:17:41 GMT
Etag: "638ca81f-1d7"
Expires: Tue, 06 Dec 2022 14:32:27 GMT
Last-Modified: Sun, 04 Dec 2022 14:01:03 GMT
Server: ECS (bsa/EB1D)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: UshfpQH1ArxajKGSX78_R7TL_S4fds2XKPBPVlIYwDSRAYc0-ovSEA==
Age: 1884
script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js
104.19.147.8200 OK 27 kB URL HTTP/2 script.crazyegg.com/pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js
IP 104.19.147.8:0
File type ASCII text, with very long lines (63889)
Hash 40a61971f3342753b240df82579098d2
75a44689092cd59612c3c77f4c3f353f5898c4b9
c53652de8d763aa53a2226f899e6c57434675b324a4e22b91bea1f217e99504a
GET /pages/versioned/common-scripts/051214b1ee034dc81c1493c28aa557bd.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: text/javascript
content-length: 26836
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
last-modified: Fri, 18 Nov 2022 16:53:01 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 769966
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a6ba5f0afe-OSL
X-Firefox-Spdy: h2
unibet.demdex.net/dest5.html?d_nsid=0
3.248.39.194200 OK 2.8 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP 3.248.39.194:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Sun, 4 Dec 2022 15:17:41 GMT
DCS: dcs-prod-irl1-2-v045-0e1f48b6d.edge-irl1.demdex.com 4 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Fri, 28 Oct 2022 13:34:31 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: WZUGSB36T+8=
Content-Length: 2791
Connection: keep-alive
cm.everesttech.net/cm/dd?d_uuid=10865127923594887872335575816589493533
99.80.65.0302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=10865127923594887872335575816589493533
IP 99.80.65.0:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=10865127923594887872335575816589493533 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Sun, 04 Dec 2022 15:17:41 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y4y6FQAAADkRfAMx; Domain=.everesttech.net; Expires=Mon, 04-Dec-2023 15:17:41 GMT; Path=/
everest_session_v2=Y4y6FQAAADkRfQMx; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y4y6FQAAADkRfAMx
Server: AMO-cookiemap/1.1
script.crazyegg.com/pages/data-scripts/0012/9242/sampling/welcome.mariacasino.nu.json?t=463935
104.19.147.8200 OK 415 B URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/sampling/welcome.mariacasino.nu.json?t=463935
IP 104.19.147.8:0
File type JSON data\012- , ASCII text, with very long lines (1550), with no line terminators
Hash cf97bbe8a907ba374a88ce4bbd0218c1
f1ee33ed8c1028440683becb8868e3636a40a545
a03f3935e5ca78c04ac086ec2e7f2b3f282f738056221c67e3a7485dbbb2ab07
GET /pages/data-scripts/0012/9242/sampling/welcome.mariacasino.nu.json?t=463935 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: application/json
content-length: 415
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Sun, 04 Dec 2022 11:06:53 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 15048
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a7183d0b02-OSL
X-Firefox-Spdy: h2
tapi.optimizely.com/api/targeting/10682170820/11101493565/oeu1670167058694r0.9806060578266829
95.100.12.199200 OK 2.5 kB URL HTTP/1.1 tapi.optimizely.com/api/targeting/10682170820/11101493565/oeu1670167058694r0.9806060578266829
IP 95.100.12.199:0
File type JSON data\012- , ASCII text, with very long lines (26267), with no line terminators
Hash a398ef84190dd60a71389ae3e22743ca
b72f9d47fc6b63983898f59bcae72afa754ea1bf
6789e6d1cd959a89cd878fc0de401e69dbbafbf117ffc2683bfe5755878cd926
GET /api/targeting/10682170820/11101493565/oeu1670167058694r0.9806060578266829 HTTP/1.1
Host: tapi.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Server: nginx/1.15.12
X-Powered-By: Express
Content-Encoding: gzip
Cache-Control: max-age=1200
Date: Sun, 04 Dec 2022 15:17:41 GMT
Content-Length: 2488
Connection: keep-alive
Vary: Origin
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
dpm.demdex.net/ibs:dpid=411&dpuuid=Y4y6FQAAADkRfAMx
34.251.90.149302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y4y6FQAAADkRfAMx
IP 34.251.90.149:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y4y6FQAAADkRfAMx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.mariacasino.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v045-0a2056b15.edge-irl1.demdex.com 3 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4y6FQAAADkRfAMx
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=51086064177209866270160965722098122881; Max-Age=15552000; Expires=Fri, 02 Jun 2023 15:17:41 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: CZ0YsVmOQx0=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4y6FQAAADkRfAMx
34.251.90.149200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4y6FQAAADkRfAMx
IP 34.251.90.149:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y4y6FQAAADkRfAMx HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.mariacasino.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-0ced04f65.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: QisTwre/SXk=
Content-Length: 59
Connection: keep-alive
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js
23.38.200.237200 OK 1.4 kB URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js
IP 23.38.200.237:0
Hash ab8cdc21adb95a3014aae857022fdce6
c90f3f115de66b8809a88a667225fa5746ca3dfa
2e3db22559903bd6ba695a18b440ff7eeb0a645dc4ab9257c3605f22d144ca51
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "6444bceb1b767bea75b4f47d793f7b05:1554112917"
last-modified: Mon, 01 Apr 2019 10:01:57 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1388
cache-control: max-age=3600
expires: Sun, 04 Dec 2022 16:17:41 GMT
date: Sun, 04 Dec 2022 15:17:41 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
unibet.demdex.net/event?_ts=1670167059394
3.248.39.194200 OK 28 B URL HTTP/1.1 unibet.demdex.net/event?_ts=1670167059394
IP 3.248.39.194:0
File type JSON data\012- , ASCII text, with no line terminators
Hash e5bd7bffaebc3b6f39a51600d7d98448
3126b0beaa77359162cadfebc3ae83b4cf5d04f8
3f4e5ede55abc3d3c77d99cdc5019ccfaf8107ac33328b1e4d3b022cb10b15d8
POST /event?_ts=1670167059394 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 63
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-02fc48b13.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=49265289935435375282316025095545806944; Max-Age=15552000; Expires=Fri, 02 Jun 2023 15:17:42 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: 0QZm5NVdTkE=
Content-Length: 28
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash b6a600af72b661c90aa7507d1614b577
94b7673ee0af609a0be5de6bbccf9598b2a298ea
da9853340ea24c7a33cd64337c23850e23c86843f70509a6f49d80432b4ed8e1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135310
Date: Sun, 04 Dec 2022 15:17:42 GMT
Etag: "638c1fba-1d7"
Expires: Tue, 06 Dec 2022 04:52:52 GMT
Last-Modified: Sun, 04 Dec 2022 04:19:06 GMT
Server: ECS (nyb/1D32)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: vZuVdWdIwAOQfhMs3hS5XiksH95CIgDjmvXhZRgtLoi9kHVvHx4SEQ==
Age: 2026
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash b6a600af72b661c90aa7507d1614b577
94b7673ee0af609a0be5de6bbccf9598b2a298ea
da9853340ea24c7a33cd64337c23850e23c86843f70509a6f49d80432b4ed8e1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135292
Date: Sun, 04 Dec 2022 15:17:42 GMT
Etag: "638c1fba-1d7"
Expires: Tue, 06 Dec 2022 04:52:34 GMT
Last-Modified: Sun, 04 Dec 2022 04:19:06 GMT
Server: ECS (nyb/1D04)
X-Cache: Miss from cloudfront
Via: 1.1 a6d89f7e2d55548b941f1ff5d5b3c8d4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GjoEh0qXObVlG8mQB56VRrcVgrQl4hUeE5npw8ehJ2da2sj--mNJ3A==
Age: 2008
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash b6a600af72b661c90aa7507d1614b577
94b7673ee0af609a0be5de6bbccf9598b2a298ea
da9853340ea24c7a33cd64337c23850e23c86843f70509a6f49d80432b4ed8e1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135543
Date: Sun, 04 Dec 2022 15:17:42 GMT
Etag: "638c1fba-1d7"
Expires: Tue, 06 Dec 2022 04:56:45 GMT
Last-Modified: Sun, 04 Dec 2022 04:19:06 GMT
Server: ECS (nyb/1D2B)
X-Cache: Miss from cloudfront
Via: 1.1 a034aae43a19aef875fa395182990970.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: BygM7yh8iDbcaUidQndbslSjlsS2KKt06P5eax-rACHcz5v2xcbhIA==
Age: 2259
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash b6a600af72b661c90aa7507d1614b577
94b7673ee0af609a0be5de6bbccf9598b2a298ea
da9853340ea24c7a33cd64337c23850e23c86843f70509a6f49d80432b4ed8e1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135317
Date: Sun, 04 Dec 2022 15:17:42 GMT
Etag: "638c1fba-1d7"
Expires: Tue, 06 Dec 2022 04:52:59 GMT
Last-Modified: Sun, 04 Dec 2022 04:19:06 GMT
Server: ECS (nyb/1D33)
X-Cache: Miss from cloudfront
Via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bIKiit8GpNaL0PeXrhVzyr1ONIK1uWg5pAIiEtit7JyyswlpmqnhUw==
Age: 2033
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash b6a600af72b661c90aa7507d1614b577
94b7673ee0af609a0be5de6bbccf9598b2a298ea
da9853340ea24c7a33cd64337c23850e23c86843f70509a6f49d80432b4ed8e1
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135301
Date: Sun, 04 Dec 2022 15:17:42 GMT
Etag: "638c1fba-1d7"
Expires: Tue, 06 Dec 2022 04:52:43 GMT
Last-Modified: Sun, 04 Dec 2022 04:19:06 GMT
Server: ECS (bsa/EB22)
X-Cache: Miss from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: pdQJZob6b8oru1nWUsg0m0vz8LL1B3-r93ZhwaSq9FRDIHioBuJM1Q==
Age: 2017
errors.client.optimizely.com/log
54.85.30.47200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 435
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 480
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash f66542146711d899471a22aeccb1c5b4
7c999e013eb4fd912ef072c15756af4d8f40211e
9502a64dfd9f4d06cbb095cff6001f27e30986fd0cbb0f52d0bead85f4cdfe94
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=145752
Date: Sun, 04 Dec 2022 15:17:42 GMT
Etag: "638c4896-1d7"
Expires: Tue, 06 Dec 2022 07:46:54 GMT
Last-Modified: Sun, 04 Dec 2022 07:13:26 GMT
Server: ECS (nyb/1D0B)
X-Cache: Miss from cloudfront
Via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: u0eHmgtwTomZy2-hJjoqOJFBqrq1IvmiDc0qhudzzxnXBpff-2Fpxg==
Age: 2008
errors.client.optimizely.com/log
54.85.30.47200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 422
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 421
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive
logx.optimizely.com/v1/events
52.22.248.237204 No Content 0 B URL HTTP/1.1 logx.optimizely.com/v1/events
IP 52.22.248.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/events HTTP/1.1
Host: logx.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 740
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: X-Results-Data-Source
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Server: nginx/1.21.0
Timing-Allow-Origin: *
X-Request-Id: abfdc87a-0969-494f-b8bf-56002f5bd4a6
Connection: keep-alive
errors.client.optimizely.com/log
54.85.30.47204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 54.85.30.47:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 439
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Sun, 04 Dec 2022 15:17:42 GMT
Connection: keep-alive
fonts.googleapis.com/css?family=Roboto:300,400,500,700,900
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500,700,900
IP 142.250.74.74:0
GET /css?family=Roboto:300,400,500,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Dec 2022 15:17:40 GMT
date: Sun, 04 Dec 2022 15:17:40 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic
142.250.74.74200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Lato:300,400,700,300italic,400italic,700italic
IP 142.250.74.74:0
GET /css?family=Lato:300,400,700,300italic,400italic,700italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 04 Dec 2022 15:17:36 GMT
date: Sun, 04 Dec 2022 15:17:36 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 0 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
31.13.72.36200 OK 0 B URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 31.13.72.36:0
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: Y4/5dtInM7ytJCtvkKf1dj99Eq8fuy27NLVz7Otk63n05X5vjBGA0LTC14pGrE5QpO3etS+7KJ2gQRxT7ibLUA==
date: Sun, 04 Dec 2022 15:17:37 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/maria-logo.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/maria-logo.svg
IP 104.18.25.188:0
GET /no/pop/casino/2022/maria-logo.svg HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: A/evXSZJMSEi63VEXU58wA==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: W/"0x8DAD20EA476B63E"
x-ms-request-id: 5a1280b9-401e-0062-10f7-03d025000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437983
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a17ab8b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/main.js
104.18.25.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/main.js
IP 104.18.25.188:0
GET /no/pop/casino/2022/main.js HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: HUKMSjGdEVR6I7ylcruk3g==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: W/"0x8DAD20EA4F7BA6F"
x-ms-request-id: 5a127d26-401e-0062-37f7-03d025000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437984
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a17ab2b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js?463935
104.19.147.8200 OK 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?463935
IP 104.19.147.8:0
GET /pages/scripts/0012/9242.js?463935 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.9
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Sun, 04 Dec 2022 11:06:50 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 15050
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a5c9a10afe-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js
IP 104.18.11.207:0
GET /bootstrap/3.3.4/js/bootstrap.min.js HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:36 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:03:58 GMT
cdn-cachedat: 2021-06-08 21:21:50
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: f1a63d5f30f27f962c892e22b614a26b
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 15611245
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 774582869efa1bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pogothere.xyz/asd100.bin
172.64.172.27200 OK 0 B IP 172.64.172.27:0
GET /asd100.bin HTTP/1.1
Host: pogothere.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://get.myboek.xyz/
Origin: http://get.myboek.xyz
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:37 GMT
content-type: binary/octet-stream
access-control-allow-origin: http://get.myboek.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: X-Requested-With, content-type
cache-control: max-age=14400
cf-cache-status: HIT
age: 3375
last-modified: Sun, 04 Dec 2022 14:21:22 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3gtuussUHIhmiOdUYozKXQDYBhcaXmkzetNf7njLVyS0Kr0PQ2UJI3SOoiYpDRy1ZyJkwn8ImoqLySiQ64dXGr5WDDGo0TYntIHECWHQuTq%2Fsaxy3vgyLWTo%2B1lD3RIy"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7745828ceff976c3-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/no-payments.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/no-payments.svg
IP 104.18.25.188:0
GET /no/pop/casino/2022/no-payments.svg HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19331%7CMCMID%7C10884245246937785682334953828362500230%7CMCAAMLH-1670771858%7C6%7CMCAAMB-1670771858%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670174258s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1670167058694r0.9806060578266829; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: W/"0x8DAD20EA5185D10"
x-ms-request-id: 6aee9ace-401e-005d-3bf7-031886000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437983
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a4aef7b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/favicon.ico
104.18.25.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/favicon.ico
IP 104.18.25.188:0
GET /no/pop/casino/2022/favicon.ico HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19331%7CMCMID%7C10884245246937785682334953828362500230%7CMCAAMLH-1670771858%7C6%7CMCAAMB-1670771858%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1670174258s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1670167058694r0.9806060578266829; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:41 GMT
content-type: image/x-icon
cache-control: public, max-age=900, immutable
content-md5: dUZ66nye8JES1X2nEnkvHA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: W/"0x8DAD20EA4D12531"
x-ms-request-id: 1b22010b-f01e-0058-65f7-03ca5d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437983
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a59839b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
104.18.11.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP 104.18.11.207:0
GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://get.myboek.xyz/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:36 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: SE
cdn-edgestorageid: 632, 617, 617
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 2021-04-23 06:29:02
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 6a91d2c867066733b6d92a7a528c5c2e
cdn-cache: HIT
cf-cache-status: HIT
age: 18277393
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 774582867ee71bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/styles.css
104.18.25.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/styles.css
IP 104.18.25.188:0
GET /no/pop/casino/2022/styles.css HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: nHGY+uZf3VZaIBaHkSPKCQ==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: W/"0x8DAD20EA45DDAAB"
x-ms-request-id: 4ad10bc9-001e-002e-3ef7-034015000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 437984
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a17ab0b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.mariacasino.nu/custom.js
104.18.25.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/custom.js
IP 104.18.25.188:0
GET /custom.js HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:68593099-37953&btag=81750185_4557F843A16A4B26B7BFA736FA23A444&bid=37953&campaignId=2397257&pid=68593099
Cookie: __ucbt=node0cbye0uoygr461gy6cvc3fhgsv; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_4557F843A16A4B26B7BFA736FA23A444; BID=37953; PID=68593099; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_4557F843A16A4B26B7BFA736FA23A444%26sref%3DADC%26ADC%3D3930943-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D68593099%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 04 Dec 2022 15:17:40 GMT
content-type: application/javascript
content-md5: AaOIILzruhXFCZo/dsUAMw==
last-modified: Tue, 31 May 2022 08:03:43 GMT
etag: W/"0x8DA42DC14A64A3D"
x-ms-request-id: 56b93167-801e-0020-39f6-0369a5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 438587
vary: Accept-Encoding
server: cloudflare
cf-ray: 774582a17ab5b517-OSL
content-encoding: br
X-Firefox-Spdy: h2