Report - accommodationcarpetavid.com/zn9hs4wmz7?pqyhls=42&refer=https://flaswish.com/pzo4ifg89o4v&kw=["streamwish"]&key=32f58d98ad8336e2a6080f93e26e9778&scrWidth=390&scrHeight=844&tz=-5&v=23.11.v.9&ship=&sub3=invoke_layer&res=14.501&dev=e&adb=y&uuid=491ce657-6b50-4564-95ce-3ef39dd5616e:2:1/

Report Overview

Visited public
2023-12-04 03:42:04
Tags
URL
accommodationcarpetavid.com/zn9hs4wmz7?pqyhls=42&refer=https://flaswish.com/pzo4ifg89o4v&kw=["streamwish"]&key=32f58d98ad8336e2a6080f93e26e9778&scrWidth=390&scrHeight=844&tz=-5&v=23.11.v.9&ship=&sub3=invoke_layer&res=14.501&dev=e&adb=y&uuid=491ce657-6b50-4564-95ce-3ef39dd5616e:2:1/
Finishing URL
welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
IP / ASN
173.233.137.60
#7979 SERVERS-COM
Title
Maria Casino

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-03 06:51:04	440 B	68 kB	142.250.74.168
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-03 05:48:43	1.6 kB	50 kB	216.58.207.227
www.mariacasino.com	unknown	unknown	No data	No data	800 B	30 kB	85.184.96.0
a1s.unibet.com	297625	1997-12-11	2017-01-30 01:44:42	2023-12-02 16:29:19	442 B	2.5 kB	85.184.96.5
adserving.unibet.com	98000	1997-12-11	2015-05-26 08:56:53	2023-12-02 14:42:08	594 B	1.3 kB	13.107.246.53
welcome.mariacasino.com	unknown	unknown	2017-01-29 17:37:02	2023-03-08 20:00:55	11 kB	523 kB	104.18.43.104
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-03 07:59:58	450 B	31 kB	142.250.74.138
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-03 06:08:10	466 B	1.9 kB	142.250.74.42
accommodationcarpetavid.com	unknown	unknown	No data	No data	4.5 kB	4.8 kB	173.233.137.60
assets.adobedtm.com	512	2013-11-22	2014-01-28 05:51:35	2023-12-03 05:19:51	3.1 kB	95 kB	23.38.200.237
service.maxymiser.net	8733	2011-11-08	2012-11-14 18:00:33	2023-12-03 19:08:50	439 B	218 B	23.36.79.34
a1s-cdn.unibet.com	283505	1997-12-11	2014-04-23 17:07:51	2023-12-03 05:47:54	454 B	1.7 kB	85.184.96.5

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-03	medium	accommodationcarpetavid.com	Sinkholed
2023-12-03	medium	accommodationcarpetavid.com	Sinkholed
2023-12-03	medium	accommodationcarpetavid.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (43)

	URL	From	Size	First Seen	Last Seen
	unknown	Function	152 B	2023-04-11	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-05-09 06:30 Times Seen30994 Hash 26bc31e12628b8388c3be44bb175d592 9464185aa11d68ea75e8d6495ff7b02ec3b4f1ad b4829119269f7853888d67440f0424d68bd7a7f3d6a85b408bc5260b7953fe09 Loading...

	unknown	Function	121 B	2023-04-13	2025-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 02:04 Last Seen2025-05-07 22:25 Times Seen1214 Hash 3a0d1dcab20f80fe29b326e77069c860 de7d4447da634fe8459557ede26bdc6b269a3d73 89f663a550ab9eeafbedc91ebc071aee7bd25b33c558a081b1e74bb34aff732a Loading...

	welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953	ScriptElement	254 B	2023-03-07	2024-08-20
Pretty URL welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2024-08-20 16:52 Times Seen20 Hash f170cd805025c85681b29e0050f512cc a4ef72d85818bc21f6e1c88a077c0c18bc6e1381 bd5188e507cf55e7c15eb20cbd8d0236dc43e19ae230a3317f452b57435a1dd2 Loading...

	welcome.mariacasino.com/custom.js	ScriptElement	2.3 kB	2023-03-07	2024-08-20
Pretty URL welcome.mariacasino.com/custom.js IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2024-08-20 16:52 Times Seen20 Hash 01a38820bcebba15c5099a3f76c50033 0dc0dc1fe9789baadc34781115c3de455306a4a6 6d7d9f4e9a44937c4330f759caf658bd1608f1fdac0b3b5bfee3a72af799638b Loading...

	unknown	Function	183 B	2023-04-19	2024-08-21
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-19 15:48 Last Seen2024-08-21 07:39 Times Seen21 Hash 3c78f29c6ae476a294d23db77b5a06f9 20e34304bb676634637e277e9b308dbac8d73ade ba65a3533af0dedecb1b8f44d0bdbd4a7438e33e4002bcdd4e3aa7746238d6a5 Loading...

	unknown	Function	349 B	2023-04-11	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 23:08 Last Seen2025-05-08 19:04 Times Seen4698 Hash 612a7927ae2a82c947a949b6f6d571a2 5e5926378560cc9bab4c9d561c8665ccf903289d cb445470655f18c940e0107e8aa6d9b6077a5f33cd7b9a7501158dbf0a1841d9 Loading...

	unknown	Function	1.2 kB	2023-04-13	2025-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 02:04 Last Seen2025-05-07 19:28 Times Seen1099 Hash 2ea830b792e618370c4cbceae562b981 d9aec24705950262264b9784447e8fe821ab911a 218a1180514be0e72c6d1c61a3c0dbbf682af3d419d0e7e02a9f2f12f1febfc6 Loading...

	unknown	ScriptElement	9.0 kB	2023-09-21	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-21 22:26 Last Seen2025-02-02 17:17 Times Seen5254 Hash 4bf85503f4a4c7bcfaab0141a5806d3d 27fe50a4fc3c8c70cbb4a7448497b078d4583afc f69fd5a7cc72a1b162c15eed2d8df99565cfb38316cfe1b946b868f809146305 Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js	ScriptElement	162 kB	2023-03-07	2024-08-21
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2024-08-21 07:39 Times Seen21 Hash bf8d7656a2457e257e3cf75a01e6a4b7 7c7835b4632ac21ddea281bd2454e4faf08f0ff7 e2992637a3fd258ae2bd64fb199a77155aed36554a4bed9e34ce1bc2958ada1d Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js	ScriptElement	37 kB	2023-03-07	2024-08-21
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2024-08-21 07:39 Times Seen21 Hash 18eab16a639a4773572307713440a929 75bd72f7058b2d1d3ede541b2129267b438a73d4 358c5899627cc60f849ddc6860c01aa67b122f478e0d4ef42efd48a4b38c305b Loading...

	welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953	ScriptElement	218 B	2023-03-07	2024-08-20
Pretty URL welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2024-08-20 16:52 Times Seen20 Hash 9d40d7ddb60f4cb29327b156428e3bd5 88becc38eb4e649c2a9aec175f37b5f8c5016588 8c7e60bea5c4cfc5e2ff1c26e5a7ecbe3efb4452b6f07886ece394031c8682c1 Loading...

	welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953	ScriptElement	499 B	2023-03-07	2024-08-20
Pretty URL welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2024-08-20 16:52 Times Seen20 Hash 4b6d2b6491b6df0ef583f49d0882a26e 7fea1a1658513f5bf789a0b42c73f7b6fdcc7f67 2d71070f24532c8088a6e66ef3ce8559809fb60328937057496edc6a24a90a64 Loading...

	unknown	Function	191 B	2023-04-13	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 00:39 Last Seen2025-05-08 19:04 Times Seen2812 Hash f66c599d10fb97c520f2e5496e33210e e10a9aa112da3f24a135ba821f736573b0a71661 340b71c364fee52408225bdb7a045f39d88527316e8192f9a5c94fa042d4f7f3 Loading...

	unknown	Function	258 B	2023-04-13	2025-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 02:04 Last Seen2025-05-07 22:25 Times Seen1215 Hash 6a6a47e016f735ca1d1e8bb269eb503a c8faddf16b329222c18316a7f575a19be7981e27 d5fd13adaef760d5e22a5f8c3dc2b902df3b5cf8725a4124a426eab17355a5d0 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC	ScriptElement	192 kB	2023-12-03	2023-12-04
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-03 09:52 Last Seen2023-12-04 08:24 Times Seen14 Hash 92d171495e439f65242c49fe1ab31fcb fab0faf1ea3cb1e57e0bffbbdcffb6422be0c71f 88d5724ba1c2bb46163f114514f8cee2e24c05545a5e2449c3786d4113b13d68 Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js	ScriptElement	4.3 kB	2023-03-07	2024-08-21
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2024-08-21 07:39 Times Seen21 Hash 6444bceb1b767bea75b4f47d793f7b05 173a21cbce9a9c8b73088df59efa6049690a9cbb 7386df477cd87905ec5e618f0d3df193963ec801ff64404cc5023529b16c4d6f Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-05-09
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-09 05:55 Times Seen112193 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953	ScriptElement	99 B	2023-03-07	2024-08-20
Pretty URL welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2024-08-20 16:52 Times Seen20 Hash a0b71a61570e0a349dfee786c9541984 887208153363db9fb19e9818c0fb921e0493f589 7ba916908ab7207eb14152417dca7da44907f0d08c6ea4b6526fb5800d0ac5eb Loading...

	unknown	Function	697 B	2023-04-12	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 01:25 Last Seen2025-05-08 03:32 Times Seen1542 Hash cc5b9c7f31eb88eb944b20e4a902fb4f fb5ad525aa83fd1c62d70d290d9d8eb31fb5089d a7fee75172e59e6ab0fb4ff3f177b8ffc363610ed8b3e6c0004b4bf98de24547 Loading...

	unknown	ScriptElement	462 B	2023-11-06	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-06 12:29 Last Seen2024-08-20 20:41 Times Seen4510 Hash 0e8641478391e5943136bbd9dcf81687 43802b92092208cbe4b2c893a6cf8a66970a90ba f2492cbdb92a0b0870b3ae997b0343f648e0489b2877e12fbd4302cf29453436 Loading...

	unknown	Function	872 B	2023-04-19	2025-04-28
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-19 15:48 Last Seen2025-04-28 21:54 Times Seen143 Hash 9a3c9a45e4570912027f6437fbd1fed4 d64a6db078ecafc3c3678a3116751a5a6f56e2d0 652690ca8ee8656b9ef0e01ade9fae774fbe8a9758da8e901d8745cafd2229cf Loading...

	unknown	Function	100 B	2023-04-11	2025-05-02
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 23:08 Last Seen2025-05-02 12:11 Times Seen832 Hash 14850d33613efa85bb02e5bf906bd0f6 407ed029ee0e8e6460ca4cfdd668221e52223d97 f7d3b1c5287c382fb226f695dcbdc7a72a335f41f65ed23777f687aa1edd7cac Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js	ScriptElement	83 kB	2023-03-07	2024-08-21
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2024-08-21 07:39 Times Seen21 Hash 9c4992909a83d52617e9948d1d1c4141 587bbaea138857f086b03f43120795332fe28523 b53ed597b15301969858b376e9946d1664eff3a03549485ea678e9b8c6deaf63 Loading...

	unknown	Function	148 B	2023-04-11	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-05-09 06:30 Times Seen6583 Hash ad647657a6182865673fe2300a1d13ad b1d7352ec14223bdae58961fe3ebab2ec990427b 9f500ac02daa86fc846af97dff1b0d92a41654db4a3548dd90574e5e70c28cdf Loading...

	www.mariacasino.com/kindred_snow/s3.7.0/kindred_s.js	ScriptElement	74 kB	2023-03-12	2025-04-01
Pretty URL www.mariacasino.com/kindred_snow/s3.7.0/kindred_s.js IP 85.184.96.0 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:47 Last Seen2025-04-01 10:09 Times Seen6322 Hash 3fb00dbb8acb3c68fd5ddb674f22bb88 cf7bc4f71f0ff66037ac2e564963ff4c2737e766 7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246 Loading...

	a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js	ScriptElement	956 B	2023-03-07	2025-02-02
Pretty URL a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12 Last Seen2025-02-02 17:17 Times Seen4811 Hash fd48e87ecd4d06d9c5df490b91dc813e a65a437db44444634e4f41732c590c1d14433b3f 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47 Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js	ScriptElement	2.9 kB	2023-03-07	2024-08-21
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2024-08-21 07:39 Times Seen21 Hash 5e8dc588959123c3ee5de9ac168d5c74 a9aed3325d14a8af844706025abbf7076c2d6df8 8bc787ce4fbc3bec820a859ce9a02388d9b923d06227c5614ea771a62ad05dec Loading...

	unknown	Function	611 B	2023-04-13	2025-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 02:04 Last Seen2025-05-07 22:25 Times Seen1208 Hash d924ae2f87ceaa6ad20c12a64523e4d3 8a50d9d1b9940784f49be9c365823b132e4e34a9 72ff2fe08ff08f3f51dacddcb2382dd82e64d09cb94257f1d92a379ac6b1e1b7 Loading...

	unknown	ScriptElement	7.7 kB	2023-10-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 14:25 Last Seen2024-08-21 04:51 Times Seen5162 Hash d8109ab58402556ab737fe39834e6905 47aceb389987ff2659d00e7594f4b6f497fd776b 71020f8da24acc220d53e62c55ebf61e031f1d189dca99dd219c96ea2686dc96 Loading...

	welcome.mariacasino.com/no/pop/casino/2022/sandbox%20eval%20code		125 B	2023-05-06	2025-05-09
Pretty URL welcome.mariacasino.com/no/pop/casino/2022/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:47 Last Seen2025-05-09 05:12 Times Seen10805 Hash 8f2f978b9e8bb4ffce1dcf6cbc7ec45f c502e12fe427b823b7383282831f1ad2b87419d0 7fd31c692f4e314ea159e25b0d13aa56d878cca222edefec165caf90708b85b8 Loading...

	cdn.optimizely.com/js/10682170820.js	ScriptElement	4.1 kB	2023-05-06	2025-05-08
Pretty URL cdn.optimizely.com/js/10682170820.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:47 Last Seen2025-05-08 14:18 Times Seen10545 Hash b1480c1339924b89c2d446f574980f1f dc14600d3986b0fe907d4f9a7131b104d0b50c4d 0609bad67850c27c401330a47e2c86e05469df851a72723a7caab62eb38b9ee7 Loading...

	a1s.unibet.com/orval/tracking/lastclick.min.js	ScriptElement	1.8 kB	2023-03-07	2025-02-02
Pretty URL a1s.unibet.com/orval/tracking/lastclick.min.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen4745 Hash 8027969a31091dd0d3a7813f95ee7e10 591677c488b8b98532778e11adc9348253a014a4 5166be250f7de7d316b5fb9778843cc3268ce3e00f917530f65e99dcdb355b60 Loading...

	welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953	ScriptElement	371 B	2023-03-07	2024-08-20
Pretty URL welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2024-08-20 16:52 Times Seen20 Hash 0e334c7783ee94b7972386c2b90fc1f5 7ad33ae7aca94796fa4ef67b4c10ac23a9f468f6 1548d1cfdb809ed4c6261e9c9bbadd8dde82c3d3ef8137ff3ff6f6c606677db8 Loading...

	unknown	Function	344 B	2023-04-11	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:12 Last Seen2025-05-09 06:30 Times Seen5354 Hash 2174b9064449ea0e7eec79ce9e3845ba 916d22ef047e1a74c2435008d378c5a8cc98fd47 44a36f4d3e8c3208ffc2ab1d0fa9e97e321bda82e0afb6b56ab62fad3186235c Loading...

	unknown	Function	458 B	2023-04-11	2025-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:12 Last Seen2025-05-07 22:25 Times Seen1196 Hash 785f2ac76ea14d9ae37146d14711ebe2 7adbb67fe3b1c536473f93237f9a1875c9165331 768b4471e0be8c94a8e790dd82c39ed385dbd7b87563400055e777837026e794 Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js	ScriptElement	567 B	2023-03-07	2024-08-21
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2024-08-21 07:39 Times Seen21 Hash accfdd9d5be1d7142fabad440365d15f 728b540ea47087d04d502079c76b3f3db8ea289a 32ebaaa3078816891a9efa129824d6ee11c4c8b0ef6e441b28781e7d82b95305 Loading...

	unknown	Function	1.9 kB	2023-04-13	2025-05-09
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 20:33 Last Seen2025-05-09 06:30 Times Seen1337 Hash 4e849624bc12888614e90773b8780a0b 36baf5763e654b08689dde863d674a80b72bd658 75baf9e3c2129b065cc1b2b12a96e0af935c704873f8b21ffc303cb949d3384a Loading...

	unknown	ScriptElement	1.5 kB	2023-11-16	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 15:59 Last Seen2024-08-20 19:16 Times Seen3975 Hash aa815b3ab95f01113f06825d3482950a 8ba15b0202aeaf30c7db18cb23c5007dea0ed42b b9eb09d3ddb52bcd12443dedbb9194d9b07a2e5a29139a63adbc62eb158ad828 Loading...

	welcome.mariacasino.com/no/pop/casino/2022/main.js	ScriptElement	20 kB	2023-04-06	2024-08-20
Pretty URL welcome.mariacasino.com/no/pop/casino/2022/main.js IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-06 10:20 Last Seen2024-08-20 16:52 Times Seen20 Hash 94069b222ac55c134269d6d9c1daa162 8c400dc030881c93cdcdea3ec75bdd9b2ac8f476 aa2ef744ab0450752a34172fe8d5f27cb5b8d2dba811abe7c0fd474b0bedc4d4 Loading...

	unknown	Function	201 B	2023-04-11	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:12 Last Seen2025-05-08 12:40 Times Seen1800 Hash 130f95f6ce24ae929ddee61c6ef38f96 088af9d581accbab66b63d0376eecb3ed32415fd c0396797a1b7a2d3a0af63e5d3b1b71c401d20fa90803c5d4d24b27077b4ac43 Loading...

	unknown	Function	195 B	2023-04-12	2025-05-07
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 14:56 Last Seen2025-05-07 22:25 Times Seen1551 Hash 576a61e7e95f3fa39f316630cbc5c039 0c1d16e378c8cd9f13e724c9ce675b67d6926859 0c93256523c99dc09c2a8f6206cd600dc0a7715996a6d545794dcc0ed097f105 Loading...

	unknown	ScriptElement	2.6 kB	2023-03-07	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5802 Hash cd03538fc58df8693fe9af9337788f0f 408a15551710117d0538fc9442a55b5678bb85a5 cc933dd733a6db1a1a9ff1d7c0adb26717fa27d4d177b7a5a2cab0bfdb353562 Loading...

		Size	First Seen	Last Seen
	#1 Write - 2121cd2a93ea9851057f6734a08c1130	68 B	2023-03-07 01:14	2024-08-21 07:39
Pretty Observations First Seen2023-03-07 01:14 Last Seen2024-08-21 07:39 Times Seen21 Hash 2121cd2a93ea9851057f6734a08c1130 68e2ee70c921266930c95e2a4b791d3f1fbb7f16 6604e7359d43375f74af46ce09c369432a8512c1e42b8d301a38091cb668301a Loading...

HTTP Transactions (34)

URL IP Response Size

accommodationcarpetavid.com/zn9hs4wmz7?pqyhls=42&refer=https://flaswish.com/pzo4ifg89o4v&kw=[%22streamwish%22]&key=32f58d98ad8336e2a6080f93e26e9778&scrWidth=390&scrHeight=844&tz=-5&v=23.11.v.9&ship=&sub3=invoke_layer&res=14.501&dev=e&adb=y&uuid=491ce657-6b50-4564-95ce-3ef39dd5616e:2:1/

173.233.137.60

1.6 kB

URL
accommodationcarpetavid.com/zn9hs4wmz7?pqyhls=42&refer=https://flaswish.com/pzo4ifg89o4v&kw=[%22streamwish%22]&key=32f58d98ad8336e2a6080f93e26e9778&scrWidth=390&scrHeight=844&tz=-5&v=23.11.v.9&ship=&sub3=invoke_layer&res=14.501&dev=e&adb=y&uuid=491ce657-6b50-4564-95ce-3ef39dd5616e:2:1/
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (736)
Size
1.6 kB (1622 bytes)
Hash
b489018555f108313d4dd48bdeea0c1a
c432b358bc4bc71a265120871c73eb93462383d6
d5574b804ae7577372148fce67269fb790aec54e2168b43c8cce6cf90f8ea4db

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zn9hs4wmz7?pqyhls=42&refer=https://flaswish.com/pzo4ifg89o4v&kw=[%22streamwish%22]&key=32f58d98ad8336e2a6080f93e26e9778&scrWidth=390&scrHeight=844&tz=-5&v=23.11.v.9&ship=&sub3=invoke_layer&res=14.501&dev=e&adb=y&uuid=491ce657-6b50-4564-95ce-3ef39dd5616e:2:1/ HTTP/1.1
Host: accommodationcarpetavid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 03:41:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=19406637; expires=Tue, 05 Dec 2023 03:41:46 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTQwNjYzNywiayI6IjMyZjU4ZDk4YWQ4MzM2ZTJhNjA4MGY5M2UyNmU5Nzc4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDcwNzk1LCJwaWQiOjI5NjIyMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozNywiYWlkIjoyOCwicHQiOjUsInBrIjoiem45aHM0d216NyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOnRydWV9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZmxhc3dpc2guY29tL3B6bzRpZmc4OW80diIsImFyIjpbXX19.a1xovSEAM8XJUvY8piUHCsI1Z_pXIc6g5Tvl5lsPwcY; expires=Mon, 04 Dec 2023 03:42:46 GMT
uid_id2=491ce657-6b50-4564-95ce-3ef39dd5616e:2:1/; expires=Mon, 11 Dec 2023 03:41:46 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 015b43e66f4153018f8309d48fd57fa1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

accommodationcarpetavid.com/api/users?token=L3puOWhzNHdtejc_YWRiPXkmZGV2PWUma2V5PTMyZjU4ZDk4YWQ4MzM2ZTJhNjA4MGY5M2UyNmU5Nzc4Jmt3PSU1QiUyNnF1b3QlM0JzdHJlYW13aXNoJTI2cXVvdCUzQiU1RCZwcXlobHM9NDImcHN0PTE3MDE2NjEzNjYmcmVmZXI9aHR0cHMlM0ElMkYlMkZmbGFzd2lzaC5jb20lMkZwem80aWZnODlvNHYmcmVzPTE0LjUwMSZybXRjPXQmc2NySGVpZ2h0PTg0NCZzY3JXaWR0aD0zOTAmc2hpcD0mc2h1PWVmYmFjOWI3OTg0ZDQyNjFiNjA0ZDU0OGM4MzllOTUxYjJkMWM1ZmQxMjkyMDQwYjhiZjMzMzNiYWFjNzU4MGI2NTlhYzI0NjA2M2M0Y2Q4MjBjOGY0MTQ2NzIxNjhmZDg4NGVhYmI4NzJjMzI1MDcyMzAwYzFlMGVjODA2ZDdiMGY3OTgxMGM5MDFlODZiMGYzNGNlYmNjOWY2M2IzMGYxZDQ3NmRlMWNmYmQwNDhjNmZiMDk3OTYzMjgyNDgmc3ViMz1pbnZva2VfbGF5ZXImdHo9LTUmdXVpZD00OTFjZTY1Ny02YjUwLTQ1NjQtOTVjZS0zZWYzOWRkNTYxNmUlM0EyJTNBMSUyRiZ2PTIzLjExLnYuOQ%3D%3D&uuid=491ce657-6b50-4564-95ce-3ef39dd5616e%3A2%3A1%2F&pii=&in=false

173.233.137.60

302 Found

0 B

URL User Request GET HTTP/1.1
accommodationcarpetavid.com/api/users?token=L3puOWhzNHdtejc_YWRiPXkmZGV2PWUma2V5PTMyZjU4ZDk4YWQ4MzM2ZTJhNjA4MGY5M2UyNmU5Nzc4Jmt3PSU1QiUyNnF1b3QlM0JzdHJlYW13aXNoJTI2cXVvdCUzQiU1RCZwcXlobHM9NDImcHN0PTE3MDE2NjEzNjYmcmVmZXI9aHR0cHMlM0ElMkYlMkZmbGFzd2lzaC5jb20lMkZwem80aWZnODlvNHYmcmVzPTE0LjUwMSZybXRjPXQmc2NySGVpZ2h0PTg0NCZzY3JXaWR0aD0zOTAmc2hpcD0mc2h1PWVmYmFjOWI3OTg0ZDQyNjFiNjA0ZDU0OGM4MzllOTUxYjJkMWM1ZmQxMjkyMDQwYjhiZjMzMzNiYWFjNzU4MGI2NTlhYzI0NjA2M2M0Y2Q4MjBjOGY0MTQ2NzIxNjhmZDg4NGVhYmI4NzJjMzI1MDcyMzAwYzFlMGVjODA2ZDdiMGY3OTgxMGM5MDFlODZiMGYzNGNlYmNjOWY2M2IzMGYxZDQ3NmRlMWNmYmQwNDhjNmZiMDk3OTYzMjgyNDgmc3ViMz1pbnZva2VfbGF5ZXImdHo9LTUmdXVpZD00OTFjZTY1Ny02YjUwLTQ1NjQtOTVjZS0zZWYzOWRkNTYxNmUlM0EyJTNBMSUyRiZ2PTIzLjExLnYuOQ%3D%3D&uuid=491ce657-6b50-4564-95ce-3ef39dd5616e%3A2%3A1%2F&pii=&in=false
IP
173.233.137.60:443
ASN
#7979 SERVERS-COM

Certificate
IssuerLet's Encrypt
Subjectaccommodationcarpetavid.com
Fingerprint2C:0E:A8:6E:92:6B:7C:47:43:C8:08:C9:97:DE:98:E8:7B:24:60:0E
ValidityTue, 28 Nov 2023 10:54:07 GMT - Mon, 26 Feb 2024 10:54:06 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L3puOWhzNHdtejc_YWRiPXkmZGV2PWUma2V5PTMyZjU4ZDk4YWQ4MzM2ZTJhNjA4MGY5M2UyNmU5Nzc4Jmt3PSU1QiUyNnF1b3QlM0JzdHJlYW13aXNoJTI2cXVvdCUzQiU1RCZwcXlobHM9NDImcHN0PTE3MDE2NjEzNjYmcmVmZXI9aHR0cHMlM0ElMkYlMkZmbGFzd2lzaC5jb20lMkZwem80aWZnODlvNHYmcmVzPTE0LjUwMSZybXRjPXQmc2NySGVpZ2h0PTg0NCZzY3JXaWR0aD0zOTAmc2hpcD0mc2h1PWVmYmFjOWI3OTg0ZDQyNjFiNjA0ZDU0OGM4MzllOTUxYjJkMWM1ZmQxMjkyMDQwYjhiZjMzMzNiYWFjNzU4MGI2NTlhYzI0NjA2M2M0Y2Q4MjBjOGY0MTQ2NzIxNjhmZDg4NGVhYmI4NzJjMzI1MDcyMzAwYzFlMGVjODA2ZDdiMGY3OTgxMGM5MDFlODZiMGYzNGNlYmNjOWY2M2IzMGYxZDQ3NmRlMWNmYmQwNDhjNmZiMDk3OTYzMjgyNDgmc3ViMz1pbnZva2VfbGF5ZXImdHo9LTUmdXVpZD00OTFjZTY1Ny02YjUwLTQ1NjQtOTVjZS0zZWYzOWRkNTYxNmUlM0EyJTNBMSUyRiZ2PTIzLjExLnYuOQ%3D%3D&uuid=491ce657-6b50-4564-95ce-3ef39dd5616e%3A2%3A1%2F&pii=&in=false HTTP/1.1
Host: accommodationcarpetavid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accommodationcarpetavid.com/zn9hs4wmz7?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=19406637
Cookie: u_pl=19406637; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTQwNjYzNywiayI6IjMyZjU4ZDk4YWQ4MzM2ZTJhNjA4MGY5M2UyNmU5Nzc4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDcwNzk1LCJwaWQiOjI5NjIyMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozNywiYWlkIjoyOCwicHQiOjUsInBrIjoiem45aHM0d216NyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOnRydWV9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZmxhc3dpc2guY29tL3B6bzRpZmc4OW80diIsImFyIjpbXX19.a1xovSEAM8XJUvY8piUHCsI1Z_pXIc6g5Tvl5lsPwcY; uid_id2=491ce657-6b50-4564-95ce-3ef39dd5616e:2:1/; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 03:41:46 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37953&pid=15135578&sref=ADST&ADST=19406637
Set-Cookie: uid_id2=491ce657-6b50-4564-95ce-3ef39dd5616e:2:2; expires=Mon, 11 Dec 2023 03:41:46 GMT
iprc1e4c3481dc1b6dd85f624a9cdc127760=4798635; expires=Tue, 05 Dec 2023 03:41:46 GMT
pdhtkv=true; expires=Tue, 05 Dec 2023 03:41:46 GMT
uncs=1; expires=Tue, 05 Dec 2023 03:41:46 GMT
pdhtkv28=true; expires=Tue, 05 Dec 2023 03:41:46 GMT
uncs28=1; expires=Tue, 05 Dec 2023 03:41:46 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ce41c12e7c25aac78908cfb0a78dea7d
Strict-Transport-Security: max-age=0; includeSubdomains

adserving.unibet.com/redirect.aspx?bid=37953&pid=15135578&sref=ADST&ADST=19406637

13.107.246.53

307 Temporary Redirect

0 B

URL User Request GET HTTP/2
adserving.unibet.com/redirect.aspx?bid=37953&pid=15135578&sref=ADST&ADST=19406637
IP
13.107.246.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?bid=37953&pid=15135578&sref=ADST&ADST=19406637 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://accommodationcarpetavid.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a93676099%2c%22BID%22%3a37953%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1701661306857)%5c%2f%22%2c%22CookieTag%22%3a%223795393676099451240919C2023124341%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210662934427%7c1%22%7d%5d; domain=.unibet.com; expires=Wed, 04-Dec-3022 03:41:46 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 0ekptZQAAAACxbwNcQeSSSbA+dOX3Le/nU1ZHMjBFREdFMDYyMQAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Mon, 04 Dec 2023 03:41:46 GMT
content-length: 0
X-Firefox-Spdy: h2

accommodationcarpetavid.com/favicon.ico

173.233.137.44

0 B

URL
accommodationcarpetavid.com/favicon.ico
IP
173.233.137.44:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: accommodationcarpetavid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://accommodationcarpetavid.com/zn9hs4wmz7?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=19406637
Cookie: u_pl=19406637; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxOTQwNjYzNywiayI6IjMyZjU4ZDk4YWQ4MzM2ZTJhNjA4MGY5M2UyNmU5Nzc4Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyNDcwNzk1LCJwaWQiOjI5NjIyMiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozNywiYWlkIjoyOCwicHQiOjUsInBrIjoiem45aHM0d216NyIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOnRydWV9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vZmxhc3dpc2guY29tL3B6bzRpZmc4OW80diIsImFyIjpbXX19.a1xovSEAM8XJUvY8piUHCsI1Z_pXIc6g5Tvl5lsPwcY; uid_id2=491ce657-6b50-4564-95ce-3ef39dd5616e:2:1/; cjs=t
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 04 Dec 2023 03:41:46 GMT
Content-Type: image/x-icon
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5bd46ce83ee171c9474953a79c9efd6f
Strict-Transport-Security: max-age=0; includeSubdomains

welcome.mariacasino.com/no/pop/casino/2022/slots.png

104.18.43.104

200 OK

6.3 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/slots.png
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
PNG image data, 151 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
6.3 kB (6303 bytes)
Hash
6be047bdf3d103b2414f7f6ab64d96b8
57818bdfe16383abe584b5c30de5f35eb55ebf20
38e2d3e7f261032cf0c558e28555c6425c30aa14014f31bbaad7d5176b7d4449

HTTP Headers

GET /no/pop/casino/2022/slots.png HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: image/png
content-length: 6303
cf-ray: 83010921c877b50c-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 346843
cache-control: public, max-age=900, immutable
etag: "0x8DBB47DF214D12C"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: a+BHvfPRA7JBT39qtk2WuA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a53159bf-701e-0056-7ba2-1de3ed000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/livecasino.png

104.18.43.104

200 OK

21 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/livecasino.png
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
21 kB (20783 bytes)
Hash
87dc3fc9a40a9b0e8fd7c0519ac24f54
908b0ca475f8da1d0380a6cb5caabafce2466aec
a0fd031aa160b2679253c5952576a692e002c6be963c5935af3692ff50206eb4

HTTP Headers

GET /no/pop/casino/2022/livecasino.png HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: image/png
content-length: 20783
cf-ray: 83010921c878b50c-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 257171
cache-control: public, max-age=900, immutable
etag: "0x8DBB47DF2032091"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: h9w/yaQKmw6P18BRmsJPVA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e590e529-401e-004d-2d8c-1eddee000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/games.png

104.18.43.104

200 OK

8.8 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/games.png
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
PNG image data, 234 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
8.8 kB (8838 bytes)
Hash
fbd364c184d1c2af246dd5a3079ce9ed
5c572431ced831a518e0c4adfed4372254f1eac1
2a09f891fb138e893fbc2fe522761e47307376143582e41016bf8aa54c4fdb77

HTTP Headers

GET /no/pop/casino/2022/games.png HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: image/png
content-length: 8838
cf-ray: 83010921c879b50c-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 408787
cache-control: public, max-age=900, immutable
etag: "0x8DBB47DF1FBCEB0"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: +9NkwYTRwq8kbdWjB5zp7Q==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: ed2a491c-501e-006e-5f0a-1d472d000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/mga.png

104.18.43.104

200 OK

1.5 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/mga.png
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
PNG image data, 152 x 60, 8-bit colormap, non-interlaced\012- data
Size
1.5 kB (1454 bytes)
Hash
f34e781d7ad22dc774b98ac82a2b46f6
b66cb9753b0f76a7590f62d3c6b8f645bdbae786
7898ba2cec328d50a75400c1e5a6f1f23974f4c0cc433472a24f28a82c7d01c7

HTTP Headers

GET /no/pop/casino/2022/mga.png HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: image/png
content-length: 1454
cf-ray: 83010921c87ab50c-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 600788
cache-control: public, max-age=900, immutable
etag: "0x8DBB47DF226A8C7"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: 8054HXrSLcd0uYrIKitG9g==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b9ce90da-f01e-0077-3edc-20c796000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953

104.18.43.104

200 OK

4.0 kB

URL User Request GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1019)
Size
4.0 kB (4001 bytes)
Hash
d7de6dfc41501dfac40dacdabbb8e4fa
f551dc3f0fc608b444da2f5bf668e45de369ae97
998cbf2d3fe10848b7988719039f486133ecf2e3801b0742e8ce48ec13c37b3b

HTTP Headers

GET /no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953 HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://accommodationcarpetavid.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: text/html; charset=utf-8
cf-ray: 830109206813b50c-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 17:22:01 GMT
vary: Accept-Encoding
content-md5: 195t/EFQHfrEDazau7jk+g==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 1c07e672-401e-003f-4c63-26daa1000000
x-ms-version: 2014-02-14
set-cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32;max-age=2592000; domain=.mariacasino.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js

23.38.200.237

200 OK

44 kB

URL GET HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (32764)
Size
44 kB (43737 bytes)
Hash
bf8d7656a2457e257e3cf75a01e6a4b7
7c7835b4632ac21ddea281bd2454e4faf08f0ff7
e2992637a3fd258ae2bd64fb199a77155aed36554a4bed9e34ce1bc2958ada1d

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "bf8d7656a2457e257e3cf75a01e6a4b7:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 43737
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 04:41:47 GMT
date: Mon, 04 Dec 2023 03:41:47 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js

142.250.74.138

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
ASCII text, with very long lines (32030)
Size
30 kB (30244 bytes)
Hash
e071abda8fe61194711cfc2ab99fe104
f647a6d37dc4ca055ced3cf64bbc1f490070acba
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

HTTP Headers

GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 12:53:40 GMT
expires: Fri, 29 Nov 2024 12:53:40 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 312487
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js

23.38.200.237

200 OK

228 B

URL GET HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
228 B (228 bytes)
Hash
accfdd9d5be1d7142fabad440365d15f
728b540ea47087d04d502079c76b3f3db8ea289a
32ebaaa3078816891a9efa129824d6ee11c4c8b0ef6e441b28781e7d82b95305

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "accfdd9d5be1d7142fabad440365d15f:1554112916"
last-modified: Mon, 01 Apr 2019 10:01:56 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 228
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 04:41:47 GMT
date: Mon, 04 Dec 2023 03:41:47 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js

23.38.200.237

200 OK

13 kB

URL GET HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (558)
Size
13 kB (12666 bytes)
Hash
18eab16a639a4773572307713440a929
75bd72f7058b2d1d3ede541b2129267b438a73d4
358c5899627cc60f849ddc6860c01aa67b122f478e0d4ef42efd48a4b38c305b

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "18eab16a639a4773572307713440a929:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12666
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 04:41:47 GMT
date: Mon, 04 Dec 2023 03:41:47 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500,700,900

142.250.74.42

200 OK

1.2 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500,700,900
IP
142.250.74.42:443
ASN
#15169 GOOGLE

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintCC:96:E0:52:E0:9B:EA:A9:A0:F8:88:9A:90:20:11:47:61:00:3C:42
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
gzip compressed data, max compression\012- data
Size
1.2 kB (1236 bytes)
Hash
82a943cef6e86e6568d9cadec66e50be
bf39602d6b47ca6b8f8bb5b95c3c0a692dc12efe
703f9da76d00d1761a7bc1bfca63fefb5dffde4fdfcaefc11b1e607a6717e5b0

HTTP Headers

GET /css?family=Roboto:300,400,500,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 04 Dec 2023 03:41:47 GMT
date: Mon, 04 Dec 2023 03:41:47 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

service.maxymiser.net/cdn/unibet/js/mmcore.js

23.36.79.34

404 Not Found

10 B

URL GET HTTP/2
service.maxymiser.net/cdn/unibet/js/mmcore.js
IP
23.36.79.34:443
ASN
#20940 Akamai International B.V.

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerDigiCert Inc
Subject*.maxymiser.net
Fingerprint64:BD:DC:A7:97:53:6E:10:E5:25:0D:F4:A1:AF:7E:26:8B:AC:DD:88
ValidityMon, 27 Nov 2023 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT

File type
ASCII text
Size
10 B (10 bytes)
Hash
7605968e79d0ca095ab1231486d2b814
a007b420d19ceefa840f0373e050e3b51a4ab480
493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b

HTTP Headers

GET /cdn/unibet/js/mmcore.js HTTP/1.1
Host: service.maxymiser.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Mon, 04 Dec 2023 03:41:47 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/main.js

104.18.43.104

200 OK

166 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/main.js
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
Unicode text, UTF-8 text, with very long lines (652)
Size
166 kB (165780 bytes)
Hash
1d428c4a319d11547a23bca572bba4de
f835ad41e9292b07c44d71b42340dbc6bf9a7117
1b8e1c70d65803f31689475ef7d7f6614bb9773bbb475283883e803005f8cc42

HTTP Headers

GET /no/pop/casino/2022/main.js HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 83010921b873b50c-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 603441
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB47DF21F2FDA"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: HUKMSjGdEVR6I7ylcruk3g==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f441e222-a01e-0018-38dc-20cd65000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/BlenderPro-ThinWeb.woff

104.18.43.104

200 OK

50 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/BlenderPro-ThinWeb.woff
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
Web Open Font Format, TrueType, length 49636, version 3.6\012- data
Size
50 kB (49636 bytes)
Hash
37ba84aebad11c2e0acd496eedb0bb76
42942446e1cfab8d0eaf7d23899203b2b2b64fe7
2d7cc2c9c9fef717010fcfa8fa6518079eaec1e63975a74b4fb78afb14d6ee5e

HTTP Headers

GET /no/pop/casino/2022/BlenderPro-ThinWeb.woff HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/styles.css
Cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19696%7CMCMID%7C35987512682070160545695739300574457518%7CMCAID%7CNONE%7CMCOPTOUT-1701668512s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: application/font-woff
content-length: 49636
cf-ray: 83010924f936b50c-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 573419
cache-control: public, max-age=900, immutable
etag: "0x8DBB47DF1CAB3F7"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: N7qErrrRHC4KzUlu7bC7dg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 822ab976-c01e-000e-6f2c-213bb2000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.mariacasino.com/custom.js

104.18.43.104

200 OK

1.5 kB

URL GET HTTP/2
welcome.mariacasino.com/custom.js
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
ASCII text
Size
1.5 kB (1468 bytes)
Hash
01a38820bcebba15c5099a3f76c50033
0dc0dc1fe9789baadc34781115c3de455306a4a6
6d7d9f4e9a44937c4330f759caf658bd1608f1fdac0b3b5bfee3a72af799638b

HTTP Headers

GET /custom.js HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: application/javascript
cf-ray: 83010921c875b50c-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 254421
etag: W/"0x8DA42DC14A64A3D"
last-modified: Tue, 31 May 2022 08:03:43 GMT
vary: Accept-Encoding
content-md5: AaOIILzruhXFCZo/dsUAMw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b7a3ce13-c01e-0031-74b0-1cf311000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/BlenderPro-MediumWeb.woff

104.18.43.104

200 OK

49 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/BlenderPro-MediumWeb.woff
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
Web Open Font Format, TrueType, length 48766, version 3.6\012- data
Size
49 kB (48766 bytes)
Hash
f62793caeb7e5b111d7508b00c0826c2
d003c52a07685156de00186014c777b7dde81573
bac888a26184354a6038eb4ba3d87fdc3315c6e7fe0c19ec7cd1737f1720fc5a

HTTP Headers

GET /no/pop/casino/2022/BlenderPro-MediumWeb.woff HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/styles.css
Cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19696%7CMCMID%7C35987512682070160545695739300574457518%7CMCAID%7CNONE%7CMCOPTOUT-1701668512s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: application/font-woff
content-length: 48766
cf-ray: 83010925093bb50c-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 456371
cache-control: public, max-age=900, immutable
etag: "0x8DBB47DF1B5CF8B"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: 9ieTyut+WxEddQiwDAgmwg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f6f9f935-601e-0028-523d-2273aa000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js

23.38.200.237

200 OK

30 kB

URL GET HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (543)
Size
30 kB (29629 bytes)
Hash
9c4992909a83d52617e9948d1d1c4141
587bbaea138857f086b03f43120795332fe28523
b53ed597b15301969858b376e9946d1664eff3a03549485ea678e9b8c6deaf63

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "9c4992909a83d52617e9948d1d1c4141:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 29629
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 04:41:47 GMT
date: Mon, 04 Dec 2023 03:41:47 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js

23.38.200.237

200 OK

1.2 kB

URL GET HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (502)
Size
1.2 kB (1199 bytes)
Hash
5e8dc588959123c3ee5de9ac168d5c74
a9aed3325d14a8af844706025abbf7076c2d6df8
8bc787ce4fbc3bec820a859ce9a02388d9b923d06227c5614ea771a62ad05dec

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "5e8dc588959123c3ee5de9ac168d5c74:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1199
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 04:41:47 GMT
date: Mon, 04 Dec 2023 03:41:47 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC

142.250.74.168

200 OK

67 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (25136)
Size
67 kB (67304 bytes)
Hash
92d171495e439f65242c49fe1ab31fcb
fab0faf1ea3cb1e57e0bffbbdcffb6422be0c71f
88d5724ba1c2bb46163f114514f8cee2e24c05545a5e2449c3786d4113b13d68

HTTP Headers

GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 03:41:47 GMT
expires: Mon, 04 Dec 2023 03:41:47 GMT
cache-control: private, max-age=900
last-modified: Mon, 04 Dec 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67304
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 07:29:35 GMT
expires: Fri, 29 Nov 2024 07:29:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
age: 331932
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 30 Nov 2023 04:57:34 GMT
expires: Fri, 29 Nov 2024 04:57:34 GMT
cache-control: public, max-age=31536000
age: 341053
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:443
ASN
#15169 GOOGLE

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintE5:79:1F:1A:04:3F:B9:B0:FB:41:4E:B5:E5:97:AD:FE:D9:2C:4A:CD
ValidityMon, 23 Oct 2023 11:24:07 GMT - Mon, 15 Jan 2024 11:24:06 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 29 Nov 2023 21:36:53 GMT
expires: Thu, 28 Nov 2024 21:36:53 GMT
cache-control: public, max-age=31536000
age: 367494
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.mariacasino.com/kindred_snow/s3.7.0/kindred_s.js

85.184.96.0

200 OK

30 kB

URL GET HTTP/2
www.mariacasino.com/kindred_snow/s3.7.0/kindred_s.js
IP
85.184.96.0:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectmariacasino.com
FingerprintD0:21:61:EE:74:5D:D8:D6:F1:19:F9:4E:33:FA:54:88:64:BF:99:CB
ValidityMon, 06 Nov 2023 00:11:24 GMT - Sun, 04 Feb 2024 00:11:23 GMT

File type
gzip compressed data, max speed, from Unix\012- data
Size
30 kB (29678 bytes)
Hash
fad17fc18b2227d9fac6ebc234d1d37f
6b9b663746a58b3666f8f6d1be090b7ce8ca1623
6d4d2b8db37cdd39234a0f9171abc9adee7ec694b150e4469a74f27851479d7d

HTTP Headers

GET /kindred_snow/s3.7.0/kindred_s.js HTTP/1.1
Host: www.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19696%7CMCMID%7C35987512682070160545695739300574457518%7CMCAID%7CNONE%7CMCOPTOUT-1701668512s%7CNONE%7CvVersion%7C3.2.0; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1; uniattr=BLP.1.UT; uniattr_ref="https://accommodationcarpetavid.com/"
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: application/javascript
last-modified: Fri, 01 Dec 2023 15:40:40 GMT
vary: Accept-Encoding
etag: W/"6569fe78-12240"
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=browser_desktop; Domain=www.mariacasino.com; Path=/; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/no-payments.svg

104.18.43.104

200 OK

25 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/no-payments.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
25 kB (24901 bytes)
Hash
7857f5fa35651d9795bac512238caaf4
107c2b86078dd49ffd18c76724bd290018719037
bf1b321fe365e6fdb5429bcebb8a6b5b9ed554d84f4eced5e69cc31038455a81

HTTP Headers

GET /no/pop/casino/2022/no-payments.svg HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19696%7CMCMID%7C35987512682070160545695739300574457518%7CMCAID%7CNONE%7CMCOPTOUT-1701668512s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: image/svg+xml
cf-ray: 83010925c976b50c-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 87507
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB47DF243F062"
last-modified: Wed, 13 Sep 2023 17:22:03 GMT
vary: Accept-Encoding
content-md5: eFf1+jVlHZeVusUSI4yq9A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 1cdcd5fb-701e-0024-5107-20e4a2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js

23.38.200.237

200 OK

4.3 kB

URL GET HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (4659), with no line terminators
Size
4.3 kB (4265 bytes)
Hash
5a735958b1deee13c22eab93b5ced05f
1bfc70e4cbf9053abffda59c9c8f167a940ef02d
7fb406c1a0a19d23435c4851b9095d4aa526c2668f0aa6e99ea073b1e1242ed2

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "6444bceb1b767bea75b4f47d793f7b05:1554112917"
last-modified: Mon, 01 Apr 2019 10:01:57 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1388
cache-control: max-age=3600
expires: Mon, 04 Dec 2023 04:41:48 GMT
date: Mon, 04 Dec 2023 03:41:48 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/maria-logo.svg

104.18.43.104

200 OK

3.5 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/maria-logo.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
SVG Scalable Vector Graphics image\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3630), with no line terminators
Size
3.5 kB (3494 bytes)
Hash
c555f8d5d6661a5a58353a9cbfd5c558
452c5c7b45b1f8e7e420cdf99d00b517ba17bec8
0af04359175453424d6552e534a91df0099dd7852f2f37025ab96d4778bd16f6

HTTP Headers

GET /no/pop/casino/2022/maria-logo.svg HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: image/svg+xml
cf-ray: 83010921c876b50c-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 521271
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB47DF193CDB8"
last-modified: Wed, 13 Sep 2023 17:22:01 GMT
vary: Accept-Encoding
content-md5: A/evXSZJMSEi63VEXU58wA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 6ac808b1-901e-004e-74a6-213c8a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

a1s.unibet.com/orval/tracking/lastclick.min.js

85.184.96.5

200 OK

1.8 kB

URL GET HTTP/2
a1s.unibet.com/orval/tracking/lastclick.min.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text, with very long lines (1881), with no line terminators
Size
1.8 kB (1797 bytes)
Hash
695e4c30089ed5d35b5096257b69bbec
64897f4cdac1a6e4f5d6ed9dcb8b246e3b942841
40fab43e8fa29c9c648a5d56139fe8c35b1fbfb5c826d2fd58c4ceec7a548206

HTTP Headers

GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/background.jpg

104.18.43.104

200 OK

162 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/background.jpg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x800, components 3\012- data
Size
162 kB (161606 bytes)
Hash
aa279ee357b415f50a16127d5c1a7c4d
d1375a6cb87e60f31f609769044af9e6d47775cd
6aa6656d951b443674e2795a2174f6ba5fa711a0f2943830eab9f07cb1e1a809

HTTP Headers

GET /no/pop/casino/2022/background.jpg HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/styles.css
Cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19696%7CMCMID%7C35987512682070160545695739300574457518%7CMCAID%7CNONE%7CMCOPTOUT-1701668512s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: image/jpeg
content-length: 161606
cf-ray: 83010924e933b50c-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 297610
cache-control: public, max-age=900, immutable
etag: "0x8DBB47DF1D5AECE"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: qiee41e0FfUKFhJ9XBp8TQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 944433a8-a01e-0018-43ae-23cd65000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/favicon.ico

104.18.43.104

200 OK

4.3 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/favicon.ico
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size
4.3 kB (4286 bytes)
Hash
75467aea7c9ef09112d57da712792f1c
2fd85767a73ad15745af9ae26f51edae5cf431bf
b65996d71ae18fdc3744b16a5fc11a00e625af41b3506ec798a8e62c2d80dabb

HTTP Headers

GET /no/pop/casino/2022/favicon.ico HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19696%7CMCMID%7C35987512682070160545695739300574457518%7CMCAID%7CNONE%7CMCOPTOUT-1701668512s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1; uniattr=BLP.1.UT; uniattr_ref="https://accommodationcarpetavid.com/"
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:48 GMT
content-type: image/x-icon
cf-ray: 8301092719b5b50c-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 381374
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB47DF1F3E0A4"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: dUZ66nye8JES1X2nEnkvHA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: d68afac7-501e-0041-1361-1d4ae6000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js

85.184.96.5

200 OK

956 B

URL GET HTTP/2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text, with very long lines (1004), with no line terminators
Size
956 B (956 bytes)
Hash
b9cb8178d22ffc80516a6d9acabeb58d
da54c11062c26f9f8692be7b863a177cf9f4c380
ad1567203b26840db6e008cd373a903539f7dd739a026e47bb6d2f7b945444a8

HTTP Headers

GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/styles.css

104.18.43.104

200 OK

13 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/styles.css
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
ASCII text
Size
13 kB (13025 bytes)
Hash
9c7198fae65fdd565a2016879123ca09
e8a4caac57eef46c656b9ce1aeb9067f470baa32
fc67c9b12d5fa444ce772f52e859f6b3388d20adaf2907762eaf5cff4575f918

HTTP Headers

GET /no/pop/casino/2022/styles.css HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_059E6B10E1594851AED317EA7B58DC32&sref=ADST&ADST=19406637&affiliateId=1&pid=93676099&bid=37953
Cookie: btag=127656177_059E6B10E1594851AED317EA7B58DC32
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 03:41:47 GMT
content-type: text/css; charset=utf-8
cf-ray: 83010921b872b50c-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 148896
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB47DF17A7D2B"
last-modified: Wed, 13 Sep 2023 17:22:01 GMT
vary: Accept-Encoding
content-md5: nHGY+uZf3VZaIBaHkSPKCQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 17bf22a3-501e-006e-7067-1f472d000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (43)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by