Report - sntnews3.com/

Report Overview

Submitted URL
sntnews3.com/
IP
143.198.202.122
ASN
#14061 DIGITALOCEAN-ASN
Submitted
2023-02-08 23:52:39
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
28

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	1.1 kB	3.3 kB	142.250.74.106
friendshipmale.com	unknown	2022-10-21T14:15:25Z	2023-03-13T08:33:43Z	279 B	28 kB	172.64.202.23
cm.everesttech.net	996	2017-01-30T05:59:57Z	2023-03-13T05:18:24Z	433 B	488 B	54.229.62.148
magazinesfluentlymercury.com	unknown	2023-02-06T03:32:18Z	2023-03-13T04:04:09Z	377 B	467 B	192.243.61.225
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	59 kB	34.120.237.76
banquetunarmedgrater.com	unknown	2022-08-04T17:12:50Z	2023-03-13T05:26:56Z	293 B	327 B	192.243.61.227
www.mariacasino.nu	unknown	2017-01-23T09:17:56Z	2023-03-07T15:43:41Z	2.2 kB	6.5 kB	85.184.96.0
welcome.mariacasino.nu	unknown	2022-11-08T11:19:16Z	2023-03-13T08:50:05Z	16 kB	308 kB	104.18.24.188
www.sntnews3.com	unknown	2023-01-09T14:17:34Z	2023-01-13T02:13:14Z	6.6 kB	651 kB	143.198.202.122
www.effectivecreativeformat.com	unknown	2022-12-26T09:54:40Z	2023-03-13T04:08:50Z	328 B	10 kB	173.233.137.60
irritateinformantmeddle.com	unknown	2023-02-06T03:33:35Z	2023-03-13T03:57:26Z	2.7 kB	35 kB	192.243.59.13
tapi.optimizely.com	8027	2017-01-29T17:22:12Z	2023-03-13T08:07:38Z	1.0 kB	3.6 kB	2.23.138.210
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	3.5 kB	108 kB	216.58.207.227
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	682 B	1.3 kB	93.184.220.29
unibetlondonltd.d3.sc.omtrdc.net	444877	2017-01-29T22:05:05Z	2023-03-13T08:48:17Z	2.4 kB	996 B	15.236.117.205
errors.client.optimizely.com	7604	2017-01-30T07:09:04Z	2023-03-13T08:11:20Z	1.9 kB	1.3 kB	23.22.52.211
cdn.cloudimagesb.com	23099	2021-02-12T17:15:41Z	2023-03-13T05:15:48Z	402 B	326 B	45.133.44.9
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
sntnews3.com	unknown	2022-12-23T17:02:43Z	2023-02-08T23:17:53Z	344 B	401 B	143.198.202.122
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
cdn.optimizely.com	694	2012-05-20T21:10:20Z	2023-03-13T06:45:18Z	378 B	154 kB	23.38.200.155
a1s.unibet.com	297625	2017-01-30T01:44:42Z	2023-03-13T08:06:57Z	388 B	2.0 kB	85.184.96.5
a10682170820.cdn.optimizely.com	325426	2018-07-18T16:41:24Z	2023-03-13T08:07:38Z	519 B	1.9 kB	104.110.8.48
logx.optimizely.com	1233	2016-10-05T15:33:23Z	2023-03-13T06:45:20Z	469 B	365 B	54.158.40.183
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	3.4 kB	7.0 kB	142.250.74.163
acrossheadquartersanchovy.com	unknown	2022-12-21T02:31:10Z	2023-03-11T17:31:38Z	326 B	10 kB	173.233.137.36
ajax.googleapis.com	12905	2013-08-16T11:51:31Z	2023-03-13T08:37:09Z	398 B	31 kB	216.58.207.202
adpointrtb.com	unknown	2022-08-29T16:47:09Z	2023-03-13T10:27:10Z	2.4 kB	2.6 kB	34.160.190.227
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	388 B	82 kB	142.250.74.40
unibet.demdex.net	338024	2017-01-30T06:50:24Z	2023-03-13T06:55:23Z	981 B	4.3 kB	34.254.165.240
dpm.demdex.net	204	2012-05-22T07:45:05Z	2023-03-13T05:18:25Z	850 B	1.3 kB	34.254.165.240
ocsp.sca1b.amazontrust.com	1015	2017-03-03T16:20:51Z	2019-03-27T05:05:54Z	2.5 kB	6.7 kB	54.230.245.110
competitivepopcheerleader.com	unknown	2023-02-06T03:36:41Z	2023-03-13T09:52:38Z	2.7 kB	18 kB	173.233.139.164
jennyvisits.com	unknown	2023-01-06T11:51:25Z	2023-03-13T07:45:59Z	2.3 kB	4.4 kB	173.233.137.36
adserving.unibet.com	98000	2015-05-26T08:56:53Z	2023-03-13T07:24:32Z	513 B	1.4 kB	23.36.79.11
a1s-cdn.unibet.com	283505	2014-04-23T17:07:51Z	2023-03-13T07:24:33Z	400 B	1.7 kB	85.184.96.5
script.crazyegg.com	1992	2014-10-23T19:42:31Z	2023-03-13T05:27:09Z	395 B	370 B	104.19.148.8
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
assets.adobedtm.com	512	2014-01-28T05:51:35Z	2023-03-13T05:29:24Z	2.8 kB	92 kB	23.38.200.237
service.maxymiser.net	8733	2012-11-14T18:00:33Z	2023-03-13T10:04:26Z	387 B	218 B	23.36.79.34
simplewebanalysis.com	unknown	2022-02-25T05:06:25Z	2023-03-13T08:33:39Z	391 B	408 B	3.120.47.42
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	4.1 kB	11 kB	23.36.76.226
code.jquery.com	634	2012-05-21T19:28:02Z	2023-03-13T05:09:57Z	366 B	85 kB	69.16.175.42
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.42.147.182

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-02-08	medium	friendshipmale.com/sfp.js	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-02-08	medium	effectivecreativeformat.com	Sinkholed
2023-02-08	medium	irritateinformantmeddle.com	Sinkholed
2023-02-08	medium	acrossheadquartersanchovy.com	Sinkholed
2023-02-08	medium	magazinesfluentlymercury.com	Sinkholed
2023-02-08	medium	irritateinformantmeddle.com	Sinkholed
2023-02-08	medium	competitivepopcheerleader.com	Sinkholed
2023-02-08	medium	irritateinformantmeddle.com	Sinkholed
2023-02-08	medium	competitivepopcheerleader.com	Sinkholed
2023-02-08	medium	banquetunarmedgrater.com	Sinkholed
2023-02-08	medium	competitivepopcheerleader.com	Sinkholed
2023-02-08	medium	friendshipmale.com	Sinkholed
2023-02-08	medium	jennyvisits.com	Sinkholed
2023-02-08	medium	jennyvisits.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (66)

	URL	Size	First Seen	Last Seen
	www.sntnews3.com/	92 B	2023-03-13	2023-11-15
Pretty URL www.sntnews3.com/ IP 143.198.202.122 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:01:21 Last Seen2023-11-15 11:35:41 Times Seen2 Hash 25045f1fd41bc9d58ffc0aa33d3c526c 039c20ddaf9943267db22702f7923ebe9508a687 3e16bcf983d516df0201a47b5f1b356f923a9a4bf98bf0bbcc019cae4fe97db5 Loading...

	http:blank	3.3 kB	2023-03-13	2023-03-13
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash 7077407f2a6f4c5978639c38ddc2b3d7 fa7e2734c9cd6482a7ff0f28f5516c9aa42cbf65 d9b2fd8faffb4e18a2cb2f1610209e4808edb334e914ab832e63075a8140e22a Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	667 B	2023-03-07	2023-09-21
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-09-21 14:18:09 Times Seen1578 Hash 2d41aac452b14ef4b388a79a47791b35 cee1071dcf7b8095fe214afc02177dc39bd4f973 44ed144c670270401a2ba9d624c2d98dc2e31c3df30ce612a7c94041cb2210de Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js	2.9 kB	2023-03-07	2024-01-01
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:03 Times Seen62 Hash 5e8dc588959123c3ee5de9ac168d5c74 a9aed3325d14a8af844706025abbf7076c2d6df8 8bc787ce4fbc3bec820a859ce9a02388d9b923d06227c5614ea771a62ad05dec Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	37 kB	2023-03-07	2023-11-06
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-11-06 09:27:16 Times Seen2374 Hash 93db3dee4c43b7d39a245c49591ba4b5 e22687abedfc3b2496fa1b3ba61a2f567f1211b8 0dc951e8d75c93a7d625da52744fcecb22b197c2f92783dd71f1cfead1b9b043 Loading...

	acrossheadquartersanchovy.com/87a32cac5e91c4f7ba650c111d7b1d42/invoke.js	27 kB	2023-03-13	2023-03-13
Pretty URL acrossheadquartersanchovy.com/87a32cac5e91c4f7ba650c111d7b1d42/invoke.js IP 173.233.137.36 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash b1be114a8c7b7e74a8beb67961e5c700 5a9e4e69f0b300b068d42ce3af47a3aa64c23c3a ec40a3bc4e1f287a67eefedea153d284eed8adb170fee790d01f29aa9e7a775b Loading...

	www.sntnews3.com/	192 B	2023-03-13	2023-03-13
Pretty URL www.sntnews3.com/ IP 143.198.202.122 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash 8e1f52983373489732b1b1137526c797 866bb7cd0bf60c8b18b63a55513ee151e88955d7 f4e8130eaba9ef2cd783af75e663003db0550608859ac3f51d1968e14bbcb5b0 Loading...

	http:blank	145 B	2023-03-13	2023-03-13
Pretty URL http:blank IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash 908a6ef3be8eed742f39080caeaa98cc 30e306dfb6c7f441e4e7081598afada6b58d76f5 95fe617ea6c69661f6f26f599848a2fb514bf426a14c11071675641604589f79 Loading...

	www.sntnews3.com/	1.4 kB	2023-03-13	2023-03-13
Pretty URL www.sntnews3.com/ IP 143.198.202.122 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash 145b88d2d8b63df9c374aaccfd1455a6 7c3ee4b755e03bb34bbca5d59b3fe5dbec1c7040 1b8c20ebe35c1f6b8ed3778e34e14fbe0fbfe5621faa12672c4092d83cb0573a Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	499 B	2023-03-07	2024-01-01
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen26 Hash 4b6d2b6491b6df0ef583f49d0882a26e 7fea1a1658513f5bf789a0b42c73f7b6fdcc7f67 2d71070f24532c8088a6e66ef3ce8559809fb60328937057496edc6a24a90a64 Loading...

	a1s.unibet.com/orval/tracking/lastclick.min.js	1.8 kB	2023-03-07	2024-02-01
Pretty URL a1s.unibet.com/orval/tracking/lastclick.min.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2024-02-01 12:23:48 Times Seen5726 Hash 8027969a31091dd0d3a7813f95ee7e10 591677c488b8b98532778e11adc9348253a014a4 5166be250f7de7d316b5fb9778843cc3268ce3e00f917530f65e99dcdb355b60 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	2.6 kB	2023-03-07	2024-02-01
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2024-02-01 12:23:48 Times Seen6831 Hash cd03538fc58df8693fe9af9337788f0f 408a15551710117d0538fc9442a55b5678bb85a5 cc933dd733a6db1a1a9ff1d7c0adb26717fa27d4d177b7a5a2cab0bfdb353562 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	99 B	2023-03-07	2024-01-01
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen26 Hash a0b71a61570e0a349dfee786c9541984 887208153363db9fb19e9818c0fb921e0493f589 7ba916908ab7207eb14152417dca7da44907f0d08c6ea4b6526fb5800d0ac5eb Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	7.5 kB	2023-03-07	2023-04-27
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-04-27 00:24:56 Times Seen338 Hash f11aa08db800dc0e89f963fb3043f461 565fea671f23ae5189aa25ffcc5d0f2e548f72b2 b494d197c2e32274ca7543dd7828afb81a72db96a88da514f5f8ec45f73649ac Loading...

	code.jquery.com/jquery-3.5.0.js	288 kB	2023-03-07	2024-04-19
Pretty URL code.jquery.com/jquery-3.5.0.js IP 69.16.175.42 ASN #20446 STACKPATH-CDN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:28:54 Last Seen2024-04-19 23:47:32 Times Seen1197 Hash 11d6572328c173c395bfa02e3e4d0272 c80ea474aca683117bb6871655c246c6e5d6c3dd aff01a147aeccc9b70a5efad1f2362fd709f3316296ec460d94aa7d31decdb37 Loading...

	www.sntnews3.com/	349 B	2023-03-13	2023-03-13
Pretty URL www.sntnews3.com/ IP 143.198.202.122 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash e6bc9f14e2d83caf70e5fc44adb6117e 269720603848f634375745cb5586e0be431d7828 95a5603de24b32d7ee2c9ff7915be35dad1aa7ccd8a89e7d1995cc7c664627c3 Loading...

	www.sntnews3.com/	348 B	2023-03-13	2023-03-13
Pretty URL www.sntnews3.com/ IP 143.198.202.122 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash 8abdd5d260eef4e434dc425dda5377da 0081b74c702421215069ddd4518077870f64400f ef0d7d62c14b136369e14b7e1ce81608c6a305d0ab5b546ccc170be78d48dcc2 Loading...

	www.sntnews3.com/	81 kB	2023-03-13	2024-02-14
Pretty URL www.sntnews3.com/ IP 143.198.202.122 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:36:19 Last Seen2024-02-14 12:38:56 Times Seen117 Hash f078b3735822602f74a7712c24dd6c65 d28c88aaf6e9e92feb3f114ac64fca47921ceaa2 0dd185233bf66bbe795888809b55d49884c989ba13b8665bf483cd2eb06ee97e Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js	162 kB	2023-03-07	2024-01-01
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:03 Times Seen66 Hash bf8d7656a2457e257e3cf75a01e6a4b7 7c7835b4632ac21ddea281bd2454e4faf08f0ff7 e2992637a3fd258ae2bd64fb199a77155aed36554a4bed9e34ce1bc2958ada1d Loading...

	welcome.mariacasino.nu/custom.js	2.3 kB	2023-03-07	2024-01-01
Pretty URL welcome.mariacasino.nu/custom.js IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen38 Hash 01a38820bcebba15c5099a3f76c50033 0dc0dc1fe9789baadc34781115c3de455306a4a6 6d7d9f4e9a44937c4330f759caf658bd1608f1fdac0b3b5bfee3a72af799638b Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	2.2 kB	2023-03-07	2023-10-02
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1647 Hash c0f99959e76a9ae3302a785606121738 b7121b4e8dfd06a376a210933831917cf22131a7 8635426cb6fbc3d728559ba093c8aa5455f2d5338aefb695ef68aa88a406f615 Loading...

	www.sntnews3.com/wp-content/themes/bam/assets/js/skip-link-focus-fix.js?ver=20151215	685 B	2023-03-07	2024-04-21
Pretty URL www.sntnews3.com/wp-content/themes/bam/assets/js/skip-link-focus-fix.js?ver=20151215 IP 143.198.202.122 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:06 Last Seen2024-04-21 04:30:40 Times Seen3281 Hash 93d421fd7576b0ca9c359ffe2fa16113 eacce35258f14fcd79bea2bc23f4140d25874322 14af47320898bd93f367026f7833c9956f14e24856976e4f9e10be31155cdcf2 Loading...

	jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18319471	357 B	2023-03-07	2023-04-05
Pretty URL jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18319471 IP 173.233.137.36 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 16:21:39 Last Seen2023-04-05 02:08:58 Times Seen138 Hash 7901f5d3ff7ad16e7c532afe4cbd0fdc 7f923233aa6f62ef5897c7700f4d57e0a4c3ead1 fa514b84f8c6fdfcac78e966f7bcf5834de5f364862494cf608d2f637c824db6 Loading...

	adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304	79 B	2023-03-07	2023-04-05
Pretty URL adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304 IP 34.160.190.227 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12:05 Last Seen2023-04-05 01:37:54 Times Seen15 Hash 168378fe54826b995d0aae9ab6676290 2a82588190238e48352c29ff7e2fc8a6198efe4c 5f6ad2059e46fd0c6ab8ab5045e53cba17654b1037b42fca1779b8f73a4d2a57 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	235 B	2023-03-07	2023-06-27
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-06-27 14:28:54 Times Seen842 Hash d7e6cfa80c6d4f83e56972a515a7bc87 54da9ec648815ef2ef225e69c698f4d8a21363bf 94782f5573acd5c9f8a8131ea8ec3e313d02f077e9766508af6aecd952572c58 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	721 B	2023-03-07	2023-06-27
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-06-27 14:28:54 Times Seen839 Hash 9c83e2435e1e8d72ce6b63ef2ff44894 bd04a958ae23aaf1b3d427b9bffaf4d041956be1 3c5e987ccf5ca2a1dbf43e2d257bf114e113add7d384d433055c1261722b06fb Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	277 B	2023-03-07	2023-09-21
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-09-21 14:18:09 Times Seen1576 Hash a06048fa305b7e3bd9b89366aee69071 05699ca86b944c67a0fc3240aeace995d9563200 4bdeff956fa33cb08c22fb884ba60fbb1f06c137b1df07e5f493ae4e3d6f88ff Loading...

	unibet.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26bid%3D37953%26campaignId%3D2397257%26pid%3D74340067	6.7 kB	2023-03-07	2024-03-23
Pretty URL unibet.demdex.net/dest5.html?d_nsid=0#https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26bid%3D37953%26campaignId%3D2397257%26pid%3D74340067 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:36 Last Seen2024-03-23 05:26:10 Times Seen1169 Hash bea2f42512935b636558e81988e2d51f 2c9772b62f6eb8a3cec9c3a6fb9c0b22c927e59d 0cc5ff21c24654308609656ebcfda2d792d15f6fda17c0a88b551fcf8e456fdb Loading...

	competitivepopcheerleader.com/f2/f7/29/f2f729457c1c1a3bab423649ba2eb1c0.js	37 kB	2023-03-13	2023-03-13
Pretty URL competitivepopcheerleader.com/f2/f7/29/f2f729457c1c1a3bab423649ba2eb1c0.js IP 173.233.139.164 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash 139e04978919139a8813e09e6d57eb16 0e4a0f183f70cd6526492931c5ea6b3ffb3fccb7 6023113a7c72a529b1a1b81099b719fe72bb763a653cd6ad67d01df84a914baa Loading...

	jennyvisits.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660	2.1 kB	2023-03-07	2023-04-05
Pretty URL jennyvisits.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:21 Last Seen2023-04-05 02:12:07 Times Seen388 Hash 4fd91164aa79d34ae401150b9f112bbe a09fe46ece27e06c82f059c481090481804461bc e717b18eba32145b270f89fb30d50c51c6fdd7060deff6f467fc8621973123f8 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/main.js	20 kB	2023-03-08	2024-01-01
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/main.js IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:29 Last Seen2024-01-01 00:01:30 Times Seen10 Hash 1d428c4a319d11547a23bca572bba4de f835ad41e9292b07c44d71b42340dbc6bf9a7117 1b8e1c70d65803f31689475ef7d7f6614bb9773bbb475283883e803005f8cc42 Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js	37 kB	2023-03-07	2024-01-01
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:03 Times Seen66 Hash 18eab16a639a4773572307713440a929 75bd72f7058b2d1d3ede541b2129267b438a73d4 358c5899627cc60f849ddc6860c01aa67b122f478e0d4ef42efd48a4b38c305b Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	59 kB	2023-03-07	2023-10-02
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1702 Hash b7fb41ed89500bb6a8f482f91216cfac caf092ff1935a3a13e8608d56ce60c008b498d68 4a2dbda07d552ad5d425033fcd10ccb1addc5140a177cbb0d11bb3f2f7974a8c Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js	4.3 kB	2023-03-07	2024-01-01
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen55 Hash 6444bceb1b767bea75b4f47d793f7b05 173a21cbce9a9c8b73088df59efa6049690a9cbb 7386df477cd87905ec5e618f0d3df193963ec801ff64404cc5023529b16c4d6f Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	2.7 kB	2023-03-07	2023-06-27
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-06-27 14:28:54 Times Seen838 Hash 4f81620c61dcee3796fd3363a5338651 1739f9bd67e9cb64b61159e14a698c4ace82fe69 b7b20a7ae40fdd82ac83c2ed9064230801e050eaccfa28c2c5cc847d34dec6a9 Loading...

	unknown	0 B	2023-03-07	2024-04-23
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-23 17:43:56 Times Seen37023171 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js	956 B	2023-03-07	2024-02-01
Pretty URL a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12:05 Last Seen2024-02-01 12:23:48 Times Seen10503 Hash fd48e87ecd4d06d9c5df490b91dc813e a65a437db44444634e4f41732c590c1d14433b3f 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47 Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js	567 B	2023-03-07	2024-01-01
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:03 Times Seen61 Hash accfdd9d5be1d7142fabad440365d15f 728b540ea47087d04d502079c76b3f3db8ea289a 32ebaaa3078816891a9efa129824d6ee11c4c8b0ef6e441b28781e7d82b95305 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	254 B	2023-03-07	2024-01-01
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen26 Hash f170cd805025c85681b29e0050f512cc a4ef72d85818bc21f6e1c88a077c0c18bc6e1381 bd5188e507cf55e7c15eb20cbd8d0236dc43e19ae230a3317f452b57435a1dd2 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC	240 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash 801b98dd0361ddc33a7f4a65183e1c12 1135b6dfb71242670a0588ce59ff448d53481636 7b62fb59fc5e2c55693f5536019a8f818b541fd0b144db5b0f7f47aad92f5d54 Loading...

	www.effectivecreativeformat.com/4a94d48966a908e26328dbec3cd8c0b3/invoke.js	27 kB	2023-03-13	2023-03-13
Pretty URL www.effectivecreativeformat.com/4a94d48966a908e26328dbec3cd8c0b3/invoke.js IP 173.233.137.60 ASN #7979 SERVERS-COM Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash 981a0be6feb8d0fdfb3238b49771275e 0a6f6a1fadf84b4278ab85c19581da8352801a45 8d05b32662b7f404cec77741c6b01816a2bc421d59cfd646485059419bffa505 Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js	83 kB	2023-03-07	2024-01-01
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:03 Times Seen66 Hash 9c4992909a83d52617e9948d1d1c4141 587bbaea138857f086b03f43120795332fe28523 b53ed597b15301969858b376e9946d1664eff3a03549485ea678e9b8c6deaf63 Loading...

	a10682170820.cdn.optimizely.com/client_storage/a10682170820.html	3.4 kB	2023-03-13	2023-03-13
Pretty URL a10682170820.cdn.optimizely.com/client_storage/a10682170820.html IP 104.110.8.48 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:38:47 Last Seen2023-03-13 21:02:17 Times Seen1 Hash 17570e3c296e4afe2bdf4e878f4fecc1 871ffbd312912d728710e6d182c0ae3eb93f7243 f38363098c8a2691478bec4c842a83e5ade1623921040d98d07ef16598fcdbbb Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	371 B	2023-03-07	2024-01-01
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen26 Hash 0e334c7783ee94b7972386c2b90fc1f5 7ad33ae7aca94796fa4ef67b4c10ac23a9f468f6 1548d1cfdb809ed4c6261e9c9bbadd8dde82c3d3ef8137ff3ff6f6c606677db8 Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	5.4 kB	2023-03-07	2023-08-08
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11:26 Last Seen2023-08-08 14:09:19 Times Seen1025 Hash 26c5eb641d4b8e7a86948e5a397d4203 9bf9b195284806ae56e32f7a0531ad91ad7bf731 aee310721d3d1cb60cdb3e4d714451c5ef94b93e820d0f08bdbb1b04f00d9b73 Loading...

	www.sntnews3.com/	2.1 kB	2023-03-13	2023-03-13
Pretty URL www.sntnews3.com/ IP 143.198.202.122 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash 3eaef590a21fdbc54e47f88dd3cfa639 56be22758a1490f3859f64952154e4f4f7745072 c7547ae71abd1d7ac3d7541a3559ad2e56a30d023098ab59b271b1e50f3ef041 Loading...

	www.sntnews3.com/wp-content/themes/bam/assets/js/main.js?ver=6.1.1	6.7 kB	2023-03-07	2024-03-09
Pretty URL www.sntnews3.com/wp-content/themes/bam/assets/js/main.js?ver=6.1.1 IP 143.198.202.122 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 14:47:53 Last Seen2024-03-09 17:02:47 Times Seen94 Hash 5c59a2975a8473d61638a9c032f7340d e38ca5f41a329efacdc0bde51ce1312fb9d8af2a 8995c8efef07899ca00fdf0b12d8f4548d866791b903bf8eb684dba31566d31d Loading...

	www.sntnews3.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1	19 kB	2023-03-07	2024-04-23
Pretty URL www.sntnews3.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 IP 143.198.202.122 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:08 Last Seen2024-04-23 14:29:05 Times Seen38024 Hash 32beb68a374e3aeac00abdf9e12b84ea b5d18aa625e8696dd9d07cd0869337717b211ae0 5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782 Loading...

	adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304	3.9 kB	2023-03-13	2023-03-13
Pretty URL adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304 IP 34.160.190.227 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash e31fabd8be8d02bf728d294771e7d7c4 579d46166180ada704dfac1919584630ac9f98af 4f53142c26af0a932d24b4365189ebeea8270a3a763e2ba40d9fbc316fb17c6d Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js	87 kB	2023-03-07	2024-04-23
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js IP 216.58.207.202 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:34 Last Seen2024-04-23 10:59:32 Times Seen263354 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067	218 B	2023-03-07	2024-01-01
Pretty URL welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 IP 104.18.24.188 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen26 Hash 9d40d7ddb60f4cb29327b156428e3bd5 88becc38eb4e649c2a9aec175f37b5f8c5016588 8c7e60bea5c4cfc5e2ff1c26e5a7ecbe3efb4452b6f07886ece394031c8682c1 Loading...

		Size	First Seen	Last Seen
	#1 Eval - b63da508a651871a6f1ee309c056b54c	2.1 kB	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash b63da508a651871a6f1ee309c056b54c 85c9b173ff7eaa47c1ca6f47093d1b891b0b6b99 acec1fef586c34b754925fb5f0896a3aaddc6efaf05fe14489f2f7c57436bf28 Loading...

	#2 Eval - 0df47f7ec8a7025bea46266133fe90c1	54 B	2023-03-07	2024-04-17
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2024-04-17 03:22:10 Times Seen1724 Hash 0df47f7ec8a7025bea46266133fe90c1 407aeb860ef834517df3dfa568905e7c95d42d9f fc490a09c28110ae2a7c965801ebeb5c572587f55c3524889f547dbcc34c1d81 Loading...

	#3 Eval - dddc8519e9834ad5d3074584ccf9f8b7	132 B	2023-03-07	2023-10-02
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1711 Hash dddc8519e9834ad5d3074584ccf9f8b7 829d5d1a21eff85f38994e567322cc3bcce9c9cd 0a23e511994a2c03a725773de07810ff171878b9c0177f40a663038e4e251168 Loading...

	#4 Eval - 596da5f7bb09f22c58c4073eb41d604e	62 B	2023-03-07	2023-10-02
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1711 Hash 596da5f7bb09f22c58c4073eb41d604e 66603b30823c3a560dae4f1b6afb92ab5a0f91d5 adf0ca592504ef680d5ea02d5161b15be0572fd3e5b41d152b74f0c76aea6c42 Loading...

	#5 Eval - 4b4768884dd164bcabacb4edf182609a	61 B	2023-03-07	2023-10-02
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1711 Hash 4b4768884dd164bcabacb4edf182609a 881cdbd84f94dc256c40f2ee489d83f956c1b36b 9259355921509ced00b4d7d3e76c151037a06c88a646cd7d47d5d9c96984697c Loading...

	#6 Eval - 632b6f4ebb04824448430ee3507b1506	449 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash 632b6f4ebb04824448430ee3507b1506 b5db98b022165ccb911e3331a41b1d7017dc174b 297a06d796a56641f62115eb45ee92be261491d74d0c9e8fc2cdaa5a0ed60310 Loading...

	#7 Eval - d66a51311c2681be9b2814403d8e8308	60 B	2023-03-07	2023-10-02
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1711 Hash d66a51311c2681be9b2814403d8e8308 284b626b87d046fe1adfc6899ade214d57f09655 9d51544cc513110b130345a977b1e9e630b5a7aa01518f7f7898758b79a9699f Loading...

	#8 Eval - 84b2cd04a3e6a53dd1e2d2281b4ec9d0	55 B	2023-03-07	2023-10-02
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1711 Hash 84b2cd04a3e6a53dd1e2d2281b4ec9d0 453fd8561e4859d9adbbe37e66110d2584bc2c1d 14986cbd70f8b8a1770adf9800c113847daf392c2999dfff9dc71d2be98f3282 Loading...

	#9 Eval - a2bcebb48aaee0300030cf8123020f69	135 B	2023-03-07	2023-10-02
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1711 Hash a2bcebb48aaee0300030cf8123020f69 365d67c7f5ce945805339efb40c083cc97d1f9b2 fc7b851f30df68c5cc6d1fb3f06c300b2b1d7271f76cc187224050270141f0ed Loading...

	#10 Eval - add2d829cf386f4838b0cdef5348451c	71 B	2023-03-07	2023-10-02
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-10-02 17:14:47 Times Seen1710 Hash add2d829cf386f4838b0cdef5348451c c8295463ce81113f7396d77c108349f473285c49 dcdd7e7e286c45c94638f28053384616d6ca9a1b396b0109cb51f1298ba342bb Loading...

	#11 Eval - 127ac839a41bdd9ab92ad47b7411cdaf	29 B	2023-03-08	2024-01-15
Pretty Observations First Seen2023-03-08 14:23:53 Last Seen2024-01-15 00:09:04 Times Seen889 Hash 127ac839a41bdd9ab92ad47b7411cdaf c2f81b12778c909f055c3967caa638b643c4916a b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4 Loading...

	#12 Eval - 52a838bf9957f0cff2021c034f169cb0	88 B	2023-03-07	2023-11-06
Pretty Observations First Seen2023-03-07 01:11:26 Last Seen2023-11-06 09:27:16 Times Seen2384 Hash 52a838bf9957f0cff2021c034f169cb0 30a7327c54334eb310944b6fd01ddf34b4e2ad9d 5e05e2cf30322e8f71d65a22aa5f4a095923b67286a61d83b7787e3468f42f62 Loading...

		Size	First Seen	Last Seen
	#1 Write - 3625d5d97c28d0a27a221e86e2d45d3d	128 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash 3625d5d97c28d0a27a221e86e2d45d3d aedd484dc92131aa3ebfc2cba45cb0df8a31d2f8 51f0bcf3e8333a55757fab5c0f4c7e77baee1f9f108119934e6772b0ce65a9c8 Loading...

	#2 Write - b508801d549c5dda2954831b545c6ef0	126 B	2023-03-13	2023-03-13
Pretty Observations First Seen2023-03-13 20:01:21 Last Seen2023-03-13 20:01:21 Times Seen1 Hash b508801d549c5dda2954831b545c6ef0 0f215bd33ca83866455752a22e3d0f63dbbefc16 544b81f6d9b1b48ca15ff166a99685eec93d6d2e661f8b4a2df0179c66c35e09 Loading...

	#3 Write - 2121cd2a93ea9851057f6734a08c1130	68 B	2023-03-07	2024-01-01
Pretty Observations First Seen2023-03-07 01:14:31 Last Seen2024-01-01 21:58:02 Times Seen36 Hash 2121cd2a93ea9851057f6734a08c1130 68e2ee70c921266930c95e2a4b791d3f1fbb7f16 6604e7359d43375f74af46ce09c369432a8512c1e42b8d301a38091cb668301a Loading...

HTTP Transactions (133)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5391
Expires: Thu, 09 Feb 2023 01:22:19 GMT
Date: Wed, 08 Feb 2023 23:52:28 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6496
Expires: Thu, 09 Feb 2023 01:40:44 GMT
Date: Wed, 08 Feb 2023 23:52:28 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 23:36:45 GMT
content-type: application/json
age: 943
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7394
Expires: Thu, 09 Feb 2023 01:55:42 GMT
Date: Wed, 08 Feb 2023 23:52:28 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: eh7QxJJUtNhWUnBdDapEF7VSvPGM2qAQY9bMylQ1uCoEcDvqsGhmK/MnOYKVolhzjDzRSQT/iKjOyvnxX8KlYw==
x-amz-request-id: 08NFC000N518YRKB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 23:36:08 GMT
age: 980
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

sntnews3.com/

143.198.202.122

301 Moved Permanently

0 B

URL HTTP/1.1
sntnews3.com/
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 08 Feb 2023 23:52:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Cookie
X-Redirect-By: WordPress
Location: http://www.sntnews3.com/
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Referrer-Policy: no-referrer-when-downgrade
Cache-Control: no-cache

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 23:52:28 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 23:51:21 GMT
age: 67
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5795
Expires: Thu, 09 Feb 2023 01:29:03 GMT
Date: Wed, 08 Feb 2023 23:52:28 GMT
Connection: keep-alive

code.jquery.com/jquery-3.5.0.js

69.16.175.42

200 OK

84 kB

URL HTTP/2
code.jquery.com/jquery-3.5.0.js
IP
69.16.175.42:0
ASN
#20446 STACKPATH-CDN

File type
ASCII text
Size
84 kB (84374 bytes)
Hash
14ee67dad9098ec1aa179859a587fc8d
4322dbc7d6f4b69c5dbf94bd9c2517b0cd6f2a67
20d269d3d572dcf932991fa3b49e02e8919b865b632de234e3f7df035005842b

HTTP Headers

GET /jquery-3.5.0.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.sntnews3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:29 GMT
content-encoding: gzip
content-length: 84374
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-463a1"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1675900349.dop227.sk1.t,1675900349.cds001.sk1.hn,1675900349.cds065.sk1.c
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.googleapis.com/css?family=Source+Sans+Pro%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i|Roboto+Condensed%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i%26subset%3Dlatin

142.250.74.106

200 OK

2.1 kB

URL HTTP/2
fonts.googleapis.com/css?family=Source+Sans+Pro%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i|Roboto+Condensed%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i%26subset%3Dlatin
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
data
Size
2.1 kB (2058 bytes)
Hash
e51ed25e06db1b84d576cf04726a8593
5e9864a8865d37c3e7039d2838a3bfb0c33b80d7
f7d0d187c55f501fe5658a76e235a6650ef7de49b202b439cdff088decd003ba

HTTP Headers

GET /css?family=Source+Sans+Pro%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i|Roboto+Condensed%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i%26subset%3Dlatin HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.sntnews3.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 Feb 2023 23:52:29 GMT
date: Wed, 08 Feb 2023 23:52:29 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.sntnews3.com/

143.198.202.122

200 OK

43 kB

URL HTTP/1.1
www.sntnews3.com/
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Size
43 kB (42751 bytes)
Hash
862cfbdd427732682f5720bd7f53440e
75e5fc59261326f1b46239027dfd8694158e89fc
4e22740bc8b3f3433b924895bd2a91313411fecebc9ea2422ef60078f7ab437b

HTTP Headers

GET / HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding, Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Referrer-Policy: no-referrer-when-downgrade
Cache-Control: max-age=3, must-revalidate, no-cache
Content-Encoding: gzip

push.services.mozilla.com/

52.42.147.182

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.42.147.182:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ElMFpdgJ9AuN3qTalNbKGQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bkcfL1Unko8m0utXXUzOpCcrN5E=

www.sntnews3.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1

143.198.202.122

200 OK

12 kB

URL HTTP/1.1
www.sntnews3.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (47826)
Size
12 kB (12518 bytes)
Hash
981383d43a7adb38d6c2bf5286dcd065
e41871905868763178f7d8127e3dfb87909f108f
fceb208fc5a1581abc1926596d5f59fa41e7a7d72027b563303b445cdf7ed126

HTTP Headers

GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: text/css
Last-Modified: Fri, 11 Nov 2022 14:56:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"636e62ad-172a9"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.sntnews3.com/wp-content/themes/bam/assets/js/main.js?ver=6.1.1

143.198.202.122

200 OK

2.2 kB

URL HTTP/1.1
www.sntnews3.com/wp-content/themes/bam/assets/js/main.js?ver=6.1.1
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text
Size
2.2 kB (2221 bytes)
Hash
8bbf64c742a007d4be71a44bdd11b978
e53868a8f86eef1d789755ee56b651ea5eefc61e
1fd453b524e1811bbaec92c820ef0c16e3651116c1e39059ae6bf9d7574e4dfe

HTTP Headers

GET /wp-content/themes/bam/assets/js/main.js?ver=6.1.1 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: application/javascript
Last-Modified: Tue, 03 Jan 2023 12:58:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63b42672-1a5d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.sntnews3.com/wp-includes/css/classic-themes.min.css?ver=1

143.198.202.122

200 OK

217 B

URL HTTP/1.1
www.sntnews3.com/wp-includes/css/classic-themes.min.css?ver=1
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text
Size
217 B (217 bytes)
Hash
95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5

HTTP Headers

GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: text/css
Content-Length: 217
Last-Modified: Tue, 25 Oct 2022 13:45:16 GMT
Connection: keep-alive
ETag: "6357e86c-d9"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

www.sntnews3.com/wp-content/themes/bam/assets/fonts/css/all.min.css?ver=5.15.4

143.198.202.122

200 OK

13 kB

URL HTTP/1.1
www.sntnews3.com/wp-content/themes/bam/assets/fonts/css/all.min.css?ver=5.15.4
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (59119)
Size
13 kB (12857 bytes)
Hash
db6a4c8a3d3fd8305730790b0358e4bd
d6f66a7e2d94809484da64df754cc52a714e2d0f
c91c4312c264e08ab3b16a8cb0b151cf34025d36f99b52d0f61de8733b70733e

HTTP Headers

GET /wp-content/themes/bam/assets/fonts/css/all.min.css?ver=5.15.4 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: text/css
Last-Modified: Tue, 03 Jan 2023 12:58:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63b42672-e7a9"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.sntnews3.com/wp-content/themes/bam/style.css?ver=6.1.1

143.198.202.122

200 OK

11 kB

URL HTTP/1.1
www.sntnews3.com/wp-content/themes/bam/style.css?ver=6.1.1
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (430)
Size
11 kB (10900 bytes)
Hash
ca9f5a4e7501f2d74d0d1f079ca4a860
8bc9a92b24f006e67665f7c418b5dc9e36b47ce9
3f13de4bdd2b332e58db6fe5a7421ee11078465e7cbcf1d977390376d11de36a

HTTP Headers

GET /wp-content/themes/bam/style.css?ver=6.1.1 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: text/css
Last-Modified: Tue, 03 Jan 2023 12:58:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63b42672-d7c6"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.sntnews3.com/wp-content/themes/bam/assets/js/skip-link-focus-fix.js?ver=20151215

143.198.202.122

200 OK

417 B

URL HTTP/1.1
www.sntnews3.com/wp-content/themes/bam/assets/js/skip-link-focus-fix.js?ver=20151215
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text
Size
417 B (417 bytes)
Hash
73f7704398d8f6be9748d30791950984
3231f3786c364c7665cd7123d8fae0f42bbfd836
c1d9b23aff05fb52e5d6e68aff86d808097185c6dbaac6c3fc3ec6e5bea31ef4

HTTP Headers

GET /wp-content/themes/bam/assets/js/skip-link-focus-fix.js?ver=20151215 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: application/javascript
Last-Modified: Tue, 03 Jan 2023 12:58:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63b42672-2ad"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Content-Encoding: gzip

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2

216.58.207.227

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 12924, version 1.0\012- data
Size
13 kB (12924 bytes)
Hash
4610010f425c140b99c88b6819ce1c02
a7e839aa0452ceeb6228de7c15062fe82cc6d1c3
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4

HTTP Headers

GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.sntnews3.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 10:05:58 GMT
expires: Fri, 02 Feb 2024 10:05:58 GMT
cache-control: public, max-age=31536000
age: 567991
last-modified: Wed, 27 Apr 2022 16:02:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2

216.58.207.227

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Size
13 kB (13036 bytes)
Hash
0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0

HTTP Headers

GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.sntnews3.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 Feb 2023 15:38:44 GMT
expires: Tue, 06 Feb 2024 15:38:44 GMT
cache-control: public, max-age=31536000
age: 202425
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.sntnews3.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1

143.198.202.122

200 OK

5.0 kB

URL HTTP/1.1
www.sntnews3.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
ASCII text, with very long lines (15660)
Size
5.0 kB (5004 bytes)
Hash
1b982d290af16dac5885f21a198aaa66
f847ca85d23c2f240938bbde0135f3de97925759
0b6e238cc0728a0bace390dfff472ff8bb5a5fd4714bcfcdac7c28621d67b8dc

HTTP Headers

GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: application/javascript
Last-Modified: Tue, 12 Apr 2022 05:56:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62551487-48b9"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Content-Encoding: gzip

www.effectivecreativeformat.com/4a94d48966a908e26328dbec3cd8c0b3/invoke.js

173.233.137.60

200 OK

9.8 kB

URL HTTP/1.1
www.effectivecreativeformat.com/4a94d48966a908e26328dbec3cd8c0b3/invoke.js
IP
173.233.137.60:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (26994), with no line terminators
Size
9.8 kB (9811 bytes)
Hash
399b4026e18cd6a0373aa08c6b245589
76aa0b23adb8e9dac1244837897bcaab2c82370b
59075b6f2f4245d0cda034cc23a96e95e12cbf52d12cdd4c0b7e8ff53f4be30d

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /4a94d48966a908e26328dbec3cd8c0b3/invoke.js HTTP/1.1
Host: www.effectivecreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sntnews3.com/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 23929c2507b03dbc6cd3bac38beb8b15
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2

216.58.207.227

200 OK

13 kB

URL HTTP/2
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 13052, version 1.0\012- data
Size
13 kB (13052 bytes)
Hash
7cf79fbd1df848510d7352274efc2401
5540b5a26cc7dfe25294c4eabe011e2c6cd60143
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a

HTTP Headers

GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.sntnews3.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13052
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 22:02:03 GMT
expires: Mon, 05 Feb 2024 22:02:03 GMT
cache-control: public, max-age=31536000
age: 265826
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Size
16 kB (15700 bytes)
Hash
3d7f7413fca69bff4d231ebdc50aaab0
cb18e7943b6a8a0e3672d7242197c19a226b92e8
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36

HTTP Headers

GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.sntnews3.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 15:42:36 GMT
expires: Wed, 07 Feb 2024 15:42:36 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
content-type: font/woff2
age: 115793
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.sntnews3.com/wp-content/uploads/2023/01/2-516.jpg

143.198.202.122

200 OK

39 kB

URL HTTP/1.1
www.sntnews3.com/wp-content/uploads/2023/01/2-516.jpg
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 735x400, components 3\012- data
Size
39 kB (38928 bytes)
Hash
65662f3b43d38850fddf7a4027c659d7
e67c006103364cf69a894ec5862a50efb2a96d7a
9b226ba7d9062f58784498d66000365d5e43b65638a3225540c7360ec677abbe

HTTP Headers

GET /wp-content/uploads/2023/01/2-516.jpg HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: image/jpeg
Content-Length: 38928
Last-Modified: Thu, 19 Jan 2023 15:03:28 GMT
Connection: keep-alive
ETag: "63c95bc0-9810"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
a28222744ed7330bea9a621b935adcc1
d6c82547cae9ebf20c9e2534b2b072977d721399
14be94c7e087e140464c8d3cb8b77642c6ed07cde45992faa54d577cf26df94a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 23:52:29 GMT
Last-Modified: Wed, 08 Feb 2023 22:10:59 GMT
Server: ECS (bsa/EB1E)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Oo4ZfItKIzAJhWh5tJ6LkEsr2WeBMrWtD4SIMBzWFwZV3RK7VeO_0A==
Age: 6090

simplewebanalysis.com/stats

3.120.47.42

200 OK

40 B

URL HTTP/2
simplewebanalysis.com/stats
IP
3.120.47.42:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
750ec8442686b30da92227686a7ed178
6e3872506db7ed2cdd6f301b2bdf943071f86427
c6f28cc191b5e301f206ffffe4d8464fa61b1ca743727a9d2d63913354772899

HTTP Headers

GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.sntnews3.com
Connection: keep-alive
Referer: http://www.sntnews3.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:29 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www.sntnews3.com
access-control-allow-credentials: true
set-cookie: uid_id2=8d902f42-0563-4cb3-bc1f-6bf9869e08ac:2:1; expires=Sat, 05 Feb 2033 23:52:29 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

irritateinformantmeddle.com/90/4c/1d/904c1d24438019a1d860b271ee74f861.js

192.243.59.13

200 OK

29 kB

URL HTTP/1.1
irritateinformantmeddle.com/90/4c/1d/904c1d24438019a1d860b271ee74f861.js
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Size
29 kB (28782 bytes)
Hash
2a5fa33ddd5893526d7454c8f616483a
b16c5bf275f1f5a0fbd56e611d377c8e86f794c2
3859eaedceb28a5d008fa1714bca8e9849473a736445bba7240e7bb657ff632a

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /90/4c/1d/904c1d24438019a1d860b271ee74f861.js HTTP/1.1
Host: irritateinformantmeddle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sntnews3.com/

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7d127088fea1a8b68218b200afef1d5e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
170daf6beb9f23541ded52489001d9fd
d2a5c4a70d248135ad0c8c031c87500b189c142f
2ad25c2d41b1032938e209c8a587a7713c9141a6928e27ee272be97c81e60556

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2AD25C2D41B1032938E209C8A587A7713C9141A6928E27EE272BE97C81E60556"
Last-Modified: Wed, 08 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1690
Expires: Thu, 09 Feb 2023 00:20:40 GMT
Date: Wed, 08 Feb 2023 23:52:30 GMT
Connection: keep-alive

acrossheadquartersanchovy.com/87a32cac5e91c4f7ba650c111d7b1d42/invoke.js

173.233.137.36

200 OK

9.8 kB

URL HTTP/1.1
acrossheadquartersanchovy.com/87a32cac5e91c4f7ba650c111d7b1d42/invoke.js
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (26998), with no line terminators
Size
9.8 kB (9811 bytes)
Hash
bb6dc310f4fadb6903ea49ed936ea6a3
d9456ec5e2b13132756e0791aa8d7b302ff49e44
df0124ef5dec86845efcbf19bae10dc894301af67ea133955025d4e343a1733b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /87a32cac5e91c4f7ba650c111d7b1d42/invoke.js HTTP/1.1
Host: acrossheadquartersanchovy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sntnews3.com/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2a5edfaf5052dba3b8567019667f8914
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

magazinesfluentlymercury.com/pixel/purst?dl=0&th=0&sc=0&rs=2171&rd=2171&fd=352&bv=22.10.v.10&tmpl=136

192.243.61.225

200 OK

0 B

URL HTTP/1.1
magazinesfluentlymercury.com/pixel/purst?dl=0&th=0&sc=0&rs=2171&rd=2171&fd=352&bv=22.10.v.10&tmpl=136
IP
192.243.61.225:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /pixel/purst?dl=0&th=0&sc=0&rs=2171&rd=2171&fd=352&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: magazinesfluentlymercury.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sntnews3.com/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range

www.sntnews3.com/wp-content/themes/bam/assets/fonts/webfonts/fa-solid-900.woff2

143.198.202.122

200 OK

78 kB

URL HTTP/1.1
www.sntnews3.com/wp-content/themes/bam/assets/fonts/webfonts/fa-solid-900.woff2
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
Web Open Font Format (Version 2), TrueType, length 78268, version 331.-31196\012- data
Size
78 kB (78268 bytes)
Hash
d824df7eb2e268626a2dd9a6a741ac4e
0ccb2c814a7e4ca12c4778821633809cb0361eaa
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537

HTTP Headers

GET /wp-content/themes/bam/assets/fonts/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.sntnews3.com/wp-content/themes/bam/assets/fonts/css/all.min.css?ver=5.15.4

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: font/woff2
Content-Length: 78268
Last-Modified: Tue, 03 Jan 2023 12:58:26 GMT
Connection: keep-alive
ETag: "63b42672-131bc"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

www.sntnews3.com/wp-content/uploads/2023/01/2-513-890x530.jpg

143.198.202.122

200 OK

93 kB

URL HTTP/1.1
www.sntnews3.com/wp-content/uploads/2023/01/2-513-890x530.jpg
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 890x530, components 3\012- data
Size
93 kB (93122 bytes)
Hash
73da2b9849e1650e936b6c9f5bceeeaa
21464cafddaf3cbecc2de368dd3d6aa4c3f4fcd7
ddb3b5fc31e7703d94b619ef580528466d5239fa10cc66fe4145a86738c36c46

HTTP Headers

GET /wp-content/uploads/2023/01/2-513-890x530.jpg HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: image/jpeg
Content-Length: 93122
Last-Modified: Thu, 19 Jan 2023 14:14:29 GMT
Connection: keep-alive
ETag: "63c95045-16bc2"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16266
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Wed, 08 Feb 2023 23:52:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16266
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Wed, 08 Feb 2023 23:52:30 GMT
Connection: keep-alive

192.243.59.13

307 Temporary Redirect

0 B

URL HTTP/1.1
irritateinformantmeddle.com/watch.708720605560.js?key=4a94d48966a908e26328dbec3cd8c0b3&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.708720605560.js?key=4a94d48966a908e26328dbec3cd8c0b3&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1 HTTP/1.1
Host: irritateinformantmeddle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.sntnews3.com
Connection: keep-alive
Referer: http://www.sntnews3.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.sntnews3.com
Access-Control-Allow-Origin: http://www.sntnews3.com
Access-Control-Allow-Credentials: true
Location: https://irritateinformantmeddle.com/watch.708720605560.js?key=4a94d48966a908e26328dbec3cd8c0b3&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=c539ba9d226a252d46f2619d7e5ac617d7d07bcd9daf9503b7cf03a602ace4a934ec05f3a45bee87241419edf2f7b8ff622f6dbf48d48c94fa43cc7d572737ce7e822be79acdb0378fecdfe78320644630ee5656686f00f6389cbcab044b74&pst=1675900410&rmtc=t
Set-Cookie: u_pl=18163993; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODE2Mzk5MywiayI6IjRhOTRkNDg5NjZhOTA4ZTI2MzI4ZGJlYzNjZDhjMGIzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMTYyOTM1LCJwaWQiOjM3ODU5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoiYTc5cDRkdGF2IiwiY3BrcyI6eyAiMjgiOiI5MDRjMWQyNDQzODAxOWExZDg2MGIyNzFlZTc0Zjg2MSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3d3dy5zbnRuZXdzMy5jb20vIn19.6qySKw-0g60HMjTqbjMR2Cqf1IEYJ-iYFneZHuUvN2o; expires=Wed, 08 Feb 2023 23:53:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d64771be351fadf10ee93aa6996893bf
Strict-Transport-Security: max-age=0; includeSubdomains

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16266
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Wed, 08 Feb 2023 23:52:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
f6d705e8002f95d392a53d1df55c549a
7351c586a15413121ec29aa736533182d85818ce
b9e6075e5f8bf8d14a45546023f43f80df7ee7fee6a13c49eee758d3b6659e14

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9E6075E5F8BF8D14A45546023F43F80DF7EE7FEE6A13C49EEE758D3B6659E14"
Last-Modified: Wed, 08 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9550
Expires: Thu, 09 Feb 2023 02:31:40 GMT
Date: Wed, 08 Feb 2023 23:52:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16266
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Wed, 08 Feb 2023 23:52:30 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg

34.120.237.76

200 OK

9.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.8 kB (9846 bytes)
Hash
1d7814305f961caded310b6f2089219b
efcb6a067bb023865823625e67d9de60d44685e0
3c01637a052e2394774fc8f6dd37a284afaf76b423219ecd26a89c2d8b69c121

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9846
x-amzn-requestid: 4e6cc2be-bc18-4d66-b338-833a05d0d998
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fsaDlGV4oAMFoZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db3d49-14fc32183d3c6afb3a64c27d;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 04:34:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -Gn6wHGlx11IB8EcdbgpJVc-6BTEeIyEDyhrW7fPdCiWqdnQ89k2bQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:11:08 GMT
age: 6082
etag: "efcb6a067bb023865823625e67d9de60d44685e0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4308 bytes)
Hash
113363afa7cfd484dbc115a9f44c1723
2f9dfb845aa919a51a0b5fa9a824ac4845f669be
a91a045600ef2fdebd582ce453a85f7ce0c9f8be7258baf311d0d940de027c20

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4308
x-amzn-requestid: 2d4ce596-9a69-4394-8e10-cd5c54687a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzKZ0F2DoAMF6nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddf10b-6c4fabe01360b8781bdd8e06;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 05:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R_VDTHUaRhwthD0THsWg42L1OF7lZAX3ENsTfV0U7kkn9o0x-mQ_9g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 13:53:53 GMT
age: 35917
etag: "2f9dfb845aa919a51a0b5fa9a824ac4845f669be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11760 bytes)
Hash
9203cfb9f0c1c958dd008eac55a9d3c4
6bdd1047590dd3fb54c15d5d6d38e7c86274b203
09770229be5ff3037708543e3204c66de84253b3a858a83a0e1672a04c0e9cb1

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11760
x-amzn-requestid: b2863a01-4714-4554-a478-5402467b3448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKHc_oAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-1c5a3edf37bc7cc937c800d2;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: euok7HXthk9GEynD8n9wXgf85lD0shxOdtT5VZvj-xHkoxEMxuohmA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:42:38 GMT
age: 7792
etag: "6bdd1047590dd3fb54c15d5d6d38e7c86274b203"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8150 bytes)
Hash
764b732e88dd1e9c1824529b24b3dffc
2ba954a51c2972b267ae0536e343e608aa9aa7f4
a1efdf03b14bb05cf8e407b92476592c35fa2d27c5e66705322abdb4c6412a06

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8150
x-amzn-requestid: 3834493a-4162-4cc9-b67c-541cc9be895b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fwD8IH0TIAMFWqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dcb380-3746ff7b0a6894366efa848e;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 07:10:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HNuUU4SaVvuPbW0clgJa6UZ-0zefgWJWfIJEsz_yCfKiCrx2wsu6vA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 09:58:24 GMT
age: 50046
etag: "2ba954a51c2972b267ae0536e343e608aa9aa7f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.1 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe40cbcc3-f3e1-4c53-87ef-2b07e5039a1c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.1 kB (6061 bytes)
Hash
ea55fd1053c19123cb789a7d14479ccc
45fb06a6feeceff6a06c8c3f37e259ddf6e09820
393290f5ec8379a09da72b2554c30023b688489ffda79f5edfe6f114250ee4c7

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe40cbcc3-f3e1-4c53-87ef-2b07e5039a1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6061
x-amzn-requestid: cf552847-17d0-4820-9711-3fb129090686
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f8xbCG8jIAMF7Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e1c913-0f2af41d6063340d483c3a55;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 03:44:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AhvgnN4mrezDRzaqcb-O0ZGyjW83OcyZd76sLZByQhZDzZgr8Mg-ZA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:15:18 GMT
age: 5832
etag: "45fb06a6feeceff6a06c8c3f37e259ddf6e09820"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12811 bytes)
Hash
bb7c8b758fe17f6c06ce2bebb5008495
032d747cf20951f6ca6fd51489fefd7c09c4948d
835d89e028ec4c85a845f2835cb5eddb9653937f6736e2713b671419474608ed

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12811
x-amzn-requestid: be33f9ef-31cb-4572-9f22-0a433423e195
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChzZFiWIAMFgmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4167b-70ed2a756b8da4372ccc1f83;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:39:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HB03bmBiXVTrYbU01OssMQ_EbKhhFPhoUa-qcze2ZgD9Hr48Q8mEbQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:15:23 GMT
age: 5827
etag: "032d747cf20951f6ca6fd51489fefd7c09c4948d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.sntnews3.com/wp-content/uploads/2023/01/2-515-890x530.jpg

143.198.202.122

200 OK

72 kB

URL HTTP/1.1
www.sntnews3.com/wp-content/uploads/2023/01/2-515-890x530.jpg
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 890x530, components 3\012- data
Size
72 kB (71965 bytes)
Hash
77ba3733a40f9cf12509f4345f2b54d4
8d0ab903bfbc8163f9d22a45c76398f9602a2de7
9b41e4519cf6a42bbc364982c8b2e522e96402d5e9b67612fd497ea44fb6fc96

HTTP Headers

GET /wp-content/uploads/2023/01/2-515-890x530.jpg HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: image/jpeg
Content-Length: 71965
Last-Modified: Thu, 19 Jan 2023 14:44:21 GMT
Connection: keep-alive
ETag: "63c95745-1191d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

competitivepopcheerleader.com/f2/f7/29/f2f729457c1c1a3bab423649ba2eb1c0.js

173.233.139.164

200 OK

13 kB

URL HTTP/1.1
competitivepopcheerleader.com/f2/f7/29/f2f729457c1c1a3bab423649ba2eb1c0.js
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
ASCII text, with very long lines (37150), with no line terminators
Size
13 kB (13409 bytes)
Hash
821e93ce2a63c8fceb1f55e617af63a0
387a232347d056ef04c91339ddf8afb0e983fc1e
ebfe87f5b4c058e05d1e4374307ef9394733b24cd9908df4bf643f52a7c790b4

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /f2/f7/29/f2f729457c1c1a3bab423649ba2eb1c0.js HTTP/1.1
Host: competitivepopcheerleader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sntnews3.com/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ca79843d4ad91269db34f245e41d02d1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.sntnews3.com/wp-content/uploads/2023/01/2-514-890x530.jpg

143.198.202.122

200 OK

94 kB

URL HTTP/1.1
www.sntnews3.com/wp-content/uploads/2023/01/2-514-890x530.jpg
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 890x530, components 3\012- data
Size
94 kB (93557 bytes)
Hash
28e25edcb087b3570c015aa5ed71aa70
75ff44b427e882de57e4324dd8348cea0b500d12
bf1dcf36563dc27f46c3b40ddb0ad989acf793269ac6e038358f3b1a201736f4

HTTP Headers

GET /wp-content/uploads/2023/01/2-514-890x530.jpg HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: image/jpeg
Content-Length: 93557
Last-Modified: Thu, 19 Jan 2023 14:30:49 GMT
Connection: keep-alive
ETag: "63c95419-16d75"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

irritateinformantmeddle.com/watch.708720605560.js?key=4a94d48966a908e26328dbec3cd8c0b3&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=c539ba9d226a252d46f2619d7e5ac617d7d07bcd9daf9503b7cf03a602ace4a934ec05f3a45bee87241419edf2f7b8ff622f6dbf48d48c94fa43cc7d572737ce7e822be79acdb0378fecdfe78320644630ee5656686f00f6389cbcab044b74&pst=1675900410&rmtc=t

192.243.59.13

200 OK

2.1 kB

URL HTTP/1.1
irritateinformantmeddle.com/watch.708720605560.js?key=4a94d48966a908e26328dbec3cd8c0b3&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=c539ba9d226a252d46f2619d7e5ac617d7d07bcd9daf9503b7cf03a602ace4a934ec05f3a45bee87241419edf2f7b8ff622f6dbf48d48c94fa43cc7d572737ce7e822be79acdb0378fecdfe78320644630ee5656686f00f6389cbcab044b74&pst=1675900410&rmtc=t
IP
192.243.59.13:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document text\012- HTML document, ASCII text, with very long lines (2625)
Size
2.1 kB (2092 bytes)
Hash
e13835f06fc441f606458015fd718cb2
9b8059f2bce89032aafd631bfed054fdbf8bad68
eb3c9656138f82ac184da1ed856a59575ec51dce3f843b497fbe4c53d8c3d3af

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.708720605560.js?key=4a94d48966a908e26328dbec3cd8c0b3&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=c539ba9d226a252d46f2619d7e5ac617d7d07bcd9daf9503b7cf03a602ace4a934ec05f3a45bee87241419edf2f7b8ff622f6dbf48d48c94fa43cc7d572737ce7e822be79acdb0378fecdfe78320644630ee5656686f00f6389cbcab044b74&pst=1675900410&rmtc=t HTTP/1.1
Host: irritateinformantmeddle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.sntnews3.com
Referer: http://www.sntnews3.com/
Connection: keep-alive
Cookie: u_pl=18163993; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODE2Mzk5MywiayI6IjRhOTRkNDg5NjZhOTA4ZTI2MzI4ZGJlYzNjZDhjMGIzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMTYyOTM1LCJwaWQiOjM3ODU5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoiYTc5cDRkdGF2IiwiY3BrcyI6eyAiMjgiOiI5MDRjMWQyNDQzODAxOWExZDg2MGIyNzFlZTc0Zjg2MSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3d3dy5zbnRuZXdzMy5jb20vIn19.6qySKw-0g60HMjTqbjMR2Cqf1IEYJ-iYFneZHuUvN2o
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.sntnews3.com
Access-Control-Allow-Origin: http://www.sntnews3.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8d902f42-0563-4cb3-bc1f-6bf9869e08ac:2:1; expires=Wed, 15 Feb 2023 23:52:30 GMT; secure; SameSite=None
iprc61ed947dc122aa9863cb948502b8ed79=3569808; expires=Thu, 09 Feb 2023 03:52:30 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
pdhtkv23=true; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
uncs23=1; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d049c5bcf371c440234b4ec936aefd90
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

www.sntnews3.com/wp-content/uploads/2023/01/2-512.jpg

143.198.202.122

200 OK

67 kB

URL HTTP/1.1
www.sntnews3.com/wp-content/uploads/2023/01/2-512.jpg
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 23.0 (Windows), datetime=2023:01:13 09:19:07], progressive, precision 8, 735x400, components 3\012- data
Size
67 kB (66864 bytes)
Hash
5fd306b29fdd98a4a7e4eb3bfccc8b25
616405959b4392be934048bf8257b272e680d20d
de2eeb3b77936bbf77f97784b673171ac1f84657a6683565b8d031bbe18844fc

HTTP Headers

GET /wp-content/uploads/2023/01/2-512.jpg HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: image/jpeg
Content-Length: 66864
Last-Modified: Thu, 19 Jan 2023 13:44:03 GMT
Connection: keep-alive
ETag: "63c94923-10530"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

173.233.139.164

307 Temporary Redirect

0 B

URL HTTP/1.1
competitivepopcheerleader.com/watch.1225774386650.js?key=87a32cac5e91c4f7ba650c111d7b1d42&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.1225774386650.js?key=87a32cac5e91c4f7ba650c111d7b1d42&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1 HTTP/1.1
Host: competitivepopcheerleader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.sntnews3.com
Connection: keep-alive
Referer: http://www.sntnews3.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.sntnews3.com
Access-Control-Allow-Origin: http://www.sntnews3.com
Access-Control-Allow-Credentials: true
Location: https://competitivepopcheerleader.com/watch.1225774386650.js?key=87a32cac5e91c4f7ba650c111d7b1d42&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=978b21cfc94161a2dc26b3ceede8d28511667625a369fb06e0c1e8117d27af835e5ce172bbe3009313f5e056f57abf399ad273a5e047d4230d64bde930f6e3290360914a8cdf8fbbd9046484e4e3e6b287220203a0caa7e5b146157b18219ff35d5248d6b22b&pst=1675900410&rmtc=t
Set-Cookie: u_pl=18319471; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODMxOTQ3MSwiayI6Ijg3YTMyY2FjNWU5MWM0ZjdiYTY1MGMxMTFkN2IxZDQyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMTYyOTM1LCJwaWQiOjM3ODU5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJzZnZ1aWRjZG4iLCJjcGtzIjp7ICIyOSI6ImYyZjcyOTQ1N2MxYzFhM2JhYjQyMzY0OWJhMmViMWMwIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vd3d3LnNudG5ld3MzLmNvbS8ifX0.SxY-85GSJ8Y2gmgOxHCBMkRVimLq95cH271585yBkKU; expires=Wed, 08 Feb 2023 23:53:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0eba8083e98169764d081658d306339a
Strict-Transport-Security: max-age=0; includeSubdomains

www.sntnews3.com/wp-content/uploads/2023/01/2-510.jpg

143.198.202.122

200 OK

59 kB

URL HTTP/1.1
www.sntnews3.com/wp-content/uploads/2023/01/2-510.jpg
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 735x400, components 3\012- data
Size
59 kB (58695 bytes)
Hash
67ac0417424d88c5b7b04ab0fdbc4d6d
cc55dcb8d3c0bebcf337ec3a7e05ae43e9b81842
a883cdc72d6c373f40b4c4adff1f8a4aa3393aef6294ba36a663675ec3cd4ea4

HTTP Headers

GET /wp-content/uploads/2023/01/2-510.jpg HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: image/jpeg
Content-Length: 58695
Last-Modified: Thu, 19 Jan 2023 13:22:38 GMT
Connection: keep-alive
ETag: "63c9441e-e547"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

banquetunarmedgrater.com/advertisers.js

192.243.61.227

200 OK

0 B

URL HTTP/1.1
banquetunarmedgrater.com/advertisers.js
IP
192.243.61.227:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sntnews3.com/

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cd907bfc5aa19ffe1fd018760934c872
Strict-Transport-Security: max-age=0; includeSubdomains

www.sntnews3.com/wp-content/uploads/2023/01/22-8.webp

143.198.202.122

200 OK

56 kB

URL HTTP/1.1
www.sntnews3.com/wp-content/uploads/2023/01/22-8.webp
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 735x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size
56 kB (55612 bytes)
Hash
fb8fef44dde33aba05749f7c49ea274d
3ba018322947bf06ba933d6290254a814ee51c2a
970a421a5edbfe1d5fdc14f03bc8b997d90a198312b370494b6b8a127690e206

HTTP Headers

GET /wp-content/uploads/2023/01/22-8.webp HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: image/webp
Content-Length: 55612
Last-Modified: Thu, 19 Jan 2023 13:59:04 GMT
Connection: keep-alive
ETag: "63c94ca8-d93c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

competitivepopcheerleader.com/watch.1225774386650.js?key=87a32cac5e91c4f7ba650c111d7b1d42&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=978b21cfc94161a2dc26b3ceede8d28511667625a369fb06e0c1e8117d27af835e5ce172bbe3009313f5e056f57abf399ad273a5e047d4230d64bde930f6e3290360914a8cdf8fbbd9046484e4e3e6b287220203a0caa7e5b146157b18219ff35d5248d6b22b&pst=1675900410&rmtc=t

173.233.139.164

200 OK

636 B

URL HTTP/1.1
competitivepopcheerleader.com/watch.1225774386650.js?key=87a32cac5e91c4f7ba650c111d7b1d42&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=978b21cfc94161a2dc26b3ceede8d28511667625a369fb06e0c1e8117d27af835e5ce172bbe3009313f5e056f57abf399ad273a5e047d4230d64bde930f6e3290360914a8cdf8fbbd9046484e4e3e6b287220203a0caa7e5b146157b18219ff35d5248d6b22b&pst=1675900410&rmtc=t
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document, ASCII text, with very long lines (582)
Size
636 B (636 bytes)
Hash
20b228a10ecf1845f13f7bf141c0577b
4826c9b39d1bb57d2cd807b9d0a893088f255689
2f6e30f9c8d5334efd18ae75615de87d2c3f5e0899e9fbab6d19d1eaa428bf20

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /watch.1225774386650.js?key=87a32cac5e91c4f7ba650c111d7b1d42&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=978b21cfc94161a2dc26b3ceede8d28511667625a369fb06e0c1e8117d27af835e5ce172bbe3009313f5e056f57abf399ad273a5e047d4230d64bde930f6e3290360914a8cdf8fbbd9046484e4e3e6b287220203a0caa7e5b146157b18219ff35d5248d6b22b&pst=1675900410&rmtc=t HTTP/1.1
Host: competitivepopcheerleader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.sntnews3.com
Referer: http://www.sntnews3.com/
Connection: keep-alive
Cookie: u_pl=18319471; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODMxOTQ3MSwiayI6Ijg3YTMyY2FjNWU5MWM0ZjdiYTY1MGMxMTFkN2IxZDQyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMTYyOTM1LCJwaWQiOjM3ODU5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJzZnZ1aWRjZG4iLCJjcGtzIjp7ICIyOSI6ImYyZjcyOTQ1N2MxYzFhM2JhYjQyMzY0OWJhMmViMWMwIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vd3d3LnNudG5ld3MzLmNvbS8ifX0.SxY-85GSJ8Y2gmgOxHCBMkRVimLq95cH271585yBkKU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.sntnews3.com
Access-Control-Allow-Origin: http://www.sntnews3.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8d902f42-0563-4cb3-bc1f-6bf9869e08ac:2:1; expires=Wed, 15 Feb 2023 23:52:30 GMT; secure; SameSite=None
iprca7231108218f4449b7d4feb8ff3f57d0=2717340; expires=Fri, 10 Feb 2023 01:52:30 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
pdhtkv5=true; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
uncs5=1; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8ded0488c1a72cc536ac22575e6bc0fe
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

friendshipmale.com/sfp.js

172.64.202.23

200 OK

28 kB

URL HTTP/1.1
friendshipmale.com/sfp.js
IP
172.64.202.23:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Size
28 kB (27574 bytes)
Hash
b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14

Detections

Analyzer	Verdict	Alert
fortinet	Malware
quad9	Sinkholed

HTTP Headers

GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sntnews3.com/

HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: ca748c3629a5c95dd4315c6d27b98d5b
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 08 Feb 2023 23:52:30 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LNPJZhprtKwQCdMDYAcJRECqYGCafNQ0YNIGuznt6H3KcNG3yTOsD%2FW0x9dG1O1yHFaB%2BOxR0GdRkWLVKL8XAVBK9cnwtK%2Bc8vK%2FaqurIMV80l%2FZSd4D%2BpDqhNcMo6xmO2h1lfA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79684787cfc423e3-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7873316c03b78ff1885778bd0e51ee34
441406bbfb620c4f0da3b3553840e008655aa689
104baaf054240301dbbfc50991ec38e8879a5c49f12e8e82bf3b5b5dc5b2ee33

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "104BAAF054240301DBBFC50991EC38E8879A5C49F12E8E82BF3B5B5DC5B2EE33"
Last-Modified: Wed, 08 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6273
Expires: Thu, 09 Feb 2023 01:37:03 GMT
Date: Wed, 08 Feb 2023 23:52:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b762fe844f6e99ebf7b41ed667512cb0
54cde9824957e39c9e34a893faaac92bf397ab72
abe75e929a9b572764d8a5f1ada4744832216f6312c62218390ee6736788d554

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ABE75E929A9B572764D8A5F1ADA4744832216F6312C62218390EE6736788D554"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14413
Expires: Thu, 09 Feb 2023 03:52:44 GMT
Date: Wed, 08 Feb 2023 23:52:31 GMT
Connection: keep-alive

jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18319471

173.233.137.36

200 OK

1.3 kB

URL HTTP/1.1
jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18319471
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
1.3 kB (1264 bytes)
Hash
dab234a8b31d1d969cc55c257ab5e1f1
77054ab3d9081f33d60664b8a9cff29ac70fa89e
e5f9dca8a03c5294b75769d0cbcdbdf0ae1e8d7b610644ea2299ec02adfdb842

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18319471 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.sntnews3.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Thu, 09 Feb 2023 23:52:31 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTgzMTk0NzEiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3d3dy5zbnRuZXdzMy5jb20vIn19.ObV1UNwHRzr9t6kjsXEEzjzsTfHQqaqGFRILCxNAXvQ; expires=Wed, 08 Feb 2023 23:53:31 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4d0e9e4b0a40d916a3d3eea36e4fb96e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

jennyvisits.com/dyfc1k09?shu=7afe05e8fe9a6954f39f8fe3511f2db1a912b4d34c98a990c67a615818b7369af7806243bde75465b0b92192737be9a91a31ba4ad18fbce3a307861a58bbf7565a202b6b52e3d38f8b7de45efcdeb03ea2413af0ac8c1617dd2aec374e2a6b368a9b&pst=1675900411&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fwww.sntnews3.com%2F&psid=18319471

173.233.137.36

302 Found

0 B

URL HTTP/1.1
jennyvisits.com/dyfc1k09?shu=7afe05e8fe9a6954f39f8fe3511f2db1a912b4d34c98a990c67a615818b7369af7806243bde75465b0b92192737be9a91a31ba4ad18fbce3a307861a58bbf7565a202b6b52e3d38f8b7de45efcdeb03ea2413af0ac8c1617dd2aec374e2a6b368a9b&pst=1675900411&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fwww.sntnews3.com%2F&psid=18319471
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /dyfc1k09?shu=7afe05e8fe9a6954f39f8fe3511f2db1a912b4d34c98a990c67a615818b7369af7806243bde75465b0b92192737be9a91a31ba4ad18fbce3a307861a58bbf7565a202b6b52e3d38f8b7de45efcdeb03ea2413af0ac8c1617dd2aec374e2a6b368a9b&pst=1675900411&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fwww.sntnews3.com%2F&psid=18319471 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jennyvisits.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTgzMTk0NzEiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3d3dy5zbnRuZXdzMy5jb20vIn19.ObV1UNwHRzr9t6kjsXEEzjzsTfHQqaqGFRILCxNAXvQ; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:31 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: http://adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304
Set-Cookie: pdhtkv=true; expires=Thu, 09 Feb 2023 23:52:31 GMT
uncs=1; expires=Thu, 09 Feb 2023 23:52:31 GMT
pdhtkv28=true; expires=Thu, 09 Feb 2023 23:52:31 GMT
uncs28=1; expires=Thu, 09 Feb 2023 23:52:31 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c750efd3f34f3cfe87b6d1f0f59cf6c4
Strict-Transport-Security: max-age=0; includeSubdomains

adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304

34.160.190.227

200 OK

1.9 kB

URL HTTP/1.1
adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304
IP
34.160.190.227:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (738)
Size
1.9 kB (1884 bytes)
Hash
56a7d1407422ccf7d4ade6462480c9ee
9d9ec0d50db476cc93f9e1f116b01bba2e32802a
1839543fa8b40336030a9e8a8e9885cdd0d7c9ae87a0f389846cfcf0f703c489

HTTP Headers

GET /script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304 HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 08 Feb 2023 23:52:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 google

34.160.190.227

302 Moved Temporarily

1 B

URL HTTP/1.1
adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304&treqn=42346345&rpn=1&cbrandom=0.09203421914617571&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=
IP
34.160.190.227:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

HTTP Headers

GET /script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304&treqn=42346345&rpn=1&cbrandom=0.09203421914617571&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref= HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Wed, 08 Feb 2023 23:52:32 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Location: https://adserving.unibet.com/redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=1506755-640691165-0_Adsterra
Via: 1.1 google

adpointrtb.com/favicon.ico

34.160.190.227

200 OK

0 B

URL HTTP/1.1
adpointrtb.com/favicon.ico
IP
34.160.190.227:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

HTTP/1.1 200 OK
Server: openresty
Date: Wed, 08 Feb 2023 23:52:32 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Thu, 10 Dec 2020 09:27:58 GMT
ETag: "5fd1ea1e-0"
Accept-Ranges: bytes
Via: 1.1 google

adserving.unibet.com/redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=1506755-640691165-0_Adsterra

23.36.79.11

307 Temporary Redirect

0 B

URL HTTP/2
adserving.unibet.com/redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=1506755-640691165-0_Adsterra
IP
23.36.79.11:0
ASN
#20940 Akamai International B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=1506755-640691165-0_Adsterra HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.mariacasino.nu/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 08 Feb 2023 23:52:32 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 08 Feb 2023 23:52:32 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74340067%2c%22BID%22%3a37953%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675900352381)%5c%2f%22%2c%22CookieTag%22%3a%223795374340067451240919C2023282352%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228800017047%7c1%22%7d%5d; domain=.unibet.com; expires=Fri, 08-Feb-3022 23:52:32 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=20, origin; dur=34, ak_p; desc="465527_388255495_644806980_5370_3450_1_0";dur=1
X-Firefox-Spdy: h2

www.mariacasino.nu/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953

85.184.96.0

301 Moved Permanently

0 B

URL HTTP/2
www.mariacasino.nu/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953
IP
85.184.96.0:0
ASN
#47171 Unibet Services Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953 HTTP/1.1
Host: www.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
date: Wed, 08 Feb 2023 23:52:32 GMT
content-length: 0
location: https://www.mariacasino.nu:443/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953
set-cookie: JSESSIONID=node01a509hvbtleeg14ttudhniw1zz3745632.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node01a509hvbtleeg14ttudhniw1z; Path=/; Domain=.mariacasino.nu; Expires=Fri, 07-Feb-2025 23:52:32 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.mariacasino.nu; Expires=Fri, 07-Feb-2025 23:52:32 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.mariacasino.nu; Expires=Fri, 07-Feb-2025 23:52:32 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Wed, 08-Feb-2023 23:52:47 GMT; Max-Age=15; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37953; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
PID=74340067; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
CHID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Wed, 08-Feb-2023 23:52:47 GMT; Max-Age=15; Secure; SameSite=None
campaignId=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Wed, 08-Feb-2023 23:52:47 GMT; Max-Age=15; Secure; SameSite=None
clientId=browser_desktop; Domain=www.mariacasino.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Wed, 08 Feb 2023 23:52:32 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2

www.mariacasino.nu/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953

85.184.96.0

301 Moved Permanently

0 B

URL HTTP/2
www.mariacasino.nu/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953
IP
85.184.96.0:0
ASN
#47171 Unibet Services Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953 HTTP/1.1
Host: www.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; clientId=browser_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 301 Moved Permanently
date: Wed, 08 Feb 2023 23:52:32 GMT
content-length: 0
location: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Wed, 08 Feb 2023 23:52:32 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
b5da0090d9e079bd737103f25e2cd02e
87c52a50d0a974093a26d3ed568fc0f1c2d84eb0
6ea97b4e37f9053b6d874e42f5325ca7b57567357b6a4f26ed9b90b3a5edaad8

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:32 GMT
Etag: "63e32850-118"
Server: ECS (amb/6BA8)
Content-Length: 280

welcome.mariacasino.nu/no/pop/casino/2022/slots.png

104.18.24.188

200 OK

6.3 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/slots.png
IP
104.18.24.188:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 151 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
6.3 kB (6303 bytes)
Hash
6be047bdf3d103b2414f7f6ab64d96b8
57818bdfe16383abe584b5c30de5f35eb55ebf20
38e2d3e7f261032cf0c558e28555c6425c30aa14014f31bbaad7d5176b7d4449

HTTP Headers

GET /no/pop/casino/2022/slots.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: image/png
content-length: 6303
cache-control: public, max-age=900, immutable
content-md5: a+BHvfPRA7JBT39qtk2WuA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4ED5BA7"
x-ms-request-id: da131072-401e-003f-7bf7-03daa1000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 123195
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847978fc2b4fa-OSL
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/games.png

104.18.24.188

200 OK

8.8 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/games.png
IP
104.18.24.188:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 234 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
8.8 kB (8838 bytes)
Hash
fbd364c184d1c2af246dd5a3079ce9ed
5c572431ced831a518e0c4adfed4372254f1eac1
2a09f891fb138e893fbc2fe522761e47307376143582e41016bf8aa54c4fdb77

HTTP Headers

GET /no/pop/casino/2022/games.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: image/png
content-length: 8838
cache-control: public, max-age=900, immutable
content-md5: +9NkwYTRwq8kbdWjB5zp7Q==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4D87720"
x-ms-request-id: 56be89e7-801e-0020-22f7-0369a5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 123195
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847978fc5b4fa-OSL
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/mga.png

104.18.24.188

200 OK

1.5 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/mga.png
IP
104.18.24.188:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 152 x 60, 8-bit colormap, non-interlaced\012- data
Size
1.5 kB (1454 bytes)
Hash
f34e781d7ad22dc774b98ac82a2b46f6
b66cb9753b0f76a7590f62d3c6b8f645bdbae786
7898ba2cec328d50a75400c1e5a6f1f23974f4c0cc433472a24f28a82c7d01c7

HTTP Headers

GET /no/pop/casino/2022/mga.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: image/png
content-length: 1454
cache-control: public, max-age=900, immutable
content-md5: 8054HXrSLcd0uYrIKitG9g==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4FEBE45"
x-ms-request-id: aeb20fbe-701e-0034-08f7-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 123195
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847978fc6b4fa-OSL
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/livecasino.png

104.18.24.188

200 OK

21 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/livecasino.png
IP
104.18.24.188:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size
21 kB (20783 bytes)
Hash
87dc3fc9a40a9b0e8fd7c0519ac24f54
908b0ca475f8da1d0380a6cb5caabafce2466aec
a0fd031aa160b2679253c5952576a692e002c6be963c5935af3692ff50206eb4

HTTP Headers

GET /no/pop/casino/2022/livecasino.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: image/png
content-length: 20783
cache-control: public, max-age=900, immutable
content-md5: h9w/yaQKmw6P18BRmsJPVA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4DF7B00"
x-ms-request-id: 2a37beda-301e-0078-10f7-03b1fa000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 123195
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847978fc3b4fa-OSL
X-Firefox-Spdy: h2

welcome.mariacasino.nu/custom.js

104.18.24.188

200 OK

1.5 kB

URL HTTP/2
welcome.mariacasino.nu/custom.js
IP
104.18.24.188:0
ASN
#13335 CLOUDFLARENET

File type
ASCII text
Size
1.5 kB (1464 bytes)
Hash
0d4c12ae13c739deadef215ba71104d9
2464b6b504d6c20b2ee3e40938c908683f05bd45
1b4f5aa8fb0a77c13396f37463c5642aadc59bd79cdfe7713006ad9089dc8c82

HTTP Headers

GET /custom.js HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: application/javascript
content-md5: AaOIILzruhXFCZo/dsUAMw==
last-modified: Tue, 31 May 2022 08:03:43 GMT
etag: W/"0x8DA42DC14A64A3D"
x-ms-request-id: 56b93167-801e-0020-39f6-0369a5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 123802
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847978fbfb4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2

a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js

85.184.96.5

200 OK

956 B

URL HTTP/2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
85.184.96.5:0
ASN
#47171 Unibet Services Limited

File type
ASCII text
Size
956 B (956 bytes)
Hash
fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47

HTTP Headers

GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js

216.58.207.202

200 OK

30 kB

URL HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js
IP
216.58.207.202:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (32030)
Size
30 kB (30244 bytes)
Hash
04ba0252a9f264db106d4eaab8df4ccb
cf52d9b3df7839c5c64fbf33aafeced74b3db750
397852429e768ffbd12a78ce4b94f14e3ab4afabf84acb07c0bb5b7798e6e0b2

HTTP Headers

GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 13:13:42 GMT
expires: Fri, 02 Feb 2024 13:13:42 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 556731
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js

23.38.200.237

200 OK

44 kB

URL HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
exported SGML document, ASCII text, with very long lines (32764)
Size
44 kB (43737 bytes)
Hash
57198fa839fd954656487c5a3bef02a7
060e710714194b067e8a17554de1f056f3c5fa64
0144349d38a845bda08cbc2654f89da13986be57ce76fa7f49488907aa392edd

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "bf8d7656a2457e257e3cf75a01e6a4b7:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 43737
cache-control: max-age=3600
expires: Thu, 09 Feb 2023 00:52:33 GMT
date: Wed, 08 Feb 2023 23:52:33 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js

23.38.200.237

200 OK

228 B

URL HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
228 B (228 bytes)
Hash
f9f61cf08520dbe652f9085c0c5e1a43
f9333020f4b2f0446c5ce4fd69f14433102a71c5
b27cb6d5a43aa222ba4bb45dfeec4211d1ed558d1d552ec160660c01db213782

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "accfdd9d5be1d7142fabad440365d15f:1554112916"
last-modified: Mon, 01 Apr 2019 10:01:56 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 228
cache-control: max-age=3600
expires: Thu, 09 Feb 2023 00:52:33 GMT
date: Wed, 08 Feb 2023 23:52:33 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js

23.38.200.237

200 OK

13 kB

URL HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (558)
Size
13 kB (12666 bytes)
Hash
fbdf335868cbf423af02de87750c1a45
8405d2f9b1b98d830e1b5bb2d8b9cf31460a9cc4
ddc30198d101ed4d7f85eb14fcc0331154807320fe2b2443b814bedc43c4ace4

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "18eab16a639a4773572307713440a929:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Thu, 09 Feb 2023 00:52:33 GMT
date: Wed, 08 Feb 2023 23:52:33 GMT
content-length: 12666
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2

cdn.optimizely.com/js/10682170820.js

23.38.200.155

200 OK

152 kB

URL HTTP/2
cdn.optimizely.com/js/10682170820.js
IP
23.38.200.155:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (65468)
Size
152 kB (152399 bytes)
Hash
6aee723f7c56ff7beaf2d2d3e6c50bf8
b8b85fff519336fc849889de6647faec9fc99e85
417d03b2e6be0db08318d103a53a94bd6518af62a7c459055f6f1454e5543d99

HTTP Headers

GET /js/10682170820.js HTTP/1.1
Host: cdn.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: Wo57ZKxg7MoiHC6VJS7huC4AV6O0EuSDxq+AJDkbt3+bG63jRtFove7RntQafLLffl5iMbnGM3N87Rhzp4ZtNQ==
x-amz-request-id: 5CFW3176S2J1ZPR3
x-amz-replication-status: PENDING
last-modified: Wed, 08 Feb 2023 09:48:39 GMT
etag: "6aee723f7c56ff7beaf2d2d3e6c50bf8"
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 471003
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: UeLBMdg7NMJlmQe8ZRtiDik89A_do674
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
server: AmazonS3
content-length: 152399
vary: Accept-Encoding
cache-control: max-age=120
date: Wed, 08 Feb 2023 23:52:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, cdn;desc="AkamaiION";dur=0,rtt;desc="1";dur=0,cdnip;desc="23.38.200.155";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0, ak_p; desc="465527_388255516_348159336_22_1463_1_0";dur=1
access-control-max-age: 86400
access-control-expose-headers: x-amz-meta-revision
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

a1s.unibet.com/orval/tracking/lastclick.min.js

85.184.96.5

200 OK

1.3 kB

URL HTTP/2
a1s.unibet.com/orval/tracking/lastclick.min.js
IP
85.184.96.5:0
ASN
#47171 Unibet Services Limited

File type
ASCII text, with very long lines (791)
Size
1.3 kB (1315 bytes)
Hash
710e47f5085ecb4ea2c9a83e51966e67
6dcfb572d3c14efce64970e6a9c33f04cc985c08
a3a55fbfdc3b68d6ec876b3954f20144f00ff763489b2f7a2fc32c2b6da6adb1

HTTP Headers

GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

service.maxymiser.net/cdn/unibet/js/mmcore.js

23.36.79.34

404 Not Found

10 B

URL HTTP/2
service.maxymiser.net/cdn/unibet/js/mmcore.js
IP
23.36.79.34:0
ASN
#20940 Akamai International B.V.

File type
ASCII text
Size
10 B (10 bytes)
Hash
7605968e79d0ca095ab1231486d2b814
a007b420d19ceefa840f0373e050e3b51a4ab480
493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b

HTTP Headers

GET /cdn/unibet/js/mmcore.js HTTP/1.1
Host: service.maxymiser.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 404 Not Found
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Wed, 08 Feb 2023 23:52:33 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-ThinWeb.woff

104.18.24.188

200 OK

50 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-ThinWeb.woff
IP
104.18.24.188:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 49636, version 3.6\012- data
Size
50 kB (49636 bytes)
Hash
37ba84aebad11c2e0acd496eedb0bb76
42942446e1cfab8d0eaf7d23899203b2b2b64fe7
2d7cc2c9c9fef717010fcfa8fa6518079eaec1e63975a74b4fb78afb14d6ee5e

HTTP Headers

GET /no/pop/casino/2022/BlenderPro-ThinWeb.woff HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/styles.css
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19397%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1675900410134r0.04588446911638189
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: application/font-woff
content-length: 49636
cache-control: public, max-age=900, immutable
content-md5: N7qErrrRHC4KzUlu7bC7dg==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4AE38F0"
x-ms-request-id: aeb213ea-701e-0034-5af7-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 122941
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7968479a79d6b4fa-OSL
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-MediumWeb.woff

104.18.24.188

200 OK

49 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-MediumWeb.woff
IP
104.18.24.188:0
ASN
#13335 CLOUDFLARENET

File type
Web Open Font Format, TrueType, length 48766, version 3.6\012- data
Size
49 kB (48766 bytes)
Hash
f62793caeb7e5b111d7508b00c0826c2
d003c52a07685156de00186014c777b7dde81573
bac888a26184354a6038eb4ba3d87fdc3315c6e7fe0c19ec7cd1737f1720fc5a

HTTP Headers

GET /no/pop/casino/2022/BlenderPro-MediumWeb.woff HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/styles.css
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19397%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1675900410134r0.04588446911638189
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: application/font-woff
content-length: 48766
cache-control: public, max-age=900, immutable
content-md5: 9ieTyut+WxEddQiwDAgmwg==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: "0x8DAD20EA49C613A"
x-ms-request-id: d866c426-a01e-0018-6bf7-03cd65000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 122941
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7968479a89dfb4fa-OSL
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/background.jpg

104.18.24.188

200 OK

162 kB

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/background.jpg
IP
104.18.24.188:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x800, components 3\012- data
Size
162 kB (161606 bytes)
Hash
aa279ee357b415f50a16127d5c1a7c4d
d1375a6cb87e60f31f609769044af9e6d47775cd
6aa6656d951b443674e2795a2174f6ba5fa711a0f2943830eab9f07cb1e1a809

HTTP Headers

GET /no/pop/casino/2022/background.jpg HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/styles.css
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19397%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1675900410134r0.04588446911638189
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: image/jpeg
content-length: 161606
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
cf-bgj: h2pri
content-md5: qiee41e0FfUKFhJ9XBp8TQ==
etag: "0x8DAD20EA4B90CD2"
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5e1e980c-701e-001b-01f7-032c01000000
x-ms-version: 2014-02-14
cf-cache-status: HIT
age: 123229
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7968479a79d1b4fa-OSL
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js

23.38.200.237

200 OK

30 kB

URL HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (543)
Size
30 kB (29629 bytes)
Hash
d994c7b5e7b348492e630f9e201eed6c
927a06e00f5a9c23d2f9348c013cec4b459effac
7ca2a3f0bb133f07fb5c826b58e48089d90b0ce6e5ab0dce5de73550c5110d80

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "9c4992909a83d52617e9948d1d1c4141:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 29629
cache-control: max-age=3600
expires: Thu, 09 Feb 2023 00:52:33 GMT
date: Wed, 08 Feb 2023 23:52:33 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js

23.38.200.237

200 OK

1.2 kB

URL HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (502)
Size
1.2 kB (1199 bytes)
Hash
0fc50fe0077c2d091ca05aa91daba75f
6a05d944d25fe2dbf36c1fb33a5096bcb1ada25c
4b469a08c52c411065253103c02ea37609c225f2b4c7c3842d90d0c6caa694f3

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "5e8dc588959123c3ee5de9ac168d5c74:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1199
cache-control: max-age=3600
expires: Thu, 09 Feb 2023 00:52:33 GMT
date: Wed, 08 Feb 2023 23:52:33 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 22:02:00 GMT
expires: Mon, 05 Feb 2024 22:02:00 GMT
cache-control: public, max-age=31536000
age: 265833
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC

142.250.74.40

200 OK

81 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (62112)
Size
81 kB (81219 bytes)
Hash
9bcd11b8843cd9b46c696af972be1770
33a29b6cd2c9f53d64053f0ddcea4b9656514fe5
9adaac6b5e63e7d074f414c80f2382cc6ef8a7a14132b0e131f4a86f64f6b6e1

HTTP Headers

GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 Feb 2023 23:52:33 GMT
expires: Wed, 08 Feb 2023 23:52:33 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 Feb 2023 22:05:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81219
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 Feb 2023 10:26:49 GMT
expires: Sun, 04 Feb 2024 10:26:49 GMT
cache-control: public, max-age=31536000
age: 393944
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

216.58.207.227

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
216.58.207.227:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 08 Feb 2023 07:51:59 GMT
expires: Thu, 08 Feb 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 57634
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

a10682170820.cdn.optimizely.com/client_storage/a10682170820.html

104.110.8.48

200 OK

1.0 kB

URL HTTP/2
a10682170820.cdn.optimizely.com/client_storage/a10682170820.html
IP
104.110.8.48:0
ASN
#16625 AKAMAI-AS

File type
HTML document, ASCII text, with very long lines (1979)
Size
1.0 kB (1041 bytes)
Hash
742e155d16b153b32a6122e0a1f9ff2f
b2d28881ba6a69f7e2f6800fba5619d1637ba982
45937bb143dc3304ec902f390a76756c9b0f0c6767e56d91d18e51c969256853

HTTP Headers

GET /client_storage/a10682170820.html HTTP/1.1
Host: a10682170820.cdn.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: ZeY6gA8ECJjPJI0JTgyf8hf4Ffxoofx9eu5F200CaRpPjt0FCJ88cyqCLX9XqLMYzEWcwkFuOK8=
x-amz-request-id: SN5Z461PEC95J65Q
x-amz-replication-status: COMPLETED
last-modified: Wed, 08 Feb 2023 09:48:05 GMT
etag: "8f9559b1fad9570e6fa6d5fb5d420874"
x-amz-server-side-encryption: AES256
x-amz-meta-pci_enabled: False
x-amz-version-id: mVWNngn9QdCRGZ5Wx807EL7Vn5HlvyBX
accept-ranges: bytes
content-type: text/html; charset=utf-8
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=120
x-akamai-transformed: 9 - 0 pmb=mRUM,2
content-encoding: gzip
date: Wed, 08 Feb 2023 23:52:33 GMT
content-length: 1041
server-timing: cdn-cache; desc=HIT, edge; dur=1, cdn;desc="AkamaiION";dur=0,rtt;desc="2";dur=0,cdnip;desc="104.110.8.48";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

welcome.mariacasino.nu/no/pop/casino/2022/favicon.ico

104.18.24.188

200 OK

923 B

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/favicon.ico
IP
104.18.24.188:0
ASN
#13335 CLOUDFLARENET

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size
923 B (923 bytes)
Hash
b45e5ddda3c267cfc25dc8d7b69db8db
9d5535aa362bb85657a1bd4cb801589eead722f1
47a7ee3d46aa45093a23df1cf68a15ea81646ad9b434312a6ac81e6478dd1784

HTTP Headers

GET /no/pop/casino/2022/favicon.ico HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19397%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1675900410134r0.04588446911638189
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: image/x-icon
cache-control: public, max-age=900, immutable
content-md5: dUZ66nye8JES1X2nEnkvHA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: W/"0x8DAD20EA4D12531"
x-ms-request-id: 1b22010b-f01e-0058-65f7-03ca5d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 122932
vary: Accept-Encoding
server: cloudflare
cf-ray: 7968479b4a5db4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2

script.crazyegg.com/pages/scripts/0012/9242.js?465527

104.19.148.8

410 Gone

0 B

URL HTTP/2
script.crazyegg.com/pages/scripts/0012/9242.js?465527
IP
104.19.148.8:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pages/scripts/0012/9242.js?465527 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 410 Gone
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: application/javascript
content-length: 0
last-modified: Wed, 08 Feb 2023 15:00:58 GMT
cache-control: public, max-age=86400, s-maxage=86400
access-control-allow-origin: *
cf-cache-status: HIT
age: 31895
vary: Accept-Encoding
server: cloudflare
cf-ray: 7968479b7db11c0a-OSL
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js

23.38.200.237

200 OK

1.4 kB

URL HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js
IP
23.38.200.237:0
ASN
#16625 AKAMAI-AS

File type
ASCII text
Size
1.4 kB (1388 bytes)
Hash
ab8cdc21adb95a3014aae857022fdce6
c90f3f115de66b8809a88a667225fa5746ca3dfa
2e3db22559903bd6ba695a18b440ff7eeb0a645dc4ab9257c3605f22d144ca51

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "6444bceb1b767bea75b4f47d793f7b05:1554112917"
last-modified: Mon, 01 Apr 2019 10:01:57 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1388
cache-control: max-age=3600
expires: Thu, 09 Feb 2023 00:52:33 GMT
date: Wed, 08 Feb 2023 23:52:33 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
670c45e5df2cb1a24918eec72ca8a714
b063f1b8ba73de1cf331b3e92c2fc171be629f41
b01a01938dbf79206845b3f933789dde6385aa2f27d17fb089f29cd5b771286d

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6435
Cache-Control: max-age=120693
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:34 GMT
Etag: "63e35114-1d7"
Expires: Fri, 10 Feb 2023 09:24:07 GMT
Last-Modified: Wed, 08 Feb 2023 07:36:52 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471

unibet.demdex.net/event?_ts=1675900410493

34.254.165.240

200 OK

28 B

URL HTTP/1.1
unibet.demdex.net/event?_ts=1675900410493
IP
34.254.165.240:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
28 B (28 bytes)
Hash
e5bd7bffaebc3b6f39a51600d7d98448
3126b0beaa77359162cadfebc3ae83b4cf5d04f8
3f4e5ede55abc3d3c77d99cdc5019ccfaf8107ac33328b1e4d3b022cb10b15d8

HTTP Headers

POST /event?_ts=1675900410493 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 63
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-0c554dbd5.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=15842792112532561270965471910306016135; Max-Age=15552000; Expires=Mon, 07 Aug 2023 23:52:34 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: 3zWgKs/9RYE=
Content-Length: 28
Connection: keep-alive

tapi.optimizely.com/api/targeting/10682170820/11101493565/oeu1675900410134r0.04588446911638189

2.23.138.210

200 OK

2.6 kB

URL HTTP/1.1
tapi.optimizely.com/api/targeting/10682170820/11101493565/oeu1675900410134r0.04588446911638189
IP
2.23.138.210:0
ASN
#1299 Telia Company AB

File type
JSON data\012- , ASCII text, with very long lines (27967), with no line terminators
Size
2.6 kB (2638 bytes)
Hash
73e53691d3aa213d6e7b54c53362aed5
f633ba93067f683acc3d22dc22e1697f1599c885
e0b86eb4cf1c930dd28586612b003caf15d3902cbd42d34da0f5b51e00435681

HTTP Headers

GET /api/targeting/10682170820/11101493565/oeu1675900410134r0.04588446911638189 HTTP/1.1
Host: tapi.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Server: nginx/1.15.12
X-Powered-By: Express
Content-Encoding: gzip
Cache-Control: max-age=1200
Date: Wed, 08 Feb 2023 23:52:34 GMT
Content-Length: 2638
Connection: keep-alive
Vary: Origin
Access-Control-Allow-Origin: https://welcome.mariacasino.nu

unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=58169713453114463043729646133355778294&ts=1675900410450

15.236.117.205

200 OK

2 B

URL HTTP/2
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=58169713453114463043729646133355778294&ts=1675900410450
IP
15.236.117.205:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

HTTP Headers

GET /id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=58169713453114463043729646133355778294&ts=1675900410450 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://welcome.mariacasino.nu
access-control-allow-credentials: true
date: Wed, 08 Feb 2023 23:52:34 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

unibet.demdex.net/dest5.html?d_nsid=0

34.254.165.240

200 OK

2.8 kB

URL HTTP/1.1
unibet.demdex.net/dest5.html?d_nsid=0
IP
34.254.165.240:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size
2.8 kB (2791 bytes)
Hash
ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12

HTTP Headers

GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Wed, 8 Feb 2023 23:52:34 GMT
DCS: dcs-prod-irl1-1-v046-06ab52116.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Wed, 8 Feb 2023 11:26:58 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: hE5DhFVDQ7w=
transfer-encoding: chunked
Connection: keep-alive

unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s53555270385732?AQB=1&ndh=1&pf=1&t=8%2F1%2F2023%2023%3A53%3A30%203%200&mid=58169713453114463043729646133355778294&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26bid%3D37953%26campaignId%3D2397257%26pid%3D74340067&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26bid%3D37953%26campaignId%3D2397257%26pid%3D74340067&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=11%3A53%20PM%7CWednesday&v6=11%3A53%20PM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1675900410&v21=Not%20Logged-In&c73=maria&v120=popunder&v121=1%3A81750185%3A74340067-37953&v122=NONE&v124=2397257&v125=81750185_94F8E7AAC2754D14A0A47EE0148FB640&v126=74340067&v127=37953&v134=1675900410&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1

15.236.117.205

200 OK

43 B

URL HTTP/2
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s53555270385732?AQB=1&ndh=1&pf=1&t=8%2F1%2F2023%2023%3A53%3A30%203%200&mid=58169713453114463043729646133355778294&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26bid%3D37953%26campaignId%3D2397257%26pid%3D74340067&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26bid%3D37953%26campaignId%3D2397257%26pid%3D74340067&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=11%3A53%20PM%7CWednesday&v6=11%3A53%20PM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1675900410&v21=Not%20Logged-In&c73=maria&v120=popunder&v121=1%3A81750185%3A74340067-37953&v122=NONE&v124=2397257&v125=81750185_94F8E7AAC2754D14A0A47EE0148FB640&v126=74340067&v127=37953&v134=1675900410&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP
15.236.117.205:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 2 x 2\012- data
Size
43 B (43 bytes)
Hash
ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

HTTP Headers

GET /b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s53555270385732?AQB=1&ndh=1&pf=1&t=8%2F1%2F2023%2023%3A53%3A30%203%200&mid=58169713453114463043729646133355778294&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26bid%3D37953%26campaignId%3D2397257%26pid%3D74340067&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26bid%3D37953%26campaignId%3D2397257%26pid%3D74340067&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=11%3A53%20PM%7CWednesday&v6=11%3A53%20PM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1675900410&v21=Not%20Logged-In&c73=maria&v120=popunder&v121=1%3A81750185%3A74340067-37953&v122=NONE&v124=2397257&v125=81750185_94F8E7AAC2754D14A0A47EE0148FB640&v126=74340067&v127=37953&v134=1675900410&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
date: Wed, 08 Feb 2023 23:52:34 GMT
expires: Tue, 07 Feb 2023 23:52:34 GMT
last-modified: Thu, 09 Feb 2023 23:52:34 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3598968606599020544-4619376402714145200
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
57e2189e39db1881e2420ddad64a1ca3
4c41ef7ec3b33c2cf4a58420700537c8073c9971
29fa92faf146319bbe2aaacee0a2876045ed5e3d02202db318a500d09fa29534

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=143296
Date: Wed, 08 Feb 2023 23:52:34 GMT
Etag: "63e3ab20-1d7"
Expires: Fri, 10 Feb 2023 15:40:50 GMT
Last-Modified: Wed, 08 Feb 2023 14:01:04 GMT
Server: ECS (bsa/EB1E)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5IRX2sUx90Ne-rHbmuhchDSkkdtDMJwgTzy8S6vce9kIeVTvC4ZCFg==
Age: 5986

cm.everesttech.net/cm/dd?d_uuid=58154900698185914193732517155357846893

54.229.62.148

302

0 B

URL HTTP/1.1
cm.everesttech.net/cm/dd?d_uuid=58154900698185914193732517155357846893
IP
54.229.62.148:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cm/dd?d_uuid=58154900698185914193732517155357846893 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 
Date: Wed, 08 Feb 2023 23:52:34 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y_Q1wgAAAI2jWgOY; Domain=.everesttech.net; Expires=Thu, 08-Feb-2024 23:52:34 GMT; Path=/
everest_session_v2="Y@Q1wgAAAI2jWwOY"; Version=1; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY
Server: AMO-cookiemap/1.1

dpm.demdex.net/ibs:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY

34.254.165.240

302 Found

0 B

URL HTTP/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY
IP
34.254.165.240:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ibs:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.mariacasino.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v046-0647cef17.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=41710343996674741334553576270801917578; Max-Age=15552000; Expires=Mon, 07 Aug 2023 23:52:34 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: y+OeBbbLRko=
Content-Length: 0
Connection: keep-alive

dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY

34.254.165.240

200 OK

59 B

URL HTTP/1.1
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY
IP
34.254.165.240:0
ASN
#16509 AMAZON-02

File type
GIF image data, version 89a, 1 x 1\012- data
Size
59 B (59 bytes)
Hash
1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13

HTTP Headers

GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.mariacasino.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v046-09b92f112.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: 0EaSYVYDQFk=
Content-Length: 59
Connection: keep-alive

tapi.optimizely.com/api/js/odds/project/10682170820?project=10682170820

2.23.138.210

200 OK

168 B

URL HTTP/1.1
tapi.optimizely.com/api/js/odds/project/10682170820?project=10682170820
IP
2.23.138.210:0
ASN
#1299 Telia Company AB

File type
JSON data\012- , ASCII text, with no line terminators
Size
168 B (168 bytes)
Hash
7b92c056eea084fe960d8794d6c70a77
79318285c26c4220bbaa81aefbca57f091a20461
cc75a166bb638f022304459d8a9060c384b03bdb1892e7e9f15b6cd6f17fd4d3

HTTP Headers

GET /api/js/odds/project/10682170820?project=10682170820 HTTP/1.1
Host: tapi.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Server: nginx/1.15.12
X-Powered-By: Express
Content-Length: 168
Expires: Wed, 08 Feb 2023 23:52:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 08 Feb 2023 23:52:34 GMT
Connection: keep-alive
X-Uncacheable: WTF
Vary: Origin
Access-Control-Allow-Origin: https://welcome.mariacasino.nu

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
153d6716945675a6f4e2742540f869b4
2beaad9ee8b7c2df183cfa60647ff7d91e626114
a55407174f85fe9a77ebe0b6120f2a71125fa3effe084271af4c6e667fe3eaa4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 23:52:34 GMT
Last-Modified: Wed, 08 Feb 2023 23:03:22 GMT
Server: ECS (nyb/1D05)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: exur3OuFFzspBCTZUv4xftfSa_e9OrgASi9SUlpjuCMQ5FMcULUplw==
Age: 2952

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
153d6716945675a6f4e2742540f869b4
2beaad9ee8b7c2df183cfa60647ff7d91e626114
a55407174f85fe9a77ebe0b6120f2a71125fa3effe084271af4c6e667fe3eaa4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 23:52:34 GMT
Last-Modified: Wed, 08 Feb 2023 23:03:02 GMT
Server: ECS (nyb/1D1D)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UwRHCmCp5LzpMywtIDiVDWrJ76f70__delTSNQDN0tpfR5S0FrxN6A==
Age: 2973

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
153d6716945675a6f4e2742540f869b4
2beaad9ee8b7c2df183cfa60647ff7d91e626114
a55407174f85fe9a77ebe0b6120f2a71125fa3effe084271af4c6e667fe3eaa4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 23:52:34 GMT
Last-Modified: Wed, 08 Feb 2023 23:04:14 GMT
Server: ECS (nyb/1D28)
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jCATZ5urL_SqYS28sCrwjNxpdNg9ewKEhLH9SPcPhEegDAnwGRnn2w==
Age: 2901

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
153d6716945675a6f4e2742540f869b4
2beaad9ee8b7c2df183cfa60647ff7d91e626114
a55407174f85fe9a77ebe0b6120f2a71125fa3effe084271af4c6e667fe3eaa4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=105558
Date: Wed, 08 Feb 2023 23:52:34 GMT
Etag: "63e322be-1d7"
Expires: Fri, 10 Feb 2023 05:11:52 GMT
Last-Modified: Wed, 08 Feb 2023 04:19:10 GMT
Server: ECS (nyb/1D27)
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ZaCopNGddqzyOuaItxcK41n87iWFXIeL2tEu_p8HSCqj15amwlFNRg==
Age: 3162

errors.client.optimizely.com/log

23.22.52.211

200 OK

13 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
23.22.52.211:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

HTTP Headers

OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Wed, 08 Feb 2023 23:52:34 GMT
Content-Length: 13
Connection: keep-alive

errors.client.optimizely.com/log

23.22.52.211

200 OK

13 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
23.22.52.211:0
ASN
#14618 AMAZON-AES

File type
ASCII text, with no line terminators
Size
13 B (13 bytes)
Hash
1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12

HTTP Headers

OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Wed, 08 Feb 2023 23:52:34 GMT
Content-Length: 13
Connection: keep-alive

errors.client.optimizely.com/log

23.22.52.211

204 No Content

0 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
23.22.52.211:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 435
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: 
Content-Type: text/plain
Date: Wed, 08 Feb 2023 23:52:34 GMT
Connection: keep-alive

errors.client.optimizely.com/log

23.22.52.211

204 No Content

0 B

URL HTTP/1.1
errors.client.optimizely.com/log
IP
23.22.52.211:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 480
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: 
Content-Type: text/plain
Date: Wed, 08 Feb 2023 23:52:34 GMT
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

54.230.245.110

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.110:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
4eb05b6b5e5ebdeaa575b76015736f3e
73dcc26acb95261d68e520753769cf5d81d34c7c
2d46f80640eb7a83f99229e6c125b9d07d24bad1deae4b6efc193a5f77e6d5c2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 23:52:34 GMT
Last-Modified: Wed, 08 Feb 2023 22:44:30 GMT
Server: ECS (nyb/1D18)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: e9sbehj9QXTeD7lWsn7CPLgBVt8Pyjizv6tJaY7oLT9gQteeF_MaOQ==
Age: 4084

logx.optimizely.com/v1/events

54.158.40.183

204 No Content

0 B

URL HTTP/1.1
logx.optimizely.com/v1/events
IP
54.158.40.183:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /v1/events HTTP/1.1
Host: logx.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 741
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: X-Results-Data-Source
Content-Type: text/plain
Date: Wed, 08 Feb 2023 23:52:35 GMT
Server: nginx/1.21.0
Timing-Allow-Origin: *
X-Request-Id: eef95cca-b7ce-4764-8f96-f5fc8384a5c3
Connection: keep-alive

welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067

104.18.24.188

200 OK

0 B

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
IP
104.18.24.188:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: L2akXslp2trAwResQfYe7w==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
x-ms-request-id: a8195ede-c01e-0053-5d18-3c3136000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
set-cookie: btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640;max-age=2592000; domain=.mariacasino.nu;path=/;secure;samesite=none;httponly
server: cloudflare
cf-ray: 79684796aeeeb4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/maria-logo.svg

104.18.24.188

200 OK

0 B

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/maria-logo.svg
IP
104.18.24.188:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /no/pop/casino/2022/maria-logo.svg HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: A/evXSZJMSEi63VEXU58wA==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: W/"0x8DAD20EA476B63E"
x-ms-request-id: 5a1280b9-401e-0062-10f7-03d025000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 123195
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847978fc0b4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500,700,900

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500,700,900
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:300,400,500,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 Feb 2023 23:52:33 GMT
date: Wed, 08 Feb 2023 23:52:33 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.sntnews3.com/wp-content/uploads/2023/01/2-511.jpg

143.198.202.122

200 OK

0 B

URL HTTP/1.1
www.sntnews3.com/wp-content/uploads/2023/01/2-511.jpg
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/uploads/2023/01/2-511.jpg HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: image/jpeg
Content-Length: 69632
Last-Modified: Thu, 19 Jan 2023 13:34:53 GMT
Connection: keep-alive
ETag: "63c946fd-11000"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png

45.133.44.9

200 OK

0 B

URL HTTP/2
cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
IP
45.133.44.9:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:30 GMT
content-type: image/png
content-length: 105910
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Fri, 10 Feb 2023 23:52:30 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.sntnews3.com/wp-content/themes/bam/assets/fonts/webfonts/fa-regular-400.woff2

143.198.202.122

200 OK

0 B

URL HTTP/1.1
www.sntnews3.com/wp-content/themes/bam/assets/fonts/webfonts/fa-regular-400.woff2
IP
143.198.202.122:0
ASN
#14061 DIGITALOCEAN-ASN

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /wp-content/themes/bam/assets/fonts/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.sntnews3.com/wp-content/themes/bam/assets/fonts/css/all.min.css?ver=5.15.4

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: font/woff2
Content-Length: 13224
Last-Modified: Tue, 03 Jan 2023 12:58:26 GMT
Connection: keep-alive
ETag: "63b42672-33a8"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes

welcome.mariacasino.nu/no/pop/casino/2022/styles.css

104.18.24.188

200 OK

0 B

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/styles.css
IP
104.18.24.188:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /no/pop/casino/2022/styles.css HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: nHGY+uZf3VZaIBaHkSPKCQ==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: W/"0x8DAD20EA45DDAAB"
x-ms-request-id: 4ad10bc9-001e-002e-3ef7-034015000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 123195
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847977faab4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2

welcome.mariacasino.nu/no/pop/casino/2022/main.js

104.18.24.188

200 OK

0 B

URL HTTP/2
welcome.mariacasino.nu/no/pop/casino/2022/main.js
IP
104.18.24.188:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /no/pop/casino/2022/main.js HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: HUKMSjGdEVR6I7ylcruk3g==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: W/"0x8DAD20EA4F7BA6F"
x-ms-request-id: 5a127d26-401e-0062-37f7-03d025000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 589495
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847978fbcb4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (66)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML