r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5391
Expires: Thu, 09 Feb 2023 01:22:19 GMT
Date: Wed, 08 Feb 2023 23:52:28 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6496
Expires: Thu, 09 Feb 2023 01:40:44 GMT
Date: Wed, 08 Feb 2023 23:52:28 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 23:36:45 GMT
content-type: application/json
age: 943
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7394
Expires: Thu, 09 Feb 2023 01:55:42 GMT
Date: Wed, 08 Feb 2023 23:52:28 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: eh7QxJJUtNhWUnBdDapEF7VSvPGM2qAQY9bMylQ1uCoEcDvqsGhmK/MnOYKVolhzjDzRSQT/iKjOyvnxX8KlYw==
x-amz-request-id: 08NFC000N518YRKB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 23:36:08 GMT
age: 980
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
sntnews3.com/
143.198.202.122301 Moved Permanently 0 B IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 08 Feb 2023 23:52:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Cookie
X-Redirect-By: WordPress
Location: http://www.sntnews3.com/
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Referrer-Policy: no-referrer-when-downgrade
Cache-Control: no-cache
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 23:52:28 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 23:51:21 GMT
age: 67
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5795
Expires: Thu, 09 Feb 2023 01:29:03 GMT
Date: Wed, 08 Feb 2023 23:52:28 GMT
Connection: keep-alive
code.jquery.com/jquery-3.5.0.js
69.16.175.42200 OK 84 kB URL HTTP/2 code.jquery.com/jquery-3.5.0.js
IP 69.16.175.42:0
Hash 14ee67dad9098ec1aa179859a587fc8d
4322dbc7d6f4b69c5dbf94bd9c2517b0cd6f2a67
20d269d3d572dcf932991fa3b49e02e8919b865b632de234e3f7df035005842b
GET /jquery-3.5.0.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.sntnews3.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:29 GMT
content-encoding: gzip
content-length: 84374
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-463a1"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1675900349.dop227.sk1.t,1675900349.cds001.sk1.hn,1675900349.cds065.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Source+Sans+Pro%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i|Roboto+Condensed%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i%26subset%3Dlatin
142.250.74.106200 OK 2.1 kB URL HTTP/2 fonts.googleapis.com/css?family=Source+Sans+Pro%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i|Roboto+Condensed%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i%26subset%3Dlatin
IP 142.250.74.106:0
Hash e51ed25e06db1b84d576cf04726a8593
5e9864a8865d37c3e7039d2838a3bfb0c33b80d7
f7d0d187c55f501fe5658a76e235a6650ef7de49b202b439cdff088decd003ba
GET /css?family=Source+Sans+Pro%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i|Roboto+Condensed%3A100%2C200%2C300%2C400%2C500%2C600%2C700%2C800%2C900%2C100i%2C200i%2C300i%2C400i%2C500i%2C600i%2C700i%2C800i%2C900i%26subset%3Dlatin HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.sntnews3.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 Feb 2023 23:52:29 GMT
date: Wed, 08 Feb 2023 23:52:29 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.sntnews3.com/
143.198.202.122200 OK 43 kB IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (9381), with CRLF, LF line terminators
Hash 862cfbdd427732682f5720bd7f53440e
75e5fc59261326f1b46239027dfd8694158e89fc
4e22740bc8b3f3433b924895bd2a91313411fecebc9ea2422ef60078f7ab437b
GET / HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Accept-Encoding, Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Referrer-Policy: no-referrer-when-downgrade
Cache-Control: max-age=3, must-revalidate, no-cache
Content-Encoding: gzip
push.services.mozilla.com/
52.42.147.182101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.42.147.182:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: ElMFpdgJ9AuN3qTalNbKGQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: bkcfL1Unko8m0utXXUzOpCcrN5E=
www.sntnews3.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
143.198.202.122200 OK 12 kB URL HTTP/1.1 www.sntnews3.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (47826)
Hash 981383d43a7adb38d6c2bf5286dcd065
e41871905868763178f7d8127e3dfb87909f108f
fceb208fc5a1581abc1926596d5f59fa41e7a7d72027b563303b445cdf7ed126
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: text/css
Last-Modified: Fri, 11 Nov 2022 14:56:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"636e62ad-172a9"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www.sntnews3.com/wp-content/themes/bam/assets/js/main.js?ver=6.1.1
143.198.202.122200 OK 2.2 kB URL HTTP/1.1 www.sntnews3.com/wp-content/themes/bam/assets/js/main.js?ver=6.1.1
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
Hash 8bbf64c742a007d4be71a44bdd11b978
e53868a8f86eef1d789755ee56b651ea5eefc61e
1fd453b524e1811bbaec92c820ef0c16e3651116c1e39059ae6bf9d7574e4dfe
GET /wp-content/themes/bam/assets/js/main.js?ver=6.1.1 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: application/javascript
Last-Modified: Tue, 03 Jan 2023 12:58:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63b42672-1a5d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www.sntnews3.com/wp-includes/css/classic-themes.min.css?ver=1
143.198.202.122200 OK 217 B URL HTTP/1.1 www.sntnews3.com/wp-includes/css/classic-themes.min.css?ver=1
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
Hash 95e891f28e44a9b314c09545d86be2b7
f9b13a8bd47273b086a0a07df15f314e0af0bc3e
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: text/css
Content-Length: 217
Last-Modified: Tue, 25 Oct 2022 13:45:16 GMT
Connection: keep-alive
ETag: "6357e86c-d9"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
www.sntnews3.com/wp-content/themes/bam/assets/fonts/css/all.min.css?ver=5.15.4
143.198.202.122200 OK 13 kB URL HTTP/1.1 www.sntnews3.com/wp-content/themes/bam/assets/fonts/css/all.min.css?ver=5.15.4
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (59119)
Hash db6a4c8a3d3fd8305730790b0358e4bd
d6f66a7e2d94809484da64df754cc52a714e2d0f
c91c4312c264e08ab3b16a8cb0b151cf34025d36f99b52d0f61de8733b70733e
GET /wp-content/themes/bam/assets/fonts/css/all.min.css?ver=5.15.4 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: text/css
Last-Modified: Tue, 03 Jan 2023 12:58:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63b42672-e7a9"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www.sntnews3.com/wp-content/themes/bam/style.css?ver=6.1.1
143.198.202.122200 OK 11 kB URL HTTP/1.1 www.sntnews3.com/wp-content/themes/bam/style.css?ver=6.1.1
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (430)
Hash ca9f5a4e7501f2d74d0d1f079ca4a860
8bc9a92b24f006e67665f7c418b5dc9e36b47ce9
3f13de4bdd2b332e58db6fe5a7421ee11078465e7cbcf1d977390376d11de36a
GET /wp-content/themes/bam/style.css?ver=6.1.1 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: text/css
Last-Modified: Tue, 03 Jan 2023 12:58:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63b42672-d7c6"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www.sntnews3.com/wp-content/themes/bam/assets/js/skip-link-focus-fix.js?ver=20151215
143.198.202.122200 OK 417 B URL HTTP/1.1 www.sntnews3.com/wp-content/themes/bam/assets/js/skip-link-focus-fix.js?ver=20151215
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
Hash 73f7704398d8f6be9748d30791950984
3231f3786c364c7665cd7123d8fae0f42bbfd836
c1d9b23aff05fb52e5d6e68aff86d808097185c6dbaac6c3fc3ec6e5bea31ef4
GET /wp-content/themes/bam/assets/js/skip-link-focus-fix.js?ver=20151215 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: application/javascript
Last-Modified: Tue, 03 Jan 2023 12:58:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"63b42672-2ad"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Content-Encoding: gzip
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
216.58.207.227200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 12924, version 1.0\012- data
Hash 4610010f425c140b99c88b6819ce1c02
a7e839aa0452ceeb6228de7c15062fe82cc6d1c3
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.sntnews3.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 10:05:58 GMT
expires: Fri, 02 Feb 2024 10:05:58 GMT
cache-control: public, max-age=31536000
age: 567991
last-modified: Wed, 27 Apr 2022 16:02:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
216.58.207.227200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Hash 0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.sntnews3.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 06 Feb 2023 15:38:44 GMT
expires: Tue, 06 Feb 2024 15:38:44 GMT
cache-control: public, max-age=31536000
age: 202425
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:29 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.sntnews3.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
143.198.202.122200 OK 5.0 kB URL HTTP/1.1 www.sntnews3.com/wp-includes/js/wp-emoji-release.min.js?ver=6.1.1
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (15660)
Hash 1b982d290af16dac5885f21a198aaa66
f847ca85d23c2f240938bbde0135f3de97925759
0b6e238cc0728a0bace390dfff472ff8bb5a5fd4714bcfcdac7c28621d67b8dc
GET /wp-includes/js/wp-emoji-release.min.js?ver=6.1.1 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: application/javascript
Last-Modified: Tue, 12 Apr 2022 05:56:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"62551487-48b9"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Content-Encoding: gzip
www.effectivecreativeformat.com/4a94d48966a908e26328dbec3cd8c0b3/invoke.js
173.233.137.60200 OK 9.8 kB URL HTTP/1.1 www.effectivecreativeformat.com/4a94d48966a908e26328dbec3cd8c0b3/invoke.js
IP 173.233.137.60:0
File type exported SGML document, ASCII text, with very long lines (26994), with no line terminators
Hash 399b4026e18cd6a0373aa08c6b245589
76aa0b23adb8e9dac1244837897bcaab2c82370b
59075b6f2f4245d0cda034cc23a96e95e12cbf52d12cdd4c0b7e8ff53f4be30d
Analyzer Verdict Alert quad9 Sinkholed
GET /4a94d48966a908e26328dbec3cd8c0b3/invoke.js HTTP/1.1
Host: www.effectivecreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sntnews3.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 23929c2507b03dbc6cd3bac38beb8b15
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
216.58.207.227200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 13052, version 1.0\012- data
Hash 7cf79fbd1df848510d7352274efc2401
5540b5a26cc7dfe25294c4eabe011e2c6cd60143
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.sntnews3.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13052
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 22:02:03 GMT
expires: Mon, 05 Feb 2024 22:02:03 GMT
cache-control: public, max-age=31536000
age: 265826
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Hash 3d7f7413fca69bff4d231ebdc50aaab0
cb18e7943b6a8a0e3672d7242197c19a226b92e8
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://www.sntnews3.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 07 Feb 2023 15:42:36 GMT
expires: Wed, 07 Feb 2024 15:42:36 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
content-type: font/woff2
age: 115793
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.sntnews3.com/wp-content/uploads/2023/01/2-516.jpg
143.198.202.122200 OK 39 kB URL HTTP/1.1 www.sntnews3.com/wp-content/uploads/2023/01/2-516.jpg
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 735x400, components 3\012- data
Hash 65662f3b43d38850fddf7a4027c659d7
e67c006103364cf69a894ec5862a50efb2a96d7a
9b226ba7d9062f58784498d66000365d5e43b65638a3225540c7360ec677abbe
GET /wp-content/uploads/2023/01/2-516.jpg HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: image/jpeg
Content-Length: 38928
Last-Modified: Thu, 19 Jan 2023 15:03:28 GMT
Connection: keep-alive
ETag: "63c95bc0-9810"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash a28222744ed7330bea9a621b935adcc1
d6c82547cae9ebf20c9e2534b2b072977d721399
14be94c7e087e140464c8d3cb8b77642c6ed07cde45992faa54d577cf26df94a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 23:52:29 GMT
Last-Modified: Wed, 08 Feb 2023 22:10:59 GMT
Server: ECS (bsa/EB1E)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Oo4ZfItKIzAJhWh5tJ6LkEsr2WeBMrWtD4SIMBzWFwZV3RK7VeO_0A==
Age: 6090
simplewebanalysis.com/stats
3.120.47.42200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 3.120.47.42:0
File type ASCII text, with no line terminators
Hash 750ec8442686b30da92227686a7ed178
6e3872506db7ed2cdd6f301b2bdf943071f86427
c6f28cc191b5e301f206ffffe4d8464fa61b1ca743727a9d2d63913354772899
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.sntnews3.com
Connection: keep-alive
Referer: http://www.sntnews3.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:29 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: http://www.sntnews3.com
access-control-allow-credentials: true
set-cookie: uid_id2=8d902f42-0563-4cb3-bc1f-6bf9869e08ac:2:1; expires=Sat, 05 Feb 2033 23:52:29 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
irritateinformantmeddle.com/90/4c/1d/904c1d24438019a1d860b271ee74f861.js
192.243.59.13200 OK 29 kB URL HTTP/1.1 irritateinformantmeddle.com/90/4c/1d/904c1d24438019a1d860b271ee74f861.js
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 2a5fa33ddd5893526d7454c8f616483a
b16c5bf275f1f5a0fbd56e611d377c8e86f794c2
3859eaedceb28a5d008fa1714bca8e9849473a736445bba7240e7bb657ff632a
Analyzer Verdict Alert quad9 Sinkholed
GET /90/4c/1d/904c1d24438019a1d860b271ee74f861.js HTTP/1.1
Host: irritateinformantmeddle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sntnews3.com/
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7d127088fea1a8b68218b200afef1d5e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 170daf6beb9f23541ded52489001d9fd
d2a5c4a70d248135ad0c8c031c87500b189c142f
2ad25c2d41b1032938e209c8a587a7713c9141a6928e27ee272be97c81e60556
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2AD25C2D41B1032938E209C8A587A7713C9141A6928E27EE272BE97C81E60556"
Last-Modified: Wed, 08 Feb 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1690
Expires: Thu, 09 Feb 2023 00:20:40 GMT
Date: Wed, 08 Feb 2023 23:52:30 GMT
Connection: keep-alive
acrossheadquartersanchovy.com/87a32cac5e91c4f7ba650c111d7b1d42/invoke.js
173.233.137.36200 OK 9.8 kB URL HTTP/1.1 acrossheadquartersanchovy.com/87a32cac5e91c4f7ba650c111d7b1d42/invoke.js
IP 173.233.137.36:0
File type exported SGML document, ASCII text, with very long lines (26998), with no line terminators
Hash bb6dc310f4fadb6903ea49ed936ea6a3
d9456ec5e2b13132756e0791aa8d7b302ff49e44
df0124ef5dec86845efcbf19bae10dc894301af67ea133955025d4e343a1733b
Analyzer Verdict Alert quad9 Sinkholed
GET /87a32cac5e91c4f7ba650c111d7b1d42/invoke.js HTTP/1.1
Host: acrossheadquartersanchovy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sntnews3.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2a5edfaf5052dba3b8567019667f8914
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
magazinesfluentlymercury.com/pixel/purst?dl=0&th=0&sc=0&rs=2171&rd=2171&fd=352&bv=22.10.v.10&tmpl=136
192.243.61.225200 OK 0 B URL HTTP/1.1 magazinesfluentlymercury.com/pixel/purst?dl=0&th=0&sc=0&rs=2171&rd=2171&fd=352&bv=22.10.v.10&tmpl=136
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2171&rd=2171&fd=352&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: magazinesfluentlymercury.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sntnews3.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
www.sntnews3.com/wp-content/themes/bam/assets/fonts/webfonts/fa-solid-900.woff2
143.198.202.122200 OK 78 kB URL HTTP/1.1 www.sntnews3.com/wp-content/themes/bam/assets/fonts/webfonts/fa-solid-900.woff2
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
File type Web Open Font Format (Version 2), TrueType, length 78268, version 331.-31196\012- data
Hash d824df7eb2e268626a2dd9a6a741ac4e
0ccb2c814a7e4ca12c4778821633809cb0361eaa
9834b82ad26e2a37583d22676a12dd2eb0fe7c80356a2114d0db1aa8b3899537
GET /wp-content/themes/bam/assets/fonts/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.sntnews3.com/wp-content/themes/bam/assets/fonts/css/all.min.css?ver=5.15.4
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: font/woff2
Content-Length: 78268
Last-Modified: Tue, 03 Jan 2023 12:58:26 GMT
Connection: keep-alive
ETag: "63b42672-131bc"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
www.sntnews3.com/wp-content/uploads/2023/01/2-513-890x530.jpg
143.198.202.122200 OK 93 kB URL HTTP/1.1 www.sntnews3.com/wp-content/uploads/2023/01/2-513-890x530.jpg
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 890x530, components 3\012- data
Hash 73da2b9849e1650e936b6c9f5bceeeaa
21464cafddaf3cbecc2de368dd3d6aa4c3f4fcd7
ddb3b5fc31e7703d94b619ef580528466d5239fa10cc66fe4145a86738c36c46
GET /wp-content/uploads/2023/01/2-513-890x530.jpg HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: image/jpeg
Content-Length: 93122
Last-Modified: Thu, 19 Jan 2023 14:14:29 GMT
Connection: keep-alive
ETag: "63c95045-16bc2"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16266
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Wed, 08 Feb 2023 23:52:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16266
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Wed, 08 Feb 2023 23:52:30 GMT
Connection: keep-alive
irritateinformantmeddle.com/watch.708720605560.js?key=4a94d48966a908e26328dbec3cd8c0b3&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1
192.243.59.13307 Temporary Redirect 0 B URL HTTP/1.1 irritateinformantmeddle.com/watch.708720605560.js?key=4a94d48966a908e26328dbec3cd8c0b3&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.708720605560.js?key=4a94d48966a908e26328dbec3cd8c0b3&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1 HTTP/1.1
Host: irritateinformantmeddle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.sntnews3.com
Connection: keep-alive
Referer: http://www.sntnews3.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.sntnews3.com
Access-Control-Allow-Origin: http://www.sntnews3.com
Access-Control-Allow-Credentials: true
Location: https://irritateinformantmeddle.com/watch.708720605560.js?key=4a94d48966a908e26328dbec3cd8c0b3&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=c539ba9d226a252d46f2619d7e5ac617d7d07bcd9daf9503b7cf03a602ace4a934ec05f3a45bee87241419edf2f7b8ff622f6dbf48d48c94fa43cc7d572737ce7e822be79acdb0378fecdfe78320644630ee5656686f00f6389cbcab044b74&pst=1675900410&rmtc=t
Set-Cookie: u_pl=18163993; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODE2Mzk5MywiayI6IjRhOTRkNDg5NjZhOTA4ZTI2MzI4ZGJlYzNjZDhjMGIzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMTYyOTM1LCJwaWQiOjM3ODU5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoiYTc5cDRkdGF2IiwiY3BrcyI6eyAiMjgiOiI5MDRjMWQyNDQzODAxOWExZDg2MGIyNzFlZTc0Zjg2MSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3d3dy5zbnRuZXdzMy5jb20vIn19.6qySKw-0g60HMjTqbjMR2Cqf1IEYJ-iYFneZHuUvN2o; expires=Wed, 08 Feb 2023 23:53:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d64771be351fadf10ee93aa6996893bf
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16266
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Wed, 08 Feb 2023 23:52:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f6d705e8002f95d392a53d1df55c549a
7351c586a15413121ec29aa736533182d85818ce
b9e6075e5f8bf8d14a45546023f43f80df7ee7fee6a13c49eee758d3b6659e14
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9E6075E5F8BF8D14A45546023F43F80DF7EE7FEE6A13C49EEE758D3B6659E14"
Last-Modified: Wed, 08 Feb 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9550
Expires: Thu, 09 Feb 2023 02:31:40 GMT
Date: Wed, 08 Feb 2023 23:52:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16266
Expires: Thu, 09 Feb 2023 04:23:36 GMT
Date: Wed, 08 Feb 2023 23:52:30 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1d7814305f961caded310b6f2089219b
efcb6a067bb023865823625e67d9de60d44685e0
3c01637a052e2394774fc8f6dd37a284afaf76b423219ecd26a89c2d8b69c121
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9846
x-amzn-requestid: 4e6cc2be-bc18-4d66-b338-833a05d0d998
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fsaDlGV4oAMFoZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db3d49-14fc32183d3c6afb3a64c27d;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 04:34:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -Gn6wHGlx11IB8EcdbgpJVc-6BTEeIyEDyhrW7fPdCiWqdnQ89k2bQ==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:11:08 GMT
age: 6082
etag: "efcb6a067bb023865823625e67d9de60d44685e0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 113363afa7cfd484dbc115a9f44c1723
2f9dfb845aa919a51a0b5fa9a824ac4845f669be
a91a045600ef2fdebd582ce453a85f7ce0c9f8be7258baf311d0d940de027c20
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4308
x-amzn-requestid: 2d4ce596-9a69-4394-8e10-cd5c54687a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzKZ0F2DoAMF6nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddf10b-6c4fabe01360b8781bdd8e06;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 05:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R_VDTHUaRhwthD0THsWg42L1OF7lZAX3ENsTfV0U7kkn9o0x-mQ_9g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 13:53:53 GMT
age: 35917
etag: "2f9dfb845aa919a51a0b5fa9a824ac4845f669be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9203cfb9f0c1c958dd008eac55a9d3c4
6bdd1047590dd3fb54c15d5d6d38e7c86274b203
09770229be5ff3037708543e3204c66de84253b3a858a83a0e1672a04c0e9cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11760
x-amzn-requestid: b2863a01-4714-4554-a478-5402467b3448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKHc_oAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-1c5a3edf37bc7cc937c800d2;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: euok7HXthk9GEynD8n9wXgf85lD0shxOdtT5VZvj-xHkoxEMxuohmA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:42:38 GMT
age: 7792
etag: "6bdd1047590dd3fb54c15d5d6d38e7c86274b203"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 764b732e88dd1e9c1824529b24b3dffc
2ba954a51c2972b267ae0536e343e608aa9aa7f4
a1efdf03b14bb05cf8e407b92476592c35fa2d27c5e66705322abdb4c6412a06
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8150
x-amzn-requestid: 3834493a-4162-4cc9-b67c-541cc9be895b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fwD8IH0TIAMFWqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dcb380-3746ff7b0a6894366efa848e;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 07:10:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HNuUU4SaVvuPbW0clgJa6UZ-0zefgWJWfIJEsz_yCfKiCrx2wsu6vA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 09:58:24 GMT
age: 50046
etag: "2ba954a51c2972b267ae0536e343e608aa9aa7f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe40cbcc3-f3e1-4c53-87ef-2b07e5039a1c.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe40cbcc3-f3e1-4c53-87ef-2b07e5039a1c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ea55fd1053c19123cb789a7d14479ccc
45fb06a6feeceff6a06c8c3f37e259ddf6e09820
393290f5ec8379a09da72b2554c30023b688489ffda79f5edfe6f114250ee4c7
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe40cbcc3-f3e1-4c53-87ef-2b07e5039a1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6061
x-amzn-requestid: cf552847-17d0-4820-9711-3fb129090686
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f8xbCG8jIAMF7Vg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e1c913-0f2af41d6063340d483c3a55;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 03:44:19 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: AhvgnN4mrezDRzaqcb-O0ZGyjW83OcyZd76sLZByQhZDzZgr8Mg-ZA==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:15:18 GMT
age: 5832
etag: "45fb06a6feeceff6a06c8c3f37e259ddf6e09820"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash bb7c8b758fe17f6c06ce2bebb5008495
032d747cf20951f6ca6fd51489fefd7c09c4948d
835d89e028ec4c85a845f2835cb5eddb9653937f6736e2713b671419474608ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f087272-940e-484d-ad9d-2c67bcd6dccd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12811
x-amzn-requestid: be33f9ef-31cb-4572-9f22-0a433423e195
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChzZFiWIAMFgmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4167b-70ed2a756b8da4372ccc1f83;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:39:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HB03bmBiXVTrYbU01OssMQ_EbKhhFPhoUa-qcze2ZgD9Hr48Q8mEbQ==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:15:23 GMT
age: 5827
etag: "032d747cf20951f6ca6fd51489fefd7c09c4948d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
www.sntnews3.com/wp-content/uploads/2023/01/2-515-890x530.jpg
143.198.202.122200 OK 72 kB URL HTTP/1.1 www.sntnews3.com/wp-content/uploads/2023/01/2-515-890x530.jpg
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 890x530, components 3\012- data
Hash 77ba3733a40f9cf12509f4345f2b54d4
8d0ab903bfbc8163f9d22a45c76398f9602a2de7
9b41e4519cf6a42bbc364982c8b2e522e96402d5e9b67612fd497ea44fb6fc96
GET /wp-content/uploads/2023/01/2-515-890x530.jpg HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: image/jpeg
Content-Length: 71965
Last-Modified: Thu, 19 Jan 2023 14:44:21 GMT
Connection: keep-alive
ETag: "63c95745-1191d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
competitivepopcheerleader.com/f2/f7/29/f2f729457c1c1a3bab423649ba2eb1c0.js
173.233.139.164200 OK 13 kB URL HTTP/1.1 competitivepopcheerleader.com/f2/f7/29/f2f729457c1c1a3bab423649ba2eb1c0.js
IP 173.233.139.164:0
File type ASCII text, with very long lines (37150), with no line terminators
Hash 821e93ce2a63c8fceb1f55e617af63a0
387a232347d056ef04c91339ddf8afb0e983fc1e
ebfe87f5b4c058e05d1e4374307ef9394733b24cd9908df4bf643f52a7c790b4
Analyzer Verdict Alert quad9 Sinkholed
GET /f2/f7/29/f2f729457c1c1a3bab423649ba2eb1c0.js HTTP/1.1
Host: competitivepopcheerleader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sntnews3.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ca79843d4ad91269db34f245e41d02d1
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.sntnews3.com/wp-content/uploads/2023/01/2-514-890x530.jpg
143.198.202.122200 OK 94 kB URL HTTP/1.1 www.sntnews3.com/wp-content/uploads/2023/01/2-514-890x530.jpg
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", baseline, precision 8, 890x530, components 3\012- data
Hash 28e25edcb087b3570c015aa5ed71aa70
75ff44b427e882de57e4324dd8348cea0b500d12
bf1dcf36563dc27f46c3b40ddb0ad989acf793269ac6e038358f3b1a201736f4
GET /wp-content/uploads/2023/01/2-514-890x530.jpg HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: image/jpeg
Content-Length: 93557
Last-Modified: Thu, 19 Jan 2023 14:30:49 GMT
Connection: keep-alive
ETag: "63c95419-16d75"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
irritateinformantmeddle.com/watch.708720605560.js?key=4a94d48966a908e26328dbec3cd8c0b3&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=c539ba9d226a252d46f2619d7e5ac617d7d07bcd9daf9503b7cf03a602ace4a934ec05f3a45bee87241419edf2f7b8ff622f6dbf48d48c94fa43cc7d572737ce7e822be79acdb0378fecdfe78320644630ee5656686f00f6389cbcab044b74&pst=1675900410&rmtc=t
192.243.59.13200 OK 2.1 kB URL HTTP/1.1 irritateinformantmeddle.com/watch.708720605560.js?key=4a94d48966a908e26328dbec3cd8c0b3&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=c539ba9d226a252d46f2619d7e5ac617d7d07bcd9daf9503b7cf03a602ace4a934ec05f3a45bee87241419edf2f7b8ff622f6dbf48d48c94fa43cc7d572737ce7e822be79acdb0378fecdfe78320644630ee5656686f00f6389cbcab044b74&pst=1675900410&rmtc=t
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document, ASCII text, with very long lines (2625)
Hash e13835f06fc441f606458015fd718cb2
9b8059f2bce89032aafd631bfed054fdbf8bad68
eb3c9656138f82ac184da1ed856a59575ec51dce3f843b497fbe4c53d8c3d3af
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.708720605560.js?key=4a94d48966a908e26328dbec3cd8c0b3&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=c539ba9d226a252d46f2619d7e5ac617d7d07bcd9daf9503b7cf03a602ace4a934ec05f3a45bee87241419edf2f7b8ff622f6dbf48d48c94fa43cc7d572737ce7e822be79acdb0378fecdfe78320644630ee5656686f00f6389cbcab044b74&pst=1675900410&rmtc=t HTTP/1.1
Host: irritateinformantmeddle.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.sntnews3.com
Referer: http://www.sntnews3.com/
Connection: keep-alive
Cookie: u_pl=18163993; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODE2Mzk5MywiayI6IjRhOTRkNDg5NjZhOTA4ZTI2MzI4ZGJlYzNjZDhjMGIzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMTYyOTM1LCJwaWQiOjM3ODU5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjoyMywicHQiOjQsInBrIjoiYTc5cDRkdGF2IiwiY3BrcyI6eyAiMjgiOiI5MDRjMWQyNDQzODAxOWExZDg2MGIyNzFlZTc0Zjg2MSJ9LCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3d3dy5zbnRuZXdzMy5jb20vIn19.6qySKw-0g60HMjTqbjMR2Cqf1IEYJ-iYFneZHuUvN2o
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.sntnews3.com
Access-Control-Allow-Origin: http://www.sntnews3.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8d902f42-0563-4cb3-bc1f-6bf9869e08ac:2:1; expires=Wed, 15 Feb 2023 23:52:30 GMT; secure; SameSite=None
iprc61ed947dc122aa9863cb948502b8ed79=3569808; expires=Thu, 09 Feb 2023 03:52:30 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
pdhtkv23=true; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
uncs23=1; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d049c5bcf371c440234b4ec936aefd90
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.sntnews3.com/wp-content/uploads/2023/01/2-512.jpg
143.198.202.122200 OK 67 kB URL HTTP/1.1 www.sntnews3.com/wp-content/uploads/2023/01/2-512.jpg
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 23.0 (Windows), datetime=2023:01:13 09:19:07], progressive, precision 8, 735x400, components 3\012- data
Hash 5fd306b29fdd98a4a7e4eb3bfccc8b25
616405959b4392be934048bf8257b272e680d20d
de2eeb3b77936bbf77f97784b673171ac1f84657a6683565b8d031bbe18844fc
GET /wp-content/uploads/2023/01/2-512.jpg HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: image/jpeg
Content-Length: 66864
Last-Modified: Thu, 19 Jan 2023 13:44:03 GMT
Connection: keep-alive
ETag: "63c94923-10530"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
competitivepopcheerleader.com/watch.1225774386650.js?key=87a32cac5e91c4f7ba650c111d7b1d42&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1
173.233.139.164307 Temporary Redirect 0 B URL HTTP/1.1 competitivepopcheerleader.com/watch.1225774386650.js?key=87a32cac5e91c4f7ba650c111d7b1d42&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1
IP 173.233.139.164:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1225774386650.js?key=87a32cac5e91c4f7ba650c111d7b1d42&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1 HTTP/1.1
Host: competitivepopcheerleader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.sntnews3.com
Connection: keep-alive
Referer: http://www.sntnews3.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.sntnews3.com
Access-Control-Allow-Origin: http://www.sntnews3.com
Access-Control-Allow-Credentials: true
Location: https://competitivepopcheerleader.com/watch.1225774386650.js?key=87a32cac5e91c4f7ba650c111d7b1d42&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=978b21cfc94161a2dc26b3ceede8d28511667625a369fb06e0c1e8117d27af835e5ce172bbe3009313f5e056f57abf399ad273a5e047d4230d64bde930f6e3290360914a8cdf8fbbd9046484e4e3e6b287220203a0caa7e5b146157b18219ff35d5248d6b22b&pst=1675900410&rmtc=t
Set-Cookie: u_pl=18319471; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODMxOTQ3MSwiayI6Ijg3YTMyY2FjNWU5MWM0ZjdiYTY1MGMxMTFkN2IxZDQyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMTYyOTM1LCJwaWQiOjM3ODU5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJzZnZ1aWRjZG4iLCJjcGtzIjp7ICIyOSI6ImYyZjcyOTQ1N2MxYzFhM2JhYjQyMzY0OWJhMmViMWMwIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vd3d3LnNudG5ld3MzLmNvbS8ifX0.SxY-85GSJ8Y2gmgOxHCBMkRVimLq95cH271585yBkKU; expires=Wed, 08 Feb 2023 23:53:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0eba8083e98169764d081658d306339a
Strict-Transport-Security: max-age=0; includeSubdomains
www.sntnews3.com/wp-content/uploads/2023/01/2-510.jpg
143.198.202.122200 OK 59 kB URL HTTP/1.1 www.sntnews3.com/wp-content/uploads/2023/01/2-510.jpg
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100", Exif Standard: [TIFF image data, big-endian, direntries=1, orientation=upper-left], baseline, precision 8, 735x400, components 3\012- data
Hash 67ac0417424d88c5b7b04ab0fdbc4d6d
cc55dcb8d3c0bebcf337ec3a7e05ae43e9b81842
a883cdc72d6c373f40b4c4adff1f8a4aa3393aef6294ba36a663675ec3cd4ea4
GET /wp-content/uploads/2023/01/2-510.jpg HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: image/jpeg
Content-Length: 58695
Last-Modified: Thu, 19 Jan 2023 13:22:38 GMT
Connection: keep-alive
ETag: "63c9441e-e547"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
banquetunarmedgrater.com/advertisers.js
192.243.61.227200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sntnews3.com/
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cd907bfc5aa19ffe1fd018760934c872
Strict-Transport-Security: max-age=0; includeSubdomains
www.sntnews3.com/wp-content/uploads/2023/01/22-8.webp
143.198.202.122200 OK 56 kB URL HTTP/1.1 www.sntnews3.com/wp-content/uploads/2023/01/22-8.webp
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 735x400, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash fb8fef44dde33aba05749f7c49ea274d
3ba018322947bf06ba933d6290254a814ee51c2a
970a421a5edbfe1d5fdc14f03bc8b997d90a198312b370494b6b8a127690e206
GET /wp-content/uploads/2023/01/22-8.webp HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: image/webp
Content-Length: 55612
Last-Modified: Thu, 19 Jan 2023 13:59:04 GMT
Connection: keep-alive
ETag: "63c94ca8-d93c"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
competitivepopcheerleader.com/watch.1225774386650.js?key=87a32cac5e91c4f7ba650c111d7b1d42&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=978b21cfc94161a2dc26b3ceede8d28511667625a369fb06e0c1e8117d27af835e5ce172bbe3009313f5e056f57abf399ad273a5e047d4230d64bde930f6e3290360914a8cdf8fbbd9046484e4e3e6b287220203a0caa7e5b146157b18219ff35d5248d6b22b&pst=1675900410&rmtc=t
173.233.139.164200 OK 636 B URL HTTP/1.1 competitivepopcheerleader.com/watch.1225774386650.js?key=87a32cac5e91c4f7ba650c111d7b1d42&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=978b21cfc94161a2dc26b3ceede8d28511667625a369fb06e0c1e8117d27af835e5ce172bbe3009313f5e056f57abf399ad273a5e047d4230d64bde930f6e3290360914a8cdf8fbbd9046484e4e3e6b287220203a0caa7e5b146157b18219ff35d5248d6b22b&pst=1675900410&rmtc=t
IP 173.233.139.164:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (582)
Hash 20b228a10ecf1845f13f7bf141c0577b
4826c9b39d1bb57d2cd807b9d0a893088f255689
2f6e30f9c8d5334efd18ae75615de87d2c3f5e0899e9fbab6d19d1eaa428bf20
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1225774386650.js?key=87a32cac5e91c4f7ba650c111d7b1d42&kw=%5B%22sntnews3%22%2C%22-%22%5D&refer=http%3A%2F%2Fwww.sntnews3.com%2F&tz=0&dev=e&res=12.1053&uuid=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1&shu=978b21cfc94161a2dc26b3ceede8d28511667625a369fb06e0c1e8117d27af835e5ce172bbe3009313f5e056f57abf399ad273a5e047d4230d64bde930f6e3290360914a8cdf8fbbd9046484e4e3e6b287220203a0caa7e5b146157b18219ff35d5248d6b22b&pst=1675900410&rmtc=t HTTP/1.1
Host: competitivepopcheerleader.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://www.sntnews3.com
Referer: http://www.sntnews3.com/
Connection: keep-alive
Cookie: u_pl=18319471; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODMxOTQ3MSwiayI6Ijg3YTMyY2FjNWU5MWM0ZjdiYTY1MGMxMTFkN2IxZDQyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMTYyOTM1LCJwaWQiOjM3ODU5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyOCwiYWlkIjo1LCJwdCI6NCwicGsiOiJzZnZ1aWRjZG4iLCJjcGtzIjp7ICIyOSI6ImYyZjcyOTQ1N2MxYzFhM2JhYjQyMzY0OWJhMmViMWMwIn0sInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwOi8vd3d3LnNudG5ld3MzLmNvbS8ifX0.SxY-85GSJ8Y2gmgOxHCBMkRVimLq95cH271585yBkKU
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: http://www.sntnews3.com
Access-Control-Allow-Origin: http://www.sntnews3.com
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=8d902f42-0563-4cb3-bc1f-6bf9869e08ac:2:1; expires=Wed, 15 Feb 2023 23:52:30 GMT; secure; SameSite=None
iprca7231108218f4449b7d4feb8ff3f57d0=2717340; expires=Fri, 10 Feb 2023 01:52:30 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
uncs=1; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
pdhtkv5=true; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
uncs5=1; expires=Thu, 09 Feb 2023 23:52:30 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8ded0488c1a72cc536ac22575e6bc0fe
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
friendshipmale.com/sfp.js
172.64.202.23200 OK 28 kB URL HTTP/1.1 friendshipmale.com/sfp.js
IP 172.64.202.23:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash b1fa950e77a7db5425f9a5257af02e9c
2d5580451f34ad96218f8b97edf9708f9ee1be87
d999c4320df27dc4a1d3de5aec22bb3ef201560b47a7eff3f28f4133c1997a14
Analyzer Verdict Alert fortinet Malware
quad9 Sinkholed
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://www.sntnews3.com/
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: max-age=14400
X-Request-ID: ca748c3629a5c95dd4315c6d27b98d5b
Strict-Transport-Security: max-age=0; includeSubdomains
CF-Cache-Status: EXPIRED
Last-Modified: Wed, 08 Feb 2023 23:52:30 GMT
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LNPJZhprtKwQCdMDYAcJRECqYGCafNQ0YNIGuznt6H3KcNG3yTOsD%2FW0x9dG1O1yHFaB%2BOxR0GdRkWLVKL8XAVBK9cnwtK%2Bc8vK%2FaqurIMV80l%2FZSd4D%2BpDqhNcMo6xmO2h1lfA%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 79684787cfc423e3-LHR
Content-Encoding: gzip
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7873316c03b78ff1885778bd0e51ee34
441406bbfb620c4f0da3b3553840e008655aa689
104baaf054240301dbbfc50991ec38e8879a5c49f12e8e82bf3b5b5dc5b2ee33
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "104BAAF054240301DBBFC50991EC38E8879A5C49F12E8E82BF3B5B5DC5B2EE33"
Last-Modified: Wed, 08 Feb 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6273
Expires: Thu, 09 Feb 2023 01:37:03 GMT
Date: Wed, 08 Feb 2023 23:52:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash b762fe844f6e99ebf7b41ed667512cb0
54cde9824957e39c9e34a893faaac92bf397ab72
abe75e929a9b572764d8a5f1ada4744832216f6312c62218390ee6736788d554
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ABE75E929A9B572764D8A5F1ADA4744832216F6312C62218390EE6736788D554"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14413
Expires: Thu, 09 Feb 2023 03:52:44 GMT
Date: Wed, 08 Feb 2023 23:52:31 GMT
Connection: keep-alive
jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18319471
173.233.137.36200 OK 1.3 kB URL HTTP/1.1 jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18319471
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash dab234a8b31d1d969cc55c257ab5e1f1
77054ab3d9081f33d60664b8a9cff29ac70fa89e
e5f9dca8a03c5294b75769d0cbcdbdf0ae1e8d7b610644ea2299ec02adfdb842
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18319471 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://www.sntnews3.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Thu, 09 Feb 2023 23:52:31 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTgzMTk0NzEiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3d3dy5zbnRuZXdzMy5jb20vIn19.ObV1UNwHRzr9t6kjsXEEzjzsTfHQqaqGFRILCxNAXvQ; expires=Wed, 08 Feb 2023 23:53:31 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4d0e9e4b0a40d916a3d3eea36e4fb96e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
jennyvisits.com/dyfc1k09?shu=7afe05e8fe9a6954f39f8fe3511f2db1a912b4d34c98a990c67a615818b7369af7806243bde75465b0b92192737be9a91a31ba4ad18fbce3a307861a58bbf7565a202b6b52e3d38f8b7de45efcdeb03ea2413af0ac8c1617dd2aec374e2a6b368a9b&pst=1675900411&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fwww.sntnews3.com%2F&psid=18319471
173.233.137.36302 Found 0 B URL HTTP/1.1 jennyvisits.com/dyfc1k09?shu=7afe05e8fe9a6954f39f8fe3511f2db1a912b4d34c98a990c67a615818b7369af7806243bde75465b0b92192737be9a91a31ba4ad18fbce3a307861a58bbf7565a202b6b52e3d38f8b7de45efcdeb03ea2413af0ac8c1617dd2aec374e2a6b368a9b&pst=1675900411&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fwww.sntnews3.com%2F&psid=18319471
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?shu=7afe05e8fe9a6954f39f8fe3511f2db1a912b4d34c98a990c67a615818b7369af7806243bde75465b0b92192737be9a91a31ba4ad18fbce3a307861a58bbf7565a202b6b52e3d38f8b7de45efcdeb03ea2413af0ac8c1617dd2aec374e2a6b368a9b&pst=1675900411&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=http%3A%2F%2Fwww.sntnews3.com%2F&psid=18319471 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jennyvisits.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTgzMTk0NzEiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cDovL3d3dy5zbnRuZXdzMy5jb20vIn19.ObV1UNwHRzr9t6kjsXEEzjzsTfHQqaqGFRILCxNAXvQ; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Wed, 08 Feb 2023 23:52:31 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: http://adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304
Set-Cookie: pdhtkv=true; expires=Thu, 09 Feb 2023 23:52:31 GMT
uncs=1; expires=Thu, 09 Feb 2023 23:52:31 GMT
pdhtkv28=true; expires=Thu, 09 Feb 2023 23:52:31 GMT
uncs28=1; expires=Thu, 09 Feb 2023 23:52:31 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c750efd3f34f3cfe87b6d1f0f59cf6c4
Strict-Transport-Security: max-age=0; includeSubdomains
adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304
34.160.190.227200 OK 1.9 kB URL HTTP/1.1 adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304
IP 34.160.190.227:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (738)
Hash 56a7d1407422ccf7d4ade6462480c9ee
9d9ec0d50db476cc93f9e1f116b01bba2e32802a
1839543fa8b40336030a9e8a8e9885cdd0d7c9ae87a0f389846cfcf0f703c489
GET /script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304 HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 08 Feb 2023 23:52:31 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Via: 1.1 google
adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304&treqn=42346345&rpn=1&cbrandom=0.09203421914617571&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=
34.160.190.227302 Moved Temporarily 1 B URL HTTP/1.1 adpointrtb.com/script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304&treqn=42346345&rpn=1&cbrandom=0.09203421914617571&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref=
IP 34.160.190.227:0
File type very short file (no magic)
Hash 68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
GET /script/s2iurl.php?stamat=m%7C%2C%2CQ3P2oie7oGU3Bp-GH0dEdHP3xP.fc0%2CDfBS5_eaItVzNK6qRX6FgA5_wpZiKw_rXivqOw0a7uS9aNJQ4xcpUvnstok3tN5YQSMJkpN-d8MT-JvX477J0XaEcoSv7z9iaGwsRRlNS1Qw0AhLwKoNK0uBxElgDFvp6OzkOFOor_sFx2GXFr9k6twNIweNG1lwyYJwg0Zi2xLge4HVaUXveb15hQHyEfq0uUOmqYIqmwnDkyFM0z7JdlY3U1V-14pVy4G6wDfsdJKW2nNbAtcLGlC5D9HnrT07L-FpYtdMRiT5O1X-GzctcJPeLWbOD--ved5ooJhaGbdu_D6LiRlf8c0hCwp-HZksG3Y9VqviWouG12ABccNBBxfgPqg4fjLnLfas5h5BYQP5a64-lyJQnAJCqQx9Ojuh2Yr9i864WXMCsMC22Ej0an9fitm3bOBTqHKBikFsVScL9TFoYXJg1efZWAi9YDoACa-V7iiDdcb-z7a9q5d4DoPeXb2mJiN2Isd7Dbv33JRvhJC8a5MKjAntJ42HY_x4PhgMKJoJI_bSnjO6ylDerg%2C%2C&csid=1506755&s1=16122660&md=0&crid=23364304&treqn=42346345&rpn=1&cbrandom=0.09203421914617571&cbtitle=&cbiframe=0&cbWidth=1280&cbHeight=939&cbdescription=&cbkeywords=&cbref= HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: openresty
Date: Wed, 08 Feb 2023 23:52:32 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Access-Control-Allow-Origin: *
Location: https://adserving.unibet.com/redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=1506755-640691165-0_Adsterra
Via: 1.1 google
adpointrtb.com/favicon.ico
34.160.190.227200 OK 0 B URL HTTP/1.1 adpointrtb.com/favicon.ico
IP 34.160.190.227:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: adpointrtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Server: openresty
Date: Wed, 08 Feb 2023 23:52:32 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Thu, 10 Dec 2020 09:27:58 GMT
ETag: "5fd1ea1e-0"
Accept-Ranges: bytes
Via: 1.1 google
adserving.unibet.com/redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=1506755-640691165-0_Adsterra
23.36.79.11307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=1506755-640691165-0_Adsterra
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=1506755-640691165-0_Adsterra HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.mariacasino.nu/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 08 Feb 2023 23:52:32 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 08 Feb 2023 23:52:32 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74340067%2c%22BID%22%3a37953%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1675900352381)%5c%2f%22%2c%22CookieTag%22%3a%223795374340067451240919C2023282352%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228800017047%7c1%22%7d%5d; domain=.unibet.com; expires=Fri, 08-Feb-3022 23:52:32 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=20, origin; dur=34, ak_p; desc="465527_388255495_644806980_5370_3450_1_0";dur=1
X-Firefox-Spdy: h2
www.mariacasino.nu/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.mariacasino.nu/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953 HTTP/1.1
Host: www.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 08 Feb 2023 23:52:32 GMT
content-length: 0
location: https://www.mariacasino.nu:443/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953
set-cookie: JSESSIONID=node01a509hvbtleeg14ttudhniw1zz3745632.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node01a509hvbtleeg14ttudhniw1z; Path=/; Domain=.mariacasino.nu; Expires=Fri, 07-Feb-2025 23:52:32 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.mariacasino.nu; Expires=Fri, 07-Feb-2025 23:52:32 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.mariacasino.nu; Expires=Fri, 07-Feb-2025 23:52:32 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Wed, 08-Feb-2023 23:52:47 GMT; Max-Age=15; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37953; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
PID=74340067; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
CHID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.mariacasino.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Wed, 08-Feb-2023 23:52:47 GMT; Max-Age=15; Secure; SameSite=None
campaignId=2397257; Path=/; Domain=.mariacasino.nu; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=30841587; Secure; SameSite=None
framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.nu; Expires=Wed, 08-Feb-2023 23:52:47 GMT; Max-Age=15; Secure; SameSite=None
clientId=browser_desktop; Domain=www.mariacasino.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Wed, 08 Feb 2023 23:52:32 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2
www.mariacasino.nu/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.mariacasino.nu/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.nu&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&sref=ADC&ADC=1506755-640691165-0_Adsterra&affiliateId=1&pid=74340067&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953 HTTP/1.1
Host: www.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; clientId=browser_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 08 Feb 2023 23:52:32 GMT
content-length: 0
location: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Wed, 08 Feb 2023 23:52:32 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash b5da0090d9e079bd737103f25e2cd02e
87c52a50d0a974093a26d3ed568fc0f1c2d84eb0
6ea97b4e37f9053b6d874e42f5325ca7b57567357b6a4f26ed9b90b3a5edaad8
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:32 GMT
Etag: "63e32850-118"
Server: ECS (amb/6BA8)
Content-Length: 280
welcome.mariacasino.nu/no/pop/casino/2022/slots.png
104.18.24.188200 OK 6.3 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/slots.png
IP 104.18.24.188:0
File type PNG image data, 151 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 6be047bdf3d103b2414f7f6ab64d96b8
57818bdfe16383abe584b5c30de5f35eb55ebf20
38e2d3e7f261032cf0c558e28555c6425c30aa14014f31bbaad7d5176b7d4449
GET /no/pop/casino/2022/slots.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: image/png
content-length: 6303
cache-control: public, max-age=900, immutable
content-md5: a+BHvfPRA7JBT39qtk2WuA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4ED5BA7"
x-ms-request-id: da131072-401e-003f-7bf7-03daa1000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 123195
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847978fc2b4fa-OSL
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/games.png
104.18.24.188200 OK 8.8 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/games.png
IP 104.18.24.188:0
File type PNG image data, 234 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash fbd364c184d1c2af246dd5a3079ce9ed
5c572431ced831a518e0c4adfed4372254f1eac1
2a09f891fb138e893fbc2fe522761e47307376143582e41016bf8aa54c4fdb77
GET /no/pop/casino/2022/games.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: image/png
content-length: 8838
cache-control: public, max-age=900, immutable
content-md5: +9NkwYTRwq8kbdWjB5zp7Q==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4D87720"
x-ms-request-id: 56be89e7-801e-0020-22f7-0369a5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 123195
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847978fc5b4fa-OSL
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/mga.png
104.18.24.188200 OK 1.5 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/mga.png
IP 104.18.24.188:0
File type PNG image data, 152 x 60, 8-bit colormap, non-interlaced\012- data
Hash f34e781d7ad22dc774b98ac82a2b46f6
b66cb9753b0f76a7590f62d3c6b8f645bdbae786
7898ba2cec328d50a75400c1e5a6f1f23974f4c0cc433472a24f28a82c7d01c7
GET /no/pop/casino/2022/mga.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: image/png
content-length: 1454
cache-control: public, max-age=900, immutable
content-md5: 8054HXrSLcd0uYrIKitG9g==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4FEBE45"
x-ms-request-id: aeb20fbe-701e-0034-08f7-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 123195
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847978fc6b4fa-OSL
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/livecasino.png
104.18.24.188200 OK 21 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/livecasino.png
IP 104.18.24.188:0
File type PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Hash 87dc3fc9a40a9b0e8fd7c0519ac24f54
908b0ca475f8da1d0380a6cb5caabafce2466aec
a0fd031aa160b2679253c5952576a692e002c6be963c5935af3692ff50206eb4
GET /no/pop/casino/2022/livecasino.png HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: image/png
content-length: 20783
cache-control: public, max-age=900, immutable
content-md5: h9w/yaQKmw6P18BRmsJPVA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4DF7B00"
x-ms-request-id: 2a37beda-301e-0078-10f7-03b1fa000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 123195
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847978fc3b4fa-OSL
X-Firefox-Spdy: h2
welcome.mariacasino.nu/custom.js
104.18.24.188200 OK 1.5 kB URL HTTP/2 welcome.mariacasino.nu/custom.js
IP 104.18.24.188:0
Hash 0d4c12ae13c739deadef215ba71104d9
2464b6b504d6c20b2ee3e40938c908683f05bd45
1b4f5aa8fb0a77c13396f37463c5642aadc59bd79cdfe7713006ad9089dc8c82
GET /custom.js HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: application/javascript
content-md5: AaOIILzruhXFCZo/dsUAMw==
last-modified: Tue, 31 May 2022 08:03:43 GMT
etag: W/"0x8DA42DC14A64A3D"
x-ms-request-id: 56b93167-801e-0020-39f6-0369a5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 123802
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847978fbfb4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 0333fa3e34f17f01e9829bd8ee662c23
be4c7a8599038facc49c73d6d14451023bc919e7
8b4ad992549334395b268f43cf73150ed0dfe58801cf9595c3e245ea92dea7d9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js
216.58.207.202200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js
IP 216.58.207.202:0
File type ASCII text, with very long lines (32030)
Hash 04ba0252a9f264db106d4eaab8df4ccb
cf52d9b3df7839c5c64fbf33aafeced74b3db750
397852429e768ffbd12a78ce4b94f14e3ab4afabf84acb07c0bb5b7798e6e0b2
GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 13:13:42 GMT
expires: Fri, 02 Feb 2024 13:13:42 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 556731
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js
23.38.200.237200 OK 44 kB URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js
IP 23.38.200.237:0
File type exported SGML document, ASCII text, with very long lines (32764)
Hash 57198fa839fd954656487c5a3bef02a7
060e710714194b067e8a17554de1f056f3c5fa64
0144349d38a845bda08cbc2654f89da13986be57ce76fa7f49488907aa392edd
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "bf8d7656a2457e257e3cf75a01e6a4b7:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 43737
cache-control: max-age=3600
expires: Thu, 09 Feb 2023 00:52:33 GMT
date: Wed, 08 Feb 2023 23:52:33 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js
23.38.200.237200 OK 228 B URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js
IP 23.38.200.237:0
Hash f9f61cf08520dbe652f9085c0c5e1a43
f9333020f4b2f0446c5ce4fd69f14433102a71c5
b27cb6d5a43aa222ba4bb45dfeec4211d1ed558d1d552ec160660c01db213782
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "accfdd9d5be1d7142fabad440365d15f:1554112916"
last-modified: Mon, 01 Apr 2019 10:01:56 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 228
cache-control: max-age=3600
expires: Thu, 09 Feb 2023 00:52:33 GMT
date: Wed, 08 Feb 2023 23:52:33 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js
23.38.200.237200 OK 13 kB URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (558)
Hash fbdf335868cbf423af02de87750c1a45
8405d2f9b1b98d830e1b5bb2d8b9cf31460a9cc4
ddc30198d101ed4d7f85eb14fcc0331154807320fe2b2443b814bedc43c4ace4
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "18eab16a639a4773572307713440a929:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Thu, 09 Feb 2023 00:52:33 GMT
date: Wed, 08 Feb 2023 23:52:33 GMT
content-length: 12666
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
cdn.optimizely.com/js/10682170820.js
23.38.200.155200 OK 152 kB URL HTTP/2 cdn.optimizely.com/js/10682170820.js
IP 23.38.200.155:0
File type ASCII text, with very long lines (65468)
Size 152 kB (152399 bytes)
Hash 6aee723f7c56ff7beaf2d2d3e6c50bf8
b8b85fff519336fc849889de6647faec9fc99e85
417d03b2e6be0db08318d103a53a94bd6518af62a7c459055f6f1454e5543d99
GET /js/10682170820.js HTTP/1.1
Host: cdn.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: Wo57ZKxg7MoiHC6VJS7huC4AV6O0EuSDxq+AJDkbt3+bG63jRtFove7RntQafLLffl5iMbnGM3N87Rhzp4ZtNQ==
x-amz-request-id: 5CFW3176S2J1ZPR3
x-amz-replication-status: PENDING
last-modified: Wed, 08 Feb 2023 09:48:39 GMT
etag: "6aee723f7c56ff7beaf2d2d3e6c50bf8"
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 471003
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: UeLBMdg7NMJlmQe8ZRtiDik89A_do674
accept-ranges: bytes
content-type: text/javascript; charset=utf-8
server: AmazonS3
content-length: 152399
vary: Accept-Encoding
cache-control: max-age=120
date: Wed, 08 Feb 2023 23:52:33 GMT
server-timing: cdn-cache; desc=HIT, edge; dur=1, cdn;desc="AkamaiION";dur=0,rtt;desc="1";dur=0,cdnip;desc="23.38.200.155";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0, ak_p; desc="465527_388255516_348159336_22_1463_1_0";dur=1
access-control-max-age: 86400
access-control-expose-headers: x-amz-meta-revision
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 1.3 kB URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
File type ASCII text, with very long lines (791)
Hash 710e47f5085ecb4ea2c9a83e51966e67
6dcfb572d3c14efce64970e6a9c33f04cc985c08
a3a55fbfdc3b68d6ec876b3954f20144f00ff763489b2f7a2fc32c2b6da6adb1
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
service.maxymiser.net/cdn/unibet/js/mmcore.js
23.36.79.34404 Not Found 10 B URL HTTP/2 service.maxymiser.net/cdn/unibet/js/mmcore.js
IP 23.36.79.34:0
ASN #20940 Akamai International B.V.
Hash 7605968e79d0ca095ab1231486d2b814
a007b420d19ceefa840f0373e050e3b51a4ab480
493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b
GET /cdn/unibet/js/mmcore.js HTTP/1.1
Host: service.maxymiser.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Wed, 08 Feb 2023 23:52:33 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-ThinWeb.woff
104.18.24.188200 OK 50 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-ThinWeb.woff
IP 104.18.24.188:0
File type Web Open Font Format, TrueType, length 49636, version 3.6\012- data
Hash 37ba84aebad11c2e0acd496eedb0bb76
42942446e1cfab8d0eaf7d23899203b2b2b64fe7
2d7cc2c9c9fef717010fcfa8fa6518079eaec1e63975a74b4fb78afb14d6ee5e
GET /no/pop/casino/2022/BlenderPro-ThinWeb.woff HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/styles.css
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19397%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1675900410134r0.04588446911638189
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: application/font-woff
content-length: 49636
cache-control: public, max-age=900, immutable
content-md5: N7qErrrRHC4KzUlu7bC7dg==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: "0x8DAD20EA4AE38F0"
x-ms-request-id: aeb213ea-701e-0034-5af7-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 122941
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7968479a79d6b4fa-OSL
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-MediumWeb.woff
104.18.24.188200 OK 49 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/BlenderPro-MediumWeb.woff
IP 104.18.24.188:0
File type Web Open Font Format, TrueType, length 48766, version 3.6\012- data
Hash f62793caeb7e5b111d7508b00c0826c2
d003c52a07685156de00186014c777b7dde81573
bac888a26184354a6038eb4ba3d87fdc3315c6e7fe0c19ec7cd1737f1720fc5a
GET /no/pop/casino/2022/BlenderPro-MediumWeb.woff HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/styles.css
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19397%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1675900410134r0.04588446911638189
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: application/font-woff
content-length: 48766
cache-control: public, max-age=900, immutable
content-md5: 9ieTyut+WxEddQiwDAgmwg==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: "0x8DAD20EA49C613A"
x-ms-request-id: d866c426-a01e-0018-6bf7-03cd65000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 122941
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7968479a89dfb4fa-OSL
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/background.jpg
104.18.24.188200 OK 162 kB URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/background.jpg
IP 104.18.24.188:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x800, components 3\012- data
Size 162 kB (161606 bytes)
Hash aa279ee357b415f50a16127d5c1a7c4d
d1375a6cb87e60f31f609769044af9e6d47775cd
6aa6656d951b443674e2795a2174f6ba5fa711a0f2943830eab9f07cb1e1a809
GET /no/pop/casino/2022/background.jpg HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/styles.css
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19397%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1675900410134r0.04588446911638189
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: image/jpeg
content-length: 161606
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
cf-bgj: h2pri
content-md5: qiee41e0FfUKFhJ9XBp8TQ==
etag: "0x8DAD20EA4B90CD2"
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 5e1e980c-701e-001b-01f7-032c01000000
x-ms-version: 2014-02-14
cf-cache-status: HIT
age: 123229
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7968479a79d1b4fa-OSL
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js
23.38.200.237200 OK 30 kB URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (543)
Hash d994c7b5e7b348492e630f9e201eed6c
927a06e00f5a9c23d2f9348c013cec4b459effac
7ca2a3f0bb133f07fb5c826b58e48089d90b0ce6e5ab0dce5de73550c5110d80
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "9c4992909a83d52617e9948d1d1c4141:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 29629
cache-control: max-age=3600
expires: Thu, 09 Feb 2023 00:52:33 GMT
date: Wed, 08 Feb 2023 23:52:33 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js
23.38.200.237200 OK 1.2 kB URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js
IP 23.38.200.237:0
File type ASCII text, with very long lines (502)
Hash 0fc50fe0077c2d091ca05aa91daba75f
6a05d944d25fe2dbf36c1fb33a5096bcb1ada25c
4b469a08c52c411065253103c02ea37609c225f2b4c7c3842d90d0c6caa694f3
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "5e8dc588959123c3ee5de9ac168d5c74:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1199
cache-control: max-age=3600
expires: Thu, 09 Feb 2023 00:52:33 GMT
date: Wed, 08 Feb 2023 23:52:33 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 22:02:00 GMT
expires: Mon, 05 Feb 2024 22:02:00 GMT
cache-control: public, max-age=31536000
age: 265833
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
142.250.74.40200 OK 81 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP 142.250.74.40:0
File type ASCII text, with very long lines (62112)
Hash 9bcd11b8843cd9b46c696af972be1770
33a29b6cd2c9f53d64053f0ddcea4b9656514fe5
9adaac6b5e63e7d074f414c80f2382cc6ef8a7a14132b0e131f4a86f64f6b6e1
GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 08 Feb 2023 23:52:33 GMT
expires: Wed, 08 Feb 2023 23:52:33 GMT
cache-control: private, max-age=900
last-modified: Wed, 08 Feb 2023 22:05:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81219
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Hash b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 04 Feb 2023 10:26:49 GMT
expires: Sun, 04 Feb 2024 10:26:49 GMT
cache-control: public, max-age=31536000
age: 393944
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 08 Feb 2023 07:51:59 GMT
expires: Thu, 08 Feb 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 57634
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
a10682170820.cdn.optimizely.com/client_storage/a10682170820.html
104.110.8.48200 OK 1.0 kB URL HTTP/2 a10682170820.cdn.optimizely.com/client_storage/a10682170820.html
IP 104.110.8.48:0
File type HTML document, ASCII text, with very long lines (1979)
Hash 742e155d16b153b32a6122e0a1f9ff2f
b2d28881ba6a69f7e2f6800fba5619d1637ba982
45937bb143dc3304ec902f390a76756c9b0f0c6767e56d91d18e51c969256853
GET /client_storage/a10682170820.html HTTP/1.1
Host: a10682170820.cdn.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: ZeY6gA8ECJjPJI0JTgyf8hf4Ffxoofx9eu5F200CaRpPjt0FCJ88cyqCLX9XqLMYzEWcwkFuOK8=
x-amz-request-id: SN5Z461PEC95J65Q
x-amz-replication-status: COMPLETED
last-modified: Wed, 08 Feb 2023 09:48:05 GMT
etag: "8f9559b1fad9570e6fa6d5fb5d420874"
x-amz-server-side-encryption: AES256
x-amz-meta-pci_enabled: False
x-amz-version-id: mVWNngn9QdCRGZ5Wx807EL7Vn5HlvyBX
accept-ranges: bytes
content-type: text/html; charset=utf-8
server: AmazonS3
vary: Accept-Encoding
cache-control: max-age=120
x-akamai-transformed: 9 - 0 pmb=mRUM,2
content-encoding: gzip
date: Wed, 08 Feb 2023 23:52:33 GMT
content-length: 1041
server-timing: cdn-cache; desc=HIT, edge; dur=1, cdn;desc="AkamaiION";dur=0,rtt;desc="2";dur=0,cdnip;desc="104.110.8.48";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:33 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.mariacasino.nu/no/pop/casino/2022/favicon.ico
104.18.24.188200 OK 923 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/favicon.ico
IP 104.18.24.188:0
File type MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Hash b45e5ddda3c267cfc25dc8d7b69db8db
9d5535aa362bb85657a1bd4cb801589eead722f1
47a7ee3d46aa45093a23df1cf68a15ea81646ad9b434312a6ac81e6478dd1784
GET /no/pop/casino/2022/favicon.ico HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19397%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1675900410134r0.04588446911638189
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: image/x-icon
cache-control: public, max-age=900, immutable
content-md5: dUZ66nye8JES1X2nEnkvHA==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: W/"0x8DAD20EA4D12531"
x-ms-request-id: 1b22010b-f01e-0058-65f7-03ca5d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 122932
vary: Accept-Encoding
server: cloudflare
cf-ray: 7968479b4a5db4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js?465527
104.19.148.8410 Gone 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?465527
IP 104.19.148.8:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pages/scripts/0012/9242.js?465527 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 410 Gone
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: application/javascript
content-length: 0
last-modified: Wed, 08 Feb 2023 15:00:58 GMT
cache-control: public, max-age=86400, s-maxage=86400
access-control-allow-origin: *
cf-cache-status: HIT
age: 31895
vary: Accept-Encoding
server: cloudflare
cf-ray: 7968479b7db11c0a-OSL
X-Firefox-Spdy: h2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js
23.38.200.237200 OK 1.4 kB URL HTTP/2 assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js
IP 23.38.200.237:0
Hash ab8cdc21adb95a3014aae857022fdce6
c90f3f115de66b8809a88a667225fa5746ca3dfa
2e3db22559903bd6ba695a18b440ff7eeb0a645dc4ab9257c3605f22d144ca51
GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "6444bceb1b767bea75b4f47d793f7b05:1554112917"
last-modified: Mon, 01 Apr 2019 10:01:57 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1388
cache-control: max-age=3600
expires: Thu, 09 Feb 2023 00:52:33 GMT
date: Wed, 08 Feb 2023 23:52:33 GMT
access-control-allow-origin: https://welcome.mariacasino.nu
timing-allow-origin: *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 670c45e5df2cb1a24918eec72ca8a714
b063f1b8ba73de1cf331b3e92c2fc171be629f41
b01a01938dbf79206845b3f933789dde6385aa2f27d17fb089f29cd5b771286d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6435
Cache-Control: max-age=120693
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 23:52:34 GMT
Etag: "63e35114-1d7"
Expires: Fri, 10 Feb 2023 09:24:07 GMT
Last-Modified: Wed, 08 Feb 2023 07:36:52 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
unibet.demdex.net/event?_ts=1675900410493
34.254.165.240200 OK 28 B URL HTTP/1.1 unibet.demdex.net/event?_ts=1675900410493
IP 34.254.165.240:0
File type JSON data\012- , ASCII text, with no line terminators
Hash e5bd7bffaebc3b6f39a51600d7d98448
3126b0beaa77359162cadfebc3ae83b4cf5d04f8
3f4e5ede55abc3d3c77d99cdc5019ccfaf8107ac33328b1e4d3b022cb10b15d8
POST /event?_ts=1675900410493 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 63
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v046-0c554dbd5.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=15842792112532561270965471910306016135; Max-Age=15552000; Expires=Mon, 07 Aug 2023 23:52:34 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: 3zWgKs/9RYE=
Content-Length: 28
Connection: keep-alive
tapi.optimizely.com/api/targeting/10682170820/11101493565/oeu1675900410134r0.04588446911638189
2.23.138.210200 OK 2.6 kB URL HTTP/1.1 tapi.optimizely.com/api/targeting/10682170820/11101493565/oeu1675900410134r0.04588446911638189
IP 2.23.138.210:0
ASN #1299 Telia Company AB
File type JSON data\012- , ASCII text, with very long lines (27967), with no line terminators
Hash 73e53691d3aa213d6e7b54c53362aed5
f633ba93067f683acc3d22dc22e1697f1599c885
e0b86eb4cf1c930dd28586612b003caf15d3902cbd42d34da0f5b51e00435681
GET /api/targeting/10682170820/11101493565/oeu1675900410134r0.04588446911638189 HTTP/1.1
Host: tapi.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Server: nginx/1.15.12
X-Powered-By: Express
Content-Encoding: gzip
Cache-Control: max-age=1200
Date: Wed, 08 Feb 2023 23:52:34 GMT
Content-Length: 2638
Connection: keep-alive
Vary: Origin
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=58169713453114463043729646133355778294&ts=1675900410450
15.236.117.205200 OK 2 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=58169713453114463043729646133355778294&ts=1675900410450
IP 15.236.117.205:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=58169713453114463043729646133355778294&ts=1675900410450 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://welcome.mariacasino.nu
access-control-allow-credentials: true
date: Wed, 08 Feb 2023 23:52:34 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unibet.demdex.net/dest5.html?d_nsid=0
34.254.165.240200 OK 2.8 kB URL HTTP/1.1 unibet.demdex.net/dest5.html?d_nsid=0
IP 34.254.165.240:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Hash ccbdcb1e84c241950763ec4cd516cdfc
55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
GET /dest5.html?d_nsid=0 HTTP/1.1
Host: unibet.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: text/html;charset=UTF-8
date: Wed, 8 Feb 2023 23:52:34 GMT
DCS: dcs-prod-irl1-1-v046-06ab52116.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Wed, 8 Feb 2023 11:26:58 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: hE5DhFVDQ7w=
transfer-encoding: chunked
Connection: keep-alive
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s53555270385732?AQB=1&ndh=1&pf=1&t=8%2F1%2F2023%2023%3A53%3A30%203%200&mid=58169713453114463043729646133355778294&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26bid%3D37953%26campaignId%3D2397257%26pid%3D74340067&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26bid%3D37953%26campaignId%3D2397257%26pid%3D74340067&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=11%3A53%20PM%7CWednesday&v6=11%3A53%20PM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1675900410&v21=Not%20Logged-In&c73=maria&v120=popunder&v121=1%3A81750185%3A74340067-37953&v122=NONE&v124=2397257&v125=81750185_94F8E7AAC2754D14A0A47EE0148FB640&v126=74340067&v127=37953&v134=1675900410&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
15.236.117.205200 OK 43 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s53555270385732?AQB=1&ndh=1&pf=1&t=8%2F1%2F2023%2023%3A53%3A30%203%200&mid=58169713453114463043729646133355778294&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26bid%3D37953%26campaignId%3D2397257%26pid%3D74340067&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26bid%3D37953%26campaignId%3D2397257%26pid%3D74340067&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=11%3A53%20PM%7CWednesday&v6=11%3A53%20PM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1675900410&v21=Not%20Logged-In&c73=maria&v120=popunder&v121=1%3A81750185%3A74340067-37953&v122=NONE&v124=2397257&v125=81750185_94F8E7AAC2754D14A0A47EE0148FB640&v126=74340067&v127=37953&v134=1675900410&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP 15.236.117.205:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s53555270385732?AQB=1&ndh=1&pf=1&t=8%2F1%2F2023%2023%3A53%3A30%203%200&mid=58169713453114463043729646133355778294&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26bid%3D37953%26campaignId%3D2397257%26pid%3D74340067&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.nu%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A74340067-37953%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26bid%3D37953%26campaignId%3D2397257%26pid%3D74340067&v1=welcome.mariacasino.nu%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.nu&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=11%3A53%20PM%7CWednesday&v6=11%3A53%20PM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1675900410&v21=Not%20Logged-In&c73=maria&v120=popunder&v121=1%3A81750185%3A74340067-37953&v122=NONE&v124=2397257&v125=81750185_94F8E7AAC2754D14A0A47EE0148FB640&v126=74340067&v127=37953&v134=1675900410&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Wed, 08 Feb 2023 23:52:34 GMT
expires: Tue, 07 Feb 2023 23:52:34 GMT
last-modified: Thu, 09 Feb 2023 23:52:34 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3598968606599020544-4619376402714145200
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 57e2189e39db1881e2420ddad64a1ca3
4c41ef7ec3b33c2cf4a58420700537c8073c9971
29fa92faf146319bbe2aaacee0a2876045ed5e3d02202db318a500d09fa29534
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=143296
Date: Wed, 08 Feb 2023 23:52:34 GMT
Etag: "63e3ab20-1d7"
Expires: Fri, 10 Feb 2023 15:40:50 GMT
Last-Modified: Wed, 08 Feb 2023 14:01:04 GMT
Server: ECS (bsa/EB1E)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 5IRX2sUx90Ne-rHbmuhchDSkkdtDMJwgTzy8S6vce9kIeVTvC4ZCFg==
Age: 5986
cm.everesttech.net/cm/dd?d_uuid=58154900698185914193732517155357846893
54.229.62.148302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=58154900698185914193732517155357846893
IP 54.229.62.148:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=58154900698185914193732517155357846893 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Wed, 08 Feb 2023 23:52:34 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y_Q1wgAAAI2jWgOY; Domain=.everesttech.net; Expires=Thu, 08-Feb-2024 23:52:34 GMT; Path=/
everest_session_v2="Y@Q1wgAAAI2jWwOY"; Version=1; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY
34.254.165.240302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY
IP 34.254.165.240:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.mariacasino.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v046-0647cef17.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=41710343996674741334553576270801917578; Max-Age=15552000; Expires=Mon, 07 Aug 2023 23:52:34 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: y+OeBbbLRko=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY
34.254.165.240200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY
IP 34.254.165.240:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y_Q1wgAAAI2jWgOY HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.mariacasino.nu/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v046-09b92f112.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: 0EaSYVYDQFk=
Content-Length: 59
Connection: keep-alive
tapi.optimizely.com/api/js/odds/project/10682170820?project=10682170820
2.23.138.210200 OK 168 B URL HTTP/1.1 tapi.optimizely.com/api/js/odds/project/10682170820?project=10682170820
IP 2.23.138.210:0
ASN #1299 Telia Company AB
File type JSON data\012- , ASCII text, with no line terminators
Hash 7b92c056eea084fe960d8794d6c70a77
79318285c26c4220bbaa81aefbca57f091a20461
cc75a166bb638f022304459d8a9060c384b03bdb1892e7e9f15b6cd6f17fd4d3
GET /api/js/odds/project/10682170820?project=10682170820 HTTP/1.1
Host: tapi.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Content-Type: application/json; charset=utf-8
Server: nginx/1.15.12
X-Powered-By: Express
Content-Length: 168
Expires: Wed, 08 Feb 2023 23:52:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 08 Feb 2023 23:52:34 GMT
Connection: keep-alive
X-Uncacheable: WTF
Vary: Origin
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 153d6716945675a6f4e2742540f869b4
2beaad9ee8b7c2df183cfa60647ff7d91e626114
a55407174f85fe9a77ebe0b6120f2a71125fa3effe084271af4c6e667fe3eaa4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 23:52:34 GMT
Last-Modified: Wed, 08 Feb 2023 23:03:22 GMT
Server: ECS (nyb/1D05)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: exur3OuFFzspBCTZUv4xftfSa_e9OrgASi9SUlpjuCMQ5FMcULUplw==
Age: 2952
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 153d6716945675a6f4e2742540f869b4
2beaad9ee8b7c2df183cfa60647ff7d91e626114
a55407174f85fe9a77ebe0b6120f2a71125fa3effe084271af4c6e667fe3eaa4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 23:52:34 GMT
Last-Modified: Wed, 08 Feb 2023 23:03:02 GMT
Server: ECS (nyb/1D1D)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UwRHCmCp5LzpMywtIDiVDWrJ76f70__delTSNQDN0tpfR5S0FrxN6A==
Age: 2973
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 153d6716945675a6f4e2742540f869b4
2beaad9ee8b7c2df183cfa60647ff7d91e626114
a55407174f85fe9a77ebe0b6120f2a71125fa3effe084271af4c6e667fe3eaa4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 23:52:34 GMT
Last-Modified: Wed, 08 Feb 2023 23:04:14 GMT
Server: ECS (nyb/1D28)
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: jCATZ5urL_SqYS28sCrwjNxpdNg9ewKEhLH9SPcPhEegDAnwGRnn2w==
Age: 2901
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 153d6716945675a6f4e2742540f869b4
2beaad9ee8b7c2df183cfa60647ff7d91e626114
a55407174f85fe9a77ebe0b6120f2a71125fa3effe084271af4c6e667fe3eaa4
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=105558
Date: Wed, 08 Feb 2023 23:52:34 GMT
Etag: "63e322be-1d7"
Expires: Fri, 10 Feb 2023 05:11:52 GMT
Last-Modified: Wed, 08 Feb 2023 04:19:10 GMT
Server: ECS (nyb/1D27)
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ZaCopNGddqzyOuaItxcK41n87iWFXIeL2tEu_p8HSCqj15amwlFNRg==
Age: 3162
errors.client.optimizely.com/log
23.22.52.211200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 23.22.52.211:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Wed, 08 Feb 2023 23:52:34 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
23.22.52.211200 OK 13 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 23.22.52.211:0
File type ASCII text, with no line terminators
Hash 1424eb76249899d757e4d168341a50dc
42101e71440abd46c8112a96d4d5c0dd445120ce
16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
OPTIONS /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.nu/
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Content-Type: text/plain
Date: Wed, 08 Feb 2023 23:52:34 GMT
Content-Length: 13
Connection: keep-alive
errors.client.optimizely.com/log
23.22.52.211204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 23.22.52.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 435
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Wed, 08 Feb 2023 23:52:34 GMT
Connection: keep-alive
errors.client.optimizely.com/log
23.22.52.211204 No Content 0 B URL HTTP/1.1 errors.client.optimizely.com/log
IP 23.22.52.211:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /log HTTP/1.1
Host: errors.client.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 480
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers:
Content-Type: text/plain
Date: Wed, 08 Feb 2023 23:52:34 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 4eb05b6b5e5ebdeaa575b76015736f3e
73dcc26acb95261d68e520753769cf5d81d34c7c
2d46f80640eb7a83f99229e6c125b9d07d24bad1deae4b6efc193a5f77e6d5c2
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 08 Feb 2023 23:52:34 GMT
Last-Modified: Wed, 08 Feb 2023 22:44:30 GMT
Server: ECS (nyb/1D18)
X-Cache: Miss from cloudfront
Via: 1.1 98794c1dec0d4e7b10ddf0faa094cf94.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: e9sbehj9QXTeD7lWsn7CPLgBVt8Pyjizv6tJaY7oLT9gQteeF_MaOQ==
Age: 4084
logx.optimizely.com/v1/events
54.158.40.183204 No Content 0 B URL HTTP/1.1 logx.optimizely.com/v1/events
IP 54.158.40.183:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/events HTTP/1.1
Host: logx.optimizely.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 741
Origin: https://welcome.mariacasino.nu
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.nu
Access-Control-Expose-Headers: X-Results-Data-Source
Content-Type: text/plain
Date: Wed, 08 Feb 2023 23:52:35 GMT
Server: nginx/1.21.0
Timing-Allow-Origin: *
X-Request-Id: eef95cca-b7ce-4764-8f96-f5fc8384a5c3
Connection: keep-alive
welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
104.18.24.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
IP 104.18.24.188:0
GET /no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067 HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: L2akXslp2trAwResQfYe7w==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
x-ms-request-id: a8195ede-c01e-0053-5d18-3c3136000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
set-cookie: btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640;max-age=2592000; domain=.mariacasino.nu;path=/;secure;samesite=none;httponly
server: cloudflare
cf-ray: 79684796aeeeb4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/maria-logo.svg
104.18.24.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/maria-logo.svg
IP 104.18.24.188:0
GET /no/pop/casino/2022/maria-logo.svg HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: A/evXSZJMSEi63VEXU58wA==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: W/"0x8DAD20EA476B63E"
x-ms-request-id: 5a1280b9-401e-0062-10f7-03d025000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 123195
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847978fc0b4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500,700,900
142.250.74.106200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500,700,900
IP 142.250.74.106:0
GET /css?family=Roboto:300,400,500,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 08 Feb 2023 23:52:33 GMT
date: Wed, 08 Feb 2023 23:52:33 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.sntnews3.com/wp-content/uploads/2023/01/2-511.jpg
143.198.202.122200 OK 0 B URL HTTP/1.1 www.sntnews3.com/wp-content/uploads/2023/01/2-511.jpg
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
GET /wp-content/uploads/2023/01/2-511.jpg HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.sntnews3.com/
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=8d902f42-0563-4cb3-bc1f-6bf9869e08ac%3A2%3A1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:30 GMT
Content-Type: image/jpeg
Content-Length: 69632
Last-Modified: Thu, 19 Jan 2023 13:34:53 GMT
Connection: keep-alive
ETag: "63c946fd-11000"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
45.133.44.9200 OK 0 B URL HTTP/2 cdn.cloudimagesb.com/cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png
IP 45.133.44.9:0
ASN #39572 DataWeb Global Group B.V.
GET /cti/5c/10/b0/5c10b0b28e7a0e9d7e61bd8d09bee3db/1658920078.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:30 GMT
content-type: image/png
content-length: 105910
server: nginx/1.17.6
last-modified: Wed, 27 Jul 2022 11:08:06 GMT
etag: "62e11c96-19db6"
expires: Fri, 10 Feb 2023 23:52:30 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
www.sntnews3.com/wp-content/themes/bam/assets/fonts/webfonts/fa-regular-400.woff2
143.198.202.122200 OK 0 B URL HTTP/1.1 www.sntnews3.com/wp-content/themes/bam/assets/fonts/webfonts/fa-regular-400.woff2
IP 143.198.202.122:0
ASN #14061 DIGITALOCEAN-ASN
GET /wp-content/themes/bam/assets/fonts/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: www.sntnews3.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: http://www.sntnews3.com/wp-content/themes/bam/assets/fonts/css/all.min.css?ver=5.15.4
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 23:52:29 GMT
Content-Type: font/woff2
Content-Length: 13224
Last-Modified: Tue, 03 Jan 2023 12:58:26 GMT
Connection: keep-alive
ETag: "63b42672-33a8"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
welcome.mariacasino.nu/no/pop/casino/2022/styles.css
104.18.24.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/styles.css
IP 104.18.24.188:0
GET /no/pop/casino/2022/styles.css HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: nHGY+uZf3VZaIBaHkSPKCQ==
last-modified: Tue, 29 Nov 2022 13:35:55 GMT
etag: W/"0x8DAD20EA45DDAAB"
x-ms-request-id: 4ad10bc9-001e-002e-3ef7-034015000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 123195
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847977faab4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.mariacasino.nu/no/pop/casino/2022/main.js
104.18.24.188200 OK 0 B URL HTTP/2 welcome.mariacasino.nu/no/pop/casino/2022/main.js
IP 104.18.24.188:0
GET /no/pop/casino/2022/main.js HTTP/1.1
Host: welcome.mariacasino.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.nu/no/pop/casino/2022/index.html?mktid=1:81750185:74340067-37953&btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640&bid=37953&campaignId=2397257&pid=74340067
Cookie: __ucbt=node01a509hvbtleeg14ttudhniw1z; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_94F8E7AAC2754D14A0A47EE0148FB640; BID=37953; PID=74340067; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.mariacasino.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.nu%26btag%3D81750185_94F8E7AAC2754D14A0A47EE0148FB640%26sref%3DADC%26ADC%3D1506755-640691165-0_Adsterra%26affiliateId%3D1%26pid%3D74340067%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; btag=81750185_94F8E7AAC2754D14A0A47EE0148FB640
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 08 Feb 2023 23:52:33 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: HUKMSjGdEVR6I7ylcruk3g==
last-modified: Tue, 29 Nov 2022 13:35:56 GMT
etag: W/"0x8DAD20EA4F7BA6F"
x-ms-request-id: 5a127d26-401e-0062-37f7-03d025000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 589495
vary: Accept-Encoding
server: cloudflare
cf-ray: 796847978fbcb4fa-OSL
content-encoding: br
X-Firefox-Spdy: h2