Overview

URL ungroudonchan.com/4/5423637?ymid=Fdfb6W7s3uqfRa2GHs1jDs&var=074b5bba-80ab-4a33-86df-edbd736e35eb
IP139.45.197.238
ASNRETN Limited
Location United Kingdom
Report completed2022-10-05 19:25:50 UTC
StatusLoading report..
urlquery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer


Intrusion Detection Systems

Suricata /w Emerging Threats Pro  No alerts detected


Blocklists

OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
mnemonic secure dns  No alerts detected
Quad9 DNS
Scan Date Severity Indicator Comment
2022-10-05 2 ungroudonchan.com Sinkholed
2022-10-05 2 datatechone.com Sinkholed
2022-10-05 2 ungroudonchan.com Sinkholed
2022-10-05 2 ungroudonchan.com Sinkholed


Files

No files detected



Passive DNS (35)

Passive DNS Source Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
mnemonic passive DNS content-signature-2.cdn.mozilla.net (1) 1152 2020-11-03 12:26:46 UTC 2022-10-05 06:03:19 UTC 54.230.111.99
mnemonic passive DNS my.rtmark.net (1) 9054 2017-08-22 14:11:49 UTC 2022-10-05 12:17:08 UTC 139.45.195.8
mnemonic passive DNS fonts.gstatic.com (3) 0 2014-08-29 13:43:22 UTC 2022-10-05 11:30:49 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
mnemonic passive DNS datatechone.com (1) 0 2015-06-17 13:52:19 UTC 2022-10-04 20:04:57 UTC 139.45.195.253 Unknown ranking
mnemonic passive DNS eu.can-get-so.me (1) 0 2022-05-24 05:08:11 UTC 2022-10-05 07:46:38 UTC 157.90.33.73 Unknown ranking
mnemonic passive DNS adserving.unibet.com (1) 98000 2015-05-26 06:56:53 UTC 2022-10-05 13:42:51 UTC 23.36.79.11
mnemonic passive DNS r3.o.lencr.org (5) 344 2020-12-02 08:52:13 UTC 2022-10-05 07:13:38 UTC 23.36.77.32
mnemonic passive DNS contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-05 05:01:05 UTC 34.117.237.239
mnemonic passive DNS img-getpocket.cdn.mozilla.net (6) 1631 2017-09-01 03:40:57 UTC 2022-10-05 12:33:02 UTC 34.120.237.76
mnemonic passive DNS cdn.optimizely.com (1) 694 2018-03-19 19:09:21 UTC 2022-10-05 17:53:08 UTC 23.38.200.155
mnemonic passive DNS dpm.demdex.net (3) 204 2017-01-30 04:59:39 UTC 2022-10-05 11:38:44 UTC 52.49.126.217
mnemonic passive DNS ocsp.sca1b.amazontrust.com (7) 1015 2017-03-03 15:20:51 UTC 2019-03-27 04:05:54 UTC 54.230.245.100
mnemonic passive DNS cm.everesttech.net (1) 996 2017-01-30 04:59:57 UTC 2022-10-05 11:39:42 UTC 52.215.56.149
mnemonic passive DNS ungroudonchan.com (3) 0 2022-06-05 10:18:47 UTC 2022-10-05 13:41:49 UTC 139.45.197.238 Unknown ranking
mnemonic passive DNS firefox.settings.services.mozilla.com (2) 867 2020-05-27 20:08:30 UTC 2022-10-05 14:02:21 UTC 54.230.111.7
mnemonic passive DNS push.services.mozilla.com (1) 2140 2015-09-03 10:29:36 UTC 2022-10-05 09:14:56 UTC 44.242.3.166
mnemonic passive DNS errors.client.optimizely.com (8) 7604 2017-01-30 06:09:04 UTC 2022-10-05 14:03:24 UTC 3.215.196.133
mnemonic passive DNS ocsp.digicert.com (3) 86 2012-05-21 07:02:23 UTC 2022-10-05 16:07:29 UTC 93.184.220.29
mnemonic passive DNS unibet.demdex.net (2) 338024 2017-01-30 05:50:24 UTC 2022-10-05 11:39:45 UTC 54.171.150.101
mnemonic passive DNS tapi.optimizely.com (2) 8027 2017-01-29 16:22:12 UTC 2022-10-05 07:10:20 UTC 95.100.12.199
mnemonic passive DNS ajax.googleapis.com (1) 12905 2013-08-16 09:51:31 UTC 2022-10-05 17:56:20 UTC 142.250.74.74
mnemonic passive DNS unibetlondonltd.d3.sc.omtrdc.net (2) 444877 2017-01-29 21:05:05 UTC 2022-10-05 11:39:45 UTC 13.36.218.177
mnemonic passive DNS script.crazyegg.com (4) 1992 2015-01-07 19:40:26 UTC 2022-10-05 17:51:57 UTC 104.19.148.8
mnemonic passive DNS ocsp.sectigo.com (2) 487 2018-12-17 11:31:55 UTC 2022-10-05 15:14:22 UTC 104.18.32.68
mnemonic passive DNS welcome.mariacasino.com (13) 0 2017-01-29 16:37:02 UTC 2022-10-05 10:26:07 UTC 108.161.188.196 Domain (mariacasino.com) ranked at: 508551
mnemonic passive DNS ocsp.pki.goog (9) 175 2017-06-14 07:23:31 UTC 2022-10-05 06:59:18 UTC 142.250.74.3
mnemonic passive DNS assets.adobedtm.com (5) 512 2014-01-28 04:51:35 UTC 2022-10-05 12:03:06 UTC 23.38.200.237
mnemonic passive DNS service.maxymiser.net (2) 8733 2012-11-14 17:00:33 UTC 2022-10-05 09:15:03 UTC 104.110.7.230
mnemonic passive DNS logx.optimizely.com (1) 1233 2016-10-05 13:33:23 UTC 2022-10-05 17:53:11 UTC 18.235.250.101
mnemonic passive DNS a1s-cdn.unibet.com (1) 283505 2014-04-23 15:07:51 UTC 2022-10-05 11:39:44 UTC 85.184.96.5
mnemonic passive DNS www.googletagmanager.com (1) 75 2012-12-25 14:52:06 UTC 2022-10-05 11:20:17 UTC 142.250.74.168
mnemonic passive DNS a1s.unibet.com (1) 297625 2017-01-30 00:44:42 UTC 2022-10-05 11:39:44 UTC 85.184.96.5
mnemonic passive DNS 35.227.234.222 (1) 0 2019-02-15 12:35:24 UTC 2022-06-15 16:40:06 UTC 35.227.234.222 Unknown ranking
mnemonic passive DNS no.mariacasino.com (2) 0 2017-01-31 06:14:41 UTC 2022-10-05 05:19:04 UTC 85.184.96.0 Domain (mariacasino.com) ranked at: 508551
mnemonic passive DNS ocsp.securetrust.com (1) 18792 2019-12-23 03:05:54 UTC 2022-10-05 17:15:26 UTC 23.36.79.18


Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 139.45.197.238

Date UQ / IDS / BL URL IP
2022-12-09 04:04:17 +0000
0 - 0 - 2 rouonixon.com/4/5254296/ 139.45.197.238
2022-12-09 02:36:24 +0000
0 - 0 - 3 rouonixon.com/4/4309814/ 139.45.197.238
2022-12-08 23:00:54 +0000
0 - 0 - 2 inoradde.com/4/4326737/ 139.45.197.238
2022-12-08 23:00:25 +0000
0 - 0 - 4 rouonixon.com/4/4284572/ 139.45.197.238
2022-12-08 18:03:14 +0000
0 - 0 - 1 rouonixon.com/4/5434343/ 139.45.197.238

Last 5 reports on ASN: RETN Limited

Date UQ / IDS / BL URL IP
2022-12-09 04:04:17 +0000
0 - 0 - 2 rouonixon.com/4/5254296/ 139.45.197.238
2022-12-09 03:46:02 +0000
0 - 0 - 5 retryngs.com/link?z=5553190&var=&ymid=wr47tuk (...) 139.45.197.249
2022-12-09 02:36:24 +0000
0 - 0 - 3 rouonixon.com/4/4309814/ 139.45.197.238
2022-12-09 02:00:05 +0000
0 - 0 - 20 ggetsurv4youu.com/link?z=5424275&var=&ymid=17 (...) 139.45.197.246
2022-12-09 00:23:56 +0000
0 - 0 - 2 mauptaub.com/ 139.45.197.151

Last 5 reports on domain: ungroudonchan.com

Date UQ / IDS / BL URL IP
2022-12-01 23:34:32 +0000
0 - 0 - 3 ungroudonchan.com/4/5423637?ymid=HTQwt8QFCnL9 (...) 139.45.197.238
2022-12-01 23:04:04 +0000
0 - 0 - 3 ungroudonchan.com/4/5423637?ymid=BUdzUhCJnuek (...) 139.45.197.238
2022-12-01 22:50:33 +0000
0 - 0 - 3 ungroudonchan.com/4/5423637?ymid=AH1M2kuXbzJE (...) 139.45.197.238
2022-12-01 22:47:32 +0000
0 - 0 - 3 ungroudonchan.com/4/5423637?ymid=91dUU7FUr6YM (...) 139.45.197.238
2022-12-01 22:27:30 +0000
0 - 0 - 3 ungroudonchan.com/4/5423637?ymid=5wuVtT3YnUiY (...) 139.45.197.238

Last 5 reports with similar screenshot

Date UQ / IDS / BL URL IP
2022-10-10 14:21:07 +0000
0 - 0 - 2 www.hb6trk.com/K31267/9WDPQ6B 34.117.79.165
2022-10-10 13:39:21 +0000
0 - 0 - 2 eu.pastmilsk.click/sk/s22i14/brand/heureka/ 207.154.225.165
2022-10-10 07:55:37 +0000
0 - 0 - 3 sg.pastmilsk.click/nz/s22i14/now/?ts=08e29a07 (...) 139.59.241.112
2022-10-09 23:08:43 +0000
0 - 0 - 3 ungroudonchan.com/4/5423637?ymid=9kQqeC7VxxkT (...) 139.45.197.238
2022-10-09 21:57:12 +0000
0 - 0 - 2 ungroudonchan.com/4/5423637 139.45.197.238


JavaScript

Executed Scripts (32)


Executed Evals (9)

#1 JavaScript::Eval (size: 88, repeated: 1) - SHA256: 5e05e2cf30322e8f71d65a22aa5f4a095923b67286a61d83b7787e3468f42f62

                                        (function() {
    return "LP:" + BF_prop.LandingPageName.toString().replace(/:/ig, "").trim()
})();
                                    

#2 JavaScript::Eval (size: 132, repeated: 1) - SHA256: 0a23e511994a2c03a725773de07810ff171878b9c0177f40a663038e4e251168

                                        (function() {
    if (window.innerWidth) return window.innerWidth;
    d = screen.width + "x" + screen.height;
    return d.documentElement.offsetWidth
})();
                                    

#3 JavaScript::Eval (size: 62, repeated: 1) - SHA256: adf0ca592504ef680d5ea02d5161b15be0572fd3e5b41d152b74f0c76aea6c42

                                        (function() {
    return window.functions.getPageNameOldEvar1()
})();
                                    

#4 JavaScript::Eval (size: 135, repeated: 1) - SHA256: fc7b851f30df68c5cc6d1fb3f06c300b2b1d7271f76cc187224050270141f0ed

                                        (function() {
    if (window.innerHeight) return window.innerHeight;
    d = screen.width + "x" + screen.height;
    return d.documentElement.offsetHeight
})();
                                    

#5 JavaScript::Eval (size: 61, repeated: 1) - SHA256: 9259355921509ced00b4d7d3e76c151037a06c88a646cd7d47d5d9c96984697c

                                        (function() {
    return window.functions.timeParting("n", "0")
})();
                                    

#6 JavaScript::Eval (size: 60, repeated: 1) - SHA256: 9d51544cc513110b130345a977b1e9e630b5a7aa01518f7f7898758b79a9699f

                                        (function() {
    return visitor.getMarketingCloudVisitorID()
})();
                                    

#7 JavaScript::Eval (size: 54, repeated: 1) - SHA256: fc490a09c28110ae2a7c965801ebeb5c572587f55c3524889f547dbcc34c1d81

                                        (function() {
    return screen.width + "x" + screen.height
})();
                                    

#8 JavaScript::Eval (size: 55, repeated: 1) - SHA256: 14986cbd70f8b8a1770adf9800c113847daf392c2999dfff9dc71d2be98f3282

                                        (function() {
    return visitor.getAnalyticsVisitorID()
})();
                                    

#9 JavaScript::Eval (size: 71, repeated: 1) - SHA256: dcdd7e7e286c45c94638f28053384616d6ca9a1b396b0109cb51f1298ba342bb

                                        (function() {
    return Math.round((new Date).getTime() / 1E3).toString()
})();
                                    

Executed Writes (1)

#1 JavaScript::Write (size: 68, repeated: 1) - SHA256: 6604e7359d43375f74af46ce09c369432a8512c1e42b8d301a38091cb668301a

                                        < script src = "https://cdn.optimizely.com/js/10682170820.js" > < /script>
                                    


HTTP Transactions (99)


Request Response
                                        
                                            GET /4/5423637?ymid=Fdfb6W7s3uqfRa2GHs1jDs&var=074b5bba-80ab-4a33-86df-edbd736e35eb HTTP/1.1 
Host: ungroudonchan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         139.45.197.238
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf8
                                        
Server: nginx
Date: Wed, 05 Oct 2022 19:25:39 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 8c95a2d1b64d38bf56acac739460c519
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=2623c86f5514412182683c5591119642; expires=Thu, 05 Oct 2023 19:25:39 GMT; path=/ oaidts=1664997939; expires=Thu, 05 Oct 2023 19:25:39 GMT; path=/ syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, Accept, Content-Type, Content-Length, Accept-Encoding
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (8753)
Size:   7218
Md5:    cf7471aad34145ce57c1cc53191c130c
Sha1:   5d0dc8eef45319436a2ef9a0920558280dac670d
Sha256: 96479790f730c394db730f2edc2b216dc243721613b1dc65875d2db4030b9e63

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 3D0fuw5xkW1AJSkEqJfKmWmlxrQbZgPkXfKgHeyzs6uYEwCg_FpgsA==
Age: 13101


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    2d12f67fe57a87e7366b662d153a5582
Sha1:   d7b02d81cc74f24a251d9363e0f4b0a149264ec1
Sha256: 73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "AB48F17E54075E1ECF034278E82BCACD2E3689773186CC84FBA9B79AAC907294"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3590
Expires: Wed, 05 Oct 2022 20:25:29 GMT
Date: Wed, 05 Oct 2022 19:25:39 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.99
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
content-length: 5348
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Wed, 05 Oct 2022 04:02:33 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
x-cache: Hit from cloudfront
via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 7PG4Xdgw95WUVy8p2spTn9R2Ajh0QcJY7Kjuy7pKd4zJf3REqO9I4g==
age: 55387
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Wed, 05 Oct 2022 19:25:40 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 19:25:40 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 04:52:36 GMT
Expires: Mon, 10 Oct 2022 04:52:35 GMT
Etag: "820a2400958618dd199b8d389b3a6a14f77770b6"
Cache-Control: max-age=379014,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75588b6609f3b529-OSL

                                        
                                            POST /log/add?cid=88506ad5-50e6-43b5-b450-2c5482f39314 HTTP/1.1 
Host: datatechone.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 453
Origin: http://ungroudonchan.com
Connection: keep-alive
Referer: http://ungroudonchan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         139.45.195.253
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.19.10
Date: Wed, 05 Oct 2022 19:25:40 GMT
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: http://ungroudonchan.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    444bcb3a3fcf8389296c49467f27e1d6
Sha1:   7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
Sha256: 2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: ungroudonchan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ungroudonchan.com/4/5423637?ymid=Fdfb6W7s3uqfRa2GHs1jDs&var=074b5bba-80ab-4a33-86df-edbd736e35eb
Cookie: OAID=2623c86f5514412182683c5591119642; oaidts=1664997939

                                         
                                         139.45.197.238
HTTP/1.1 204 No Content
                                        
Server: nginx
Date: Wed, 05 Oct 2022 19:25:40 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.230.111.7
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Wed, 05 Oct 2022 18:29:33 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 05 Oct 2022 18:46:46 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 6259d2cd8a5947ad41a420527bbed7a6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 02EFOB93gz_oWWYWAZA-Sf91d_L5zf8tO19hwUAFhDn7Iu05YqP8bA==
Age: 3367


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3398
Cache-Control: max-age=135469
Date: Wed, 05 Oct 2022 19:25:40 GMT
Etag: "633d3b1b-1d7"
Expires: Fri, 07 Oct 2022 09:03:29 GMT
Last-Modified: Wed, 05 Oct 2022 08:06:51 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: FwxCjGhgomDRJyzhwXPkfA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

                                         
                                         44.242.3.166
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: PJlBh78TAtT/U3kn07E/ZNRE7rY=

                                        
                                            POST /?z=5423637&syncedCookie=true&rhd=false HTTP/1.1 
Host: ungroudonchan.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 597
Origin: http://ungroudonchan.com
Connection: keep-alive
Referer: http://ungroudonchan.com/afu.php?zoneid=5423637&var=5423637&rid=uZkGuFtJfk-T2gq_XdzZSg%3D%3D&rhd=false
Cookie: OAID=2623c86f5514412182683c5591119642; oaidts=1664997939
Upgrade-Insecure-Requests: 1

                                         
                                         139.45.197.238
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Wed, 05 Oct 2022 19:25:41 GMT
Content-Length: 0
Connection: keep-alive
X-Trace-Id: 792d0a54fca38042a1d03b886a12f837
Link: <https://eu.can-get-so.me>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Referrer-Policy: no-referrer
Location: https://eu.can-get-so.me/pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=601607570159051533&subid1=5423637&cost=0.000368&rdk=rk3
Access-Control-Allow-Origin: http://ungroudonchan.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=2623c86f5514412182683c5591119642; expires=Thu, 05 Oct 2023 19:25:41 GMT; path=/ oaidts=1664997939; expires=Thu, 05 Oct 2023 19:25:41 GMT; path=/ syncedCookie=true; expires=Wed, 12 Oct 2022 19:25:41 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "87BEFA8E5E8F61661B8B035B4D19E88A6BE7E2FBA74F2001D647ED0CCD2B8985"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13265
Expires: Wed, 05 Oct 2022 23:06:46 GMT
Date: Wed, 05 Oct 2022 19:25:41 GMT
Connection: keep-alive

                                        
                                            GET /pr?ids=wbwsdgevdua&hash=9d2e850da28b60f5&ext_req_id=601607570159051533&subid1=5423637&cost=0.000368&rdk=rk3 HTTP/1.1 
Host: eu.can-get-so.me
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         157.90.33.73
HTTP/2 302 Found
                                        
server: nginx
date: Wed, 05 Oct 2022 19:25:41 GMT
content-length: 0
referrer-policy: no-referrer
location: http://35.227.234.222/2/PU_NO_CS_DT_KINDRED_MARIA?source=635167&geo=NO&device=desktop
set-cookie: rauid=S6ta1KMfSiivCN6voNSXvg; expires=Thu, 05 Oct 2023 19:25:41 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 19:25:41 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 06:25:20 GMT
Expires: Mon, 10 Oct 2022 06:25:19 GMT
Etag: "41a1b476967aed6ac227717098cd8be3209b45b3"
Cache-Control: max-age=384577,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75588b6b9970b529-OSL

                                        
                                            POST /img.gif?f=merge&userId=2623c86f5514412182683c5591119642 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ungroudonchan.com
Connection: keep-alive
Referer: http://ungroudonchan.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

                                         
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Wed, 05 Oct 2022 19:25:41 GMT
content-length: 43
access-control-allow-origin: http://ungroudonchan.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=2623c86f5514412182683c5591119642; expires=Thu, 05 Oct 2023 19:25:41 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            GET /2/PU_NO_CS_DT_KINDRED_MARIA?source=635167&geo=NO&device=desktop HTTP/1.1 
Host: 35.227.234.222
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

                                         
                                         35.227.234.222
HTTP/1.1 302 Found
                                        
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 05 Oct 2022 19:25:41 GMT
Content-Length: 0
Location: https://adserving.unibet.com/redirect.aspx?bid=37953&pid=79982261&sref=GIG&GIG=NO_DESKTOP_MARIA
Via: 1.1 google

                                        
                                            GET /redirect.aspx?bid=37953&pid=79982261&sref=GIG&GIG=NO_DESKTOP_MARIA HTTP/1.1 
Host: adserving.unibet.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         23.36.79.11
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
content-length: 0
location: https://no.mariacasino.com/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.com&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&sref=GIG&GIG=NO_DESKTOP_MARIA&affiliateId=1&pid=86045284&bid=37953
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 05 Oct 2022 19:25:41 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 05 Oct 2022 19:25:41 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86045284%2c%22BID%22%3a37953%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1664997941416)%5c%2f%22%2c%22CookieTag%22%3a%223795386045284451240919C20221051925%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228188814748%7c1%22%7d%5d; domain=.unibet.com; expires=Fri, 05-Oct-3021 19:25:41 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=32, origin; dur=95
X-Firefox-Spdy: h2

                                        
                                            GET /stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.com&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&sref=GIG&GIG=NO_DESKTOP_MARIA&affiliateId=1&pid=86045284&bid=37953 HTTP/1.1 
Host: no.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         85.184.96.0
HTTP/2 301 Moved Permanently
                                        
date: Wed, 05 Oct 2022 19:25:41 GMT
content-length: 0
location: https://no.mariacasino.com:443/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.com&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&sref=GIG&GIG=NO_DESKTOP_MARIA&affiliateId=1&pid=86045284&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.com%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A320669908%3A86045284-37953
set-cookie: JSESSIONID=node0143qau9m5tr9x79zm7873bkg31259847.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict __ucbt=node0143qau9m5tr9x79zm7873bkg3; Path=/; Domain=.mariacasino.com; Expires=Fri, 04-Oct-2024 19:25:41 GMT; Max-Age=63072000; Secure; SameSite=None uniattr=ST.0.T; Path=/; Domain=.mariacasino.com; Expires=Fri, 04-Oct-2024 19:25:41 GMT; Max-Age=63072000; Secure; SameSite=None uniattr_ref=; Path=/; Domain=.mariacasino.com; Expires=Fri, 04-Oct-2024 19:25:41 GMT; Max-Age=63072000; Secure; SameSite=None UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None affid=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None netwid=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None CLAIM_CODE=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None REGISTRATION_CODE=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None campaignId=2397257; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=41743998; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.com; Expires=Wed, 05-Oct-2022 19:25:56 GMT; Max-Age=15; Secure; SameSite=None affiliateId=1; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=41743998; Secure; SameSite=None B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=41743998; Secure; SameSite=None REGISTRATION_CODE=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None BID=37953; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=41743998; Secure; SameSite=None PID=86045284; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=41743998; Secure; SameSite=None CHID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None REFERER=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None BOCAID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None PRODUCT_ID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=41743998; Secure; SameSite=None AFFILIATE_CAMPAIGN_ID=2397257; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=41743998; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.com; Expires=Wed, 05-Oct-2022 19:25:56 GMT; Max-Age=15; Secure; SameSite=None campaignId=2397257; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=41743998; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.com; Expires=Wed, 05-Oct-2022 19:25:56 GMT; Max-Age=15; Secure; SameSite=None clientId=browser_desktop; Domain=no.mariacasino.com; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Wed, 05 Oct 2022 19:25:41 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2

                                        
                                            GET /stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.com&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&sref=GIG&GIG=NO_DESKTOP_MARIA&affiliateId=1&pid=86045284&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.com%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A320669908%3A86045284-37953 HTTP/1.1 
Host: no.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0143qau9m5tr9x79zm7873bkg3; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; BID=37953; PID=86045284; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; clientId=browser_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         85.184.96.0
HTTP/2 301 Moved Permanently
                                        
date: Wed, 05 Oct 2022 19:25:41 GMT
content-length: 0
location: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:320669908:86045284-37953&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&bid=37953&campaignId=2397257&pid=86045284
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Wed, 05 Oct 2022 19:25:41 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.securetrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.79.18
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 638
Date: Wed, 05 Oct 2022 19:25:41 GMT
Connection: keep-alive

                                        
                                            GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js HTTP/1.1 
Host: assets.adobedtm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.38.200.237
HTTP/2 200 OK
content-type: application/x-javascript
                                        
accept-ranges: bytes
etag: "bf8d7656a2457e257e3cf75a01e6a4b7:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 43737
cache-control: max-age=3600
expires: Wed, 05 Oct 2022 20:25:41 GMT
date: Wed, 05 Oct 2022 19:25:41 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  exported SGML document, ASCII text, with very long lines (32764)
Size:   43737
Md5:    57198fa839fd954656487c5a3bef02a7
Sha1:   060e710714194b067e8a17554de1f056f3c5fa64
Sha256: 0144349d38a845bda08cbc2654f89da13986be57ce76fa7f49488907aa392edd
                                        
                                            GET /cdn/unibet/js/mmcore.js HTTP/1.1 
Host: service.maxymiser.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.110.7.230
HTTP/2 404 Not Found
                                        
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Wed, 05 Oct 2022 19:25:41 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   10
Md5:    7605968e79d0ca095ab1231486d2b814
Sha1:   a007b420d19ceefa840f0373e050e3b51a4ab480
Sha256: 493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b
                                        
                                            GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1 
Host: a1s-cdn.unibet.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         85.184.96.5
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 05 Oct 2022 19:25:41 GMT
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   956
Md5:    fd48e87ecd4d06d9c5df490b91dc813e
Sha1:   a65a437db44444634e4f41732c590c1d14433b3f
Sha256: 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
                                        
                                            GET /no/pop/casino/2022/slots.png HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:320669908:86045284-37953&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&bid=37953&campaignId=2397257&pid=86045284
Cookie: __ucbt=node0143qau9m5tr9x79zm7873bkg3; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; BID=37953; PID=86045284; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.161.188.196
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 05 Oct 2022 19:25:41 GMT
content-length: 6303
cache-control: public, max-age=900, immutable
content-md5: a+BHvfPRA7JBT39qtk2WuA==
last-modified: Tue, 02 Aug 2022 10:27:12 GMT
etag: "0x8DA7471901B198D"
x-ms-request-id: 1deefc4a-f01e-0067-18ee-d802fe000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 151 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size:   6303
Md5:    6be047bdf3d103b2414f7f6ab64d96b8
Sha1:   57818bdfe16383abe584b5c30de5f35eb55ebf20
Sha256: 38e2d3e7f261032cf0c558e28555c6425c30aa14014f31bbaad7d5176b7d4449
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 19:25:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 19:25:41 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN


--- Additional Info ---
Magic:  gzip compressed data, from Unix\012- data
Size:   1573
Md5:    5b38e0812544bc025b8778d99a6441b8
Sha1:   75e451b82865ceba5279a8e9dd21e4eb61a89a3e
Sha256: 9de733f3bded166b7a6c48a1a12452a38c5f2144c0b4d8a2461860b1b2e13cab
                                        
                                            GET /no/pop/casino/2022/livecasino.png HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:320669908:86045284-37953&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&bid=37953&campaignId=2397257&pid=86045284
Cookie: __ucbt=node0143qau9m5tr9x79zm7873bkg3; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; BID=37953; PID=86045284; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.161.188.196
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 05 Oct 2022 19:25:41 GMT
content-length: 20783
cache-control: public, max-age=900, immutable
content-md5: h9w/yaQKmw6P18BRmsJPVA==
last-modified: Tue, 02 Aug 2022 10:27:12 GMT
etag: "0x8DA74719006AA2B"
x-ms-request-id: f392f1d9-401e-005d-35ee-d81886000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size:   20783
Md5:    87dc3fc9a40a9b0e8fd7c0519ac24f54
Sha1:   908b0ca475f8da1d0380a6cb5caabafce2466aec
Sha256: a0fd031aa160b2679253c5952576a692e002c6be963c5935af3692ff50206eb4
                                        
                                            GET /no/pop/casino/2022/games.png HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:320669908:86045284-37953&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&bid=37953&campaignId=2397257&pid=86045284
Cookie: __ucbt=node0143qau9m5tr9x79zm7873bkg3; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; BID=37953; PID=86045284; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.161.188.196
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 05 Oct 2022 19:25:41 GMT
content-length: 8838
cache-control: public, max-age=900, immutable
content-md5: +9NkwYTRwq8kbdWjB5zp7Q==
last-modified: Tue, 02 Aug 2022 10:27:12 GMT
etag: "0x8DA74718FFFF463"
x-ms-request-id: 3da69bf5-b01e-0059-5eef-d89581000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 234 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size:   8838
Md5:    fbd364c184d1c2af246dd5a3079ce9ed
Sha1:   5c572431ced831a518e0c4adfed4372254f1eac1
Sha256: 2a09f891fb138e893fbc2fe522761e47307376143582e41016bf8aa54c4fdb77
                                        
                                            GET /no/pop/casino/2022/mga.png HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:320669908:86045284-37953&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&bid=37953&campaignId=2397257&pid=86045284
Cookie: __ucbt=node0143qau9m5tr9x79zm7873bkg3; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; BID=37953; PID=86045284; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.161.188.196
HTTP/2 200 OK
content-type: image/png
                                        
date: Wed, 05 Oct 2022 19:25:41 GMT
content-length: 1454
cache-control: public, max-age=900, immutable
content-md5: 8054HXrSLcd0uYrIKitG9g==
last-modified: Tue, 02 Aug 2022 10:27:12 GMT
etag: "0x8DA7471902A5993"
x-ms-request-id: 945bf0eb-f01e-0048-2eef-d80f35000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 152 x 60, 8-bit colormap, non-interlaced\012- data
Size:   1454
Md5:    f34e781d7ad22dc774b98ac82a2b46f6
Sha1:   b66cb9753b0f76a7590f62d3c6b8f645bdbae786
Sha256: 7898ba2cec328d50a75400c1e5a6f1f23974f4c0cc433472a24f28a82c7d01c7
                                        
                                            GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.74
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 29 Sep 2022 12:09:32 GMT
expires: Fri, 29 Sep 2023 12:09:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 544570
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32030)
Size:   30244
Md5:    04ba0252a9f264db106d4eaab8df4ccb
Sha1:   cf52d9b3df7839c5c64fbf33aafeced74b3db750
Sha256: 397852429e768ffbd12a78ce4b94f14e3ab4afabf84acb07c0bb5b7798e6e0b2
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 19:25:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 19:25:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /no/pop/casino/2022/maria-logo.svg HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:320669908:86045284-37953&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&bid=37953&campaignId=2397257&pid=86045284
Cookie: __ucbt=node0143qau9m5tr9x79zm7873bkg3; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; BID=37953; PID=86045284; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.161.188.196
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Wed, 05 Oct 2022 19:25:41 GMT
cache-control: public, max-age=900, immutable
content-md5: A/evXSZJMSEi63VEXU58wA==
last-modified: Tue, 02 Aug 2022 10:27:11 GMT
etag: W/"0x8DA74718FAA8DEA"
x-ms-request-id: 989e331b-f01e-002a-11ee-d8cd12000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   1992
Md5:    0a336df603d6f364d1096c8c04c7a129
Sha1:   953b4c2433d63fa9f4651e796bf1658315cb5892
Sha256: 5adf4882fc8ecdde074af0e6edf663f71f16443e918bda59fd24c6a43d31cf3d
                                        
                                            GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js HTTP/1.1 
Host: assets.adobedtm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.237
HTTP/2 200 OK
content-type: application/x-javascript
                                        
accept-ranges: bytes
etag: "18eab16a639a4773572307713440a929:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12666
cache-control: max-age=3600
expires: Wed, 05 Oct 2022 20:25:42 GMT
date: Wed, 05 Oct 2022 19:25:42 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (558)
Size:   12666
Md5:    fbdf335868cbf423af02de87750c1a45
Sha1:   8405d2f9b1b98d830e1b5bb2d8b9cf31460a9cc4
Sha256: ddc30198d101ed4d7f85eb14fcc0331154807320fe2b2443b814bedc43c4ace4
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4723
Expires: Wed, 05 Oct 2022 20:44:25 GMT
Date: Wed, 05 Oct 2022 19:25:42 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4723
Expires: Wed, 05 Oct 2022 20:44:25 GMT
Date: Wed, 05 Oct 2022 19:25:42 GMT
Connection: keep-alive

                                        
                                            GET /js/10682170820.js HTTP/1.1 
Host: cdn.optimizely.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         23.38.200.155
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
x-amz-id-2: kGYO0OU/JMJoUIVl3nlvO61720kBk75uKsMCmAgDWAZFVe6c+JDCjdX4ko7bBEFmP/aqldCMd/4=
x-amz-request-id: FRV6BKSDR2YG6BZG
x-amz-replication-status: PENDING
last-modified: Wed, 05 Oct 2022 13:52:55 GMT
etag: "9b719bcfaada6e1a2989f1653680fc3e"
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 468217
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: jYnYY02SS1R_O0Tx3wOZSPLkHEdP75sM
accept-ranges: bytes
server: AmazonS3
content-length: 174608
vary: Accept-Encoding
cache-control: max-age=120
date: Wed, 05 Oct 2022 19:25:42 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="2";dur=0,cdnip;desc="23.38.200.155";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
access-control-max-age: 86400
access-control-expose-headers: x-amz-meta-revision
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65468)
Size:   174608
Md5:    9b719bcfaada6e1a2989f1653680fc3e
Sha1:   261752cf6838cc4fd54c635f1273853028b1a21e
Sha256: ac7a77e7451625832e28e75202941dc7263609b05425e72444cb9d37251dcca6
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4723
Expires: Wed, 05 Oct 2022 20:44:25 GMT
Date: Wed, 05 Oct 2022 19:25:42 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5832
x-amzn-requestid: c4427edd-3d71-47d0-a2d3-b3bfed089535
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1FuUoAMFhBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-46ddff150da4141d23fc0d8a;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: WWClzLGprno--c75q63i1TFi8oBEdAYW-J4lCk9V8IELQXe6q0A05A==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 2324edbcb8fc72f617442c65f36a40fc.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:42:34 GMT
age: 78188
etag: "4daf0c001e86af8477fb097e8ca932edb8e5f981"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5832
Md5:    3257b782efae9b64e6e18a547866ec50
Sha1:   4daf0c001e86af8477fb097e8ca932edb8e5f981
Sha256: 899f9692e86405aa288d88dd285a6fe26bedab1a2ca4693212476063890b01a5
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8926
x-amzn-requestid: 27fc8976-af8d-40a3-b701-0642fa135ec4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1GSbIAMFTiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-4d4c7837576e0fdb5828fe3b;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YzVofPSJC-YVU1Q1V9AnjNeQTa1BQEh6ZiH2HjSeeX5RygysFP7oAA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:42:34 GMT
age: 78188
etag: "70e8d1589f3daf71378965dd197934e220fb6aa4"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8926
Md5:    1de7c17a0ba9295135e7f8b490b6a8d3
Sha1:   70e8d1589f3daf71378965dd197934e220fb6aa4
Sha256: ee559ce3166479e2b930be7d18525f5c2d164aed8ca005302ddaf3bfe37eec24
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3585
x-amzn-requestid: ccb6f0c8-4d9b-48b8-aaf6-16781dc4c86b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaHFlEcFoAMFS3g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a5223-5c9276c873efee993ba54667;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 03:08:19 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: T8m1q2L45TWDVRBa-R2W70yq9BauBK3G4IX54AGIxdRhG736T974kg==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 32d624dbeb2a8b7f24dbe49007e37c90.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:05:29 GMT
age: 55213
etag: "612b6dbd4ba895c167964ff7e6d9263013b52b0a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3585
Md5:    5d7d7df8d4c440f9db445c3d99e818d6
Sha1:   612b6dbd4ba895c167964ff7e6d9263013b52b0a
Sha256: bf527a814c78f9e010cce4ba593c9146d54a2137d1f147f7a6250fbad81956ac
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10158
x-amzn-requestid: def1fc7e-8008-466f-9271-20fa1ab0fa5a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaqZCH7doAMFcPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a8aa0-7fd2fb1249366f2277d719d6;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 07:09:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: szhtD9f4RuQaDKXe7LElSR0yOKo9cYa1i2YMeG3eSpBXP8ePcdzQig==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 68fadeb91f97256bb67b03bfca74d830.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 07:29:32 GMT
age: 42970
etag: "bbe71936b78a8c34d03ab87948dc840b35c6948f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10158
Md5:    4fc2ddd86450d64d3fb659ab4e78be58
Sha1:   bbe71936b78a8c34d03ab87948dc840b35c6948f
Sha256: 84a760397a5912bd05f61bc8a953c13a88a677e2d17fbbf74bdf7d7ff4d3942f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4960
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 19:25:42 GMT
Last-Modified: Wed, 05 Oct 2022 18:03:02 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /id?d_visid_ver=3.2.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1664997942064 HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         52.49.126.217
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
DCS: dcs-prod-irl1-2-v044-0722c3202.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=45422624859742718062187143265844139522; Max-Age=15552000; Expires=Mon, 03 Apr 2023 19:25:42 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: DPgoQS8QTbg=
Content-Length: 498
Connection: keep-alive


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Size:   498
Md5:    a464f35b87c85cdc676047724c462321
Sha1:   d291811ef7b77579b0fcd99584432baba9483c37
Sha256: 7084053f0f174b7a1ac925c95144ed1db8785f21c019fdc7a720175b03bb651f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6517
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 19:25:42 GMT
Last-Modified: Wed, 05 Oct 2022 17:37:05 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /id?d_visid_ver=3.2.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=45417640718903036532185519879282781081&ts=1664997942398 HTTP/1.1 
Host: unibetlondonltd.d3.sc.omtrdc.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         13.36.218.177
HTTP/2 200 OK
content-type: application/x-javascript;charset=utf-8
                                        
access-control-allow-origin: https://welcome.mariacasino.com
access-control-allow-credentials: true
date: Wed, 05 Oct 2022 19:25:42 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   2
Md5:    99914b932bd37a50b983c5e7c90ae93b
Sha1:   bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
Sha256: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
                                        
                                            GET /cdn/unibet/js/mmcore.js HTTP/1.1 
Host: service.maxymiser.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.110.7.230
HTTP/2 404 Not Found
                                        
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Wed, 05 Oct 2022 19:25:42 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   10
Md5:    7605968e79d0ca095ab1231486d2b814
Sha1:   a007b420d19ceefa840f0373e050e3b51a4ab480
Sha256: 493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b
                                        
                                            GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js HTTP/1.1 
Host: assets.adobedtm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.237
HTTP/2 200 OK
content-type: application/x-javascript
                                        
accept-ranges: bytes
etag: "9c4992909a83d52617e9948d1d1c4141:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 29629
cache-control: max-age=3600
expires: Wed, 05 Oct 2022 20:25:42 GMT
date: Wed, 05 Oct 2022 19:25:42 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (543)
Size:   29629
Md5:    d994c7b5e7b348492e630f9e201eed6c
Sha1:   927a06e00f5a9c23d2f9348c013cec4b459effac
Sha256: 7ca2a3f0bb133f07fb5c826b58e48089d90b0ce6e5ab0dce5de73550c5110d80
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 19:25:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js HTTP/1.1 
Host: assets.adobedtm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.237
HTTP/2 200 OK
content-type: application/x-javascript
                                        
accept-ranges: bytes
etag: "5e8dc588959123c3ee5de9ac168d5c74:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1199
cache-control: max-age=3600
expires: Wed, 05 Oct 2022 20:25:42 GMT
date: Wed, 05 Oct 2022 19:25:42 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (502)
Size:   1199
Md5:    0fc50fe0077c2d091ca05aa91daba75f
Sha1:   6a05d944d25fe2dbf36c1fb33a5096bcb1ada25c
Sha256: 4b469a08c52c411065253103c02ea37609c225f2b4c7c3842d90d0c6caa694f3
                                        
                                            GET /no/pop/casino/2022/background.jpg HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/styles.css
Cookie: __ucbt=node0143qau9m5tr9x79zm7873bkg3; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; BID=37953; PID=86045284; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19271%7CMCMID%7C45417640718903036532185519879282781081%7CMCAAMLH-1665602742%7C6%7CMCAAMB-1665602742%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1665005142s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1664997942314r0.018309799702412644; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.161.188.196
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Wed, 05 Oct 2022 19:25:42 GMT
content-length: 161606
cache-control: public, max-age=900, immutable
content-md5: qiee41e0FfUKFhJ9XBp8TQ==
last-modified: Tue, 02 Aug 2022 10:27:12 GMT
etag: "0x8DA74718FE1745B"
x-ms-request-id: b59fc672-801e-000f-11ef-d8646e000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x800, components 3\012- data
Size:   161606
Md5:    aa279ee357b415f50a16127d5c1a7c4d
Sha1:   d1375a6cb87e60f31f609769044af9e6d47775cd
Sha256: 6aa6656d951b443674e2795a2174f6ba5fa711a0f2943830eab9f07cb1e1a809
                                        
                                            GET /no/pop/casino/2022/BlenderPro-ThinWeb.woff HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/styles.css
Cookie: __ucbt=node0143qau9m5tr9x79zm7873bkg3; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; BID=37953; PID=86045284; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19271%7CMCMID%7C45417640718903036532185519879282781081%7CMCAAMLH-1665602742%7C6%7CMCAAMB-1665602742%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1665005142s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1664997942314r0.018309799702412644; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.161.188.196
HTTP/2 200 OK
content-type: application/font-woff
                                        
date: Wed, 05 Oct 2022 19:25:42 GMT
content-length: 49636
cache-control: public, max-age=900, immutable
content-md5: N7qErrrRHC4KzUlu7bC7dg==
last-modified: Tue, 02 Aug 2022 10:27:11 GMT
etag: "0x8DA74718FD6A080"
x-ms-request-id: d48e4218-301e-001a-69ee-d873dd000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 49636, version 3.6\012- data
Size:   49636
Md5:    37ba84aebad11c2e0acd496eedb0bb76
Sha1:   42942446e1cfab8d0eaf7d23899203b2b2b64fe7
Sha256: 2d7cc2c9c9fef717010fcfa8fa6518079eaec1e63975a74b4fb78afb14d6ee5e
                                        
                                            GET /no/pop/casino/2022/BlenderPro-MediumWeb.woff HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/styles.css
Cookie: __ucbt=node0143qau9m5tr9x79zm7873bkg3; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; BID=37953; PID=86045284; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19271%7CMCMID%7C45417640718903036532185519879282781081%7CMCAAMLH-1665602742%7C6%7CMCAAMB-1665602742%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1665005142s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1664997942314r0.018309799702412644; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.161.188.196
HTTP/2 200 OK
content-type: application/font-woff
                                        
date: Wed, 05 Oct 2022 19:25:42 GMT
content-length: 48766
cache-control: public, max-age=900, immutable
content-md5: 9ieTyut+WxEddQiwDAgmwg==
last-modified: Tue, 02 Aug 2022 10:27:11 GMT
etag: "0x8DA74718FC47ABE"
x-ms-request-id: 02feeb61-d01e-0002-11ee-d8acba000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 48766, version 3.6\012- data
Size:   48766
Md5:    f62793caeb7e5b111d7508b00c0826c2
Sha1:   d003c52a07685156de00186014c777b7dde81573
Sha256: bac888a26184354a6038eb4ba3d87fdc3315c6e7fe0c19ec7cd1737f1720fc5a
                                        
                                            GET /no/pop/casino/2022/styles.css HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:320669908:86045284-37953&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&bid=37953&campaignId=2397257&pid=86045284
Cookie: __ucbt=node0143qau9m5tr9x79zm7873bkg3; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; BID=37953; PID=86045284; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.161.188.196
HTTP/2 200 OK
content-type: text/css; charset=utf-8
                                        
date: Wed, 05 Oct 2022 19:25:41 GMT
cache-control: public, max-age=900, immutable
content-md5: nHGY+uZf3VZaIBaHkSPKCQ==
last-modified: Tue, 02 Aug 2022 10:27:11 GMT
etag: W/"0x8DA74718FA36304"
x-ms-request-id: af67fe02-701e-000b-64f0-d8e969000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   4100
Md5:    ba614bdd6a938a91d86f4c3a334e2ce9
Sha1:   b19b900f142d40466b9695d3ead9efa586c1f46f
Sha256: f5646a1567e35864251f5488808726ffeb4ff64da2727586245455089cd91688
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 19:25:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 05 Oct 2022 19:25:42 GMT
expires: Wed, 05 Oct 2022 19:25:42 GMT
cache-control: private, max-age=900
last-modified: Wed, 05 Oct 2022 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79486
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (62112)
Size:   79486
Md5:    ea67c27f32941aaa7925afcb22fe3d8e
Sha1:   10af5cd4fa1ba1d357e6e62a971166da3fc760b7
Sha256: f4fef41c338e2ee9a36430c1ab2defb508eb6a662d1d89a73829ef53a2f0fd0c
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 19:25:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 05 Oct 2022 14:07:32 GMT
expires: Thu, 05 Oct 2023 14:07:32 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:45 GMT
age: 19090
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size:   15920
Md5:    3a44e06eb954b96aa043227f3534189d
Sha1:   23cef6993ddb2b2979e8e7647fc3763694e2ba7d
Sha256: b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:08 GMT
expires: Thu, 28 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 604294
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 28 Sep 2022 19:34:21 GMT
expires: Thu, 28 Sep 2023 19:34:21 GMT
cache-control: public, max-age=31536000
age: 604281
last-modified: Wed, 11 May 2022 19:24:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size:   15740
Md5:    b9c29351c46f3e8c8631c4002457f48a
Sha1:   e57e59c5780995ff2937ab2b511a769212974a87
Sha256: f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 19:25:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Wed, 05 Oct 2022 19:25:42 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /no/pop/casino/2022/favicon.ico HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:320669908:86045284-37953&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&bid=37953&campaignId=2397257&pid=86045284
Cookie: __ucbt=node0143qau9m5tr9x79zm7873bkg3; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; BID=37953; PID=86045284; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19271%7CMCMID%7C45417640718903036532185519879282781081%7CMCAAMLH-1665602742%7C6%7CMCAAMB-1665602742%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1665005142s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1664997942314r0.018309799702412644; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.161.188.196
HTTP/2 200 OK
content-type: image/x-icon
                                        
date: Wed, 05 Oct 2022 19:25:42 GMT
content-length: 4286
cache-control: public, max-age=900, immutable
content-md5: dUZ66nye8JES1X2nEnkvHA==
last-modified: Tue, 02 Aug 2022 10:27:12 GMT
etag: "0x8DA74718FF87B6B"
x-ms-request-id: fdf52d9c-d01e-004f-6def-d86356000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel\012- data
Size:   4286
Md5:    75467aea7c9ef09112d57da712792f1c
Sha1:   2fd85767a73ad15745af9ae26f51edae5cf431bf
Sha256: b65996d71ae18fdc3744b16a5fc11a00e625af41b3506ec798a8e62c2d80dabb
                                        
                                            GET /b/ss/unibetlondonsinglepagebrandsprod/1/JS-2.22.4/s64848651837096?AQB=1&ndh=1&pf=1&t=5%2F9%2F2022%2019%3A25%3A42%203%200&mid=45417640718903036532185519879282781081&aamlh=6&ce=UTF-8&pageName=LP%3A2018%20-%20MariaCasino%20-%20Bingo&g=https%3A%2F%2Fwelcome.mariacasino.com%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A320669908%3A86045284-37953%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26bid%3D37953%26campaignId%3D2397257%26pid%3D86045284&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.mariacasino.com%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A320669908%3A86045284-37953%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26bid%3D37953%26campaignId%3D2397257%26pid%3D86045284&v1=welcome.mariacasino.com%3A%3A%3Adesktop%3Ano%3Apop%3Acasino%3A2022%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.mariacasino.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=7%3A25%20PM%7CWednesday&v6=7%3A25%20PM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1664997943&v21=Not%20Logged-In&c73=maria&c74=45417640718903036532185519879282781081&v99=45417640718903036532185519879282781081&v120=affiliate&v121=1%3A320669908%3A86045284-37953&v122=NONE&v124=2397257&v125=320669908_C20FBF771AB841AC8F0770FDB59BA60C&v126=86045284&v127=37953&v134=1664997942&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1 
Host: unibetlondonltd.d3.sc.omtrdc.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         13.36.218.177
HTTP/2 200 OK
content-type: image/gif;charset=utf-8
                                        
access-control-allow-origin: *
date: Wed, 05 Oct 2022 19:25:42 GMT
expires: Tue, 04 Oct 2022 19:25:42 GMT
last-modified: Thu, 06 Oct 2022 19:25:42 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3575555854489681920-4619436871574201988
vary: *
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 2 x 2\012- data
Size:   43
Md5:    ad480fd0732d0f6f1a8b06359e3a42bb
Sha1:   a544538683a2dfe574eeb2e358ac8fcc78289d50
Sha256: a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
                                        
                                            GET /dest5.html?d_nsid=0 HTTP/1.1 
Host: unibet.demdex.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         54.171.150.101
HTTP/1.1 200 OK
Content-Type: text/html;charset=UTF-8
                                        
Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
date: Wed, 5 Oct 2022 19:25:43 GMT
DCS: dcs-prod-irl1-2-v044-0f70348c4.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 29 Sep 2022 16:47:44 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
vary: accept-encoding
X-TID: YoqJFoKeSjM=
transfer-encoding: chunked
Connection: keep-alive


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (550)
Size:   2791
Md5:    ccbdcb1e84c241950763ec4cd516cdfc
Sha1:   55dfa8d4b09c5c3a80fcd101152f6ebed3d27a2c
Sha256: de9ccb9b168945a24f20edc28c39be4135b328129ba8ee378401a7aedc925d12
                                        
                                            GET /pages/data-scripts/0012/9242/site/welcome.mariacasino.com.json?t=1 HTTP/1.1 
Host: script.crazyegg.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         104.19.148.8
HTTP/2 200 OK
content-type: application/json
                                        
date: Wed, 05 Oct 2022 19:25:43 GMT
content-length: 2174
access-control-expose-headers: CE-Version
ce-version: 11.4.10
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Wed, 05 Oct 2022 14:48:52 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 16611
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75588b77cc56b51e-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (21323), with no line terminators
Size:   2174
Md5:    a394dee46c688c1d772cbe31ea3a7720
Sha1:   a16a3232fb9c6cffe4bd816342c4f53661491b41
Sha256: c5b2c537950a0f8b5ba9b95dfd72776c1b77c29353de074dfb1e6a8cfd47748f
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 19:25:43 GMT
Last-Modified: Wed, 05 Oct 2022 17:57:08 GMT
Server: ECS (nyb/1D0C)
X-Cache: Miss from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: KJQZUqNKC4fnrnzx73f2-lLqRChaltiXR83iRDkZ7q4HsNh-n_KVfQ==
Age: 5315

                                        
                                            GET /cm/dd?d_uuid=45422624859742718062187143265844139522 HTTP/1.1 
Host: cm.everesttech.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.215.56.149
HTTP/1.1 302
                                        
Date: Wed, 05 Oct 2022 19:25:43 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Yz3aNwAAALn6gAN-; Domain=.everesttech.net; Expires=Thu, 05-Oct-2023 19:25:43 GMT; Path=/ everest_session_v2=Yz3aNwAAALn6gQN-; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yz3aNwAAALn6gAN-
Server: AMO-cookiemap/1.1

                                        
                                            GET /api/targeting/10682170820/11101493565/oeu1664997942314r0.018309799702412644 HTTP/1.1 
Host: tapi.optimizely.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         95.100.12.199
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Access-Control-Allow-Credentials: true
Server: nginx
X-Powered-By: Express
Content-Encoding: gzip
Cache-Control: max-age=1200
Date: Wed, 05 Oct 2022 19:25:43 GMT
Content-Length: 2430
Connection: keep-alive
Vary: Origin
Access-Control-Allow-Origin: https://welcome.mariacasino.com


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (25587), with no line terminators
Size:   2430
Md5:    eadb0540d55553f5c64a1b1c551b5222
Sha1:   7a4fd54c36b8e28df7ae6327af6bc2a156c20d1e
Sha256: 020cdb5c11dc405488dcf30814b7d067c6ea9d68dcc62c52652b76f042905bf6
                                        
                                            GET /ibs:dpid=411&dpuuid=Yz3aNwAAALn6gAN- HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.mariacasino.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.49.126.217
HTTP/1.1 302 Found
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-1-v044-004e84d7b.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Yz3aNwAAALn6gAN-
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=50990384739011960643984780831813210411; Max-Age=15552000; Expires=Mon, 03 Apr 2023 19:25:43 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: GtPe6VJ/TU0=
Content-Length: 0
Connection: keep-alive

                                        
                                            GET /pages/versioned/common-scripts/a18bb0e21d11a839b7adb013c92ee611.js HTTP/1.1 
Host: script.crazyegg.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.19.148.8
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Wed, 05 Oct 2022 19:25:43 GMT
content-length: 30751
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
last-modified: Sat, 17 Sep 2022 06:58:49 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 21334
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75588b790ec5b4e8-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (25693)
Size:   30751
Md5:    808307a563c85e0dfd92013e623629ef
Sha1:   b60dddd640cd7c15a7d1f05cdaa3013bf45bb418
Sha256: e62a9c719cb453d732f91ccce15329f2fdfecf8d46d57a46f9998649268c5977
                                        
                                            GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Yz3aNwAAALn6gAN- HTTP/1.1 
Host: dpm.demdex.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.mariacasino.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         52.49.126.217
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
DCS: dcs-prod-irl1-2-v044-0ca885ff3.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: D7DgYVCMSOs=
Content-Length: 59
Connection: keep-alive


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   59
Md5:    1251cd5e5c2def4c046309375f87c1c1
Sha1:   e02d6b0c6a5c495c15985e2832e335eda8528c80
Sha256: 4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
                                        
                                            GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js HTTP/1.1 
Host: assets.adobedtm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         23.38.200.237
HTTP/2 200 OK
content-type: application/x-javascript
                                        
accept-ranges: bytes
etag: "6444bceb1b767bea75b4f47d793f7b05:1554112917"
last-modified: Mon, 01 Apr 2019 10:01:57 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1388
cache-control: max-age=3600
expires: Wed, 05 Oct 2022 20:25:43 GMT
date: Wed, 05 Oct 2022 19:25:43 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1388
Md5:    ab8cdc21adb95a3014aae857022fdce6
Sha1:   c90f3f115de66b8809a88a667225fa5746ca3dfa
Sha256: 2e3db22559903bd6ba695a18b440ff7eeb0a645dc4ab9257c3605f22d144ca51
                                        
                                            GET /pages/data-scripts/0012/9242/sampling/welcome.mariacasino.com.json?t=462499 HTTP/1.1 
Host: script.crazyegg.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         104.19.148.8
HTTP/2 200 OK
content-type: application/json
                                        
date: Wed, 05 Oct 2022 19:25:43 GMT
content-length: 420
access-control-expose-headers: CE-Version
ce-version: 11.4.10
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Wed, 05 Oct 2022 14:48:52 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 16611
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 75588b799eb9b51e-OSL
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (1551), with no line terminators
Size:   420
Md5:    429a80956228d5f6fd025bdf5d05c0e0
Sha1:   2cf0ca496c23da3a6d3a670076d987baf86c49da
Sha256: c04b55ceaac8066293c246da3c4bf4c02768e736ff083014cc49b4ebe96858e8
                                        
                                            POST /event?_ts=1664997943320 HTTP/1.1 
Host: unibet.demdex.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 63
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         54.171.150.101
HTTP/1.1 200 OK
Content-Type: application/json;charset=utf-8
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
DCS: dcs-prod-irl1-2-v044-05525f3f4.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=64459777264255803763741864168870870694; Max-Age=15552000; Expires=Mon, 03 Apr 2023 19:25:43 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: f96XNcEVQBo=
Content-Length: 28
Connection: keep-alive


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   28
Md5:    e5bd7bffaebc3b6f39a51600d7d98448
Sha1:   3126b0beaa77359162cadfebc3ae83b4cf5d04f8
Sha256: 3f4e5ede55abc3d3c77d99cdc5019ccfaf8107ac33328b1e4d3b022cb10b15d8
                                        
                                            GET /api/js/odds/project/10682170820?project=10682170820 HTTP/1.1 
Host: tapi.optimizely.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         95.100.12.199
HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
                                        
Access-Control-Allow-Credentials: true
Server: nginx/1.15.12
X-Powered-By: Express
Content-Length: 168
Expires: Wed, 05 Oct 2022 19:25:43 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 05 Oct 2022 19:25:43 GMT
Connection: keep-alive
X-Uncacheable: WTF
Vary: Origin
Access-Control-Allow-Origin: https://welcome.mariacasino.com


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   168
Md5:    7b92c056eea084fe960d8794d6c70a77
Sha1:   79318285c26c4220bbaa81aefbca57f091a20461
Sha256: cc75a166bb638f022304459d8a9060c384b03bdb1892e7e9f15b6cd6f17fd4d3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 19:25:43 GMT
Last-Modified: Wed, 05 Oct 2022 18:14:09 GMT
Server: ECS (nyb/1D13)
X-Cache: Miss from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ge2rwtkblHD3GbyI_DdTku0g5VOjSlUo_AaJ5WeQT-UaU7ebrAikuQ==
Age: 4294

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 19:25:43 GMT
Last-Modified: Wed, 05 Oct 2022 18:20:46 GMT
Server: ECS (nyb/1D27)
X-Cache: Miss from cloudfront
Via: 1.1 9037b7743a833da13439f0d4e2619b52.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: JShzsaTPDXv_4Nsak45ATGuLyB62Nz6fJWcSMVyEIZ1LhM_sxD_REw==
Age: 3897

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 19:25:43 GMT
Last-Modified: Wed, 05 Oct 2022 19:07:32 GMT
Server: ECS (nyb/1D14)
X-Cache: Miss from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: _vSmFqoteAgbHyNrDTt2bdsfOiIXiMAEw-xkG_B3MZZeY8-ESlNtBg==
Age: 1091

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 19:25:43 GMT
Last-Modified: Wed, 05 Oct 2022 18:12:16 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UKvVYzkMuxRaVZh5cMULdub-djfi_qDrNzshVGVcdUdo-XGga62veQ==
Age: 4407

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 19:25:43 GMT
Last-Modified: Wed, 05 Oct 2022 18:12:34 GMT
Server: ECS (nyb/1D22)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: UxXvtCHy6uFsM-U0oXRnGGSkgcqCPhOb1wMT_n7DWi3VQaPUae6AyQ==
Age: 4389

                                        
                                            OPTIONS /log HTTP/1.1 
Host: errors.client.optimizely.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.com/
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         3.215.196.133
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.com
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Date: Wed, 05 Oct 2022 19:25:43 GMT
Content-Length: 13
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   13
Md5:    1424eb76249899d757e4d168341a50dc
Sha1:   42101e71440abd46c8112a96d4d5c0dd445120ce
Sha256: 16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

                                         
                                         54.230.245.100
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 19:25:43 GMT
Last-Modified: Wed, 05 Oct 2022 18:51:35 GMT
Server: ECS (bsa/EB24)
X-Cache: Miss from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: vdsSLw8epQarq7wsrq1zn6-ZoXDu_Tmv8louRwa4kq6tUBS1wzhKFg==
Age: 2048

                                        
                                            OPTIONS /log HTTP/1.1 
Host: errors.client.optimizely.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.com/
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         3.215.196.133
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.com
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Date: Wed, 05 Oct 2022 19:25:43 GMT
Content-Length: 13
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   13
Md5:    1424eb76249899d757e4d168341a50dc
Sha1:   42101e71440abd46c8112a96d4d5c0dd445120ce
Sha256: 16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
                                        
                                            OPTIONS /log HTTP/1.1 
Host: errors.client.optimizely.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.com/
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         3.215.196.133
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.com
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Date: Wed, 05 Oct 2022 19:25:43 GMT
Content-Length: 13
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   13
Md5:    1424eb76249899d757e4d168341a50dc
Sha1:   42101e71440abd46c8112a96d4d5c0dd445120ce
Sha256: 16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
                                        
                                            OPTIONS /log HTTP/1.1 
Host: errors.client.optimizely.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://welcome.mariacasino.com/
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         3.215.196.133
HTTP/1.1 200 OK
Content-Type: text/plain
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: X-Requested-With,Content-Type,Accept,Origin
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Origin: https://welcome.mariacasino.com
Access-Control-Max-Age: 1800
Allow: POST,OPTIONS
Date: Wed, 05 Oct 2022 19:25:43 GMT
Content-Length: 13
Connection: keep-alive


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   13
Md5:    1424eb76249899d757e4d168341a50dc
Sha1:   42101e71440abd46c8112a96d4d5c0dd445120ce
Sha256: 16f1efa415bfdd7abcf8fdd76cc05ae6fa66ffdfdc730368ecea89ecfe5c3a12
                                        
                                            POST /log HTTP/1.1 
Host: errors.client.optimizely.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 435
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         3.215.196.133
HTTP/1.1 204 No Content
Content-Type: text/plain
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.com
Access-Control-Expose-Headers:
Date: Wed, 05 Oct 2022 19:25:43 GMT
Connection: keep-alive

                                        
                                            POST /log HTTP/1.1 
Host: errors.client.optimizely.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 480
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         3.215.196.133
HTTP/1.1 204 No Content
Content-Type: text/plain
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.com
Access-Control-Expose-Headers:
Date: Wed, 05 Oct 2022 19:25:43 GMT
Connection: keep-alive

                                        
                                            POST /v1/events HTTP/1.1 
Host: logx.optimizely.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 742
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         18.235.250.101
HTTP/1.1 204 No Content
Content-Type: text/plain
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.com
Access-Control-Expose-Headers: X-Results-Data-Source
Date: Wed, 05 Oct 2022 19:25:43 GMT
Server: nginx/1.21.0
Timing-Allow-Origin: *
X-Request-Id: a767ea6d-c76f-4f97-abf6-a606bf704dce
Connection: keep-alive

                                        
                                            POST /log HTTP/1.1 
Host: errors.client.optimizely.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 329
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         3.215.196.133
HTTP/1.1 204 No Content
Content-Type: text/plain
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.com
Access-Control-Expose-Headers:
Date: Wed, 05 Oct 2022 19:25:43 GMT
Connection: keep-alive

                                        
                                            POST /log HTTP/1.1 
Host: errors.client.optimizely.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 459
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         3.215.196.133
HTTP/1.1 204 No Content
Content-Type: text/plain
                                        
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.mariacasino.com
Access-Control-Expose-Headers:
Date: Wed, 05 Oct 2022 19:25:43 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6676f255-40f8-4d3e-b916-22a5c631e767.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 5679
x-amzn-requestid: ec6b8635-01f5-414c-8981-d0c9e279a7ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1F9TIAMFa1w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-59f0e9155c32cb5553f5f2a7;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: tItmts5cTDvJvTHeRdrb6IwKfr4QTjx7K3773J3seH5eQblRSlnucA==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:42:34 GMT
age: 78194
etag: "31af76c6273aa93841eaf92333e4eccb2113ad2a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   5679
Md5:    9e2e357b3a14cd7093c5911e469a23e1
Sha1:   31af76c6273aa93841eaf92333e4eccb2113ad2a
Sha256: 04557adc8a49fbaced98afcab4009411b6f0fb3373992d1f65311ac77be582bc
                                        
                                            GET /pages/scripts/0012/9242.js?462499 HTTP/1.1 
Host: script.crazyegg.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         104.19.148.8
HTTP/2 200 OK
content-type: text/javascript
                                        
date: Wed, 05 Oct 2022 19:25:42 GMT
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.4.10
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=5675
last-modified: Wed, 05 Oct 2022 14:48:50 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 16612
vary: Accept-Encoding
server: cloudflare
cf-ray: 75588b775c3fb4e8-OSL
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /orval/tracking/lastclick.min.js HTTP/1.1 
Host: a1s.unibet.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

                                         
                                         85.184.96.5
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Wed, 05 Oct 2022 19:25:42 GMT
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /no/pop/casino/2022/index.html?mktid=1:320669908:86045284-37953&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&bid=37953&campaignId=2397257&pid=86045284 HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0143qau9m5tr9x79zm7873bkg3; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; BID=37953; PID=86045284; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

                                         
                                         108.161.188.196
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Wed, 05 Oct 2022 19:25:41 GMT
cache-control: public, max-age=900, immutable
content-md5: gkJER41ddkVd7T+D6IgXQA==
last-modified: Tue, 02 Aug 2022 10:27:11 GMT
etag: W/"0x8DA74718F9A8AAC"
x-ms-request-id: f39459bf-401e-005d-63ef-d81886000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /no/pop/casino/2022/no-payments.svg HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:320669908:86045284-37953&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&bid=37953&campaignId=2397257&pid=86045284
Cookie: __ucbt=node0143qau9m5tr9x79zm7873bkg3; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; BID=37953; PID=86045284; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19271%7CMCMID%7C45417640718903036532185519879282781081%7CMCAAMLH-1665602742%7C6%7CMCAAMB-1665602742%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1665005142s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C3.2.0; sat_track=true; optimizelyEndUserId=oeu1664997942314r0.018309799702412644; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.161.188.196
HTTP/2 200 OK
content-type: image/svg+xml
                                        
date: Wed, 05 Oct 2022 19:25:42 GMT
cache-control: public, max-age=900, immutable
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Tue, 02 Aug 2022 10:27:12 GMT
etag: W/"0x8DA7471903EA1E7"
x-ms-request-id: 394b4527-901e-002c-31ef-d8fead000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /no/pop/casino/2022/main.js HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:320669908:86045284-37953&btag=320669908_C20FBF771AB841AC8F0770FDB59BA60C&bid=37953&campaignId=2397257&pid=86045284
Cookie: __ucbt=node0143qau9m5tr9x79zm7873bkg3; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=320669908_C20FBF771AB841AC8F0770FDB59BA60C; BID=37953; PID=86045284; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D320669908_C20FBF771AB841AC8F0770FDB59BA60C%26sref%3DGIG%26GIG%3DNO_DESKTOP_MARIA%26affiliateId%3D1%26pid%3D86045284%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

                                         
                                         108.161.188.196
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Wed, 05 Oct 2022 19:25:41 GMT
cache-control: public, max-age=900, immutable
content-md5: i+10hYK0hpWB3CvEBia8iQ==
last-modified: Tue, 02 Aug 2022 10:27:12 GMT
etag: W/"0x8DA7471902418EA"
x-ms-request-id: 5d9c8c8b-d01e-003d-0cf0-d86419000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78bf691d-76e8-4176-884d-dbc06604dded.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

                                         
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8816
x-amzn-requestid: b9f3ec8a-f478-4405-b275-e21f2d7d89d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKK7gFPJIAMF-7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f1e3-250348e6140f3c74762263ea;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:04:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: F1ZWwxLKhRC6oSh6gnUxEm5AnYcY-mezJw9mNJ8GmNWnATAKx1JxSg==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 22:42:26 GMT
age: 74596
etag: "5261a6c2ee6d6cc87e91ee82e32d8be234db393e"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---