Report - a5837ff1.rinmovie.pages.dev/

Report Overview

Visited public
2023-12-11 18:54:40
Tags
URL
a5837ff1.rinmovie.pages.dev/
Finishing URL
welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
IP / ASN
188.114.97.1
#13335 CLOUDFLARENET
Title
Maria Casino

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-12-11 11:26:03	450 B	31 kB	142.250.74.138
fonts.gstatic.com	unknown	2008-02-11	2014-09-09 02:40:21	2023-12-11 10:04:41	1.6 kB	50 kB	142.250.74.131
a1s.unibet.com	297625	1997-12-11	2017-01-30 01:44:42	2023-12-10 05:23:25	442 B	2.5 kB	85.184.96.5
www.highcpmcreativeformat.com	unknown	2023-10-20	2023-10-23 21:49:14	2023-12-07 17:10:39	470 B	12 kB	173.233.139.164
proftrafficcounter.com	unknown	2023-11-16	2023-11-21 09:55:14	2023-12-10 19:57:57	467 B	434 B	52.58.59.63
a5837ff1.rinmovie.pages.dev	unknown	unknown	No data	No data	560 B	3.0 kB	188.114.97.1
welcome.mariacasino.com	unknown	unknown	2017-01-29 17:37:02	2023-03-08 20:00:55	11 kB	375 kB	104.18.43.104
assets.adobedtm.com	512	2013-11-22	2014-01-28 05:51:35	2023-12-10 18:12:07	3.1 kB	92 kB	23.38.200.237
demeanourgrade.com	unknown	2023-11-28	2023-11-28 15:28:55	2023-12-07 00:15:45	680 B	2.3 kB	192.243.59.12
adserving.unibet.com	98000	1997-12-11	2015-05-26 08:56:53	2023-12-11 05:28:44	593 B	1.3 kB	13.107.246.53
a1s-cdn.unibet.com	283505	1997-12-11	2014-04-23 17:07:51	2023-12-10 05:23:25	452 B	1.7 kB	85.184.96.5
fonts.googleapis.com	8877	2005-01-25	2013-06-10 22:14:26	2023-12-11 08:59:17	466 B	163 kB	142.250.74.106
www.mariacasino.com	unknown	2006-02-12	2016-02-18 09:43:42	2023-12-04 14:08:22	801 B	75 kB	85.184.96.0
conqueredallrightswell.com	unknown	2023-11-14	2023-11-16 20:49:45	2023-12-07 05:41:09	2.6 kB	4.1 kB	173.233.137.36
service.maxymiser.net	8733	2011-11-08	2012-11-14 18:00:33	2023-12-11 06:59:47	892 B	436 B	23.36.79.34
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-11 10:10:55	440 B	68 kB	142.250.74.168

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-11	medium	demeanourgrade.com	Sinkholed
2023-12-11	medium	conqueredallrightswell.com	Sinkholed
2023-12-11	medium	conqueredallrightswell.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (46)

	URL	From	Size	First Seen	Last Seen
	unknown	Function	191 B	2023-04-13	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 00:39 Last Seen2025-05-11 12:25 Times Seen2815 Hash f66c599d10fb97c520f2e5496e33210e e10a9aa112da3f24a135ba821f736573b0a71661 340b71c364fee52408225bdb7a045f39d88527316e8192f9a5c94fa042d4f7f3 Loading...

	unknown	ScriptElement	462 B	2023-11-06	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-06 12:29 Last Seen2024-08-20 20:41 Times Seen4510 Hash 0e8641478391e5943136bbd9dcf81687 43802b92092208cbe4b2c893a6cf8a66970a90ba f2492cbdb92a0b0870b3ae997b0343f648e0489b2877e12fbd4302cf29453436 Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js	ScriptElement	4.3 kB	2023-03-07	2024-08-21
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2024-08-21 07:39 Times Seen21 Hash 6444bceb1b767bea75b4f47d793f7b05 173a21cbce9a9c8b73088df59efa6049690a9cbb 7386df477cd87905ec5e618f0d3df193963ec801ff64404cc5023529b16c4d6f Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js	ScriptElement	37 kB	2023-03-07	2024-08-21
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2024-08-21 07:39 Times Seen21 Hash 18eab16a639a4773572307713440a929 75bd72f7058b2d1d3ede541b2129267b438a73d4 358c5899627cc60f849ddc6860c01aa67b122f478e0d4ef42efd48a4b38c305b Loading...

	welcome.mariacasino.com/no/pop/casino/2022/main.js	ScriptElement	20 kB	2023-04-06	2024-08-20
Pretty URL welcome.mariacasino.com/no/pop/casino/2022/main.js IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-06 10:20 Last Seen2024-08-20 16:52 Times Seen20 Hash 94069b222ac55c134269d6d9c1daa162 8c400dc030881c93cdcdea3ec75bdd9b2ac8f476 aa2ef744ab0450752a34172fe8d5f27cb5b8d2dba811abe7c0fd474b0bedc4d4 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC	ScriptElement	192 kB	2023-12-11	2023-12-11
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-11 19:54 Last Seen2023-12-11 19:54 Times Seen1 Hash c4a90a8707fc7316f2b36f2fd89d0112 f170d1dbf593b7d2ed8788d4b55c7edf264174fc 4b802b8abe5c941d207595834637ede6d5263405da52b8e089332d003aa8eaaf Loading...

	unknown	ScriptElement	7.7 kB	2023-10-13	2024-08-21
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-10-13 14:25 Last Seen2024-08-21 04:51 Times Seen5162 Hash d8109ab58402556ab737fe39834e6905 47aceb389987ff2659d00e7594f4b6f497fd776b 71020f8da24acc220d53e62c55ebf61e031f1d189dca99dd219c96ea2686dc96 Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js	ScriptElement	162 kB	2023-03-07	2024-08-21
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2024-08-21 07:39 Times Seen21 Hash bf8d7656a2457e257e3cf75a01e6a4b7 7c7835b4632ac21ddea281bd2454e4faf08f0ff7 e2992637a3fd258ae2bd64fb199a77155aed36554a4bed9e34ce1bc2958ada1d Loading...

	unknown	Function	201 B	2023-04-11	2025-05-08
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:12 Last Seen2025-05-08 12:40 Times Seen1800 Hash 130f95f6ce24ae929ddee61c6ef38f96 088af9d581accbab66b63d0376eecb3ed32415fd c0396797a1b7a2d3a0af63e5d3b1b71c401d20fa90803c5d4d24b27077b4ac43 Loading...

	unknown	Function	121 B	2023-04-13	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 02:04 Last Seen2025-05-11 08:35 Times Seen1216 Hash 3a0d1dcab20f80fe29b326e77069c860 de7d4447da634fe8459557ede26bdc6b269a3d73 89f663a550ab9eeafbedc91ebc071aee7bd25b33c558a081b1e74bb34aff732a Loading...

	unknown	Function	183 B	2023-04-19	2024-08-21
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-19 15:48 Last Seen2024-08-21 07:39 Times Seen21 Hash 3c78f29c6ae476a294d23db77b5a06f9 20e34304bb676634637e277e9b308dbac8d73ade ba65a3533af0dedecb1b8f44d0bdbd4a7438e33e4002bcdd4e3aa7746238d6a5 Loading...

	unknown	ScriptElement	2.6 kB	2023-03-07	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen5802 Hash cd03538fc58df8693fe9af9337788f0f 408a15551710117d0538fc9442a55b5678bb85a5 cc933dd733a6db1a1a9ff1d7c0adb26717fa27d4d177b7a5a2cab0bfdb353562 Loading...

	www.mariacasino.com/kindred_snow/s3.7.0/kindred_s.js	ScriptElement	74 kB	2023-03-12	2025-04-01
Pretty URL www.mariacasino.com/kindred_snow/s3.7.0/kindred_s.js IP 85.184.96.0 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 07:47 Last Seen2025-04-01 10:09 Times Seen6322 Hash 3fb00dbb8acb3c68fd5ddb674f22bb88 cf7bc4f71f0ff66037ac2e564963ff4c2737e766 7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246 Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js	ScriptElement	87 kB	2023-03-07	2025-05-11
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js IP 142.250.74.138 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 13:23 Times Seen112282 Hash e071abda8fe61194711cfc2ab99fe104 f647a6d37dc4ca055ced3cf64bbc1f490070acba 85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf Loading...

	unknown	Function	611 B	2023-04-13	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 02:04 Last Seen2025-05-11 08:35 Times Seen1210 Hash d924ae2f87ceaa6ad20c12a64523e4d3 8a50d9d1b9940784f49be9c365823b132e4e34a9 72ff2fe08ff08f3f51dacddcb2382dd82e64d09cb94257f1d92a379ac6b1e1b7 Loading...

	a1s.unibet.com/orval/tracking/lastclick.min.js	ScriptElement	1.8 kB	2023-03-07	2025-02-02
Pretty URL a1s.unibet.com/orval/tracking/lastclick.min.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:11 Last Seen2025-02-02 17:17 Times Seen4745 Hash 8027969a31091dd0d3a7813f95ee7e10 591677c488b8b98532778e11adc9348253a014a4 5166be250f7de7d316b5fb9778843cc3268ce3e00f917530f65e99dcdb355b60 Loading...

	unknown	Function	344 B	2023-04-11	2025-05-10
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:12 Last Seen2025-05-10 21:02 Times Seen5362 Hash 2174b9064449ea0e7eec79ce9e3845ba 916d22ef047e1a74c2435008d378c5a8cc98fd47 44a36f4d3e8c3208ffc2ab1d0fa9e97e321bda82e0afb6b56ab62fad3186235c Loading...

	unknown	Function	152 B	2023-04-11	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-05-11 15:14 Times Seen31012 Hash 26bc31e12628b8388c3be44bb175d592 9464185aa11d68ea75e8d6495ff7b02ec3b4f1ad b4829119269f7853888d67440f0424d68bd7a7f3d6a85b408bc5260b7953fe09 Loading...

	unknown	Function	349 B	2023-04-11	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 23:08 Last Seen2025-05-11 12:25 Times Seen4705 Hash 612a7927ae2a82c947a949b6f6d571a2 5e5926378560cc9bab4c9d561c8665ccf903289d cb445470655f18c940e0107e8aa6d9b6077a5f33cd7b9a7501158dbf0a1841d9 Loading...

	unknown	Function	1.2 kB	2023-04-13	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 02:04 Last Seen2025-05-11 15:02 Times Seen1102 Hash 2ea830b792e618370c4cbceae562b981 d9aec24705950262264b9784447e8fe821ab911a 218a1180514be0e72c6d1c61a3c0dbbf682af3d419d0e7e02a9f2f12f1febfc6 Loading...

	welcome.mariacasino.com/no/pop/casino/2022/sandbox%20eval%20code		125 B	2023-05-06	2025-05-11
Pretty URL welcome.mariacasino.com/no/pop/casino/2022/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:47 Last Seen2025-05-11 12:15 Times Seen10825 Hash 8f2f978b9e8bb4ffce1dcf6cbc7ec45f c502e12fe427b823b7383282831f1ad2b87419d0 7fd31c692f4e314ea159e25b0d13aa56d878cca222edefec165caf90708b85b8 Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js	ScriptElement	2.9 kB	2023-03-07	2024-08-21
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2024-08-21 07:39 Times Seen21 Hash 5e8dc588959123c3ee5de9ac168d5c74 a9aed3325d14a8af844706025abbf7076c2d6df8 8bc787ce4fbc3bec820a859ce9a02388d9b923d06227c5614ea771a62ad05dec Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js	ScriptElement	83 kB	2023-03-07	2024-08-21
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2024-08-21 07:39 Times Seen21 Hash 9c4992909a83d52617e9948d1d1c4141 587bbaea138857f086b03f43120795332fe28523 b53ed597b15301969858b376e9946d1664eff3a03549485ea678e9b8c6deaf63 Loading...

	unknown	Function	872 B	2023-04-19	2025-04-28
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-19 15:48 Last Seen2025-04-28 21:54 Times Seen143 Hash 9a3c9a45e4570912027f6437fbd1fed4 d64a6db078ecafc3c3678a3116751a5a6f56e2d0 652690ca8ee8656b9ef0e01ade9fae774fbe8a9758da8e901d8745cafd2229cf Loading...

	unknown	Function	100 B	2023-04-11	2025-05-10
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 23:08 Last Seen2025-05-10 20:09 Times Seen834 Hash 14850d33613efa85bb02e5bf906bd0f6 407ed029ee0e8e6460ca4cfdd668221e52223d97 f7d3b1c5287c382fb226f695dcbdc7a72a335f41f65ed23777f687aa1edd7cac Loading...

	a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js	ScriptElement	956 B	2023-03-07	2025-02-02
Pretty URL a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js IP 85.184.96.5 ASN #47171 Unibet Services Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:12 Last Seen2025-02-02 17:17 Times Seen4811 Hash fd48e87ecd4d06d9c5df490b91dc813e a65a437db44444634e4f41732c590c1d14433b3f 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47 Loading...

	welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953	ScriptElement	254 B	2023-03-07	2024-08-20
Pretty URL welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2024-08-20 16:52 Times Seen20 Hash f170cd805025c85681b29e0050f512cc a4ef72d85818bc21f6e1c88a077c0c18bc6e1381 bd5188e507cf55e7c15eb20cbd8d0236dc43e19ae230a3317f452b57435a1dd2 Loading...

	unknown	Function	697 B	2023-04-12	2025-05-10
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 01:25 Last Seen2025-05-10 03:42 Times Seen1543 Hash cc5b9c7f31eb88eb944b20e4a902fb4f fb5ad525aa83fd1c62d70d290d9d8eb31fb5089d a7fee75172e59e6ab0fb4ff3f177b8ffc363610ed8b3e6c0004b4bf98de24547 Loading...

	unknown	Function	195 B	2023-04-12	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-12 14:56 Last Seen2025-05-11 08:35 Times Seen1554 Hash 576a61e7e95f3fa39f316630cbc5c039 0c1d16e378c8cd9f13e724c9ce675b67d6926859 0c93256523c99dc09c2a8f6206cd600dc0a7715996a6d545794dcc0ed097f105 Loading...

	unknown	ScriptElement	1.5 kB	2023-11-16	2024-08-20
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-16 15:59 Last Seen2024-08-20 19:16 Times Seen3975 Hash aa815b3ab95f01113f06825d3482950a 8ba15b0202aeaf30c7db18cb23c5007dea0ed42b b9eb09d3ddb52bcd12443dedbb9194d9b07a2e5a29139a63adbc62eb158ad828 Loading...

	welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953	ScriptElement	218 B	2023-03-07	2024-08-20
Pretty URL welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2024-08-20 16:52 Times Seen20 Hash 9d40d7ddb60f4cb29327b156428e3bd5 88becc38eb4e649c2a9aec175f37b5f8c5016588 8c7e60bea5c4cfc5e2ff1c26e5a7ecbe3efb4452b6f07886ece394031c8682c1 Loading...

	welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953	ScriptElement	499 B	2023-03-07	2024-08-20
Pretty URL welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2024-08-20 16:52 Times Seen20 Hash 4b6d2b6491b6df0ef583f49d0882a26e 7fea1a1658513f5bf789a0b42c73f7b6fdcc7f67 2d71070f24532c8088a6e66ef3ce8559809fb60328937057496edc6a24a90a64 Loading...

	unknown	Function	1.9 kB	2023-04-13	2025-05-10
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 20:33 Last Seen2025-05-10 21:02 Times Seen1341 Hash 4e849624bc12888614e90773b8780a0b 36baf5763e654b08689dde863d674a80b72bd658 75baf9e3c2129b065cc1b2b12a96e0af935c704873f8b21ffc303cb949d3384a Loading...

	unknown	ScriptElement	9.0 kB	2023-09-21	2025-02-02
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-09-21 22:26 Last Seen2025-02-02 17:17 Times Seen5254 Hash 4bf85503f4a4c7bcfaab0141a5806d3d 27fe50a4fc3c8c70cbb4a7448497b078d4583afc f69fd5a7cc72a1b162c15eed2d8df99565cfb38316cfe1b946b868f809146305 Loading...

	welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953	ScriptElement	99 B	2023-03-07	2024-08-20
Pretty URL welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2024-08-20 16:52 Times Seen20 Hash a0b71a61570e0a349dfee786c9541984 887208153363db9fb19e9818c0fb921e0493f589 7ba916908ab7207eb14152417dca7da44907f0d08c6ea4b6526fb5800d0ac5eb Loading...

	welcome.mariacasino.com/custom.js	ScriptElement	2.3 kB	2023-03-07	2024-08-20
Pretty URL welcome.mariacasino.com/custom.js IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2024-08-20 16:52 Times Seen20 Hash 01a38820bcebba15c5099a3f76c50033 0dc0dc1fe9789baadc34781115c3de455306a4a6 6d7d9f4e9a44937c4330f759caf658bd1608f1fdac0b3b5bfee3a72af799638b Loading...

	unknown	Function	148 B	2023-04-11	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 21:25 Last Seen2025-05-11 15:14 Times Seen6596 Hash ad647657a6182865673fe2300a1d13ad b1d7352ec14223bdae58961fe3ebab2ec990427b 9f500ac02daa86fc846af97dff1b0d92a41654db4a3548dd90574e5e70c28cdf Loading...

	assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js	ScriptElement	567 B	2023-03-07	2024-08-21
Pretty URL assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js IP 23.38.200.237 ASN #16625 AKAMAI-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:14 Last Seen2024-08-21 07:39 Times Seen21 Hash accfdd9d5be1d7142fabad440365d15f 728b540ea47087d04d502079c76b3f3db8ea289a 32ebaaa3078816891a9efa129824d6ee11c4c8b0ef6e441b28781e7d82b95305 Loading...

	unknown	Function	258 B	2023-04-13	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-13 02:04 Last Seen2025-05-11 08:35 Times Seen1217 Hash 6a6a47e016f735ca1d1e8bb269eb503a c8faddf16b329222c18316a7f575a19be7981e27 d5fd13adaef760d5e22a5f8c3dc2b902df3b5cf8725a4124a426eab17355a5d0 Loading...

	unknown	Function	458 B	2023-04-11	2025-05-11
Pretty Introduced by Function Embedded in HTML false Observations First Seen2023-04-11 22:12 Last Seen2025-05-11 08:35 Times Seen1198 Hash 785f2ac76ea14d9ae37146d14711ebe2 7adbb67fe3b1c536473f93237f9a1875c9165331 768b4471e0be8c94a8e790dd82c39ed385dbd7b87563400055e777837026e794 Loading...

	cdn.optimizely.com/js/10682170820.js	ScriptElement	4.1 kB	2023-05-06	2025-05-11
Pretty URL cdn.optimizely.com/js/10682170820.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:47 Last Seen2025-05-11 12:15 Times Seen10565 Hash b1480c1339924b89c2d446f574980f1f dc14600d3986b0fe907d4f9a7131b104d0b50c4d 0609bad67850c27c401330a47e2c86e05469df851a72723a7caab62eb38b9ee7 Loading...

	welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953	ScriptElement	371 B	2023-03-07	2024-08-20
Pretty URL welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953 IP 104.18.43.104 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:14 Last Seen2024-08-20 16:52 Times Seen20 Hash 0e334c7783ee94b7972386c2b90fc1f5 7ad33ae7aca94796fa4ef67b4c10ac23a9f468f6 1548d1cfdb809ed4c6261e9c9bbadd8dde82c3d3ef8137ff3ff6f6c606677db8 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 90b5236b43e0aa20369c9200b6b4f541	471 B	2023-12-03 19:26	2024-08-20 16:54
Pretty Observations First Seen2023-12-03 19:26 Last Seen2024-08-20 16:54 Times Seen2 Hash 90b5236b43e0aa20369c9200b6b4f541 c36f046201fc2b910788e321fe0123ecc26fe58a d06a6567740039c9347954c1680735ae57fb480196c40b940291094dc9cda1ee Loading...

	#2 Eval - 127ac839a41bdd9ab92ad47b7411cdaf	29 B	2023-03-08 14:23	2025-05-06 08:36
Pretty Observations First Seen2023-03-08 14:23 Last Seen2025-05-06 08:36 Times Seen675 Hash 127ac839a41bdd9ab92ad47b7411cdaf c2f81b12778c909f055c3967caa638b643c4916a b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4 Loading...

		Size	First Seen	Last Seen
	#1 Write - 33d8897a68b7a9f43f7b9eb488c26985	121 B	2023-12-03 19:26	2024-08-20 16:54
Pretty Observations First Seen2023-12-03 19:26 Last Seen2024-08-20 16:54 Times Seen3 Hash 33d8897a68b7a9f43f7b9eb488c26985 5362b32503b2740002d44d4a152a73146264e836 97cd618872c315c927e580c2c3e3b2d86fff3d00adaf3ca302d2078cf0e6c185 Loading...

	#2 Write - 2121cd2a93ea9851057f6734a08c1130	68 B	2023-03-07 01:14	2024-08-21 07:39
Pretty Observations First Seen2023-03-07 01:14 Last Seen2024-08-21 07:39 Times Seen21 Hash 2121cd2a93ea9851057f6734a08c1130 68e2ee70c921266930c95e2a4b791d3f1fbb7f16 6604e7359d43375f74af46ce09c369432a8512c1e42b8d301a38091cb668301a Loading...

HTTP Transactions (38)

URL IP Response Size

www.highcpmcreativeformat.com/307cd9a6acefbb29c6f7ae3a8c253579/invoke.js

173.233.139.164

11 kB

URL
www.highcpmcreativeformat.com/307cd9a6acefbb29c6f7ae3a8c253579/invoke.js
IP
173.233.139.164:0
ASN
#7979 SERVERS-COM

File type
exported SGML document, ASCII text, with very long lines (29601), with no line terminators
Size
11 kB (10905 bytes)
Hash
887aa12faf1934b64571ef77225b3ca2
d3ce53473c934aae6d6afcbf42b2e6b5e2205e6a
7926a3996f43976898112ecb50687a0d30e6700ed961bd4f76ac3c8ddc2c88de

HTTP Headers

GET /307cd9a6acefbb29c6f7ae3a8c253579/invoke.js HTTP/1.1
Host: www.highcpmcreativeformat.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a5837ff1.rinmovie.pages.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 11 Dec 2023 18:54:14 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 32750c4cc7bb6718951b6c5a14e356e9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

proftrafficcounter.com/stats

52.58.59.63

40 B

URL
proftrafficcounter.com/stats
IP
52.58.59.63:0
ASN
#16509 AMAZON-02

File type
ASCII text, with no line terminators
Size
40 B (40 bytes)
Hash
1b93d0f469f6e1d32975319105a37ac7
add86af3ec1574b485261e93a383e2a6966bcb53
af3a3cacdb5d41966e6c37886598392284e185ee7d763ddf237e56c6ac4745dc

HTTP Headers

GET /stats HTTP/1.1
Host: proftrafficcounter.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a5837ff1.rinmovie.pages.dev/
Origin: https://a5837ff1.rinmovie.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:15 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://a5837ff1.rinmovie.pages.dev
vary: Origin
access-control-allow-credentials: true
set-cookie: uid_id2=dcbbfd34-adfc-48e8-9b7d-d68cfb896f9e:3:1; expires=Thu, 08 Dec 2033 18:54:15 GMT; secure; SameSite=None
X-Firefox-Spdy: h2

demeanourgrade.com/watch.1285530923601.js?key=307cd9a6acefbb29c6f7ae3a8c253579&kw=%5B%22movie%22%2C%22unlimited%22%5D&refer=https%3A%2F%2Fa5837ff1.rinmovie.pages.dev%2F&tz=0&dev=e&res=14.3095&uuid=dcbbfd34-adfc-48e8-9b7d-d68cfb896f9e%3A3%3A1

192.243.59.12

0 B

URL
demeanourgrade.com/watch.1285530923601.js?key=307cd9a6acefbb29c6f7ae3a8c253579&kw=%5B%22movie%22%2C%22unlimited%22%5D&refer=https%3A%2F%2Fa5837ff1.rinmovie.pages.dev%2F&tz=0&dev=e&res=14.3095&uuid=dcbbfd34-adfc-48e8-9b7d-d68cfb896f9e%3A3%3A1
IP
192.243.59.12:0
ASN
#39572 DataWeb Global Group B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /watch.1285530923601.js?key=307cd9a6acefbb29c6f7ae3a8c253579&kw=%5B%22movie%22%2C%22unlimited%22%5D&refer=https%3A%2F%2Fa5837ff1.rinmovie.pages.dev%2F&tz=0&dev=e&res=14.3095&uuid=dcbbfd34-adfc-48e8-9b7d-d68cfb896f9e%3A3%3A1 HTTP/1.1
Host: demeanourgrade.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a5837ff1.rinmovie.pages.dev/
Origin: https://a5837ff1.rinmovie.pages.dev
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Mon, 11 Dec 2023 18:54:15 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://a5837ff1.rinmovie.pages.dev
Access-Control-Allow-Origin: https://a5837ff1.rinmovie.pages.dev
Access-Control-Allow-Credentials: true
Location: https://demeanourgrade.com/watch.1285530923601.js?key=307cd9a6acefbb29c6f7ae3a8c253579&kw=%5B%22movie%22%2C%22unlimited%22%5D&refer=https%3A%2F%2Fa5837ff1.rinmovie.pages.dev%2F&tz=0&dev=e&res=14.3095&uuid=dcbbfd34-adfc-48e8-9b7d-d68cfb896f9e%3A3%3A1&shu=35437a174b767f219e9ffa6554cefb35d4e3dd12f37ac8fb3047a14248e47b3331f27e330350e4ef6441301b03fe51b7e3673e730369f9de3f73bb3622f9a438c6dc4cb1c3013b5e3916ac5c5e389f157abd2e57041b1569c29b23163342&pst=1702320915&rmtc=t
Set-Cookie: u_pl=18362661; expires=Tue, 12 Dec 2023 18:54:15 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxODM2MjY2MSwiayI6IjMwN2NkOWE2YWNlZmJiMjljNmY3YWUzYThjMjUzNTc5Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMjI3NjU3LCJwaWQiOjY5MDU4MSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoxLCJhaWQiOjMyLCJwdCI6NCwicGsiOiJpcjJid2M1eXRqIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vYTU4MzdmZjEucmlubW92aWUucGFnZXMuZGV2LyIsImFyIjpbXX19.Vs6gkUWtH3RyfN8aaiGBqjQEEBgwjpHLHB2-DMY8__Q; expires=Mon, 11 Dec 2023 18:55:15 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: af67e015be8db75e1414373789ed85ed
Strict-Transport-Security: max-age=0; includeSubdomains

a5837ff1.rinmovie.pages.dev/favicon.ico

188.114.97.1

2.2 kB

URL
a5837ff1.rinmovie.pages.dev/favicon.ico
IP
188.114.97.1:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - HTML document text - exported SGML document, ASCII text, with CRLF line terminators
Size
2.2 kB (2159 bytes)
Hash
18a9cae1a49641313f71844791e337cf
3c7887d6c2fb5a52f11df9f132bf5124d4fd2020
b8290967dbb4b3eddafc69bdb0d633f02880594b0fa22a8a3f4b95f5dbe7e54a

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: a5837ff1.rinmovie.pages.dev
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a5837ff1.rinmovie.pages.dev/
DNT: 1
Connection: keep-alive
Cookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=dcbbfd34-adfc-48e8-9b7d-d68cfb896f9e%3A3%3A1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Mon, 11 Dec 2023 18:54:15 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=0, must-revalidate
etag: W/"5e661f01b597d399302461e332a4799f"
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-robots-tag: noindex
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q7YWQMwwPIi9f%2BYq2rxwrWiY0nUUaDmFOi4zJQptN0GiKIqmwoCjeF5QQMH%2F%2BoRzFzxwMNxdVfp1%2FvrQZ4XBsQzxOd2obTXjve%2FwRZxNtINmfHlq%2BkxVNaUlLE07Weuo4JBFMSKo9LlFyReuqi4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 833fef62dc38b52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18362661

173.233.137.36

1.4 kB

URL
conqueredallrightswell.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18362661
IP
173.233.137.36:0
ASN
#7979 SERVERS-COM

File type
HTML document text - HTML document text - HTML document, ASCII text, with very long lines (500)
Size
1.4 kB (1405 bytes)
Hash
87ee72d28e68a34d63525336ad9e1199
09168507f6a4762ac4c8a4c2fe988606f8f202ac
29896964e1b3531a61ba4a515a8e22521456eba1dbfe55e25004e518e8041dbc

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=18362661 HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a5837ff1.rinmovie.pages.dev/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.21.6
Date: Mon, 11 Dec 2023 18:54:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Tue, 12 Dec 2023 18:54:16 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTgzNjI2NjEiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9hNTgzN2ZmMS5yaW5tb3ZpZS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.AdydLRgu3L43foGHDdY2x2dy3U6SzLOfljZsP3xwNr0; expires=Mon, 11 Dec 2023 18:55:16 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fa7696c6f93fd243210df2e0c9a670e2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip

conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE4MzYyNjYxJnBzdD0xNzAyMzIwOTE2JnJlZmVyPWh0dHBzJTNBJTJGJTJGYTU4MzdmZjEucmlubW92aWUucGFnZXMuZGV2JTJGJnJtdGM9dCZzaHU9ZjRmYWYyMmM1MjdhN2U4NTYzMjhjZjhjNmI3YjdkMGYzZDZmY2VjYjRhMjVhMDA3ZDliZThlZDljYTM3OGM0NjNkNzU4MTVhZDQ5ZmE0OWU4ZDExNTE1MWNlMmNmODBhMjViM2MwMzY0YjQ5NDY4NGM2OWY2NmY2ZjY1N2Q0MDg2MmZlOTlkZTZkNTdmMDg5NTc1ZjdmOTM5NjBhMmY0ZGE0YWJhNzgwZTA3YzdkMzNmY2MxYWM4ODNhOWFhNWQzNzg%3D&uuid=&pii=&in=false

192.243.61.227

302 Found

0 B

URL User Request GET HTTP/1.1
conqueredallrightswell.com/api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE4MzYyNjYxJnBzdD0xNzAyMzIwOTE2JnJlZmVyPWh0dHBzJTNBJTJGJTJGYTU4MzdmZjEucmlubW92aWUucGFnZXMuZGV2JTJGJnJtdGM9dCZzaHU9ZjRmYWYyMmM1MjdhN2U4NTYzMjhjZjhjNmI3YjdkMGYzZDZmY2VjYjRhMjVhMDA3ZDliZThlZDljYTM3OGM0NjNkNzU4MTVhZDQ5ZmE0OWU4ZDExNTE1MWNlMmNmODBhMjViM2MwMzY0YjQ5NDY4NGM2OWY2NmY2ZjY1N2Q0MDg2MmZlOTlkZTZkNTdmMDg5NTc1ZjdmOTM5NjBhMmY0ZGE0YWJhNzgwZTA3YzdkMzNmY2MxYWM4ODNhOWFhNWQzNzg%3D&uuid=&pii=&in=false
IP
192.243.61.227:443
ASN
#39572 DataWeb Global Group B.V.

Certificate
IssuerLet's Encrypt
Subjectconqueredallrightswell.com
Fingerprint9E:C2:75:0A:08:52:CB:97:0C:C6:54:67:5E:6F:7F:C9:D8:00:28:1C
ValidityTue, 14 Nov 2023 16:14:39 GMT - Mon, 12 Feb 2024 16:14:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /api/users?token=L2R5ZmMxazA5P2tleT04NjM3MDViY2JiNGI2YTU1NGRkYjM1OTY2NTM5NWE2ZiZwc2lkPTE4MzYyNjYxJnBzdD0xNzAyMzIwOTE2JnJlZmVyPWh0dHBzJTNBJTJGJTJGYTU4MzdmZjEucmlubW92aWUucGFnZXMuZGV2JTJGJnJtdGM9dCZzaHU9ZjRmYWYyMmM1MjdhN2U4NTYzMjhjZjhjNmI3YjdkMGYzZDZmY2VjYjRhMjVhMDA3ZDliZThlZDljYTM3OGM0NjNkNzU4MTVhZDQ5ZmE0OWU4ZDExNTE1MWNlMmNmODBhMjViM2MwMzY0YjQ5NDY4NGM2OWY2NmY2ZjY1N2Q0MDg2MmZlOTlkZTZkNTdmMDg5NTc1ZjdmOTM5NjBhMmY0ZGE0YWJhNzgwZTA3YzdkMzNmY2MxYWM4ODNhOWFhNWQzNzg%3D&uuid=&pii=&in=false HTTP/1.1
Host: conqueredallrightswell.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://conqueredallrightswell.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTgzNjI2NjEiLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9hNTgzN2ZmMS5yaW5tb3ZpZS5wYWdlcy5kZXYvIiwiYXIiOltdfX0.AdydLRgu3L43foGHDdY2x2dy3U6SzLOfljZsP3xwNr0; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx/1.21.6
Date: Mon, 11 Dec 2023 18:54:17 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://adserving.unibet.com/redirect.aspx?bid=37953&pid=15135578&sref=ADST&ADST=16122660
Set-Cookie: iprcd148b1f6afd9ae23e7eb79ef57c8e62f=4798635; expires=Tue, 12 Dec 2023 18:54:17 GMT
pdhtkv=true; expires=Tue, 12 Dec 2023 18:54:17 GMT
uncs=1; expires=Tue, 12 Dec 2023 18:54:17 GMT
pdhtkv28=true; expires=Tue, 12 Dec 2023 18:54:17 GMT
uncs28=1; expires=Tue, 12 Dec 2023 18:54:17 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 81ad12f6e964d626ea4fbc58127fb77b
Strict-Transport-Security: max-age=0; includeSubdomains

adserving.unibet.com/redirect.aspx?bid=37953&pid=15135578&sref=ADST&ADST=16122660

13.107.246.53

307 Temporary Redirect

0 B

URL User Request GET HTTP/2
adserving.unibet.com/redirect.aspx?bid=37953&pid=15135578&sref=ADST&ADST=16122660
IP
13.107.246.53:443
ASN
#8068 MICROSOFT-CORP-MSN-AS-BLOCK

Certificate
IssuerTrustwave Holdings, Inc.
Subjectaffiliates.kindredplc.com
Fingerprint9C:1F:91:86:77:41:76:62:71:CD:11:FD:80:70:B7:83:58:47:BF:4F
ValidityThu, 17 Aug 2023 06:39:43 GMT - Fri, 16 Aug 2024 06:38:43 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect.aspx?bid=37953&pid=15135578&sref=ADST&ADST=16122660 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
cache-control: private,no-cache, no-store
pragma: no-cache
content-type: text/html
location: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a68246908%2c%22BID%22%3a37953%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1702320857556)%5c%2f%22%2c%22CookieTag%22%3a%223795368246908451240919C202312111854%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%2210708260222%7c1%22%7d%5d; domain=.unibet.com; expires=Wed, 11-Dec-3022 18:54:17 GMT; path=/; secure; SameSite=Strict
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
x-azure-ref: 02Vp3ZQAAAAAGYsKzXQLUTYzdR4VrNiLUU1ZHMjBFREdFMDUxMQAyZDk5MzlkMy05NTUxLTQ2ZmYtOGEyNi01ZWZmY2FhMWQ5OGM=
x-cache: CONFIG_NOCACHE
date: Mon, 11 Dec 2023 18:54:17 GMT
content-length: 0
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/slots.png

104.18.43.104

200 OK

6.3 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/slots.png
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
PNG image data, 151 x 200, 8-bit/color RGBA, non-interlaced - data
Size
6.3 kB (6303 bytes)
Hash
6be047bdf3d103b2414f7f6ab64d96b8
57818bdfe16383abe584b5c30de5f35eb55ebf20
38e2d3e7f261032cf0c558e28555c6425c30aa14014f31bbaad7d5176b7d4449

HTTP Headers

GET /no/pop/casino/2022/slots.png HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:17 GMT
content-type: image/png
content-length: 6303
cf-ray: 833fef71ee64b512-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 395766
cache-control: public, max-age=900, immutable
etag: "0x8DBB47DF214D12C"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: a+BHvfPRA7JBT39qtk2WuA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: a53159bf-701e-0056-7ba2-1de3ed000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/livecasino.png

104.18.43.104

200 OK

21 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/livecasino.png
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced - data
Size
21 kB (20783 bytes)
Hash
87dc3fc9a40a9b0e8fd7c0519ac24f54
908b0ca475f8da1d0380a6cb5caabafce2466aec
a0fd031aa160b2679253c5952576a692e002c6be963c5935af3692ff50206eb4

HTTP Headers

GET /no/pop/casino/2022/livecasino.png HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:17 GMT
content-type: image/png
content-length: 20783
cf-ray: 833fef71ee67b512-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 310903
cache-control: public, max-age=900, immutable
etag: "0x8DBB47DF2032091"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: h9w/yaQKmw6P18BRmsJPVA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: e590e529-401e-004d-2d8c-1eddee000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/mga.png

104.18.43.104

200 OK

1.5 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/mga.png
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
PNG image data, 152 x 60, 8-bit colormap, non-interlaced - data
Size
1.5 kB (1454 bytes)
Hash
f34e781d7ad22dc774b98ac82a2b46f6
b66cb9753b0f76a7590f62d3c6b8f645bdbae786
7898ba2cec328d50a75400c1e5a6f1f23974f4c0cc433472a24f28a82c7d01c7

HTTP Headers

GET /no/pop/casino/2022/mga.png HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:17 GMT
content-type: image/png
content-length: 1454
cf-ray: 833fef71ee6ab512-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 50730
cache-control: public, max-age=900, immutable
etag: "0x8DBB47DF226A8C7"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: 8054HXrSLcd0uYrIKitG9g==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b9ce90da-f01e-0077-3edc-20c796000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/games.png

104.18.43.104

200 OK

8.8 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/games.png
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
PNG image data, 234 x 200, 8-bit/color RGBA, non-interlaced - data
Size
8.8 kB (8838 bytes)
Hash
fbd364c184d1c2af246dd5a3079ce9ed
5c572431ced831a518e0c4adfed4372254f1eac1
2a09f891fb138e893fbc2fe522761e47307376143582e41016bf8aa54c4fdb77

HTTP Headers

GET /no/pop/casino/2022/games.png HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:17 GMT
content-type: image/png
content-length: 8838
cf-ray: 833fef71ee69b512-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 463532
cache-control: public, max-age=900, immutable
etag: "0x8DBB47DF1FBCEB0"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: +9NkwYTRwq8kbdWjB5zp7Q==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: ed2a491c-501e-006e-5f0a-1d472d000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js

85.184.96.5

200 OK

956 B

URL GET HTTP/2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text
Size
956 B (956 bytes)
Hash
fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47

HTTP Headers

GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:18 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js

23.38.200.237

200 OK

44 kB

URL GET HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
exported SGML document, ASCII text, with very long lines (32764)
Size
44 kB (43737 bytes)
Hash
bf8d7656a2457e257e3cf75a01e6a4b7
7c7835b4632ac21ddea281bd2454e4faf08f0ff7
e2992637a3fd258ae2bd64fb199a77155aed36554a4bed9e34ce1bc2958ada1d

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "bf8d7656a2457e257e3cf75a01e6a4b7:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 11 Dec 2023 19:54:18 GMT
date: Mon, 11 Dec 2023 18:54:18 GMT
content-length: 43737
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2

ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js

142.250.74.138

200 OK

30 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js
IP
142.250.74.138:443
ASN
#15169 GOOGLE

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
ASCII text, with very long lines (32030)
Size
30 kB (30244 bytes)
Hash
e071abda8fe61194711cfc2ab99fe104
f647a6d37dc4ca055ced3cf64bbc1f490070acba
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

HTTP Headers

GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 15:57:26 GMT
expires: Fri, 06 Dec 2024 15:57:26 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 356212
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

service.maxymiser.net/cdn/unibet/js/mmcore.js

23.36.79.34

404 Not Found

10 B

URL GET HTTP/2
service.maxymiser.net/cdn/unibet/js/mmcore.js
IP
23.36.79.34:443
ASN
#20940 Akamai International B.V.

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerDigiCert Inc
Subject*.maxymiser.net
Fingerprint64:BD:DC:A7:97:53:6E:10:E5:25:0D:F4:A1:AF:7E:26:8B:AC:DD:88
ValidityMon, 27 Nov 2023 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT

File type
ASCII text
Size
10 B (10 bytes)
Hash
7605968e79d0ca095ab1231486d2b814
a007b420d19ceefa840f0373e050e3b51a4ab480
493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b

HTTP Headers

GET /cdn/unibet/js/mmcore.js HTTP/1.1
Host: service.maxymiser.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Mon, 11 Dec 2023 18:54:18 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/styles.css

104.18.43.104

200 OK

3.7 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/styles.css
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
ASCII text
Size
3.7 kB (3693 bytes)
Hash
9c7198fae65fdd565a2016879123ca09
e8a4caac57eef46c656b9ce1aeb9067f470baa32
fc67c9b12d5fa444ce772f52e859f6b3388d20adaf2907762eaf5cff4575f918

HTTP Headers

GET /no/pop/casino/2022/styles.css HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:17 GMT
content-type: text/css; charset=utf-8
cf-ray: 833fef71de52b512-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 203635
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB47DF17A7D2B"
last-modified: Wed, 13 Sep 2023 17:22:01 GMT
vary: Accept-Encoding
content-md5: nHGY+uZf3VZaIBaHkSPKCQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 17bf22a3-501e-006e-7067-1f472d000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js

23.38.200.237

200 OK

13 kB

URL GET HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (558)
Size
13 kB (12666 bytes)
Hash
18eab16a639a4773572307713440a929
75bd72f7058b2d1d3ede541b2129267b438a73d4
358c5899627cc60f849ddc6860c01aa67b122f478e0d4ef42efd48a4b38c305b

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "18eab16a639a4773572307713440a929:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 11 Dec 2023 19:54:18 GMT
date: Mon, 11 Dec 2023 18:54:18 GMT
content-length: 12666
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2

service.maxymiser.net/cdn/unibet/js/mmcore.js

23.36.79.34

404 Not Found

10 B

URL GET HTTP/2
service.maxymiser.net/cdn/unibet/js/mmcore.js
IP
23.36.79.34:443
ASN
#20940 Akamai International B.V.

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerDigiCert Inc
Subject*.maxymiser.net
Fingerprint64:BD:DC:A7:97:53:6E:10:E5:25:0D:F4:A1:AF:7E:26:8B:AC:DD:88
ValidityMon, 27 Nov 2023 00:00:00 GMT - Wed, 27 Nov 2024 23:59:59 GMT

File type
ASCII text
Size
10 B (10 bytes)
Hash
7605968e79d0ca095ab1231486d2b814
a007b420d19ceefa840f0373e050e3b51a4ab480
493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b

HTTP Headers

GET /cdn/unibet/js/mmcore.js HTTP/1.1
Host: service.maxymiser.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Mon, 11 Dec 2023 18:54:18 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/BlenderPro-ThinWeb.woff

104.18.43.104

200 OK

50 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/BlenderPro-ThinWeb.woff
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
Web Open Font Format, TrueType, length 49636, version 3.6 - data
Size
50 kB (49636 bytes)
Hash
37ba84aebad11c2e0acd496eedb0bb76
42942446e1cfab8d0eaf7d23899203b2b2b64fe7
2d7cc2c9c9fef717010fcfa8fa6518079eaec1e63975a74b4fb78afb14d6ee5e

HTTP Headers

GET /no/pop/casino/2022/BlenderPro-ThinWeb.woff HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/styles.css
Cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19703%7CMCMID%7C32711163271024598804861815783711195200%7CMCAID%7CNONE%7CMCOPTOUT-1702328058s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:18 GMT
content-type: application/font-woff
content-length: 49636
cf-ray: 833fef7499f5b512-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 23105
cache-control: public, max-age=900, immutable
etag: "0x8DBB47DF1CAB3F7"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: N7qErrrRHC4KzUlu7bC7dg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 822ab976-c01e-000e-6f2c-213bb2000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/BlenderPro-MediumWeb.woff

104.18.43.104

200 OK

49 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/BlenderPro-MediumWeb.woff
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
Web Open Font Format, TrueType, length 48766, version 3.6 - data
Size
49 kB (48766 bytes)
Hash
f62793caeb7e5b111d7508b00c0826c2
d003c52a07685156de00186014c777b7dde81573
bac888a26184354a6038eb4ba3d87fdc3315c6e7fe0c19ec7cd1737f1720fc5a

HTTP Headers

GET /no/pop/casino/2022/BlenderPro-MediumWeb.woff HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/styles.css
Cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19703%7CMCMID%7C32711163271024598804861815783711195200%7CMCAID%7CNONE%7CMCOPTOUT-1702328058s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:18 GMT
content-type: application/font-woff
content-length: 48766
cf-ray: 833fef74aa05b512-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 511100
cache-control: public, max-age=900, immutable
etag: "0x8DBB47DF1B5CF8B"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: 9ieTyut+WxEddQiwDAgmwg==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f6f9f935-601e-0028-523d-2273aa000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

fonts.googleapis.com/css?family=Roboto:300,400,500,700,900

142.250.74.106

200 OK

162 kB

URL GET HTTP/2
fonts.googleapis.com/css?family=Roboto:300,400,500,700,900
IP
142.250.74.106:443
ASN
#15169 GOOGLE

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint10:D0:ED:9A:F4:53:C8:99:DE:B6:5E:5C:04:E6:20:0B:68:7D:46:EC
ValidityMon, 20 Nov 2023 08:08:50 GMT - Mon, 12 Feb 2024 08:08:49 GMT

File type
gzip compressed data, max compression - data
Size
162 kB (162370 bytes)
Hash
979572322268a05b39df28493ed2944a
b475593caf7aa1b0c4776e2a9ab2734295f93784
efac4c8e3318633089f30ad1d20c63e3ea5e52e938006d435d1c488b4be23634

HTTP Headers

GET /css?family=Roboto:300,400,500,700,900 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 11 Dec 2023 18:54:18 GMT
date: Mon, 11 Dec 2023 18:54:18 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js

23.38.200.237

200 OK

30 kB

URL GET HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (543)
Size
30 kB (29629 bytes)
Hash
9c4992909a83d52617e9948d1d1c4141
587bbaea138857f086b03f43120795332fe28523
b53ed597b15301969858b376e9946d1664eff3a03549485ea678e9b8c6deaf63

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "9c4992909a83d52617e9948d1d1c4141:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 29629
cache-control: max-age=3600
expires: Mon, 11 Dec 2023 19:54:18 GMT
date: Mon, 11 Dec 2023 18:54:18 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC

142.250.74.168

200 OK

67 kB

URL GET HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintC1:58:7C:BF:5A:61:79:08:CB:C2:00:63:60:07:86:BD:EA:0A:45:8A
ValidityMon, 20 Nov 2023 08:02:50 GMT - Mon, 12 Feb 2024 08:02:49 GMT

File type
ASCII text, with very long lines (25136)
Size
67 kB (67321 bytes)
Hash
c4a90a8707fc7316f2b36f2fd89d0112
f170d1dbf593b7d2ed8788d4b55c7edf264174fc
4b802b8abe5c941d207595834637ede6d5263405da52b8e089332d003aa8eaaf

HTTP Headers

GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 11 Dec 2023 18:54:18 GMT
expires: Mon, 11 Dec 2023 18:54:18 GMT
cache-control: private, max-age=900
last-modified: Mon, 11 Dec 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 67321
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js

23.38.200.237

200 OK

1.2 kB

URL GET HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (502)
Size
1.2 kB (1199 bytes)
Hash
5e8dc588959123c3ee5de9ac168d5c74
a9aed3325d14a8af844706025abbf7076c2d6df8
8bc787ce4fbc3bec820a859ce9a02388d9b923d06227c5614ea771a62ad05dec

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-580f0b8764746d390100a183.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "5e8dc588959123c3ee5de9ac168d5c74:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 1199
cache-control: max-age=3600
expires: Mon, 11 Dec 2023 19:54:18 GMT
date: Mon, 11 Dec 2023 18:54:18 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.131

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0 - data
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 04 Dec 2023 23:43:03 GMT
expires: Tue, 03 Dec 2024 23:43:03 GMT
cache-control: public, max-age=31536000
age: 587475
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

142.250.74.131

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0 - data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 05:05:31 GMT
expires: Fri, 06 Dec 2024 05:05:31 GMT
cache-control: public, max-age=31536000
age: 395327
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.131

200 OK

16 kB

URL GET HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.131:443
ASN
#15169 GOOGLE

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerGoogle Trust Services LLC
Subject*.gstatic.com
Fingerprint5F:60:69:C9:59:6D:F1:B5:87:82:8D:B0:57:3C:D9:24:10:FD:74:D1
ValidityMon, 20 Nov 2023 08:08:49 GMT - Mon, 12 Feb 2024 08:08:48 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0 - data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 07 Dec 2023 04:53:07 GMT
expires: Fri, 06 Dec 2024 04:53:07 GMT
cache-control: public, max-age=31536000
age: 396071
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js

23.38.200.237

200 OK

1.4 kB

URL GET HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text
Size
1.4 kB (1388 bytes)
Hash
6444bceb1b767bea75b4f47d793f7b05
173a21cbce9a9c8b73088df59efa6049690a9cbb
7386df477cd87905ec5e618f0d3df193963ec801ff64404cc5023529b16c4d6f

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b20e4d164746d3e0d0043fb.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "6444bceb1b767bea75b4f47d793f7b05:1554112917"
last-modified: Mon, 01 Apr 2019 10:01:57 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
cache-control: max-age=3600
expires: Mon, 11 Dec 2023 19:54:18 GMT
date: Mon, 11 Dec 2023 18:54:18 GMT
content-length: 1388
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/main.js

104.18.43.104

200 OK

20 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/main.js
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type

Size
20 kB (20131 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /no/pop/casino/2022/main.js HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:17 GMT
content-type: application/javascript; charset=utf-8
cf-ray: 833fef71ee5fb512-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 53303
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB47DF21F2FDA"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: HUKMSjGdEVR6I7ylcruk3g==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: f441e222-a01e-0018-38dc-20cd65000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

a1s.unibet.com/orval/tracking/lastclick.min.js

85.184.96.5

200 OK

1.8 kB

URL GET HTTP/2
a1s.unibet.com/orval/tracking/lastclick.min.js
IP
85.184.96.5:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectunibet.com
Fingerprint1A:B0:7B:63:FE:17:68:E4:1E:85:13:D5:3D:2C:46:01:FC:B2:4C:84
ValidityMon, 06 Nov 2023 00:18:08 GMT - Sun, 04 Feb 2024 00:18:07 GMT

File type
ASCII text, with very long lines (1881), with no line terminators
Size
1.8 kB (1797 bytes)
Hash
695e4c30089ed5d35b5096257b69bbec
64897f4cdac1a6e4f5d6ed9dcb8b246e3b942841
40fab43e8fa29c9c648a5d56139fe8c35b1fbfb5c826d2fd58c4ceec7a548206

HTTP Headers

GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:18 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:24 GMT
etag: W/"705-5e57dfac7ede0"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/background.jpg

104.18.43.104

200 OK

162 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/background.jpg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x800, components 3 - data
Size
162 kB (161606 bytes)
Hash
aa279ee357b415f50a16127d5c1a7c4d
d1375a6cb87e60f31f609769044af9e6d47775cd
6aa6656d951b443674e2795a2174f6ba5fa711a0f2943830eab9f07cb1e1a809

HTTP Headers

GET /no/pop/casino/2022/background.jpg HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/styles.css
Cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19703%7CMCMID%7C32711163271024598804861815783711195200%7CMCAID%7CNONE%7CMCOPTOUT-1702328058s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:18 GMT
content-type: image/jpeg
content-length: 161606
cf-ray: 833fef7499d7b512-OSL
cf-cache-status: HIT
accept-ranges: bytes
access-control-allow-origin: *
age: 352306
cache-control: public, max-age=900, immutable
etag: "0x8DBB47DF1D5AECE"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: qiee41e0FfUKFhJ9XBp8TQ==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 944433a8-a01e-0018-43ae-23cd65000000
x-ms-version: 2014-02-14
server: cloudflare
X-Firefox-Spdy: h2

www.mariacasino.com/kindred_snow/s3.7.0/kindred_s.js

85.184.96.0

200 OK

74 kB

URL GET HTTP/2
www.mariacasino.com/kindred_snow/s3.7.0/kindred_s.js
IP
85.184.96.0:443
ASN
#47171 Unibet Services Limited

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectmariacasino.com
FingerprintD0:21:61:EE:74:5D:D8:D6:F1:19:F9:4E:33:FA:54:88:64:BF:99:CB
ValidityMon, 06 Nov 2023 00:11:24 GMT - Sun, 04 Feb 2024 00:11:23 GMT

File type
ASCII text, with very long lines (65378)
Size
74 kB (74304 bytes)
Hash
3fb00dbb8acb3c68fd5ddb674f22bb88
cf7bc4f71f0ff66037ac2e564963ff4c2737e766
7d3d84e73da67922341950d1542a5a5da2420ea18026e314a9aec22f631e4246

HTTP Headers

GET /kindred_snow/s3.7.0/kindred_s.js HTTP/1.1
Host: www.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19703%7CMCMID%7C32711163271024598804861815783711195200%7CMCAID%7CNONE%7CMCOPTOUT-1702328058s%7CNONE%7CvVersion%7C3.2.0; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1; uniattr=BLP.1.UT; uniattr_ref="https://conqueredallrightswell.com/"
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:18 GMT
content-type: application/javascript
last-modified: Mon, 11 Dec 2023 16:08:44 GMT
vary: Accept-Encoding
etag: W/"6577340c-12240"
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=browser_desktop; Domain=www.mariacasino.com; Path=/; SameSite=None; Secure
content-encoding: gzip
X-Firefox-Spdy: h2

assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js

23.38.200.237

200 OK

567 B

URL GET HTTP/2
assets.adobedtm.com/2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js
IP
23.38.200.237:443
ASN
#16625 AKAMAI-AS

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerDigiCert Inc
Subjectassets.adobedtm.com
Fingerprint8E:2F:9F:94:55:93:C2:B5:58:37:E8:D3:02:3C:23:AF:BA:E7:1D:EA
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sat, 10 Aug 2024 23:59:59 GMT

File type
ASCII text, with very long lines (609), with no line terminators
Size
567 B (567 bytes)
Hash
7d599073b2f037a8e2a2881467e8fbb4
3e78ffb423be83e492234206fa2572fa7914c62e
f6f4898ab1ed11593c3beef926c56a6ef4351d2d43f8ab431ae26bb2353b74cc

HTTP Headers

GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js HTTP/1.1
Host: assets.adobedtm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-type: application/x-javascript
etag: "accfdd9d5be1d7142fabad440365d15f:1554112916"
last-modified: Mon, 01 Apr 2019 10:01:56 GMT
server: AkamaiNetStorage
content-length: 567
cache-control: max-age=3600
expires: Mon, 11 Dec 2023 19:54:18 GMT
date: Mon, 11 Dec 2023 18:54:18 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/no-payments.svg

104.18.43.104

200 OK

25 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/no-payments.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
SVG Scalable Vector Graphics image - XML 1.0 document text - XML document text - HTML document text - exported SGML document, ASCII text
Size
25 kB (24901 bytes)
Hash
7857f5fa35651d9795bac512238caaf4
107c2b86078dd49ffd18c76724bd290018719037
bf1b321fe365e6fdb5429bcebb8a6b5b9ed554d84f4eced5e69cc31038455a81

HTTP Headers

GET /no/pop/casino/2022/no-payments.svg HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19703%7CMCMID%7C32711163271024598804861815783711195200%7CMCAID%7CNONE%7CMCOPTOUT-1702328058s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:18 GMT
content-type: image/svg+xml
cf-ray: 833fef754ad3b512-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 142238
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB47DF243F062"
last-modified: Wed, 13 Sep 2023 17:22:03 GMT
vary: Accept-Encoding
content-md5: eFf1+jVlHZeVusUSI4yq9A==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 1cdcd5fb-701e-0024-5107-20e4a2000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/favicon.ico

104.18.43.104

200 OK

4.3 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/favicon.ico
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel - data
Size
4.3 kB (4286 bytes)
Hash
75467aea7c9ef09112d57da712792f1c
2fd85767a73ad15745af9ae26f51edae5cf431bf
b65996d71ae18fdc3744b16a5fc11a00e625af41b3506ec798a8e62c2d80dabb

HTTP Headers

GET /no/pop/casino/2022/favicon.ico HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7; AMCV_F431E3BC5593E3887F000101%40AdobeOrg=-306458230%7CMCIDTS%7C19703%7CMCMID%7C32711163271024598804861815783711195200%7CMCAID%7CNONE%7CMCOPTOUT-1702328058s%7CNONE%7CvVersion%7C3.2.0; sat_track=true; AMCVS_F431E3BC5593E3887F000101%40AdobeOrg=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:18 GMT
content-type: image/x-icon
cf-ray: 833fef760b9fb512-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 436087
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB47DF1F3E0A4"
last-modified: Wed, 13 Sep 2023 17:22:02 GMT
vary: Accept-Encoding
content-md5: dUZ66nye8JES1X2nEnkvHA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: d68afac7-501e-0041-1361-1d4ae6000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953

104.18.43.104

200 OK

10 kB

URL User Request GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type

Size
10 kB (10035 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953 HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://conqueredallrightswell.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:17 GMT
content-type: text/html; charset=utf-8
cf-ray: 833fef704c32b512-OSL
cf-cache-status: MISS
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
last-modified: Wed, 13 Sep 2023 17:22:01 GMT
vary: Accept-Encoding
content-md5: 195t/EFQHfrEDazau7jk+g==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 86f4fb35-201e-004b-0363-2cee51000000
x-ms-version: 2014-02-14
set-cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7;max-age=2592000; domain=.mariacasino.com;path=/;secure;samesite=none;httponly
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.mariacasino.com/no/pop/casino/2022/maria-logo.svg

104.18.43.104

200 OK

3.5 kB

URL GET HTTP/2
welcome.mariacasino.com/no/pop/casino/2022/maria-logo.svg
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
SVG Scalable Vector Graphics image - XML document text - HTML document text - HTML document text - exported SGML document, ASCII text, with very long lines (3630), with no line terminators
Size
3.5 kB (3494 bytes)
Hash
c555f8d5d6661a5a58353a9cbfd5c558
452c5c7b45b1f8e7e420cdf99d00b517ba17bec8
0af04359175453424d6552e534a91df0099dd7852f2f37025ab96d4778bd16f6

HTTP Headers

GET /no/pop/casino/2022/maria-logo.svg HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:17 GMT
content-type: image/svg+xml
cf-ray: 833fef71ee62b512-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 576004
cache-control: public, max-age=900, immutable
etag: W/"0x8DBB47DF193CDB8"
last-modified: Wed, 13 Sep 2023 17:22:01 GMT
vary: Accept-Encoding
content-md5: A/evXSZJMSEi63VEXU58wA==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 6ac808b1-901e-004e-74a6-213c8a000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

welcome.mariacasino.com/custom.js

104.18.43.104

200 OK

2.3 kB

URL GET HTTP/2
welcome.mariacasino.com/custom.js
IP
104.18.43.104:443
ASN
#13335 CLOUDFLARENET

Requested by
https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Certificate
IssuerLet's Encrypt
Subjectwelcome.mariacasino.com
Fingerprint40:A0:00:26:41:7A:12:6B:FE:71:F7:E2:B2:55:EC:BB:B2:54:58:93
ValidityMon, 30 Oct 2023 18:15:52 GMT - Sun, 28 Jan 2024 18:15:51 GMT

File type
ASCII text, with very long lines (2416), with no line terminators
Size
2.3 kB (2338 bytes)
Hash
6d84cf4089d69c6b618359f8aa3cb9db
7945de767b93fa8eff0e682ffda4350cc3ffbdc9
eda1841e3405aa581a877dd0d100e2ae14726f99d02a5d41788de0a08c5bdcc2

HTTP Headers

GET /custom.js HTTP/1.1
Host: welcome.mariacasino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?ch=affiliate&sub_ch=affiliate&campaignId=2856772&btag=127656177_9FC17AFE7C934C278F69BED8583D75E7&sref=ADST&ADST=16122660&affiliateId=1&pid=68246908&bid=37953
Cookie: btag=127656177_9FC17AFE7C934C278F69BED8583D75E7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 11 Dec 2023 18:54:17 GMT
content-type: application/javascript
cf-ray: 833fef71ee60b512-OSL
cf-cache-status: HIT
access-control-allow-origin: *
age: 309152
etag: W/"0x8DA42DC14A64A3D"
last-modified: Tue, 31 May 2022 08:03:43 GMT
vary: Accept-Encoding
content-md5: AaOIILzruhXFCZo/dsUAMw==
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: b7a3ce13-c01e-0031-74b0-1cf311000000
x-ms-version: 2014-02-14
server: cloudflare
content-encoding: br
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (46)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by