Report - orangeboring.com/?a=10282&c=1548&s1=&s2=&s3=&s4=&s5=&ckmguid=aba7fa87-ba54-4f06-856f-046efd7c395c

Report Overview

Submitted URL
orangeboring.com/?a=10282&c=1548&s1=&s2=&s3=&s4=&s5=&ckmguid=aba7fa87-ba54-4f06-856f-046efd7c395c
IP
54.155.137.218
ASN
#16509 AMAZON-02
Submitted
2024-04-26 17:46:25
Access
public
Website Title
Bareflort: Stevnemøter og uformelle hookups
Final URL
t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
4

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-26	426 B	89 kB	142.250.74.168
s01.ndcdn.com	unknown	2014-07-28	2015-01-20	2024-02-24	2.6 kB	530 kB	188.114.97.1
t10025.bareflort.no	unknown	2017-03-20	2021-09-25	2023-11-28	13 kB	434 kB	104.18.33.129
orangeboring.com	unknown	2024-01-31	2024-02-16	2024-03-16	551 B	1.0 kB	52.208.66.230
silence.whisperinggalaxy.com	unknown	2024-01-25	2024-01-29	2024-03-28	549 B	841 B	3.126.25.249
pointsafes.com	unknown	2022-12-23	2023-01-03	2024-04-18	509 B	536 B	52.210.254.219
safeclink.com	unknown	2022-12-23	2021-08-24	2024-03-26	553 B	1.1 kB	52.210.254.219
ogngqz.meyoudate.net	unknown	2024-01-16	2024-01-24	2024-03-16	581 B	989 B	52.19.138.177
trk.bareflort.no	unknown	2017-03-20	2018-01-22	2023-11-28	920 B	82 kB	104.18.33.129
my.link23456.com	unknown	2022-10-14	2022-12-08	2024-04-18	527 B	159 B	3.121.166.131
bt.hillertal.com	unknown	2023-12-24	2024-01-29	2024-02-29	545 B	578 B	34.147.1.177
s03.ndcdn.com	unknown	2014-07-28	2017-03-06	2024-02-29	3.4 kB	1.2 MB	188.114.97.1

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-26	medium	orangeboring.com	Sinkholed
2024-04-26	medium	pointsafes.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (14)

	URL	Size	First Seen	Last Seen
	t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=	60 kB	2024-04-26	2024-04-26
Pretty URL t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name= IP 104.18.33.129 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 19:46:26 Last Seen2024-04-26 19:46:26 Times Seen1 Hash 2110c850f416409bf25d955220bb1049 d27ecd250fbab43d6781d41d15bb7f3cb8f6f257 5e52ecfa90029c42ffbabfbfe643806ad2c63b4e615951bc01fefbd2bbede82a Loading...

	t10025.bareflort.no/js/dist/landing.js?v=3.0.1.master.20240325073054	1.3 MB	2024-04-26	2024-04-26
Pretty URL t10025.bareflort.no/js/dist/landing.js?v=3.0.1.master.20240325073054 IP 104.18.33.129 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 19:46:26 Last Seen2024-04-26 19:46:27 Times Seen2 Hash 9a84b741575e9c66e8df621938237a5e 0f8e131bf3ab1193458f1e714965231eb422e3df 6979ea1978a1117bc3f168b384680463fc828e73cd3b93e31fe6db93c3ec83cc Loading...

	t10025.bareflort.no/node_modules/requirejs/require.js	86 kB	2023-03-07	2024-05-01
Pretty URL t10025.bareflort.no/node_modules/requirejs/require.js IP 104.18.33.129 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:59 Last Seen2024-05-01 00:36:59 Times Seen193 Hash f0cc8bbb2fcef87fc194fecbb632fcfa 33bc97e78f4905e72b4c1eb2ca0a4662588443e3 9485f0917f97fcf4f63a5ea365200ffd57f123f451382a2f9a1ad2e2fd51ac9b Loading...

	t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=	1.7 kB	2024-04-26	2024-04-26
Pretty URL t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name= IP 104.18.33.129 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 19:46:26 Last Seen2024-04-26 19:46:26 Times Seen1 Hash 16d12adf8b1c6ded276ab00a0d6ae533 c56d545629f1870a02b6e94f546275fe8e8f8cae c33e13686aeede01ebbccfd5a9076a960da22f8f2c68f1602a0dd491ae59dd3a Loading...

	t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=	2.8 kB	2023-11-28	2024-04-26
Pretty URL t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name= IP 104.18.33.129 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-28 15:11:22 Last Seen2024-04-26 19:46:26 Times Seen2 Hash 241680ab1678790dacc7afc4bc618105 3373a1c3ac381d7ed97654ea4d05fb93d57f6e9a 93958d8cbacf4416b75d4e4d5310a11202c84b0c95b409d4b632e56313941620 Loading...

	t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=	214 B	2023-11-28	2024-04-26
Pretty URL t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name= IP 104.18.33.129 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-11-28 15:11:22 Last Seen2024-04-26 19:46:26 Times Seen2 Hash c4bbe7617b908646ad0e185985e57eb3 785cd16a2c83bf27fc8a82e56b08081658ef41f2 a68b4a757eedd7ab963d8b49efb1779acde61aaf3f28cb91597950f14807b316 Loading...

	t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=	282 B	2023-03-07	2024-04-26
Pretty URL t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name= IP 104.18.33.129 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:00:43 Last Seen2024-04-26 19:46:27 Times Seen8 Hash 6c4a8d0eb56ef9ca0b00f3fcb4be8a91 a96101614c2ba0c913592454590216a33e71dc99 1c28d84ea9d271cf3cbe71f574e4bb8d6834c33c865d4c11b4fba3564c52e377 Loading...

	t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=	346 B	2023-03-07	2024-04-26
Pretty URL t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name= IP 104.18.33.129 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 13:00:43 Last Seen2024-04-26 19:46:27 Times Seen8 Hash 25ccdc93906e748597551c079cc40999 98d0a3a61e34afd1881bc15d7c0049db139ee58c d72c056c97af06385e0c9788e52992ef77e5e3b35d218b748793d32d2c7211fb Loading...

	www.googletagmanager.com/gtag/js?id=G-E4HT1NRVN7	250 kB	2024-04-26	2024-04-26
Pretty URL www.googletagmanager.com/gtag/js?id=G-E4HT1NRVN7 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 19:46:27 Last Seen2024-04-26 19:46:27 Times Seen2 Hash aa889378e45966150b09be84ca5cf04a 88218327117cdf428a79590dbcc61b0db104c109 463dbd8a3154c16a1b4115e98b0b660a701156f0b078269b0cba1d8e98ff8716 Loading...

	t10025.bareflort.no/js/dist/config.js	1.8 kB	2024-04-26	2024-04-26
Pretty URL t10025.bareflort.no/js/dist/config.js IP 104.18.33.129 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 19:46:27 Last Seen2024-04-26 19:46:27 Times Seen1 Hash 3bb3ed48d04268c9333ad89f2be464f9 bd2e45fef6503773b8ed11b6edc381d1624070aa a15aade439e0b2f20d4894b9c01514a9ceb9beeafd02592031ae6f08866c79ce Loading...

	t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=	312 B	2024-04-26	2024-04-26
Pretty URL t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name= IP 104.18.33.129 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 19:46:27 Last Seen2024-04-26 19:46:27 Times Seen1 Hash 563cb21a4c6e366d2149bc6d42cc0ee7 4a8fb6df3bace09b8598135d5339555696a7d658 0b4af5bd7dc3a4042a25a30df00b5b34845e0cd27cac9bb8b0b6807834e16c0a Loading...

	unknown	247 B	2024-04-26	2024-04-26
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 19:46:27 Last Seen2024-04-26 19:46:27 Times Seen1 Hash e97b8c2ac51f7b9c538f83235352fd32 ef11dd38d74121513424d53d64626cc206382d2f 480106856fa78652b0cab02361ea473712f4cc5c3f080657f6d4eaa62cb56049 Loading...

	t10025.bareflort.no/cdn-cgi/challenge-platform/scripts/jsd/main.js	8.0 kB	2024-04-26	2024-04-26
Pretty URL t10025.bareflort.no/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 104.18.33.129 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-26 19:40:17 Last Seen2024-04-26 19:46:27 Times Seen4 Hash 8d3eff6b95c78d4a8793c41682de4af0 479311d8a0fcf5d760d45ac735084f1e708ed4f4 e4836d0c0a6b4c4778f8e22a072d28c0bfb7f92de39517207af9764db4474a73 Loading...

	t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=	1.1 kB	2024-04-26	2024-04-26
Pretty URL t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name= IP 104.18.33.129 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-26 19:46:27 Last Seen2024-04-26 19:46:27 Times Seen1 Hash f099a7f01ac002f5c2eb7064d963eb40 60e985229c79979f449f5e253f8f740131bbbec8 0e20529beb9978c52d1565e32d4975fd26f0df4aa2d225ff18527cd664eb805f Loading...

HTTP Transactions (29)

URL IP Response Size

orangeboring.com/?a=10282&c=1548&s1=&s2=&s3=&s4=&s5=&ckmguid=aba7fa87-ba54-4f06-856f-046efd7c395c

52.208.66.230

240 B

URL
orangeboring.com/?a=10282&c=1548&s1=&s2=&s3=&s4=&s5=&ckmguid=aba7fa87-ba54-4f06-856f-046efd7c395c
IP
52.208.66.230:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with CRLF line terminators
Size
240 B (240 bytes)
Hash
95929119ccbecae5f0bb65bf97299ac2
c1f91b788acc0979ad3d3864361b1863fc71c242
c2d8e4874969e33878543e1f12a8c2f0495a1b714688d1fd240186a36269cc4e

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?a=10282&c=1548&s1=&s2=&s3=&s4=&s5=&ckmguid=aba7fa87-ba54-4f06-856f-046efd7c395c HTTP/1.1
Host: orangeboring.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 240
Content-Type: text/html; charset=utf-8
Date: Fri, 26 Apr 2024 17:45:57 GMT
Location: https://silence.whisperinggalaxy.com/a8409f07-d408-408c-8b41-d01e5c7af5f1?s1=&s2=&s3=&s4=&s5=&aid=10282
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: sid=DV/76Tvs33lXMJV0cuAH/ar/r+qd73ZysKE+CwQS2uH6OGmnFvR8xw==; domain=.orangeboring.com; path=/; HttpOnly
trk=OqZ6unftIvItnxbFZN9Tlar/r+qd73ZysKE+CwQS2uH6OGmnFvR8xw==; domain=.orangeboring.com; expires=Sun, 26-Apr-2026 17:45:57 GMT; path=/; HttpOnly
c4762=DV/76Tvs33kHkTodoj0WHHmRuqLoeWU1ISpkMquK8nrbb8BKJEELeQ==; domain=.orangeboring.com; expires=Sun, 26-May-2024 17:45:57 GMT; path=/; HttpOnly
Connection: close

silence.whisperinggalaxy.com/a8409f07-d408-408c-8b41-d01e5c7af5f1?s1=&s2=&s3=&s4=&s5=&aid=10282

3.126.25.249

0 B

URL
silence.whisperinggalaxy.com/a8409f07-d408-408c-8b41-d01e5c7af5f1?s1=&s2=&s3=&s4=&s5=&aid=10282
IP
3.126.25.249:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a8409f07-d408-408c-8b41-d01e5c7af5f1?s1=&s2=&s3=&s4=&s5=&aid=10282 HTTP/1.1
Host: silence.whisperinggalaxy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 17:45:57 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://pointsafes.com/?a=10282&c=69668&p=r&s1=&s2=&s3=&s4=&s5=
pragma: no-cache
set-cookie: a8409f07-d408-408c-8b41-d01e5c7af5f1-v4=2GKtTXZJRXW2g79M2AtYvcHY2_IGlF8NbyQrzTyBa3Q; Max-Age=86400; Expires=Sat, 27-Apr-2024 17:45:57 GMT; Domain=silence.whisperinggalaxy.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=jfylDxglxn9akxRF9lx1jJM1CB%2B0g6qJhZK8pPD2AO%2B6tj4UZEPT00Yp8jvdzjXH%2BxMX4jsMRxcC8IUKbJChodR%2FrQTbBWmdDnmmAYTn5NzPce7H8V8T5re%2BlXvyva%2BthYUjmJbqoJ9a26A4UuDnQw%3D%3D; Max-Age=31536000; Expires=Sat, 26-Apr-2025 17:45:57 GMT; Domain=silence.whisperinggalaxy.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

pointsafes.com/?a=10282&c=69668&p=r&s1=&s2=&s3=&s4=&s5=

52.210.254.219

256 B

URL
pointsafes.com/?a=10282&c=69668&p=r&s1=&s2=&s3=&s4=&s5=
IP
52.210.254.219:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with CRLF line terminators
Size
256 B (256 bytes)
Hash
c2eb7936be5bfbd91c78fa496303c9ad
77ec2268daa7320fb426f67e7b5fbf78dd519f82
0c520db461f31eb9a3d953edf44ecba8a4cbf3d6659d5598e290ac3297eae941

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?a=10282&c=69668&p=r&s1=&s2=&s3=&s4=&s5= HTTP/1.1
Host: pointsafes.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 256
Content-Type: text/html; charset=utf-8
Date: Fri, 26 Apr 2024 17:45:57 GMT
Location: https://safeclink.com/?a=10282&c=69668&p=r&s1=&s2=&s3=&s4=&s5=&ckmguid=106d61a1-2389-4a06-9e45-486c5028098b
Connection: close

safeclink.com/?a=10282&c=69668&p=r&s1=&s2=&s3=&s4=&s5=&ckmguid=106d61a1-2389-4a06-9e45-486c5028098b

52.210.254.219

288 B

URL
safeclink.com/?a=10282&c=69668&p=r&s1=&s2=&s3=&s4=&s5=&ckmguid=106d61a1-2389-4a06-9e45-486c5028098b
IP
52.210.254.219:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with CRLF line terminators
Size
288 B (288 bytes)
Hash
44aa3f053e06b00c6ebd63b0343584a1
427950d15005013402e243970ae703d62581e116
e55d616dd96f866297c2afecacd3856837a1d0d0005b29340dfca1c0859f6df6

HTTP Headers

GET /?a=10282&c=69668&p=r&s1=&s2=&s3=&s4=&s5=&ckmguid=106d61a1-2389-4a06-9e45-486c5028098b HTTP/1.1
Host: safeclink.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Cache-Control: private
Content-Length: 288
Content-Type: text/html; charset=utf-8
Date: Fri, 26 Apr 2024 17:45:57 GMT
Location: https://ogngqz.meyoudate.net/?utm_source=da57dc555e50572d&s1=187482&s2=1994588&s3=10282&s5=&click_id=121839923&ban=other&j5=1&j6=1&j9=1
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: sid=yZNX4V8L28Y+OEnoHwWG+Kr/r+qd73ZyuGgRLEO365JyQc2UZx20vw==; domain=.safeclink.com; path=/; HttpOnly
trk=UJb2hvu0cMz/W9cOBOI+vqr/r+qd73ZyuGgRLEO365JyQc2UZx20vw==; domain=.safeclink.com; expires=Sun, 26-Apr-2026 17:45:57 GMT; path=/; HttpOnly
c4538=yZNX4V8L28b/JEcQ7b6QXoR1zMu4aRbD3dLCaTAoOGHbb8BKJEELeQ==; domain=.safeclink.com; expires=Sun, 26-May-2024 17:45:57 GMT; path=/; HttpOnly
Connection: close

ogngqz.meyoudate.net/?utm_source=da57dc555e50572d&s1=187482&s2=1994588&s3=10282&s5=&click_id=121839923&ban=other&j5=1&j6=1&j9=1

52.19.138.177

131 B

URL
ogngqz.meyoudate.net/?utm_source=da57dc555e50572d&s1=187482&s2=1994588&s3=10282&s5=&click_id=121839923&ban=other&j5=1&j6=1&j9=1
IP
52.19.138.177:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text
Size
131 B (131 bytes)
Hash
0a46caf2c1bdba84eaa75a541a3034a8
4bbd3775cb72ed326dc88fe76c4217b4509f2a44
424fc4406018be5c109a7961cba1f387902ce606ad7f39cfcd29ba9228116905

HTTP Headers

GET /?utm_source=da57dc555e50572d&s1=187482&s2=1994588&s3=10282&s5=&click_id=121839923&ban=other&j5=1&j6=1&j9=1 HTTP/1.1
Host: ogngqz.meyoudate.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 17:45:58 GMT
content-type: text/html; charset=utf-8
content-length: 131
location: https://my.link23456.com/click?o=7315&a=198&sub_id1=xzghz662be856000c5842&sub_id3=187482_1994588
set-cookie: unique_id=662b1fb70006de44; Path=/; Expires=Tue, 25 Jun 2024 17:45:58 GMT; Secure; SameSite=None
unique_id2=662aea8e00040130; Path=/; Expires=Thu, 25 Jul 2024 17:45:58 GMT; Secure; SameSite=None
662aea8e00040130_c=1; Path=/; Expires=Thu, 25 Jul 2024 17:45:58 GMT; Secure; SameSite=None
ref_token=209451_199931_199209_165982_145864_187482; Path=/; Expires=Sun, 26 May 2024 17:45:58 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Fri, 26 Apr 2024 17:45:58 GMT; Secure; SameSite=None
tid=xzghz662be856000c5842; Path=/; Expires=Sat, 31 Mar 2029 17:45:58 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2

my.link23456.com/favicon.ico

3.121.166.131

0 B

URL
my.link23456.com/favicon.ico
IP
3.121.166.131:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: my.link23456.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: U-f2c5b1f06bfe59954cb2a56858c2ed98=unique; o_f2c5b1f06bfe59954cb2a56858c2ed98=ffb079aa-7364-4264-ad7a-62250ac0a176
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
server: awselb/2.0
date: Fri, 26 Apr 2024 17:45:58 GMT
content-type: text/plain; charset=utf-8
content-length: 0
X-Firefox-Spdy: h2

bt.hillertal.com/click?pid=518&offer_id=7696&sub1=198&sub3=72fd3d48428af463f5a04179effb97f2

34.147.1.177

0 B

URL
bt.hillertal.com/click?pid=518&offer_id=7696&sub1=198&sub3=72fd3d48428af463f5a04179effb97f2
IP
34.147.1.177:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?pid=518&offer_id=7696&sub1=198&sub3=72fd3d48428af463f5a04179effb97f2 HTTP/1.1
Host: bt.hillertal.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Fri, 26 Apr 2024 17:45:58 GMT
content-length: 0
location: https://flirtingnearby.com/tds/ae?tdsId=s0556pod_r&tds_campaign=s0556pod&p1=b5126pod&s1=int&utm_source=int&utm_term=1&affid=65511f88&subid=518&subid2=198&clickid=662be8568d82260001959f0c
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=662be8568d82260001959f0c; expires=Sat, 26 Apr 2025 17:45:58 GMT; secure; SameSite=None
afoffers={"7696":1714153558}; expires=Sat, 26 Apr 2025 17:45:58 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-E4HT1NRVN7

142.250.74.168

200 OK

89 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-E4HT1NRVN7
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
FingerprintFC:B1:16:E0:D8:F3:2B:F3:AB:33:E5:E1:23:57:F4:48:66:FD:4D:52
ValidityMon, 08 Apr 2024 06:34:55 GMT - Mon, 01 Jul 2024 06:34:54 GMT

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
89 kB (88707 bytes)
Hash
aa889378e45966150b09be84ca5cf04a
88218327117cdf428a79590dbcc61b0db104c109
463dbd8a3154c16a1b4115e98b0b660a701156f0b078269b0cba1d8e98ff8716

HTTP Headers

GET /gtag/js?id=G-E4HT1NRVN7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t10025.bareflort.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 26 Apr 2024 17:46:00 GMT
expires: Fri, 26 Apr 2024 17:46:00 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88707
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

s03.ndcdn.com/promo-static/img/landing0109/_locale/nb_NO/desktop-bg.jpg?v=3.0.1.master.20240325073054

188.114.97.1

200 OK

1.2 MB

URL GET HTTP/2
s03.ndcdn.com/promo-static/img/landing0109/_locale/nb_NO/desktop-bg.jpg?v=3.0.1.master.20240325073054
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerGoogle Trust Services LLC
Subjectndcdn.com
Fingerprint41:63:79:AD:52:D3:6C:03:5D:30:00:A4:9C:9B:48:44:3A:E0:58:B3
ValidityTue, 27 Feb 2024 16:21:45 GMT - Mon, 27 May 2024 16:21:44 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1200x1334, components 3
Size
1.2 MB (1185281 bytes)
Hash
0f7e923c7450013fa079a6d52bfa884f
51a7f2b632ada5feda98d8e401a2826c25bc7543
56a22f66852f88952a194e943515f2301a28131a3f7a394c64955b501d1b25ea

HTTP Headers

GET /promo-static/img/landing0109/_locale/nb_NO/desktop-bg.jpg?v=3.0.1.master.20240325073054 HTTP/1.1
Host: s03.ndcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t10025.bareflort.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 17:46:00 GMT
content-type: image/jpeg
content-length: 1185281
last-modified: Mon, 26 Sep 2022 13:11:45 GMT
etag: "6331a511-121601"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 116918
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QXi3m0apdBX9E3myNnIg15zMO9ncyaLH4hinXBJCzbz6QujWAiLEjF7BVU31SlSH3oPzmgZibTz1tDcqhMTyVChJeb2u6pBVg3M1%2B2exP7F70caHb9KT95YTSZXcsa5d"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a863cb69af5687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

s01.ndcdn.com/promo/node_modules/g4.font.family/fonts/Roboto-Regular.woff

188.114.97.1

200 OK

74 kB

URL GET HTTP/3
s01.ndcdn.com/promo/node_modules/g4.font.family/fonts/Roboto-Regular.woff
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerGoogle Trust Services LLC
Subjectndcdn.com
Fingerprint41:63:79:AD:52:D3:6C:03:5D:30:00:A4:9C:9B:48:44:3A:E0:58:B3
ValidityTue, 27 Feb 2024 16:21:45 GMT - Mon, 27 May 2024 16:21:44 GMT

File type
Web Open Font Format, TrueType, length 74048, version 1.-30931
Size
74 kB (74048 bytes)
Hash
e391b23632ac2eef2e4d074fb0a9166c
ce6a58d983bfcc7fe17a6900bfc44e7eb3104ae2
8e363031576e1d8c7d18952dd2fb30006a8acd9937bc034d24017e650e803d78

HTTP Headers

GET /promo/node_modules/g4.font.family/fonts/Roboto-Regular.woff HTTP/1.1
Host: s01.ndcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t10025.bareflort.no
DNT: 1
Connection: keep-alive
Referer: https://s01.ndcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 17:46:01 GMT
content-type: application/font-woff
content-length: 74048
last-modified: Mon, 25 Mar 2024 06:33:15 GMT
etag: "66011aab-12140"
expires: Sun, 26 May 2024 15:49:17 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 7004
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MTdnVQ%2Bq63wlllUDCSzUW%2FuacwqacGWZDbqDvmO59frL7q5XbRPMNgCWXrDxZeEmBG5LkjB8qfOHfNwKIq1Y%2BnX6WTXutQNR9IqJhsRo1%2FU0KAOb874Mi4vkyxU905cb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a863cd6ac11bfe-OSL
alt-svc: h3=":443"; ma=86400

s01.ndcdn.com/promo/node_modules/g4.font.family/fonts/Roboto-Bold.woff

188.114.97.1

200 OK

90 kB

URL GET HTTP/3
s01.ndcdn.com/promo/node_modules/g4.font.family/fonts/Roboto-Bold.woff
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerGoogle Trust Services LLC
Subjectndcdn.com
Fingerprint41:63:79:AD:52:D3:6C:03:5D:30:00:A4:9C:9B:48:44:3A:E0:58:B3
ValidityTue, 27 Feb 2024 16:21:45 GMT - Mon, 27 May 2024 16:21:44 GMT

File type
Web Open Font Format, TrueType, length 90308, version 0.0
Size
90 kB (90308 bytes)
Hash
eb43b4c3b3b6cac224f76c0a524946a1
a04489f521e6e80cee317578cc29185f255a3472
efc87488978374cb2eaf2566aaab1774c4be67ee939f6db8698b955972bf355a

HTTP Headers

GET /promo/node_modules/g4.font.family/fonts/Roboto-Bold.woff HTTP/1.1
Host: s01.ndcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t10025.bareflort.no
DNT: 1
Connection: keep-alive
Referer: https://s01.ndcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 17:46:01 GMT
content-type: application/font-woff
content-length: 90308
last-modified: Mon, 25 Mar 2024 06:33:15 GMT
etag: "66011aab-160c4"
expires: Sat, 04 May 2024 20:39:23 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1890398
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4905WsBYg7XqYeY%2F278h377qxxEv1b8aNDNn0YjNmxP2CnXrluNWJidIVLNlLK6Un9YXX1%2Bdh2LKrTl3pTnLPC3vubFV5Y4mhxJk%2F1FFGjCWUfm9FN5kYTvmTZ7FA744"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a863cd6ace1bfe-OSL
alt-svc: h3=":443"; ma=86400

s01.ndcdn.com/promo/node_modules/g4.font.family/fonts/Roboto-Medium.woff

188.114.97.1

200 OK

70 kB

URL GET HTTP/3
s01.ndcdn.com/promo/node_modules/g4.font.family/fonts/Roboto-Medium.woff
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerGoogle Trust Services LLC
Subjectndcdn.com
Fingerprint41:63:79:AD:52:D3:6C:03:5D:30:00:A4:9C:9B:48:44:3A:E0:58:B3
ValidityTue, 27 Feb 2024 16:21:45 GMT - Mon, 27 May 2024 16:21:44 GMT

File type
Web Open Font Format, TrueType, length 70276, version 1.-30931
Size
70 kB (70276 bytes)
Hash
21297989cd4684c635ec8d2415626f22
df93b539d4c61a8786634d8f187d652800aa2e18
73a25b9ad1417676f420e994e387a403ed672a7a58d2f86e760e0837874a23fb

HTTP Headers

GET /promo/node_modules/g4.font.family/fonts/Roboto-Medium.woff HTTP/1.1
Host: s01.ndcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t10025.bareflort.no
DNT: 1
Connection: keep-alive
Referer: https://s01.ndcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 17:46:01 GMT
content-type: application/font-woff
content-length: 70276
last-modified: Mon, 25 Mar 2024 06:33:15 GMT
etag: "66011aab-11284"
expires: Sat, 11 May 2024 07:49:03 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1331818
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5jMCjHMai%2F4iX%2BcoFsjfytxEC1oeYE5LBkdHXF3z1yRBxtFdh9BTIb96mH0gp%2B7IXO%2FMZ0%2FcrpItAt3kelA5zhH2zskx%2FbHYZWOdfPYCPdo7fp%2Bob39o9OvTVUD62Taa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a863cd7ad11bfe-OSL
alt-svc: h3=":443"; ma=86400

s01.ndcdn.com/promo/node_modules/g4.font.icons/fonts/icons0007.woff?-9ll32q

188.114.97.1

200 OK

254 kB

URL GET HTTP/3
s01.ndcdn.com/promo/node_modules/g4.font.icons/fonts/icons0007.woff?-9ll32q
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerGoogle Trust Services LLC
Subjectndcdn.com
Fingerprint41:63:79:AD:52:D3:6C:03:5D:30:00:A4:9C:9B:48:44:3A:E0:58:B3
ValidityTue, 27 Feb 2024 16:21:45 GMT - Mon, 27 May 2024 16:21:44 GMT

File type
Web Open Font Format, TrueType, length 254124, version 1.0
Size
254 kB (254124 bytes)
Hash
ffd3d0ec92954ecb70e46857cfa614db
300eb9207652c6daf740a4b4065d555a539e2b50
e247313d267dd19164c600382d5a2a62c0a319868856edb57577a904fbd6a6b7

HTTP Headers

GET /promo/node_modules/g4.font.icons/fonts/icons0007.woff?-9ll32q HTTP/1.1
Host: s01.ndcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://t10025.bareflort.no
DNT: 1
Connection: keep-alive
Referer: https://s01.ndcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 17:46:01 GMT
content-type: application/font-woff
content-length: 254124
last-modified: Mon, 25 Mar 2024 06:33:18 GMT
etag: "66011aae-3e0ac"
expires: Sat, 04 May 2024 20:39:23 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1890398
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1xP%2BBEPxqAUbULfrvfdEwE7VIAxbA%2FvwFg7mz%2F7HoHm2Cynfn%2BCSz1GHe1IpJFlfL%2FX3vfdlGpBs3rJFw8S70upRUjMIDN1rWSzMqjl2hrJrZkGFnyav%2BV06uNXYE87%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a863cd7adc1bfe-OSL
alt-svc: h3=":443"; ma=86400

t10025.bareflort.no/cdn-cgi/challenge-platform/scripts/jsd/main.js

104.18.33.129

302 Found

0 B

URL GET HTTP/2
t10025.bareflort.no/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
104.18.33.129:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerLet's Encrypt
Subjectbareflort.no
Fingerprint2F:48:C4:08:E1:1D:42:6C:27:4D:7D:44:09:97:FF:29:19:FC:3F:62
ValidityMon, 18 Mar 2024 11:05:15 GMT - Sun, 16 Jun 2024 11:05:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: t10025.bareflort.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=MnA3T6wtNn27jAf55rcSjqIakWEquhihKG3cBW3nmUA-1714153560-1.0.1.1-R4EyHyBCe_hCG8oR0kuPfhPVQmM7c7N2SAl7Dfz6T6irecrUxQNk394t_mSXQSN8mSkI.JnhMbNY_8KLDFVBHQ; PHPSESSID=mrfthu148bb7it0cj6av57b2pt; pc_aff=g40gak3Kmlem8LKToQxFVmkOP28uzFBkh0WACsDpdPVLsAzkKjTJerC0yyPJiXvPaMg7Ysof3WPE_0CUALYdWRAyg2XEg4yaVt9uEZFRpfpm-gzlOuyYPnOLqtG6b_t-Y31zkEkDggv5mkf8IfOer6dup32bQutLCFklZ5PptG8TRKi6XdU-z3TkDVXGISPePW_ChFnWh_IyqeeBQohoCv7ewxKDncgtlA3xn-0PHfokiAAcqWEmZG2oeXos_qUX26jTPl-wRoZgI8LJ0o60zlpDvQBAM8xeNmg4NGbK4RHp7vbkN5_YmoPc5r6V1sck8I5ToXLVurakwg7godSSMkVTiqH17XtNAq9vk1D9JkukC0sNHkdGobmo_zN2DCtPajufz7sVCved0olYFz1lABFeqsT5PaFCpJ6yQAjVUH-vJ8ZfQkDNO3BNDywViJPXNyEtgVS6lqyFkFxLIBn83c4a_x5vAGm_XhF6AVA0lGk7kE_I6QXdHhfY_YKWfWVm; promo_code=103657; ev=xc17141535596740c662be857b47cc384351520; keyword=2166; APPID=promo; SERVERID=wbs09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Fri, 26 Apr 2024 17:46:01 GMT
content-length: 0
access-control-allow-origin: *
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
cache-control: max-age=300, public
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a863cdef6eb4f3-OSL
X-Firefox-Spdy: h2

s03.ndcdn.com/sites/bareflort.no/favicon.png

188.114.97.1

200 OK

1.2 kB

URL GET HTTP/3
s03.ndcdn.com/sites/bareflort.no/favicon.png
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerGoogle Trust Services LLC
Subjectndcdn.com
Fingerprint41:63:79:AD:52:D3:6C:03:5D:30:00:A4:9C:9B:48:44:3A:E0:58:B3
ValidityTue, 27 Feb 2024 16:21:45 GMT - Mon, 27 May 2024 16:21:44 GMT

File type
PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Size
1.2 kB (1163 bytes)
Hash
3642ee9f8d1a035281262a81edb1907d
d5c3b692ec2600473a0078255b901663231f9a8c
fd164481fa4a3308dbfbfc3cbbc208ef9cd0e88f900a2a266026f254c9e1dde1

HTTP Headers

GET /sites/bareflort.no/favicon.png HTTP/1.1
Host: s03.ndcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t10025.bareflort.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Fri, 26 Apr 2024 17:46:01 GMT
content-type: image/png
content-length: 1163
last-modified: Mon, 23 Oct 2017 07:50:17 GMT
etag: "59ed9f39-48b"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 101076
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bL5pUGjEYNV3jBFkldiNFcwkUE22GsxENWjmAyqJPC2wb5dfd%2Fy8ly%2FnS2NMYpbK5bjiQBYXd22fp2F9b5tlB5PlhtUz9IgVlSKUGQ38tAS4Dh5aXVsdUtFSFoEJBc9T"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 87a863cdea24b500-OSL
alt-svc: h3=":443"; ma=86400

t10025.bareflort.no/js/dist/landing.js?v=3.0.1.master.20240325073054

104.18.33.129

200 OK

252 kB

URL GET HTTP/2
t10025.bareflort.no/js/dist/landing.js?v=3.0.1.master.20240325073054
IP
104.18.33.129:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerLet's Encrypt
Subjectbareflort.no
Fingerprint2F:48:C4:08:E1:1D:42:6C:27:4D:7D:44:09:97:FF:29:19:FC:3F:62
ValidityMon, 18 Mar 2024 11:05:15 GMT - Sun, 16 Jun 2024 11:05:14 GMT

File type
JavaScript source, ASCII text
Size
252 kB (251929 bytes)
Hash
9a84b741575e9c66e8df621938237a5e
0f8e131bf3ab1193458f1e714965231eb422e3df
6979ea1978a1117bc3f168b384680463fc828e73cd3b93e31fe6db93c3ec83cc

HTTP Headers

GET /js/dist/landing.js?v=3.0.1.master.20240325073054 HTTP/1.1
Host: t10025.bareflort.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Cookie: __cf_bm=MnA3T6wtNn27jAf55rcSjqIakWEquhihKG3cBW3nmUA-1714153560-1.0.1.1-R4EyHyBCe_hCG8oR0kuPfhPVQmM7c7N2SAl7Dfz6T6irecrUxQNk394t_mSXQSN8mSkI.JnhMbNY_8KLDFVBHQ; PHPSESSID=mrfthu148bb7it0cj6av57b2pt; pc_aff=g40gak3Kmlem8LKToQxFVmkOP28uzFBkh0WACsDpdPVLsAzkKjTJerC0yyPJiXvPaMg7Ysof3WPE_0CUALYdWRAyg2XEg4yaVt9uEZFRpfpm-gzlOuyYPnOLqtG6b_t-Y31zkEkDggv5mkf8IfOer6dup32bQutLCFklZ5PptG8TRKi6XdU-z3TkDVXGISPePW_ChFnWh_IyqeeBQohoCv7ewxKDncgtlA3xn-0PHfokiAAcqWEmZG2oeXos_qUX26jTPl-wRoZgI8LJ0o60zlpDvQBAM8xeNmg4NGbK4RHp7vbkN5_YmoPc5r6V1sck8I5ToXLVurakwg7godSSMkVTiqH17XtNAq9vk1D9JkukC0sNHkdGobmo_zN2DCtPajufz7sVCved0olYFz1lABFeqsT5PaFCpJ6yQAjVUH-vJ8ZfQkDNO3BNDywViJPXNyEtgVS6lqyFkFxLIBn83c4a_x5vAGm_XhF6AVA0lGk7kE_I6QXdHhfY_YKWfWVm; promo_code=103657; ev=xc17141535596740c662be857b47cc384351520; keyword=2166; APPID=promo; SERVERID=wbs09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Fri, 26 Apr 2024 17:46:01 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 25 Mar 2024 06:32:48 GMT
vary: Accept-Encoding
etag: W/"66011a90-132a9d"
expires: Sun, 26 May 2024 17:46:01 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 107324
server: cloudflare
cf-ray: 87a863ce3ff4b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

s03.ndcdn.com/promo-static/img/landing0109/icons/message.svg?v=3.0.1.master.20240325073054

188.114.97.1

200 OK

836 B

URL GET HTTP/2
s03.ndcdn.com/promo-static/img/landing0109/icons/message.svg?v=3.0.1.master.20240325073054
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerGoogle Trust Services LLC
Subjectndcdn.com
Fingerprint41:63:79:AD:52:D3:6C:03:5D:30:00:A4:9C:9B:48:44:3A:E0:58:B3
ValidityTue, 27 Feb 2024 16:21:45 GMT - Mon, 27 May 2024 16:21:44 GMT

File type
SVG Scalable Vector Graphics image
Size
836 B (836 bytes)
Hash
830a06c42f545eb97349b20cf00bf0ec
7d0cd30310f9bd8143e8a9e7d8a671ffb519aa15
d306ddea41d363a775af7344e836519b771aef28ecca59635d067ec1b199626b

HTTP Headers

GET /promo-static/img/landing0109/icons/message.svg?v=3.0.1.master.20240325073054 HTTP/1.1
Host: s03.ndcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t10025.bareflort.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 17:46:00 GMT
content-type: image/svg+xml
last-modified: Wed, 23 Dec 2020 09:07:41 GMT
vary: Accept-Encoding
etag: W/"5fe308dd-344"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 44324
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G0YRYn3Op0n4lt9g5VzC7RBhmEMaqenkt61G%2BMDcSoVJ55Z3%2BeIaGITGBhCiPVao1H%2FkPyGbej3VfFAgaR5314ZiwWNSMm0Bsq%2Fy5QItWv7AKMPXzYp2fiPi9RPoqpqU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a863cb69ac5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

s03.ndcdn.com/promo-static/img/landing0109/icons/search.svg?v=3.0.1.master.20240325073054

188.114.97.1

200 OK

258 B

URL GET HTTP/2
s03.ndcdn.com/promo-static/img/landing0109/icons/search.svg?v=3.0.1.master.20240325073054
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerGoogle Trust Services LLC
Subjectndcdn.com
Fingerprint41:63:79:AD:52:D3:6C:03:5D:30:00:A4:9C:9B:48:44:3A:E0:58:B3
ValidityTue, 27 Feb 2024 16:21:45 GMT - Mon, 27 May 2024 16:21:44 GMT

File type
SVG Scalable Vector Graphics image
Size
258 B (258 bytes)
Hash
9c1ba59c4f52bb7edf573f5fbddb8e42
a0350cb8346161eb721877747c1e15939208f65f
cf259fddef34f1cf7e0bd3d3baedb3453d988dda29022905aadc022176ea5a37

HTTP Headers

GET /promo-static/img/landing0109/icons/search.svg?v=3.0.1.master.20240325073054 HTTP/1.1
Host: s03.ndcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t10025.bareflort.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 17:46:00 GMT
content-type: image/svg+xml
last-modified: Wed, 23 Dec 2020 09:07:39 GMT
vary: Accept-Encoding
etag: W/"5fe308db-102"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 353157
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GRv1YWcMi250XGIL4jKWNyCRoUgTmS%2BAfinEGL5%2FFvEFYILs2U2ldT74ZJ5XAXavJe0sBilvdpDjZDKa8%2FLtHjk1ZgQbPtJYS25LifKi3%2B8pWP6I1FhIgLs%2Fej5nwNJ1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a863cb69ae5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

t10025.bareflort.no/node_modules/requirejs/require.js

104.18.33.129

200 OK

86 kB

URL GET HTTP/2
t10025.bareflort.no/node_modules/requirejs/require.js
IP
104.18.33.129:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerLet's Encrypt
Subjectbareflort.no
Fingerprint2F:48:C4:08:E1:1D:42:6C:27:4D:7D:44:09:97:FF:29:19:FC:3F:62
ValidityMon, 18 Mar 2024 11:05:15 GMT - Sun, 16 Jun 2024 11:05:14 GMT

File type
JavaScript source, ASCII text
Size
86 kB (86483 bytes)
Hash
f0cc8bbb2fcef87fc194fecbb632fcfa
33bc97e78f4905e72b4c1eb2ca0a4662588443e3
9485f0917f97fcf4f63a5ea365200ffd57f123f451382a2f9a1ad2e2fd51ac9b

HTTP Headers

GET /node_modules/requirejs/require.js HTTP/1.1
Host: t10025.bareflort.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Cookie: __cf_bm=MnA3T6wtNn27jAf55rcSjqIakWEquhihKG3cBW3nmUA-1714153560-1.0.1.1-R4EyHyBCe_hCG8oR0kuPfhPVQmM7c7N2SAl7Dfz6T6irecrUxQNk394t_mSXQSN8mSkI.JnhMbNY_8KLDFVBHQ; PHPSESSID=mrfthu148bb7it0cj6av57b2pt; pc_aff=g40gak3Kmlem8LKToQxFVmkOP28uzFBkh0WACsDpdPVLsAzkKjTJerC0yyPJiXvPaMg7Ysof3WPE_0CUALYdWRAyg2XEg4yaVt9uEZFRpfpm-gzlOuyYPnOLqtG6b_t-Y31zkEkDggv5mkf8IfOer6dup32bQutLCFklZ5PptG8TRKi6XdU-z3TkDVXGISPePW_ChFnWh_IyqeeBQohoCv7ewxKDncgtlA3xn-0PHfokiAAcqWEmZG2oeXos_qUX26jTPl-wRoZgI8LJ0o60zlpDvQBAM8xeNmg4NGbK4RHp7vbkN5_YmoPc5r6V1sck8I5ToXLVurakwg7godSSMkVTiqH17XtNAq9vk1D9JkukC0sNHkdGobmo_zN2DCtPajufz7sVCved0olYFz1lABFeqsT5PaFCpJ6yQAjVUH-vJ8ZfQkDNO3BNDywViJPXNyEtgVS6lqyFkFxLIBn83c4a_x5vAGm_XhF6AVA0lGk7kE_I6QXdHhfY_YKWfWVm; promo_code=103657; ev=xc17141535596740c662be857b47cc384351520; keyword=2166; APPID=promo; SERVERID=wbs09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 17:46:00 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 27 Aug 2018 06:00:39 GMT
vary: Accept-Encoding
etag: W/"5b839387-151d3"
expires: Sun, 26 May 2024 17:46:00 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 107323
server: cloudflare
cf-ray: 87a863cb0b19b4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

trk.bareflort.no/a/ff10025/?promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0|0|0|0&email={ext_email_passing}&email_prefill={ext_email_prefill}&email_encoded={ext_email_passing_encoded}&email_prefill_encoded={ext_email_prefill_encoded}&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=

104.18.33.129

302 Found

81 kB

URL User Request GET HTTP/2
trk.bareflort.no/a/ff10025/?promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0|0|0|0&email={ext_email_passing}&email_prefill={ext_email_prefill}&email_encoded={ext_email_passing_encoded}&email_prefill_encoded={ext_email_prefill_encoded}&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
IP
104.18.33.129:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectbareflort.no
Fingerprint2F:48:C4:08:E1:1D:42:6C:27:4D:7D:44:09:97:FF:29:19:FC:3F:62
ValidityMon, 18 Mar 2024 11:05:15 GMT - Sun, 16 Jun 2024 11:05:14 GMT

File type

Size
81 kB (80933 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a/ff10025/?promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0|0|0|0&email={ext_email_passing}&email_prefill={ext_email_prefill}&email_encoded={ext_email_passing_encoded}&email_prefill_encoded={ext_email_prefill_encoded}&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name= HTTP/1.1
Host: trk.bareflort.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Fri, 26 Apr 2024 17:46:00 GMT
content-type: text/html; charset=UTF-8
location: https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
cf-cache-status: DYNAMIC
set-cookie: SERVERID=wbs11; path=/
__cf_bm=MnA3T6wtNn27jAf55rcSjqIakWEquhihKG3cBW3nmUA-1714153560-1.0.1.1-R4EyHyBCe_hCG8oR0kuPfhPVQmM7c7N2SAl7Dfz6T6irecrUxQNk394t_mSXQSN8mSkI.JnhMbNY_8KLDFVBHQ; path=/; expires=Fri, 26-Apr-24 18:16:00 GMT; domain=.bareflort.no; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87a863c79e7db4f3-OSL
X-Firefox-Spdy: h2

s03.ndcdn.com/promo-static/img/landing0109/icons/like.svg?v=3.0.1.master.20240325073054

188.114.97.1

200 OK

464 B

URL GET HTTP/2
s03.ndcdn.com/promo-static/img/landing0109/icons/like.svg?v=3.0.1.master.20240325073054
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerGoogle Trust Services LLC
Subjectndcdn.com
Fingerprint41:63:79:AD:52:D3:6C:03:5D:30:00:A4:9C:9B:48:44:3A:E0:58:B3
ValidityTue, 27 Feb 2024 16:21:45 GMT - Mon, 27 May 2024 16:21:44 GMT

File type
SVG Scalable Vector Graphics image
Size
464 B (464 bytes)
Hash
8f1fa00cf5dd9486768081ffcd94134b
1a322c503d41d2901c834ecdecada1c475bd6b86
cdc1d146249c4eabc9f791271eba979f7f4020fa94c1cca300fec1ebf279461e

HTTP Headers

GET /promo-static/img/landing0109/icons/like.svg?v=3.0.1.master.20240325073054 HTTP/1.1
Host: s03.ndcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t10025.bareflort.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 17:46:00 GMT
content-type: image/svg+xml
last-modified: Wed, 23 Dec 2020 09:07:39 GMT
vary: Accept-Encoding
etag: W/"5fe308db-1d0"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 353157
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8DIWowC%2BVgPQuxU3p%2FHBhqiEU31tkwaATy4s%2BRnlMh6YcgiEdkyKnTR%2FU04jrYn5wOai3BoyEMw%2BcSoU7%2FtWQ1SqBzXmIsiCESBFxu6WOPnjhg5JCMmj73rtM9Urx007"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a863cb89e15687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

t10025.bareflort.no/js/dist/config.js

104.18.33.129

200 OK

1.8 kB

URL GET HTTP/2
t10025.bareflort.no/js/dist/config.js
IP
104.18.33.129:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerLet's Encrypt
Subjectbareflort.no
Fingerprint2F:48:C4:08:E1:1D:42:6C:27:4D:7D:44:09:97:FF:29:19:FC:3F:62
ValidityMon, 18 Mar 2024 11:05:15 GMT - Sun, 16 Jun 2024 11:05:14 GMT

File type
JavaScript source, ASCII text, with very long lines (1924), with no line terminators
Size
1.8 kB (1848 bytes)
Hash
33ebe39e8a0d2e480a94d02df2d8623a
009d813a6e8cf174b8cd9f6d19814b23ab492f1d
be37e991b3317409921c3645c599b05357241278df14cf2c7f6cf90ad8823136

HTTP Headers

GET /js/dist/config.js HTTP/1.1
Host: t10025.bareflort.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Cookie: __cf_bm=MnA3T6wtNn27jAf55rcSjqIakWEquhihKG3cBW3nmUA-1714153560-1.0.1.1-R4EyHyBCe_hCG8oR0kuPfhPVQmM7c7N2SAl7Dfz6T6irecrUxQNk394t_mSXQSN8mSkI.JnhMbNY_8KLDFVBHQ; PHPSESSID=mrfthu148bb7it0cj6av57b2pt; pc_aff=g40gak3Kmlem8LKToQxFVmkOP28uzFBkh0WACsDpdPVLsAzkKjTJerC0yyPJiXvPaMg7Ysof3WPE_0CUALYdWRAyg2XEg4yaVt9uEZFRpfpm-gzlOuyYPnOLqtG6b_t-Y31zkEkDggv5mkf8IfOer6dup32bQutLCFklZ5PptG8TRKi6XdU-z3TkDVXGISPePW_ChFnWh_IyqeeBQohoCv7ewxKDncgtlA3xn-0PHfokiAAcqWEmZG2oeXos_qUX26jTPl-wRoZgI8LJ0o60zlpDvQBAM8xeNmg4NGbK4RHp7vbkN5_YmoPc5r6V1sck8I5ToXLVurakwg7godSSMkVTiqH17XtNAq9vk1D9JkukC0sNHkdGobmo_zN2DCtPajufz7sVCved0olYFz1lABFeqsT5PaFCpJ6yQAjVUH-vJ8ZfQkDNO3BNDywViJPXNyEtgVS6lqyFkFxLIBn83c4a_x5vAGm_XhF6AVA0lGk7kE_I6QXdHhfY_YKWfWVm; promo_code=103657; ev=xc17141535596740c662be857b47cc384351520; keyword=2166; APPID=promo; SERVERID=wbs09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 17:46:00 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 25 Mar 2024 06:27:37 GMT
vary: Accept-Encoding
etag: W/"66011959-738"
expires: Sun, 26 May 2024 17:46:00 GMT
cache-control: public, max-age=2592000
cf-cache-status: HIT
age: 107323
server: cloudflare
cf-ray: 87a863cafb0fb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

t10025.bareflort.no/GeoIp

104.18.33.129

200 OK

275 B

URL GET HTTP/2
t10025.bareflort.no/GeoIp
IP
104.18.33.129:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerLet's Encrypt
Subjectbareflort.no
Fingerprint2F:48:C4:08:E1:1D:42:6C:27:4D:7D:44:09:97:FF:29:19:FC:3F:62
ValidityMon, 18 Mar 2024 11:05:15 GMT - Sun, 16 Jun 2024 11:05:14 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (323), with no line terminators
Size
275 B (275 bytes)
Hash
7d1e5b19aff7e3d81e52b520dbef10f3
ac4bebe90599672536507e24ed87aa920e685cff
2b9c2e1d63ef5a7e5fa5c44fc94cdb3f81b1f802d7181b678e6aa2c906a3993e

HTTP Headers

GET /GeoIp HTTP/1.1
Host: t10025.bareflort.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-NewRelic-ID: VQUAUV5RCRABXVNRDgUCU1Y=
newrelic: eyJ2IjpbMCwxXSwiZCI6eyJ0eSI6IkJyb3dzZXIiLCJhYyI6IjEzNzA4MjEiLCJhcCI6IjE5MjM5NDU3NCIsImlkIjoiNDJkZGJiNGMzZTJlNjQzMSIsInRyIjoiNjBkNGY5ZTgwNzkyOWUxYWU4NDY2ZmQzZDFiMTIyYTMiLCJ0aSI6MTcxNDE1MzU2MTY4OH19
traceparent: 00-60d4f9e807929e1ae8466fd3d1b122a3-42ddbb4c3e2e6431-01
tracestate: 1370821@nr=0-1-1370821-192394574-42ddbb4c3e2e6431----1714153561688
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Referer: https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Cookie: __cf_bm=MnA3T6wtNn27jAf55rcSjqIakWEquhihKG3cBW3nmUA-1714153560-1.0.1.1-R4EyHyBCe_hCG8oR0kuPfhPVQmM7c7N2SAl7Dfz6T6irecrUxQNk394t_mSXQSN8mSkI.JnhMbNY_8KLDFVBHQ; PHPSESSID=mrfthu148bb7it0cj6av57b2pt; pc_aff=g40gak3Kmlem8LKToQxFVmkOP28uzFBkh0WACsDpdPVLsAzkKjTJerC0yyPJiXvPaMg7Ysof3WPE_0CUALYdWRAyg2XEg4yaVt9uEZFRpfpm-gzlOuyYPnOLqtG6b_t-Y31zkEkDggv5mkf8IfOer6dup32bQutLCFklZ5PptG8TRKi6XdU-z3TkDVXGISPePW_ChFnWh_IyqeeBQohoCv7ewxKDncgtlA3xn-0PHfokiAAcqWEmZG2oeXos_qUX26jTPl-wRoZgI8LJ0o60zlpDvQBAM8xeNmg4NGbK4RHp7vbkN5_YmoPc5r6V1sck8I5ToXLVurakwg7godSSMkVTiqH17XtNAq9vk1D9JkukC0sNHkdGobmo_zN2DCtPajufz7sVCved0olYFz1lABFeqsT5PaFCpJ6yQAjVUH-vJ8ZfQkDNO3BNDywViJPXNyEtgVS6lqyFkFxLIBn83c4a_x5vAGm_XhF6AVA0lGk7kE_I6QXdHhfY_YKWfWVm; promo_code=103657; ev=xc17141535596740c662be857b47cc384351520; keyword=2166; APPID=promo; SERVERID=wbs09; _ga_E4HT1NRVN7=GS1.1.1714153561.1.0.1714153561.0.0.0; _ga=GA1.1.258162159.1714153561; cf_clearance=Bn2CA8UbL4B4ULXdmgEy17oKRo.ypprZAhnw8_hkC6c-1714153561-1.0.1.1-xUBt7n8YGh.fhbPYDxsfTWH97vpF9sN4krdfW0ParaVjCH2dJddFJH30GzujHcFKDX5rZvXaxkRWG9jWW7i88A
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 17:46:01 GMT
content-type: application/json; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: APPID=promo
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87a863d09b6bb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=

104.18.33.129

200 OK

81 kB

URL User Request GET HTTP/2
t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
IP
104.18.33.129:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectbareflort.no
Fingerprint2F:48:C4:08:E1:1D:42:6C:27:4D:7D:44:09:97:FF:29:19:FC:3F:62
ValidityMon, 18 Mar 2024 11:05:15 GMT - Sun, 16 Jun 2024 11:05:14 GMT

File type

Size
81 kB (80933 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name= HTTP/1.1
Host: t10025.bareflort.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=MnA3T6wtNn27jAf55rcSjqIakWEquhihKG3cBW3nmUA-1714153560-1.0.1.1-R4EyHyBCe_hCG8oR0kuPfhPVQmM7c7N2SAl7Dfz6T6irecrUxQNk394t_mSXQSN8mSkI.JnhMbNY_8KLDFVBHQ
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 17:46:00 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: PHPSESSID=mrfthu148bb7it0cj6av57b2pt; path=/; domain=bareflort.no
pc_aff=g40gak3Kmlem8LKToQxFVmkOP28uzFBkh0WACsDpdPVLsAzkKjTJerC0yyPJiXvPaMg7Ysof3WPE_0CUALYdWRAyg2XEg4yaVt9uEZFRpfpm-gzlOuyYPnOLqtG6b_t-Y31zkEkDggv5mkf8IfOer6dup32bQutLCFklZ5PptG8TRKi6XdU-z3TkDVXGISPePW_ChFnWh_IyqeeBQohoCv7ewxKDncgtlA3xn-0PHfokiAAcqWEmZG2oeXos_qUX26jTPl-wRoZgI8LJ0o60zlpDvQBAM8xeNmg4NGbK4RHp7vbkN5_YmoPc5r6V1sck8I5ToXLVurakwg7godSSMkVTiqH17XtNAq9vk1D9JkukC0sNHkdGobmo_zN2DCtPajufz7sVCved0olYFz1lABFeqsT5PaFCpJ6yQAjVUH-vJ8ZfQkDNO3BNDywViJPXNyEtgVS6lqyFkFxLIBn83c4a_x5vAGm_XhF6AVA0lGk7kE_I6QXdHhfY_YKWfWVm; expires=Sun, 26-May-2024 17:46:00 GMT; Max-Age=2592000; path=/; domain=.bareflort.no
promo_code=103657; expires=Sun, 26-May-2024 17:46:00 GMT; Max-Age=2592000; path=/; domain=.bareflort.no
ev=xc17141535596740c662be857b47cc384351520; expires=Sun, 26-May-2024 17:46:00 GMT; Max-Age=2592000; path=/; domain=.bareflort.no
keyword=2166; expires=Sun, 26-May-2024 17:46:00 GMT; Max-Age=2592000; path=/; domain=.bareflort.no
APPID=promo
SERVERID=wbs09; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 87a863c85f9cb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2

s03.ndcdn.com/promo-static/img/landing0109/icons/heart.svg?v=3.0.1.master.20240325073054

188.114.97.1

200 OK

413 B

URL GET HTTP/2
s03.ndcdn.com/promo-static/img/landing0109/icons/heart.svg?v=3.0.1.master.20240325073054
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerGoogle Trust Services LLC
Subjectndcdn.com
Fingerprint41:63:79:AD:52:D3:6C:03:5D:30:00:A4:9C:9B:48:44:3A:E0:58:B3
ValidityTue, 27 Feb 2024 16:21:45 GMT - Mon, 27 May 2024 16:21:44 GMT

File type
SVG Scalable Vector Graphics image
Size
413 B (413 bytes)
Hash
93d118c75ffec4dd71d641c3d83a21ca
112715f57bad48c4062b215389a1fa21e8d6aed7
50ebf9162330fd66f76ce24dbc7375ce71869191a7fb1435959fcdf4763a6999

HTTP Headers

GET /promo-static/img/landing0109/icons/heart.svg?v=3.0.1.master.20240325073054 HTTP/1.1
Host: s03.ndcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t10025.bareflort.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 17:46:00 GMT
content-type: image/svg+xml
last-modified: Wed, 23 Dec 2020 09:07:42 GMT
vary: Accept-Encoding
etag: W/"5fe308de-19d"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 353157
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z25bi0dDROUfe3o1POSNDQkSdNw%2BMGaXSNK2Y4JUOM%2Fci0HzHdUOytlRrV5seZej7FPjajnrSRMwtpzMDZd2LXRpv%2Faukk%2FdQTyXKKrZi4ScN8jVkrUxXHcbF8zDiRf6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a863cb89e25687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

t10025.bareflort.no/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js

104.18.33.129

200 OK

8.0 kB

URL GET HTTP/2
t10025.bareflort.no/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js
IP
104.18.33.129:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerLet's Encrypt
Subjectbareflort.no
Fingerprint2F:48:C4:08:E1:1D:42:6C:27:4D:7D:44:09:97:FF:29:19:FC:3F:62
ValidityMon, 18 Mar 2024 11:05:15 GMT - Sun, 16 Jun 2024 11:05:14 GMT

File type
JavaScript source, ASCII text, with very long lines (7951), with no line terminators
Size
8.0 kB (7951 bytes)
Hash
8d3eff6b95c78d4a8793c41682de4af0
479311d8a0fcf5d760d45ac735084f1e708ed4f4
e4836d0c0a6b4c4778f8e22a072d28c0bfb7f92de39517207af9764db4474a73

HTTP Headers

GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js HTTP/1.1
Host: t10025.bareflort.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: __cf_bm=MnA3T6wtNn27jAf55rcSjqIakWEquhihKG3cBW3nmUA-1714153560-1.0.1.1-R4EyHyBCe_hCG8oR0kuPfhPVQmM7c7N2SAl7Dfz6T6irecrUxQNk394t_mSXQSN8mSkI.JnhMbNY_8KLDFVBHQ; PHPSESSID=mrfthu148bb7it0cj6av57b2pt; pc_aff=g40gak3Kmlem8LKToQxFVmkOP28uzFBkh0WACsDpdPVLsAzkKjTJerC0yyPJiXvPaMg7Ysof3WPE_0CUALYdWRAyg2XEg4yaVt9uEZFRpfpm-gzlOuyYPnOLqtG6b_t-Y31zkEkDggv5mkf8IfOer6dup32bQutLCFklZ5PptG8TRKi6XdU-z3TkDVXGISPePW_ChFnWh_IyqeeBQohoCv7ewxKDncgtlA3xn-0PHfokiAAcqWEmZG2oeXos_qUX26jTPl-wRoZgI8LJ0o60zlpDvQBAM8xeNmg4NGbK4RHp7vbkN5_YmoPc5r6V1sck8I5ToXLVurakwg7godSSMkVTiqH17XtNAq9vk1D9JkukC0sNHkdGobmo_zN2DCtPajufz7sVCved0olYFz1lABFeqsT5PaFCpJ6yQAjVUH-vJ8ZfQkDNO3BNDywViJPXNyEtgVS6lqyFkFxLIBn83c4a_x5vAGm_XhF6AVA0lGk7kE_I6QXdHhfY_YKWfWVm; promo_code=103657; ev=xc17141535596740c662be857b47cc384351520; keyword=2166; APPID=promo; SERVERID=wbs09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 17:46:01 GMT
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, public
content-encoding: br
vary: accept-encoding
x-content-type-options: nosniff
server: cloudflare
cf-ray: 87a863ce3ff0b4f3-OSL
X-Firefox-Spdy: h2

s01.ndcdn.com/promo/css/pages/landing0109.css?v=3.0.1.master.20240325073054

188.114.97.1

200 OK

37 kB

URL GET HTTP/2
s01.ndcdn.com/promo/css/pages/landing0109.css?v=3.0.1.master.20240325073054
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerGoogle Trust Services LLC
Subjectndcdn.com
Fingerprint41:63:79:AD:52:D3:6C:03:5D:30:00:A4:9C:9B:48:44:3A:E0:58:B3
ValidityTue, 27 Feb 2024 16:21:45 GMT - Mon, 27 May 2024 16:21:44 GMT

File type

Size
37 kB (36979 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /promo/css/pages/landing0109.css?v=3.0.1.master.20240325073054 HTTP/1.1
Host: s01.ndcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t10025.bareflort.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 17:46:00 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=37492
cache-control: max-age=2592000
etag: W/"66011aaf-9274"
expires: Sat, 11 May 2024 07:49:03 GMT
last-modified: Mon, 25 Mar 2024 06:33:19 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1331817
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9FXwG3yq8mZG%2F9Taab7m9TD3Bti4KC6zvQLHALoFyqoOGrroOV9f4TeUF0EcUOd0Q%2Bt%2ByLH7PzBoARmrIrlSkHIwyCbWl0vBNJjXpjrjpv9SrkN6ukI53FwTXr09MuRw"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a863cbca245687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

t10025.bareflort.no/cdn-cgi/challenge-platform/h/b/jsd/r/87a863c85f9cb4f3

104.18.33.129

200 OK

0 B

URL POST HTTP/2
t10025.bareflort.no/cdn-cgi/challenge-platform/h/b/jsd/r/87a863c85f9cb4f3
IP
104.18.33.129:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerLet's Encrypt
Subjectbareflort.no
Fingerprint2F:48:C4:08:E1:1D:42:6C:27:4D:7D:44:09:97:FF:29:19:FC:3F:62
ValidityMon, 18 Mar 2024 11:05:15 GMT - Sun, 16 Jun 2024 11:05:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/b/jsd/r/87a863c85f9cb4f3 HTTP/1.1
Host: t10025.bareflort.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12669
Origin: https://t10025.bareflort.no
DNT: 1
Connection: keep-alive
Referer: https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Cookie: __cf_bm=MnA3T6wtNn27jAf55rcSjqIakWEquhihKG3cBW3nmUA-1714153560-1.0.1.1-R4EyHyBCe_hCG8oR0kuPfhPVQmM7c7N2SAl7Dfz6T6irecrUxQNk394t_mSXQSN8mSkI.JnhMbNY_8KLDFVBHQ; PHPSESSID=mrfthu148bb7it0cj6av57b2pt; pc_aff=g40gak3Kmlem8LKToQxFVmkOP28uzFBkh0WACsDpdPVLsAzkKjTJerC0yyPJiXvPaMg7Ysof3WPE_0CUALYdWRAyg2XEg4yaVt9uEZFRpfpm-gzlOuyYPnOLqtG6b_t-Y31zkEkDggv5mkf8IfOer6dup32bQutLCFklZ5PptG8TRKi6XdU-z3TkDVXGISPePW_ChFnWh_IyqeeBQohoCv7ewxKDncgtlA3xn-0PHfokiAAcqWEmZG2oeXos_qUX26jTPl-wRoZgI8LJ0o60zlpDvQBAM8xeNmg4NGbK4RHp7vbkN5_YmoPc5r6V1sck8I5ToXLVurakwg7godSSMkVTiqH17XtNAq9vk1D9JkukC0sNHkdGobmo_zN2DCtPajufz7sVCved0olYFz1lABFeqsT5PaFCpJ6yQAjVUH-vJ8ZfQkDNO3BNDywViJPXNyEtgVS6lqyFkFxLIBn83c4a_x5vAGm_XhF6AVA0lGk7kE_I6QXdHhfY_YKWfWVm; promo_code=103657; ev=xc17141535596740c662be857b47cc384351520; keyword=2166; APPID=promo; SERVERID=wbs09; _ga_E4HT1NRVN7=GS1.1.1714153561.1.0.1714153561.0.0.0; _ga=GA1.1.258162159.1714153561
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 17:46:01 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=Bn2CA8UbL4B4ULXdmgEy17oKRo.ypprZAhnw8_hkC6c-1714153561-1.0.1.1-xUBt7n8YGh.fhbPYDxsfTWH97vpF9sN4krdfW0ParaVjCH2dJddFJH30GzujHcFKDX5rZvXaxkRWG9jWW7i88A; path=/; expires=Sat, 26-Apr-25 17:46:01 GMT; domain=.bareflort.no; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 87a863cf7a12b4f3-OSL
X-Firefox-Spdy: h2

s03.ndcdn.com/promo-static/img/landing0109/icons/video.svg?v=3.0.1.master.20240325073054

188.114.97.1

200 OK

599 B

URL GET HTTP/2
s03.ndcdn.com/promo-static/img/landing0109/icons/video.svg?v=3.0.1.master.20240325073054
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://t10025.bareflort.no/?q=%2Fa%2Fff10025%2F&promo_code=103657&ev=xc17141535596740c662be857b47cc384351520&keyword=2166&pass=xc17141535596740c662be857b47cc384351520&m=0%7C0%7C0%7C0&email_prefill=%7Bext_email_prefill%7D&email_encoded=%7Bext_email_passing_encoded%7D&email_prefill_encoded=%7Bext_email_prefill_encoded%7D&flow=52&fb_pixel=&ptid=41162&session_id=a2404430a1eac9c92408e2d51a7cd235c40a80ea&subaffiliate_id=dir_65511f88&external_campaign_id=&external_campaign_name=
Certificate
IssuerGoogle Trust Services LLC
Subjectndcdn.com
Fingerprint41:63:79:AD:52:D3:6C:03:5D:30:00:A4:9C:9B:48:44:3A:E0:58:B3
ValidityTue, 27 Feb 2024 16:21:45 GMT - Mon, 27 May 2024 16:21:44 GMT

File type
SVG Scalable Vector Graphics image
Size
599 B (599 bytes)
Hash
df14d0c524b864a3eb05bd93ffda0f00
23e4a08b7991f90c9bf6917bf891b0e24e989364
95f6968618dbb6660c85f0ea956f901da981edea38f8f0cf13e3fe36888180f4

HTTP Headers

GET /promo-static/img/landing0109/icons/video.svg?v=3.0.1.master.20240325073054 HTTP/1.1
Host: s03.ndcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://t10025.bareflort.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Fri, 26 Apr 2024 17:46:00 GMT
content-type: image/svg+xml
last-modified: Wed, 23 Dec 2020 09:07:41 GMT
vary: Accept-Encoding
etag: W/"5fe308dd-257"
cache-control: max-age=2678400
cf-cache-status: HIT
age: 353157
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=49S%2FMRoRKzvv8YjCFzj0O1BVx%2FtcrtGHV7QuW82xh3QlXncV2IjQZMB1Djhzeeho9JyzmeQJt%2Ba4OYNBUIxBrGHWhdnXFyXJUzELU26CL0WuJ6usaYy8%2FqhEDqf1bMm3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 87a863cb69ad5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (14)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML