pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.us.chrome.&k=bfb&url=go.redanemone.xyz&xrw=&lid=6389a808b4d63d6ed27f6bcf&fid=888
5.161.78.177307 Temporary Redirect 164 B URL HTTP/1.1 pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.us.chrome.&k=bfb&url=go.redanemone.xyz&xrw=&lid=6389a808b4d63d6ed27f6bcf&fid=888
IP 5.161.78.177:0
ASN #213230 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 813f9846b49c0ada805648edf1b2fdbd
caa24890460f73e6a72bb49426351e67e83b053d
8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
GET /emw/v1/dt?sid=888.us.chrome.&k=bfb&url=go.redanemone.xyz&xrw=&lid=6389a808b4d63d6ed27f6bcf&fid=888 HTTP/1.1
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 307 Temporary Redirect
Date: Fri, 02 Dec 2022 07:24:06 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Keep-Alive: timeout=10
Set-Cookie: emwxcid_4_1=8wCM6M4bkp9WMWz0pxJVlZbspuTV8qyzX30L2dO8HdeRLUqqK1; expires=Sat, Dec 02 2023 07:24:06 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
Location: https://cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=6389a808b4d63d6ed27f6bcf&source=888.us.chrome.
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3724
Expires: Fri, 02 Dec 2022 08:26:10 GMT
Date: Fri, 02 Dec 2022 07:24:06 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5523
Cache-Control: max-age=103149
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:06 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 12:03:15 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 07:18:11 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 355
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20185
Expires: Fri, 02 Dec 2022 13:00:31 GMT
Date: Fri, 02 Dec 2022 07:24:06 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: V+zIgpfLcb/B8GJHVoft4en10a2CQX2pUnXaQbuYGPg9l99TGnsP/VRZQvqPsZNcyDgUzOjWULWrIyraeNO+fg==
x-amz-request-id: 9G2R535HQS60R1M1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 06:46:00 GMT
age: 2286
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 66ae0b4b78341156a1aa336452c080dc
ebe20f19403a9124fd378eeab82d943b890fd53b
729d7c2013164d474d00f20cda869d86da1c9de6e31832308fec1eda4fe940ba
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "729D7C2013164D474D00F20CDA869D86DA1C9DE6E31832308FEC1EDA4FE940BA"
Last-Modified: Tue, 29 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1648
Expires: Fri, 02 Dec 2022 07:51:34 GMT
Date: Fri, 02 Dec 2022 07:24:06 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 07:24:06 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=6389a808b4d63d6ed27f6bcf&source=888.us.chrome.
51.83.143.92302 Found 0 B URL HTTP/1.1 cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=6389a808b4d63d6ed27f6bcf&source=888.us.chrome.
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=6389a808b4d63d6ed27f6bcf&source=888.us.chrome. HTTP/1.1
Host: cola.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Dec 2022 07:24:06 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11hx4alk7e
Raund: 2is
Location: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.
samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.
51.83.143.92200 OK 500 B URL HTTP/1.1 samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.
IP 51.83.143.92:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (551)
Hash 77b3a918b3b7a47d979d0734c059fc3c
2adc8afb30e36816ed9d64e2fb4bde19a5fb7174
0f41b65ee4f0dba9179b8d24cfedfd885f76fdb2a7598e807d4460b4e053b641
Analyzer Verdict Alert quad9 Sinkholed
GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome. HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 07:24:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=6389a8175e29071b29621545; expires=Mon, 05-Dec-2022 07:24:07 GMT; Max-Age=259200; path=/; domain=samba.trffclb.com; HttpOnly
Content-Encoding: gzip
samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.&bv=1
51.83.143.92302 Found 0 B URL HTTP/1.1 samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.&bv=1
IP 51.83.143.92:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.&bv=1 HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.
Cookie: bt-603611c5b7eaf46891533240=6389a8175e29071b29621545
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Dec 2022 07:24:07 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=samba.trffclb.com; HttpOnly
Round: 119cdtswvl
Raund: 2si
Location: https://popcash.net/world/go/134600/317194
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 07:08:57 GMT
cache-control: public,max-age=3600
age: 910
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
samba.trffclb.com/favicon.ico
51.83.143.92200 OK 20 B URL HTTP/1.1 samba.trffclb.com/favicon.ico
IP 51.83.143.92:0
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 07:24:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash b2a0d0fe97997d95c0dbec9c59f54fd1
bee6130ac27f4dbb0f8ea7af9ec9c72f01e97a97
be71076cdb4e0ba0865c7d8b5b2557e3586510bd4509532da41e74e132cf8d6a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 906
Cache-Control: max-age=157543
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:07 GMT
Etag: "638968f4-118"
Expires: Sun, 04 Dec 2022 03:09:50 GMT
Last-Modified: Fri, 02 Dec 2022 02:54:44 GMT
Server: ECS (amb/6B81)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5524
Cache-Control: max-age=98086
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:07 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 10:38:53 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
52.88.220.109101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.88.220.109:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Mn8SbMz0WlyOmK+HIeN9GA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XnrXXU6vKHvonXn7IQHFLCOVh3Y=
popcash.net/world/go/134600/317194
172.67.194.203301 Moved Permanently 162 B URL HTTP/2 popcash.net/world/go/134600/317194
IP 172.67.194.203:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /world/go/134600/317194 HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://samba.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Fri, 02 Dec 2022 07:24:07 GMT
content-type: text/html
content-length: 162
location: http://ps.popcash.net/go/134600/317194
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j911oafQ5VYslQcaPDVSvB%2BvHF3z5f%2Bq5UheRKXPIdnma7%2BP1Bjt2jzC0LLed94dSOFEJTVZQ1je2jM9EWdyGRltkZrjJp9YJrroc2RWtFio%2FCouHj%2Bc1E%2BDHCPQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773252326889b512-OSL
X-Firefox-Spdy: h2
ps.popcash.net/go/134600/317194
52.20.154.189200 OK 271 B URL HTTP/1.1 ps.popcash.net/go/134600/317194
IP 52.20.154.189:0
File type HTML document, ASCII text
Hash d67b23090ccf958dcecba4e6c3c8e60a
2c04109dbc074c0da9d7a49a15f29ce0a7a58e7c
f26ccece55188e254a3289f780b6336614f5bfe77f3afb226a0144492f337890
Analyzer Verdict Alert fortinet Malware
GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 02 Dec 2022 07:24:08 GMT
Server: nginx
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive
ps.popcash.net/ad/ad?p=134600&w=317194&t=6f1bec4c8474f442&r=&vw=1280&vh=0
52.20.154.189303 See Other 0 B URL HTTP/1.1 ps.popcash.net/ad/ad?p=134600&w=317194&t=6f1bec4c8474f442&r=&vw=1280&vh=0
IP 52.20.154.189:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ad/ad?p=134600&w=317194&t=6f1bec4c8474f442&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/134600/317194
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Date: Fri, 02 Dec 2022 07:24:08 GMT
Location: http://dipaka-ead.com/zcvisitor/4f428257-7212-11ed-80a6-128fe381c22d/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b#pc151445
Server: nginx
Content-Length: 0
Connection: keep-alive
dipaka-ead.com/zcvisitor/4f428257-7212-11ed-80a6-128fe381c22d/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b
3.212.50.125302 0 B URL HTTP/1.1 dipaka-ead.com/zcvisitor/4f428257-7212-11ed-80a6-128fe381c22d/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b
IP 3.212.50.125:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zcvisitor/4f428257-7212-11ed-80a6-128fe381c22d/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302
Date: Fri, 02 Dec 2022 07:24:08 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000190
Server: vcwMmceA
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 7fd04b18b6a7aa13c60a18be8690d354
9e93f6f854f8e879236650b3db6c3357e609a4bb
c5d51a660eb6b3c487626ae53e91f6a8d9485c8cab97bd31ac68127729713553
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=88546
Date: Fri, 02 Dec 2022 07:24:08 GMT
Etag: "6388489d-1d7"
Expires: Sat, 03 Dec 2022 07:59:54 GMT
Last-Modified: Thu, 01 Dec 2022 06:24:29 GMT
Server: ECS (nyb/1D12)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Vd3e4l7la6EJZ0fDm9Th9k1nrN4YsdNJmoW6wFq2UeJ3nCdOrh2gGQ==
Age: 5725
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6055
Expires: Fri, 02 Dec 2022 09:05:04 GMT
Date: Fri, 02 Dec 2022 07:24:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6055
Expires: Fri, 02 Dec 2022 09:05:04 GMT
Date: Fri, 02 Dec 2022 07:24:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6055
Expires: Fri, 02 Dec 2022 09:05:04 GMT
Date: Fri, 02 Dec 2022 07:24:09 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6055
Expires: Fri, 02 Dec 2022 09:05:04 GMT
Date: Fri, 02 Dec 2022 07:24:09 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:43:11 GMT
age: 85258
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
34.120.237.76200 OK 6.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 06:00:48 GMT
age: 5001
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
34.120.237.76200 OK 2.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:49:56 GMT
age: 34453
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 60ccdde4ce64b4a3fe6fc2a059b3bde1
5ce119089f4a4cd139b523889b6cd84cd79191f4
2089225a6dc13845ab8e031416920d16952ae1461ca10d72c408ad001ed8f27b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4840
x-amzn-requestid: 6bc8fa91-5696-4bc6-b1e7-3c36b2c01801
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGxTFxyoAMFRzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e6e-3e85b78905aaa73726eef85a;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UraCGe--VISONXzaUBpA7vuLuD5l7zihtQIph7LVn1QsS8MjLBbvKw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 34518
etag: "5ce119089f4a4cd139b523889b6cd84cd79191f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d08081e2dd562ef50e4e98ebc0136698
b5118bca37feda2ada3001199dc1d80ac6d2aacc
5160333e0cfd338b3887972d0a5c0f817ef88b70b7eb78e4e25d153a85e3478f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11443
x-amzn-requestid: 21469d81-ee4b-47f3-8877-b6658b3ea8b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfHDHE4zoAMFvfw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891ee0-5b39eddd703ea04e6a1355f8;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nPuZoyOu_QAqbZvTUaNy1J3BOqnR2ttrIhv9BwRmWnKeba-e6MZWKA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:55:34 GMT
age: 34115
etag: "b5118bca37feda2ada3001199dc1d80ac6d2aacc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 379a4a1b95d3aa3c5a4f8e7f9abb030f
d45dceb3dc58a07197aa5077582b5b1cd2ff791a
1b92dec5bf90beffbcd9060052b8788f08645dd4ba34219f7ddb2d40bbd2d151
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7732
x-amzn-requestid: 3781c2b7-082a-468a-a186-f7483494e749
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoEq3IAMFnKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-679fe9f905e07abf4e6a812c;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FhCtGsjgnq83-zRNBH-y9BHUh2IRaN0ahO-BCUw7bTWU8jAanBqdlA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:53:35 GMT
age: 34234
etag: "d45dceb3dc58a07197aa5077582b5b1cd2ff791a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000190
18.210.123.3200 OK 1.6 kB URL HTTP/2 bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000190
IP 18.210.123.3:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (793)
Hash 122ecae1319681ff5fbc29feb8ed1be6
d5231fe55b766b6ebb0a46c5c7f48cb5b8c6da12
d3f2141b143e8b31702cfe3b8d052fa39541263566fa9e0f1a3ad4f95f38d177
GET /get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000190 HTTP/1.1
Host: bnr.thedataclicks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: awselb/2.0
date: Fri, 02 Dec 2022 07:24:09 GMT
content-type: text/html
content-length: 1571
X-Firefox-Spdy: h2
d1aaucsx2ftut2.cloudfront.net/jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg
143.204.42.82200 OK 184 kB URL HTTP/2 d1aaucsx2ftut2.cloudfront.net/jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg
IP 143.204.42.82:0
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 800x575, components 3\012- data
Size 184 kB (184529 bytes)
Hash ef60018c5db320c478ea0738b33966e5
9dd467554cf4b76fc7df3eaac3766d29bdb2b543
9789121067d1f5aa7eeb3267b926014932e6d089fa6053ff05289875f9b262e5
GET /jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg HTTP/1.1
Host: d1aaucsx2ftut2.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnr.thedataclicks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 184529
last-modified: Wed, 15 Apr 2020 16:57:11 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Dec 2022 00:38:15 GMT
etag: "ef60018c5db320c478ea0738b33966e5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zAYbjqlEeB2uH6Ub7ck66m4qGxjxHQ6j2Zw-4VHzmI7IYG5PfCaRYA==
age: 25868
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash d06c2e72f541ae9febef6cad5ec48667
211308b2ad217e40bc49e6f74454b788273c9e3d
069c430ea7d0aff680c3814ee42280647cbb3e8ba78bed0d56e0d96de1efeccc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 02 Dec 2022 07:24:09 GMT
Etag: "63888acf-1d7"
Last-Modified: Fri, 02 Dec 2022 06:05:36 GMT
Server: ECS (dcb/7F5E)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jga6qm1YLqXa6KRuhK2m5Mzmrmvjm4jEAx5XDlu82-XAQE9K5uThkw==
Age: 4713
lnk.clickadsolutions.com/js/c.js
35.181.10.107200 OK 7.8 kB URL HTTP/2 lnk.clickadsolutions.com/js/c.js
IP 35.181.10.107:0
Hash 28f147c32edde42fcfabfc9cfa93edcd
4540d4c6db74de7651a1fe723ea0aa563b4c0678
e762d6ca1ddd7dab2fa0db7702efdbd3bc10e6f7f3be7b0f8818d45d5bcb96d7
GET /js/c.js HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000190&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=3451:1796:1796:1; rls=290838:1796:1796:1|291094:1796:1796:1|269379:1796:1796:1; com=162:92:NO:1796:1796:1|10070:141:NO:1796:1796:1|16573:166:NO:1796:1796:1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:24:10 GMT
content-type: application/javascript
content-length: 7804
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Wed, 16 Nov 2022 11:50:41 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000190&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&c2=true&vpw=1280&vph=1024
35.181.10.107200 OK 4.9 kB URL HTTP/2 lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000190&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&c2=true&vpw=1280&vph=1024
IP 35.181.10.107:0
Hash 35dccfb458c52fbd18bd214392bd67fe
7413cfe793820a856872efb9f4252a037c1c2711
999a1c296aa65de6f0dba9f9c1bd8b2d2d002a9b10bffc840d14de1d8f4e6ec8
GET /trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000190&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&c2=true&vpw=1280&vph=1024 HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnr.thedataclicks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:24:10 GMT
content-type: text/html;charset=UTF-8
set-cookie: v=t; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 07:24:09 GMT; Secure; SameSite=None
cas=3451:1796:1796:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 07:24:09 GMT; Secure; SameSite=None
rls=290838:1796:1796:1|291094:1796:1796:1|269379:1796:1796:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 07:24:09 GMT; Secure; SameSite=None
com=162:92:NO:1796:1796:1|10070:141:NO:1796:1796:1|16573:166:NO:1796:1796:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 07:24:09 GMT; Secure; SameSite=None
content-language: en-US
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lnk.clickadsolutions.com/?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D6389a819478f5c7beed5a9ed-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=6389a819478f5c7beed5a9ed&br=false
35.181.10.107200 OK 1.6 kB URL HTTP/2 lnk.clickadsolutions.com/?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D6389a819478f5c7beed5a9ed-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=6389a819478f5c7beed5a9ed&br=false
IP 35.181.10.107:0
Hash 04305d232a32129260d05e8e6c457967
6b6ea405218a68b491357021f9bb0935b90a74a0
8371a992ab8f8dca2750196d67acf2b52b8cc8595680a41b8219afd826e012ad
GET /?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D6389a819478f5c7beed5a9ed-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=6389a819478f5c7beed5a9ed&br=false HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000190&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=3451:1796:1796:1; rls=290838:1796:1796:1|291094:1796:1796:1|269379:1796:1796:1; com=162:92:NO:1796:1796:1|10070:141:NO:1796:1796:1|16573:166:NO:1796:1796:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:24:10 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2
lnk.clickadsolutions.com/?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253D2b2a62f77d644877a0fadc1de00a8e06%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D6389a819478f5c7beed5a9ed-RL-269379&log=false&type=ROTATOR_LINK&linkId=269379&clickId=6389a819478f5c7beed5a9ed&br=true
35.181.10.107200 OK 1.3 kB URL HTTP/2 lnk.clickadsolutions.com/?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253D2b2a62f77d644877a0fadc1de00a8e06%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D6389a819478f5c7beed5a9ed-RL-269379&log=false&type=ROTATOR_LINK&linkId=269379&clickId=6389a819478f5c7beed5a9ed&br=true
IP 35.181.10.107:0
Hash f9830fa93de266e920150b59ba44a870
a5ddb0f8ec48dd0fd2ed7b7cc72d748ff53bf260
9a9fee7bdd7b32e7f6d51f64bf6f0427946871460f7bfad4c348c4a3657eccc4
GET /?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253D2b2a62f77d644877a0fadc1de00a8e06%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D6389a819478f5c7beed5a9ed-RL-269379&log=false&type=ROTATOR_LINK&linkId=269379&clickId=6389a819478f5c7beed5a9ed&br=true HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000190&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=3451:1796:1796:1; rls=290838:1796:1796:1|291094:1796:1796:1|269379:1796:1796:1; com=162:92:NO:1796:1796:1|10070:141:NO:1796:1796:1|16573:166:NO:1796:1796:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:24:10 GMT
content-type: text/html;charset=UTF-8
referrer-policy: no-referrer
content-language: en-US
X-Firefox-Spdy: h2
www.google-analytics.com/collect?v=1&tid=UA-24877590-4&t=pageview&ds=web&aip=1&cs=tredia&cm=affiliate&cn=3029083&cc=1220128_8215&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1118292371.1887662905
216.239.32.178200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&tid=UA-24877590-4&t=pageview&ds=web&aip=1&cs=tredia&cm=affiliate&cn=3029083&cc=1220128_8215&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1118292371.1887662905
IP 216.239.32.178:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&tid=UA-24877590-4&t=pageview&ds=web&aip=1&cs=tredia&cm=affiliate&cn=3029083&cc=1220128_8215&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1118292371.1887662905 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 17:57:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 48399
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/collect?cs=Tredia&cc=269379&ck=42259&cm=YieldKit&cn=Gymgrossisten&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.gymgrossisten.com&dp=%2F&dt=K%C3%B6p+kosttillskott+och+tr%C3%A4ningskl%C3%A4der+hos+Gymgrossisten.com&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1970525953.1127235332
216.239.32.178200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?cs=Tredia&cc=269379&ck=42259&cm=YieldKit&cn=Gymgrossisten&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.gymgrossisten.com&dp=%2F&dt=K%C3%B6p+kosttillskott+och+tr%C3%A4ningskl%C3%A4der+hos+Gymgrossisten.com&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1970525953.1127235332
IP 216.239.32.178:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?cs=Tredia&cc=269379&ck=42259&cm=YieldKit&cn=Gymgrossisten&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.gymgrossisten.com&dp=%2F&dt=K%C3%B6p+kosttillskott+och+tr%C3%A4ningskl%C3%A4der+hos+Gymgrossisten.com&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1970525953.1127235332 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 17:57:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 48399
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/collect?v=1&tid=UA-199488-1&t=pageview&ds=web&aip=1&cs=referral&cm=4242&cn=%28not+set%29&cc=%28not+set%29&dh=www.gymgrossisten.com&dp=%2F&dt=K%C3%B6p+kosttillskott+och+tr%C3%A4ningskl%C3%A4der+hos+Gymgrossisten.com&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1381569547.1538616732
216.239.32.178200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&tid=UA-199488-1&t=pageview&ds=web&aip=1&cs=referral&cm=4242&cn=%28not+set%29&cc=%28not+set%29&dh=www.gymgrossisten.com&dp=%2F&dt=K%C3%B6p+kosttillskott+och+tr%C3%A4ningskl%C3%A4der+hos+Gymgrossisten.com&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1381569547.1538616732
IP 216.239.32.178:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&tid=UA-199488-1&t=pageview&ds=web&aip=1&cs=referral&cm=4242&cn=%28not+set%29&cc=%28not+set%29&dh=www.gymgrossisten.com&dp=%2F&dt=K%C3%B6p+kosttillskott+och+tr%C3%A4ningskl%C3%A4der+hos+Gymgrossisten.com&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1381569547.1538616732 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 17:57:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 48399
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/collect?cs=Tredia&cc=290838&ck=42259&cm=Impact&cn=Ticketmaster&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1245614112.1302051723
216.239.32.178200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?cs=Tredia&cc=290838&ck=42259&cm=Impact&cn=Ticketmaster&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1245614112.1302051723
IP 216.239.32.178:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?cs=Tredia&cc=290838&ck=42259&cm=Impact&cn=Ticketmaster&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1245614112.1302051723 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 17:57:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 48399
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r.srvtrck.com/v1/redirect?type=linkId&id=2b2a62f77d644877a0fadc1de00a8e06&api_key=f316faffab9dc5e272e33894a4e91697&site_id=30816e2d6f5a44deb6766a9b5bf58c66&dch=feed&ad_t=advertiser&yk_tag=6389a819478f5c7beed5a9ed-RL-269379
104.19.168.96302 Found 0 B URL HTTP/2 r.srvtrck.com/v1/redirect?type=linkId&id=2b2a62f77d644877a0fadc1de00a8e06&api_key=f316faffab9dc5e272e33894a4e91697&site_id=30816e2d6f5a44deb6766a9b5bf58c66&dch=feed&ad_t=advertiser&yk_tag=6389a819478f5c7beed5a9ed-RL-269379
IP 104.19.168.96:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /v1/redirect?type=linkId&id=2b2a62f77d644877a0fadc1de00a8e06&api_key=f316faffab9dc5e272e33894a4e91697&site_id=30816e2d6f5a44deb6766a9b5bf58c66&dch=feed&ad_t=advertiser&yk_tag=6389a819478f5c7beed5a9ed-RL-269379 HTTP/1.1
Host: r.srvtrck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 02 Dec 2022 07:24:11 GMT
content-length: 0
location: http://www.gymgrossisten.com
p3p: CP="CAO PSA OUR"
set-cookie: ykuid=261a223bdb364b48b4ab151e932f3679; Domain=.srvtrck.com; Expires=Sat, 02-Dec-2023 07:24:11 GMT; Path=/
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 773252495b4db51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash a7781d215a907de66a1bf593a688a317
6b28f82822bf1ea4d9b7783940c2c5129f3ed79a
4c253851198db078244b135fb261f7625d92b368f6de368752ae5eb7df0d9a8e
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=134824
Date: Fri, 02 Dec 2022 07:24:11 GMT
Etag: "63890546-1d7"
Expires: Sat, 03 Dec 2022 20:51:15 GMT
Last-Modified: Thu, 01 Dec 2022 19:49:26 GMT
Server: ECS (nyb/1D33)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: TOyHRifp9LcSTi0oTbQW5QHeHZeok_bCBpozX_B-rqQEqDRf1kxzVg==
Age: 3709
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 0f57f16aa4488a82f9eee59c80967894
aa66901f7de99aa875ec899df9faa2913df80c09
0b2d8c2247db02218eeedcfe4aecfe2e71c7a7b4b54d71393b60eeee5a8348f5
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=128594
Date: Fri, 02 Dec 2022 07:24:11 GMT
Etag: "6388f017-1d7"
Expires: Sat, 03 Dec 2022 19:07:25 GMT
Last-Modified: Thu, 01 Dec 2022 18:19:03 GMT
Server: ECS (dcb/7FA7)
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RkHtGpKaFsrvl3GtoFJK3zb1axZvoTXvbZRxb4zb3voCymjY7-__bw==
Age: 2902
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2cddb193b601ac1b02d970e28ff13d30
5ed1aa99cd33b4959fc77738e467929067f20467
4d05aa961f9304965eecc03fd700eb3f0daa12690345634214d7871ef7a688f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4137
Cache-Control: max-age=150342
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:11 GMT
Etag: "63894038-117"
Expires: Sun, 04 Dec 2022 01:09:53 GMT
Last-Modified: Fri, 02 Dec 2022 00:00:56 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 2cddb193b601ac1b02d970e28ff13d30
5ed1aa99cd33b4959fc77738e467929067f20467
4d05aa961f9304965eecc03fd700eb3f0daa12690345634214d7871ef7a688f1
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4137
Cache-Control: max-age=150342
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:11 GMT
Etag: "63894038-117"
Expires: Sun, 04 Dec 2022 01:09:53 GMT
Last-Modified: Fri, 02 Dec 2022 00:00:56 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 84c8c16dde690dc55e7bea1ae82b471e
5acecaa0d5353416745c243552fd354a5e64db8f
d616ca4d2c4ad42cd72c6824913fa083611246a4fa543cc1101559f6bbedbb64
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2789
Cache-Control: max-age=138892
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:11 GMT
Etag: "638918c3-118"
Expires: Sat, 03 Dec 2022 21:59:03 GMT
Last-Modified: Thu, 01 Dec 2022 21:12:35 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash 2d05c5df8e69de5cf1155440237b9eea
55de2c72883d44fce450d7407c2f30a9e5e24e95
a6113fda5b0faf6c5988682088d108c5d34445bf8d21d049aa5330ede1070645
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 02 Dec 2022 07:24:11 GMT
Last-Modified: Fri, 02 Dec 2022 06:17:34 GMT
Server: ECS (dcb/7FA8)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FH8gmd-gt2xLpZih3J8MWcNYRdMhUXEsjrPS8b4DCWfJBO8rb9vJ4w==
Age: 3997
lnk.thebigadsstore.com/ref/www.elbil24.no/
35.181.10.107200 OK 1.0 kB URL HTTP/2 lnk.thebigadsstore.com/ref/www.elbil24.no/
IP 35.181.10.107:0
Hash 951d16aae115f14377ecc9ddae6ec1da
be60aeeaaa4406a073a74085b63147c0694fcbae
f021e545b58b06c5d5a1864764db37eb5614d9d3d7c4b8bdf5a35863040873bf
POST /ref/www.elbil24.no/ HTTP/1.1
Host: lnk.thebigadsstore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 235
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:24:11 GMT
content-type: text/html;charset=UTF-8
referrer-policy: no-referrer-when-downgrade
content-language: en-US
X-Firefox-Spdy: h2
ticketmaster-no.tm8215.net/3PYq4d?SubId1=6389a819478f5c7beed5a9ed-RL-290838&SubId2=lnk.thebigadsstore.com%2Fref%2Fwww.elbil24.no%2F
52.212.66.198302 Found 412 B URL HTTP/2 ticketmaster-no.tm8215.net/3PYq4d?SubId1=6389a819478f5c7beed5a9ed-RL-290838&SubId2=lnk.thebigadsstore.com%2Fref%2Fwww.elbil24.no%2F
IP 52.212.66.198:0
File type HTML document, ASCII text, with very long lines (411)
Hash c08317c1646eaad443ed79c1c0619a1e
a86bd12131af6e542e8bfe3714caeaed79138bbf
be63a9357ab1c35ee81b785267154a1a0b6b36c405fb6d80b6c2376763a605f6
GET /3PYq4d?SubId1=6389a819478f5c7beed5a9ed-RL-290838&SubId2=lnk.thebigadsstore.com%2Fref%2Fwww.elbil24.no%2F HTTP/1.1
Host: ticketmaster-no.tm8215.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.thebigadsstore.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 02 Dec 2022 07:24:11 GMT
content-type: text/html; charset=utf-8
content-length: 412
location: https://www.ojrq.net/p/?return=https%3A%2F%2Fticketmaster-no.tm8215.net%2Fc%2F3029083%2F462382%2F8215%3FSubId1%3D6389a819478f5c7beed5a9ed-RL-290838%26SubId2%3Dlnk.thebigadsstore.com%252Fref%252Fwww.elbil24.no%252F%26u%3Dhttps%253A%252F%252Fwww.ticketmaster.no%252F%26svlink%3D4982831%26level%3D1%26srcref%3Dhttps%253A%252F%252Flnk.thebigadsstore.com%252F&cid=8215&tpsync=yes
set-cookie: AWSALB=e3qYXIgaoMdFCyQiO4/CoCc/xwW54KKDQRYMjESu+N2EasoMemCiwULsjaZcjKOmtVDGGeMVbDYyj/qa9W2eAxLfy/TbZj1KZYDZ8I1+oFLatQjej7+UOjLiYr8z; Expires=Fri, 09 Dec 2022 07:24:11 GMT; Path=/
AWSALBCORS=e3qYXIgaoMdFCyQiO4/CoCc/xwW54KKDQRYMjESu+N2EasoMemCiwULsjaZcjKOmtVDGGeMVbDYyj/qa9W2eAxLfy/TbZj1KZYDZ8I1+oFLatQjej7+UOjLiYr8z; Expires=Fri, 09 Dec 2022 07:24:11 GMT; Path=/; SameSite=None; Secure
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: Fri, 02 Dec 2022 07:24:11 GMT
p3p: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
X-Firefox-Spdy: h2
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash ee835c97c4a4d3790b9eeffc144e624f
160979453f3fd95d913192795fce2738fd7f925e
473f0dd7a0d556a901868be368e89de79af74f58e096a28ea50076a8ef2565b6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 07:24:11 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 17:55:44 GMT
Expires: Tue, 06 Dec 2022 17:55:43 GMT
Etag: "160979453f3fd95d913192795fce2738fd7f925e"
Cache-Control: max-age=382891,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7732524dfd190b4d-OSL
www.ojrq.net/p/?return=https%3A%2F%2Fticketmaster-no.tm8215.net%2Fc%2F3029083%2F462382%2F8215%3FSubId1%3D6389a819478f5c7beed5a9ed-RL-290838%26SubId2%3Dlnk.thebigadsstore.com%252Fref%252Fwww.elbil24.no%252F%26u%3Dhttps%253A%252F%252Fwww.ticketmaster.no%252F%26svlink%3D4982831%26level%3D1%26srcref%3Dhttps%253A%252F%252Flnk.thebigadsstore.com%252F&cid=8215&tpsync=yes
34.95.127.121302 Found 0 B URL HTTP/2 www.ojrq.net/p/?return=https%3A%2F%2Fticketmaster-no.tm8215.net%2Fc%2F3029083%2F462382%2F8215%3FSubId1%3D6389a819478f5c7beed5a9ed-RL-290838%26SubId2%3Dlnk.thebigadsstore.com%252Fref%252Fwww.elbil24.no%252F%26u%3Dhttps%253A%252F%252Fwww.ticketmaster.no%252F%26svlink%3D4982831%26level%3D1%26srcref%3Dhttps%253A%252F%252Flnk.thebigadsstore.com%252F&cid=8215&tpsync=yes
IP 34.95.127.121:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /p/?return=https%3A%2F%2Fticketmaster-no.tm8215.net%2Fc%2F3029083%2F462382%2F8215%3FSubId1%3D6389a819478f5c7beed5a9ed-RL-290838%26SubId2%3Dlnk.thebigadsstore.com%252Fref%252Fwww.elbil24.no%252F%26u%3Dhttps%253A%252F%252Fwww.ticketmaster.no%252F%26svlink%3D4982831%26level%3D1%26srcref%3Dhttps%253A%252F%252Flnk.thebigadsstore.com%252F&cid=8215&tpsync=yes HTTP/1.1
Host: www.ojrq.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lnk.thebigadsstore.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: Fri, 02 Dec 2022 07:24:11 GMT
p3p: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
set-cookie: brwsr=5165ff07-7212-11ed-9ec9-d90eb3934b0f; Domain=.ojrq.net; Path=/; Secure; Max-Age=62208000; Expires=Thu, 21 Nov 2024 07:24:11 GMT; HttpOnly; SameSite=None
location: https://ticketmaster-no.tm8215.net/c/3029083/462382/8215?SubId1=6389a819478f5c7beed5a9ed-RL-290838&SubId2=lnk.thebigadsstore.com%2Fref%2Fwww.elbil24.no%2F&u=https%3A%2F%2Fwww.ticketmaster.no%2F&svlink=4982831&level=1&srcref=https%3A%2F%2Flnk.thebigadsstore.com%2F&brwsr=5165ff07-7212-11ed-9ec9-d90eb3934b0f&brwsrsig=3r40m8WfFSDyQnaRtr362XAAxEJzGR
content-length: 0
date: Fri, 02 Dec 2022 07:24:11 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ticketmaster-no.tm8215.net/c/3029083/462382/8215?SubId1=6389a819478f5c7beed5a9ed-RL-290838&SubId2=lnk.thebigadsstore.com%2Fref%2Fwww.elbil24.no%2F&u=https%3A%2F%2Fwww.ticketmaster.no%2F&svlink=4982831&level=1&srcref=https%3A%2F%2Flnk.thebigadsstore.com%2F&brwsr=5165ff07-7212-11ed-9ec9-d90eb3934b0f&brwsrsig=3r40m8WfFSDyQnaRtr362XAAxEJzGR
52.212.66.198301 Moved Permanently 0 B URL HTTP/2 ticketmaster-no.tm8215.net/c/3029083/462382/8215?SubId1=6389a819478f5c7beed5a9ed-RL-290838&SubId2=lnk.thebigadsstore.com%2Fref%2Fwww.elbil24.no%2F&u=https%3A%2F%2Fwww.ticketmaster.no%2F&svlink=4982831&level=1&srcref=https%3A%2F%2Flnk.thebigadsstore.com%2F&brwsr=5165ff07-7212-11ed-9ec9-d90eb3934b0f&brwsrsig=3r40m8WfFSDyQnaRtr362XAAxEJzGR
IP 52.212.66.198:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /c/3029083/462382/8215?SubId1=6389a819478f5c7beed5a9ed-RL-290838&SubId2=lnk.thebigadsstore.com%2Fref%2Fwww.elbil24.no%2F&u=https%3A%2F%2Fwww.ticketmaster.no%2F&svlink=4982831&level=1&srcref=https%3A%2F%2Flnk.thebigadsstore.com%2F&brwsr=5165ff07-7212-11ed-9ec9-d90eb3934b0f&brwsrsig=3r40m8WfFSDyQnaRtr362XAAxEJzGR HTTP/1.1
Host: ticketmaster-no.tm8215.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lnk.thebigadsstore.com/
Connection: keep-alive
Cookie: AWSALBCORS=e3qYXIgaoMdFCyQiO4/CoCc/xwW54KKDQRYMjESu+N2EasoMemCiwULsjaZcjKOmtVDGGeMVbDYyj/qa9W2eAxLfy/TbZj1KZYDZ8I1+oFLatQjej7+UOjLiYr8z
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Fri, 02 Dec 2022 07:24:11 GMT
content-length: 0
location: https://www.ticketmaster.no/?clickId=11tS4yyUmxyNR7RVoXTXjwISUkA0-dxND1MORM0&irgwc=1&utm_source=tredia&utm_medium=affiliate&utm_campaign=3029083&utm_content=1220128_8215
set-cookie: AWSALB=kw5+1I9rCDuY8GCOthR/l7qJ+mcyNIE5ZTsAoOHgjUt0/MkS2IvWDcLUk717Fc2b8x0SQdWtC3rGkW305KX7AxcmiFwsmayG2BEyv4/cmbOR33tAiQ5onsKL6Z4h; Expires=Fri, 09 Dec 2022 07:24:11 GMT; Path=/
AWSALBCORS=kw5+1I9rCDuY8GCOthR/l7qJ+mcyNIE5ZTsAoOHgjUt0/MkS2IvWDcLUk717Fc2b8x0SQdWtC3rGkW305KX7AxcmiFwsmayG2BEyv4/cmbOR33tAiQ5onsKL6Z4h; Expires=Fri, 09 Dec 2022 07:24:11 GMT; Path=/; SameSite=None; Secure
brwsr=5165ff07-7212-11ed-9ec9-d90eb3934b0f; Domain=.tm8215.net; Path=/; Secure; Max-Age=62208000; Expires=Thu, 21 Nov 2024 07:24:11 GMT; HttpOnly; SameSite=None
irld=LyQ71i625FUfARADzxBXisyzpT3fyQsWtWRHgyI6SJWymTXym; Path=/; Secure; Max-Age=15552000; Expires=Wed, 31 May 2023 07:24:11 GMT; HttpOnly; SameSite=None
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: Fri, 02 Dec 2022 07:24:11 GMT
p3p: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.165200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.165:0
Hash e14bb1df2f9526d470d456a9e92a0a4a
f3eb2ae09fa005f235e1b5c691f80c6bce7a6969
075cec18a706a3177b3707b4b475eec3ebf93e9bc60f88356da8ff46b74f0800
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=110916
Date: Fri, 02 Dec 2022 07:24:11 GMT
Etag: "6388af63-1d7"
Expires: Sat, 03 Dec 2022 14:12:47 GMT
Last-Modified: Thu, 01 Dec 2022 13:42:59 GMT
Server: ECS (nyb/1D1B)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RuSh6YfOd5I_Uu67rIYT8RrQGJ2e07Mxd9E0Hew1TTq5rxHSv3syyw==
Age: 1788
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash ee835c97c4a4d3790b9eeffc144e624f
160979453f3fd95d913192795fce2738fd7f925e
473f0dd7a0d556a901868be368e89de79af74f58e096a28ea50076a8ef2565b6
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 07:24:11 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 17:55:44 GMT
Expires: Tue, 06 Dec 2022 17:55:43 GMT
Etag: "160979453f3fd95d913192795fce2738fd7f925e"
Cache-Control: max-age=382891,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7732524ead9e0b4d-OSL
api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CeYSF0opA62V3CwHqgLsAdXSyySuS9Ap6Y7B40QeTKHYr&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.gamezone.no
143.204.55.22303 See Other 0 B URL HTTP/2 api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CeYSF0opA62V3CwHqgLsAdXSyySuS9Ap6Y7B40QeTKHYr&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.gamezone.no
IP 143.204.55.22:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CeYSF0opA62V3CwHqgLsAdXSyySuS9Ap6Y7B40QeTKHYr&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.gamezone.no HTTP/1.1
Host: api.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://srw.bannerwidget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 303 See Other
content-length: 0
location: https://www.gamezone.no
x-gravitee-transaction-id: 67594f88-7131-4643-994f-8871319643dc
x-gravitee-request-id: 67594f88-7131-4643-994f-8871319643dc
clickid: 107698149_1669965852244_10066824
accept-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
set-cookie: datadome=4KJbQBjOqxng65KU3-McQTIeCzDb75e0zsgPf-gPI8JN9FkzJbEe4pYhRjZuuU6K6SYnEkAeX3EbY-H~X_elEQsbNrm1d9SE1lT23y4u4~0pqf3SeA3bt4HQJuYS~Njt; Max-Age=31536000; Expires=Sat, 02 Dec 2023 07:24:12 GMT; SameSite=Lax; Path=/; Domain=.kelkoo.net; Secure
kelkooID=a4c6295-184d1b8ae54-302caf; Max-Age=31536000; Expires=Sat, 02 Dec 2023 07:24:12 GMT; SameSite=None; Path=/; Domain=kelkoogroup.net; Secure; HTTPOnly
x-datadome: protected
request-time: PT0.012665S
x-robots-tag: noindex,nofollow
referrer-policy: origin-when-cross-origin
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
date: Fri, 02 Dec 2022 07:24:12 GMT
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nwXMXg0bdM_DdzqZCN9SwF-w7l7qIbNtp3HbpZVlroadGTowby5qUQ==
X-Firefox-Spdy: h2
analytics.ticketmaster.no/api/reports
151.101.194.87200 OK 4 B URL HTTP/2 analytics.ticketmaster.no/api/reports
IP 151.101.194.87:0
File type ASCII text, with no line terminators
Hash 5b3abf9c1aa7556c3a36fea4e695c5d2
3fd967d09a748e1f2b26d6fe562e7155aa87e9de
98c4922bb641c65c7a30b7bcafdf230b9b00b6693631c56146ab25b2786ee4a3
POST /api/reports HTTP/1.1
Host: analytics.ticketmaster.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 7536
Origin: https://www.ticketmaster.no
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: application/json
cache-control: no-store, private, s-maxage=0
accept-ranges: bytes
date: Fri, 02 Dec 2022 07:24:12 GMT
via: 1.1 varnish
x-robots-tag: none
x-served-by: cache-bma1668-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669965852.371066,VS0,VE41
access-control-allow-origin: https://www.ticketmaster.co.uk https://www.ticketmaster.ie https://www.ticketmaster.com.au https://www.ticketmaster.co.nz https://www.ticketmaster.no https://www.ticketmaster.mx https://www.ticketmaster.pl https://www.ticketmaster.it https://www.ticketmaster.fr https://www.livenation.com https://www.ticketmaster.com https://www.ticketmaster.ae https://www.ticketmaster.de https://www.ticketmaster.se https://www.ticketmaster.ch https://www.ticketmaster.dk https://www.ticketmaster.be https://www.ticketmaster.fi https://www.ticketmaster.ae https://www.ticketmaster.at https://www.ticketmaster.cz https://www.ticketmaster.es https://www.ticketmaster.nl https://www.ticketmaster.com.au https://www.ticketmaster.cz https://www.ticketmaster.es https://www.ticketmaster.nl https://www.ticketmaster.co.za
content-length: 4
X-Firefox-Spdy: h2
www.gamezone.no/
80.86.135.22301 Moved Permanently 143 B IP 80.86.135.22:0
ASN #21119 Braathe Gruppen AS
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash fe02ba24a46719f530235ee4d8ad5a5e
abd4b424f60d510cfabbfa948bb6afc90954ff8e
b03292525efcbb04814e994e634589ce3561bc30248740a19dae49765c08af72
GET / HTTP/1.1
Host: www.gamezone.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://srw.bannerwidget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
location: https://gamezone.no/
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Fri, 02 Dec 2022 07:24:11 GMT
content-length: 143
X-Firefox-Spdy: h2
gamezone.no/
80.86.135.22200 OK 20 kB IP 80.86.135.22:0
ASN #21119 Braathe Gruppen AS
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2360), with CRLF, LF line terminators
Hash 3f799c90e24639d980690fbad2963a45
7119ddd4767c8865880ea79a8765402f762c57d6
2a5c67dd86a330f7e205cbe8f6b867e9e369c26b834fed37a0bf4b872804e764
GET / HTTP/1.1
Host: gamezone.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://srw.bannerwidget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-frame-options: DENY, DENY
x-aspnet-version: 4.0.30319
set-cookie: .ASPXANONYMOUS=F7Il6rA82QEkAAAAYTdiY2JlNzEtNjExNS00ZjIyLWE5YjYtNWJlNzQ1NmJlMTg5be6fpewGK37X6ngnZLjnOXQIGxc1; expires=Thu, 09-Feb-2023 18:04:12 GMT; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=yxt4mtddncgkls1cdo1eiq3v; path=/; HttpOnly; SameSite=Lax
McWeb3.15.2-3=DeviceSize=lg; expires=Sat, 02-Dec-2023 07:24:12 GMT; path=/; SameSite=Lax
McWeb3.15.2-3=DeviceSize=lg; expires=Sat, 02-Dec-2023 07:24:12 GMT; path=/; SameSite=Lax
x-powered-by: ASP.NET
x-ua-compatible: IE=Edge
date: Fri, 02 Dec 2022 07:24:11 GMT
content-length: 20068
X-Firefox-Spdy: h2
analytics.ticketmaster.no/api/reports
151.101.194.87200 OK 4 B URL HTTP/2 analytics.ticketmaster.no/api/reports
IP 151.101.194.87:0
File type ASCII text, with no line terminators
Hash 5b3abf9c1aa7556c3a36fea4e695c5d2
3fd967d09a748e1f2b26d6fe562e7155aa87e9de
98c4922bb641c65c7a30b7bcafdf230b9b00b6693631c56146ab25b2786ee4a3
POST /api/reports HTTP/1.1
Host: analytics.ticketmaster.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 7536
Origin: https://www.ticketmaster.no
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
content-type: application/json
cache-control: no-store, private, s-maxage=0
accept-ranges: bytes
date: Fri, 02 Dec 2022 07:24:12 GMT
via: 1.1 varnish
x-robots-tag: none
x-served-by: cache-bma1668-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669965852.378121,VS0,VE79
access-control-allow-origin: https://www.ticketmaster.co.uk https://www.ticketmaster.ie https://www.ticketmaster.com.au https://www.ticketmaster.co.nz https://www.ticketmaster.no https://www.ticketmaster.mx https://www.ticketmaster.pl https://www.ticketmaster.it https://www.ticketmaster.fr https://www.livenation.com https://www.ticketmaster.com https://www.ticketmaster.ae https://www.ticketmaster.de https://www.ticketmaster.se https://www.ticketmaster.ch https://www.ticketmaster.dk https://www.ticketmaster.be https://www.ticketmaster.fi https://www.ticketmaster.ae https://www.ticketmaster.at https://www.ticketmaster.cz https://www.ticketmaster.es https://www.ticketmaster.nl https://www.ticketmaster.com.au https://www.ticketmaster.cz https://www.ticketmaster.es https://www.ticketmaster.nl https://www.ticketmaster.co.za
content-length: 4
X-Firefox-Spdy: h2
www.google-analytics.com/collect?v=1&tid=UA-24877590-4&t=pageview&ds=web&aip=1&cs=tredia&cm=affiliate&cn=3029083&cc=1220128_8215&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1118292371.1887662905
216.239.32.178200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?v=1&tid=UA-24877590-4&t=pageview&ds=web&aip=1&cs=tredia&cm=affiliate&cn=3029083&cc=1220128_8215&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1118292371.1887662905
IP 216.239.32.178:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?v=1&tid=UA-24877590-4&t=pageview&ds=web&aip=1&cs=tredia&cm=affiliate&cn=3029083&cc=1220128_8215&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1118292371.1887662905 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 17:57:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 48401
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/collect?cs=Tredia&cc=290838&ck=42259&cm=Impact&cn=Ticketmaster&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1245614112.1302051723
216.239.32.178200 OK 35 B URL HTTP/2 www.google-analytics.com/collect?cs=Tredia&cc=290838&ck=42259&cm=Impact&cn=Ticketmaster&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1245614112.1302051723
IP 216.239.32.178:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
GET /collect?cs=Tredia&cc=290838&ck=42259&cm=Impact&cn=Ticketmaster&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1245614112.1302051723 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 17:57:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 48401
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
srw.bannerwidget.tech/
35.181.10.107200 OK 0 B IP 35.181.10.107:0
POST / HTTP/1.1
Host: srw.bannerwidget.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 204
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:24:11 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2
www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_6389a819478f5c7beed5a9ed-RL-291094
172.67.128.101302 Found 0 B URL HTTP/2 www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_6389a819478f5c7beed5a9ed-RL-291094
IP 172.67.128.101:0
GET /redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_6389a819478f5c7beed5a9ed-RL-291094 HTTP/1.1
Host: www.smartredirect.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://srw.bannerwidget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 02 Dec 2022 07:24:11 GMT
content-type: text/html; charset=UTF-8
location: https://de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_6389a819478f5c7beed5a9ed-RL-291094
cache-control: no-cache, post-check=0, pre-check=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 02 Dec 2022 07:24:11 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI CUR OUR STP"
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PVkruNbpZIn%2BI%2F3UCEK7WeJRWBRJMtHtkfcnQgClEsFGSRW0G5tACHDyZXJhsgZ%2FgSHIIL5M1X93reLqGjXfBaGg6SHsPV7fmk1MLy8e%2F5LwC1ophL5ddiCh2ZoI98kVst%2F13V1%2BvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732524cb8670b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.ticketmaster.no/?clickId=11tS4yyUmxyNR7RVoXTXjwISUkA0-dxND1MORM0&irgwc=1&utm_source=tredia&utm_medium=affiliate&utm_campaign=3029083&utm_content=1220128_8215
151.101.2.87200 OK 0 B URL HTTP/2 www.ticketmaster.no/?clickId=11tS4yyUmxyNR7RVoXTXjwISUkA0-dxND1MORM0&irgwc=1&utm_source=tredia&utm_medium=affiliate&utm_campaign=3029083&utm_content=1220128_8215
IP 151.101.2.87:0
GET /?clickId=11tS4yyUmxyNR7RVoXTXjwISUkA0-dxND1MORM0&irgwc=1&utm_source=tredia&utm_medium=affiliate&utm_campaign=3029083&utm_content=1220128_8215 HTTP/1.1
Host: www.ticketmaster.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lnk.thebigadsstore.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-tmsite: TM_NO
x-build-version: production-9-389-0-4573474
cache-control: max-age=15
x-powered-by: Next.js
content-type: text/html; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
age: 0
tmps-correlation-id: ff6f7a62-5382-494a-8486-772e0f98d956
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1
x-frame-options: Deny
content-security-policy: frame-ancestors 'none'; default-src https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com https://uk.tmconst.com; font-src 'self' https://uk.tmconst.com https://fonts.gstatic.com https://marketer.monetate.net/ https://cdn.smooch.io; connect-src 'self' wss://*.hotjar.com wss://api.smooch.io wss://marketplace.prod.pub-tmaws.io https://*.ticketmaster.co.uk https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.siteintercept.qualtrics.com https://*.hotjar.com https://*.permutive.com https://*.prmutv.co https://*.config.smooch.io https://epsf.ticketmaster.net https://uk.tmconst.com https://checkout.ticketmaster.com https://venueview.io-virtualvenue.com https://pubads.g.doubleclick.net https://securepubads.g.doubleclick.net https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://vc.hotjar.io https://d2v54wjmlooyi.cloudfront.net https://csi.gstatic.com https://venue.tmol.co https://adservice.google.com https://www.google.com https://analytics.tiktok.com https://ib.adnxs.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal.onetrust.com/ https://api.smooch.io https://app.ticketmaster.com https://mapsapi.tmol.co https://availability.ticketmaster.eu https://www.ticketmaster.no https://analytics.ticketmaster.no https://identity.ticketmaster.no https://app.ticketmaster.eu https://pubapi.ticketmaster.com; prefetch-src https://uk.tmconst.com https://pubapi.ticketmaster.com/sdk/ras-sdk-v0.js; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.siteintercept.qualtrics.com https://*.collect.igodigital.com https://epsf.ticketmaster.net https://uk.tmconst.com https://venueview.io-virtualvenue.com https://polyfill.io https://static.hotjar.com https://af.monetate.net https://f.monetate.net https://se.monetate.net https://sb.monetate.net https://marketer.monetate.net/ https://www.googletagservices.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://siteintercept.qualtrics.com https://d2v54wjmlooyi.cloudfront.net/ssp/libs/prod/fanbuilder/v2/fanbuilder.js https://cdn.smooch.io https://api.smooch.io https://cdn.distiltag.com https://widget.ticketmaster.eu https://securepubads.g.doubleclick.net https://script.hotjar.com https://adservice.google.ae https://adservice.google.at https://adservice.google.be https://adservice.google.ca https://adservice.google.ch https://adservice.google.co.il https://adservice.google.co.jp https://adservice.google.co.uk https://adservice.google.co.nz https://adservice.google.com https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.mx https://adservice.google.com.ph https://adservice.google.com.sa https://adservice.google.com.ua https://adservice.google.cz https://adservice.google.de https://adservice.google.dk https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ie https://adservice.google.it https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.se https://analytics.twitter.com https://analytics.tiktok.com https://connect.facebook.net https://googleads.g.doubleclick.net https://media.ticketmaster.co.uk https://static.ads-twitter.com https://www.googleadservices.com https://cdn.ampproject.org https://tpc.googlesyndication.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com/pagead/conversion_async.js https://api.permutive.com https://cdn.permutive.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://s1.ticketm.net/tm/en-us/img/static/tmcore/web-vitals.umd.js https://s.adroll.com/ https://d.adroll.com/ https://s.pinimg.com/ https://swrap.tradedoubler.com https://www.sc.pages06.net https://identity.ticketmaster.no https://my.ticketmaster.com https://secure-entry.ticketmaster.com https://pubapi.ticketmaster.com/sdk/ras-sdk-v0.js; style-src 'unsafe-inline' https://marketer.monetate.net/ https://fonts.googleapis.com/ https://cdn.smooch.io/; frame-src https://*.safeframe.googlesyndication.com https://*.siteintercept.qualtrics.com https://*.fls.doubleclick.net https://player.vimeo.com https://vars.hotjar.com https://tpc.googlesyndication.com https://sb.monetate.net https://www.google.com/recaptcha/ https://www.youtube.com https://media.ticketmaster.co.uk https://cookies.onetrust.mgr.consensu.org/ https://bid.g.doubleclick.net https://securepubads.g.doubleclick.net https://identity.ticketmaster.no https://www.ticketmaster.no https://my.ticketmaster.com; img-src data: 'self' http://track.adform.net/ http://s0.2mdn.net/ https://*.googletagmanager.com https://*.google-analytics.com https://*.fls.doubleclick.net https://*.googleusercontent.com https://uk.tmconst.com https://cbt-assets.tmconst.com https://media.ticketmaster.eu https://media-staging.mfol.eu-west-1.pci.public.tmaws.eu https://s1.ticketm.net https://www.facebook.com https://nova.collect.igodigital.com https://eu.qualtrics.com https://af.monetate.net https://f.monetate.net https://marketer.monetate.net/ https://tpc.googlesyndication.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.ch https://www.google.cl https://www.google.co.in https://www.google.co.jp https://www.google.co.uk https://www.google.co.nz https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.ec https://www.google.com.eg https://www.google.com.gt https://www.google.com.mx https://www.google.com.ph https://www.google.com.sa https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.rs https://www.google.ru https://www.google.se https://ad.doubleclick.net https://cm.g.doubleclick.net https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://prismic-images.tmol.io https://i.ytimg.com/ https://i.vimeocdn.com/ https://media.ticketmaster.co.uk https://s3.eu-west-2.amazonaws.com/onsale-img/tmimages/TM_GenCatImgs_Generic.jpg https://s3.eu-west-2.amazonaws.com/onsale-img/tmimages/TM_GenCatImgs_Music.jpg https://s3.eu-west-1.amazonaws.com/ https://cx.atdmt.com https://venueview.io-virtualvenue.com https://secure.adnxs.com https://t.co https://analytics.twitter.com https://ads.avocet.io https://ads.avct.cloud https://googlesync.permutive.com/ https://cdn.cookielaw.org/ https://pixel.quantserve.com https://www.gstatic.com/ https://image.mailing.ticketmaster.com/ https://cdn.smooch.io https://media.smooch.io https://ct.pinterest.com/ https://sp.analytics.yahoo.com/ https://www.pages06.net/ https://identity.ticketmaster.no https://mapsapi.tmol.co; media-src https://uk.tmconst.com/; object-src 'none'; base-uri 'self'; worker-src 'self' blob: https://www.google.com/recaptcha/; child-src blob: https://*.siteintercept.qualtrics.com; report-uri https://analytics.ticketmaster.no/api/reports
x-fastly: ICCP-GLOBAL-PROD
fastly-restarts: 1
x-origin-name: 1GUugFzYescHPg4UVycAKL--F_iccp
date: Fri, 02 Dec 2022 07:24:12 GMT
x-served-by: cache-bma1648-BMA, cache-bma1648-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
vary: Accept-Encoding
content-length: 71553
X-Firefox-Spdy: h2
de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_6389a819478f5c7beed5a9ed-RL-291094
18.198.169.187302 Found 0 B URL HTTP/2 de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_6389a819478f5c7beed5a9ed-RL-291094
IP 18.198.169.187:0
GET /redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_6389a819478f5c7beed5a9ed-RL-291094 HTTP/1.1
Host: de.trck.one
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://srw.bannerwidget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Fri, 02 Dec 2022 07:24:12 GMT
content-type: text/html; charset=UTF-8
location: https://api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CeYSF0opA62V3CwHqgLsAdXSyySuS9Ap6Y7B40QeTKHYr&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.gamezone.no
server: nginx
cache-control: no-cache, private
X-Firefox-Spdy: h2