Report - pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.us.chrome.&k=bfb&url=go.redanemone.xyz&xrw=&lid=6389a808b4d63d6ed27f6bcf&fid=888

Report Overview

Submitted URL
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.us.chrome.&k=bfb&url=go.redanemone.xyz&xrw=&lid=6389a808b4d63d6ed27f6bcf&fid=888
IP
5.161.78.177
ASN
#213230 Hetzner Online GmbH
Submitted
2022-12-02 07:24:17
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.6 kB	3.7 kB	216.239.32.178
ocsp.sectigo.com	487	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	680 B	1.9 kB	104.18.32.68
samba.trffclb.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.7 kB	1.4 kB	51.83.143.92
bnr.thedataclicks.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	817 B	1.7 kB	18.210.123.3
d1aaucsx2ftut2.cloudfront.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	435 B	185 kB	143.204.42.82
api.kelkoogroup.net	468795	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	657 B	1.3 kB	143.204.55.22
www.smartredirect.de	180667	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	685 B	1.1 kB	172.67.128.101
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.0 kB	4.0 kB	93.184.220.29
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.9 kB	34.160.144.191
dipaka-ead.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	510 B	998 B	3.212.50.125
lnk.thebigadsstore.com	955773	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	612 B	1.2 kB	35.181.10.107
ticketmaster-no.tm8215.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.5 kB	2.8 kB	52.212.66.198
www.ojrq.net	8784	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	821 B	920 B	34.95.127.121
cola.trffclb.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	551 B	299 B	51.83.143.92
ps.popcash.net	67692	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	815 B	757 B	52.20.154.189
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.8 kB	4.9 kB	143.204.42.165
de.trck.one	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	676 B	387 B	18.198.169.187
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
popcash.net	11104	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	486 B	742 B	172.67.194.203
analytics.ticketmaster.no	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	868 B	2.3 kB	151.101.194.87
www.gamezone.no	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	470 B	374 B	80.86.135.22
gamezone.no	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	480 B	21 kB	80.86.135.22
srw.bannerwidget.tech	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	592 B	136 B	35.181.10.107
www.ticketmaster.no	739186	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	616 B	8.0 kB	151.101.2.87
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	463 B	644 B	5.161.78.177
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	52.88.220.109
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	686 B	1.4 kB	142.250.74.131
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	48 kB	34.120.237.76
lnk.clickadsolutions.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.5 kB	17 kB	35.181.10.107
r.srvtrck.com	45104	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	635 B	407 B	104.19.168.96
ocsp.r2m01.amazontrust.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	350 B	1.0 kB	54.230.80.227

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-02	medium	ps.popcash.net/go/134600/317194	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-12-02	medium	trffclb.com	Sinkholed
2022-12-02	medium	trffclb.com	Sinkholed
2022-12-02	medium	trffclb.com	Sinkholed
2022-12-02	medium	trffclb.com	Sinkholed

JavaScript (7)

	URL	Size	First Seen	Last Seen
	lnk.clickadsolutions.com/js/c.js	7.8 kB	2023-03-08	2023-03-13
Pretty URL lnk.clickadsolutions.com/js/c.js IP 35.181.10.107 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:28 Last Seen2023-03-13 08:19:05 Times Seen1 Hash 28f147c32edde42fcfabfc9cfa93edcd 4540d4c6db74de7651a1fe723ea0aa563b4c0678 e762d6ca1ddd7dab2fa0db7702efdbd3bc10e6f7f3be7b0f8818d45d5bcb96d7 Loading...

	lnk.clickadsolutions.com/?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253D2b2a62f77d644877a0fadc1de00a8e06%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D6389a819478f5c7beed5a9ed-RL-269379&log=false&type=ROTATOR_LINK&linkId=269379&clickId=6389a819478f5c7beed5a9ed&br=true	99 B	2023-03-08	2023-04-05
Pretty URL lnk.clickadsolutions.com/?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253D2b2a62f77d644877a0fadc1de00a8e06%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D6389a819478f5c7beed5a9ed-RL-269379&log=false&type=ROTATOR_LINK&linkId=269379&clickId=6389a819478f5c7beed5a9ed&br=true IP 35.181.10.107 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:27 Last Seen2023-04-05 02:08:50 Times Seen2 Hash a536872d923707207a883ec41c6c690f 3e90562383a35824c8841b047f1d0c208a09304c 8fe3869a9284726d2f7f8baff0c69342a06f13f900d5a8e066f6db93054d5abd Loading...

	lnk.clickadsolutions.com/?bt=lnk.thebigadsstore.com&ref=https%3A%2F%2Fwww.elbil24.no%2F&friend=&u=ticketmaster-no.tm8215.net%252F3PYq4d%253FSubId1%253D6389a819478f5c7beed5a9ed-RL-290838%2526SubId2%253Dlnk.thebigadsstore.com%25252Fref%25252Fwww.elbil24.no%25252F&log=false&type=ROTATOR_LINK&linkId=290838&clickId=6389a819478f5c7beed5a9ed&br=false	48 B	2023-03-08	2023-04-05
Pretty URL lnk.clickadsolutions.com/?bt=lnk.thebigadsstore.com&ref=https%3A%2F%2Fwww.elbil24.no%2F&friend=&u=ticketmaster-no.tm8215.net%252F3PYq4d%253FSubId1%253D6389a819478f5c7beed5a9ed-RL-290838%2526SubId2%253Dlnk.thebigadsstore.com%25252Fref%25252Fwww.elbil24.no%25252F&log=false&type=ROTATOR_LINK&linkId=290838&clickId=6389a819478f5c7beed5a9ed&br=false IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:27 Last Seen2023-04-05 02:08:51 Times Seen2 Hash 4b0a2f4dabda3d3b5356c55d46a8ad3b 48421c432e202bb4e2c4d42124cf40515ca0bcab 88b835b90d7455e201ce090833d5056c11df0b91e86c483b581121a9c361fc76 Loading...

	samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.	288 B	2023-03-07	2023-04-02
Pretty URL samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome. IP 51.83.143.92 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:48 Last Seen2023-04-02 21:16:29 Times Seen4 Hash 39b0d0273a1fb864d830216dd7c2e357 dc5db9208682c1f704ac3f47978f9667c1371fb5 6e15d354cc231f333118b1508b21ece489e38854d556fa95d1e0cd222a8ea570 Loading...

	ps.popcash.net/go/134600/317194	386 B	2023-03-08	2023-03-08
Pretty URL ps.popcash.net/go/134600/317194 IP 52.20.154.189 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:45 Last Seen2023-03-08 14:32:46 Times Seen1 Hash 09cb59cf448af91eac4b1a08f304639a d14e8625df92748f9b2a1cea1e2aac1ec939792c 1a41240a899751e37b3cd05cd82ba002b27b49b4093e90410818de1bb97ee148 Loading...

	samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.	243 B	2023-03-07	2023-04-02
Pretty URL samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome. IP 51.83.143.92 ASN #16276 OVH SAS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:04:48 Last Seen2023-04-02 21:16:29 Times Seen4 Hash c5ece1e9d202b87cb431d3d96e5575b6 f6d83964155d7c1613c5708b3dd802cedd431061 f2bbcb4681e3c185c2ab19b1c09ce623d2d516dc49f32d3773e769ae0db74be4 Loading...

	bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000190#pc151445	743 B	2023-03-08	2023-03-08
Pretty URL bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000190#pc151445 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:32:45 Last Seen2023-03-08 14:32:45 Times Seen1 Hash 72996339c689f4911b919c253a37612e 638af753921ed2a0b844e8d0d08add9be0640b63 4cc0a6f6552175de47913f4ec952a2b2f31f3b23f099d6ba24f5a7644965f1ac Loading...

HTTP Transactions (69)

URL IP Response Size

pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.us.chrome.&k=bfb&url=go.redanemone.xyz&xrw=&lid=6389a808b4d63d6ed27f6bcf&fid=888

5.161.78.177

307 Temporary Redirect

164 B

URL HTTP/1.1
pdxx-7fmavzpxk2xlm-4-2.lowsea.fun/emw/v1/dt?sid=888.us.chrome.&k=bfb&url=go.redanemone.xyz&xrw=&lid=6389a808b4d63d6ed27f6bcf&fid=888
IP
5.161.78.177:0
ASN
#213230 Hetzner Online GmbH

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
164 B (164 bytes)
Hash
813f9846b49c0ada805648edf1b2fdbd
caa24890460f73e6a72bb49426351e67e83b053d
8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3

HTTP Headers

GET /emw/v1/dt?sid=888.us.chrome.&k=bfb&url=go.redanemone.xyz&xrw=&lid=6389a808b4d63d6ed27f6bcf&fid=888 HTTP/1.1
Host: pdxx-7fmavzpxk2xlm-4-2.lowsea.fun
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 307 Temporary Redirect
Date: Fri, 02 Dec 2022 07:24:06 GMT
Content-Type: text/html
Content-Length: 164
Connection: keep-alive
Keep-Alive: timeout=10
Set-Cookie: emwxcid_4_1=8wCM6M4bkp9WMWz0pxJVlZbspuTV8qyzX30L2dO8HdeRLUqqK1; expires=Sat, Dec 02 2023 07:24:06 GMT; Max-Age=31536000; path=/; domain=lowsea.fun; SameSite=Lax
Location: https://cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=6389a808b4d63d6ed27f6bcf&source=888.us.chrome.

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3724
Expires: Fri, 02 Dec 2022 08:26:10 GMT
Date: Fri, 02 Dec 2022 07:24:06 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5523
Cache-Control: max-age=103149
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:06 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 12:03:15 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Type, Backoff, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 02 Dec 2022 07:18:11 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 355
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20185
Expires: Fri, 02 Dec 2022 13:00:31 GMT
Date: Fri, 02 Dec 2022 07:24:06 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: V+zIgpfLcb/B8GJHVoft4en10a2CQX2pUnXaQbuYGPg9l99TGnsP/VRZQvqPsZNcyDgUzOjWULWrIyraeNO+fg==
x-amz-request-id: 9G2R535HQS60R1M1
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 02 Dec 2022 06:46:00 GMT
age: 2286
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
66ae0b4b78341156a1aa336452c080dc
ebe20f19403a9124fd378eeab82d943b890fd53b
729d7c2013164d474d00f20cda869d86da1c9de6e31832308fec1eda4fe940ba

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "729D7C2013164D474D00F20CDA869D86DA1C9DE6E31832308FEC1EDA4FE940BA"
Last-Modified: Tue, 29 Nov 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1648
Expires: Fri, 02 Dec 2022 07:51:34 GMT
Date: Fri, 02 Dec 2022 07:24:06 GMT
Connection: keep-alive

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Fri, 02 Dec 2022 07:24:06 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=6389a808b4d63d6ed27f6bcf&source=888.us.chrome.

51.83.143.92

302 Found

0 B

URL HTTP/1.1
cola.trffclb.com/a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=6389a808b4d63d6ed27f6bcf&source=888.us.chrome.
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /a.php?p=c:xecd97ulmxry7e481&d=62ff4322ec41a549b07c0d74&pid=6389a808b4d63d6ed27f6bcf&source=888.us.chrome. HTTP/1.1
Host: cola.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Dec 2022 07:24:06 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 11hx4alk7e
Raund: 2is
Location: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.

samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.

51.83.143.92

200 OK

500 B

URL HTTP/1.1
samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type
HTML document text\012- HTML document, ASCII text, with very long lines (551)
Size
500 B (500 bytes)
Hash
77b3a918b3b7a47d979d0734c059fc3c
2adc8afb30e36816ed9d64e2fb4bde19a5fb7174
0f41b65ee4f0dba9179b8d24cfedfd885f76fdb2a7598e807d4460b4e053b641

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome. HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 07:24:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=6389a8175e29071b29621545; expires=Mon, 05-Dec-2022 07:24:07 GMT; Max-Age=259200; path=/; domain=samba.trffclb.com; HttpOnly
Content-Encoding: gzip

samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.&bv=1

51.83.143.92

302 Found

0 B

URL HTTP/1.1
samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.&bv=1
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.&bv=1 HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.
Cookie: bt-603611c5b7eaf46891533240=6389a8175e29071b29621545
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 302 Found
Server: nginx
Date: Fri, 02 Dec 2022 07:24:07 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Set-Cookie: bt-603611c5b7eaf46891533240=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=samba.trffclb.com; HttpOnly
Round: 119cdtswvl
Raund: 2si
Location: https://popcash.net/world/go/134600/317194

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Retry-After, Cache-Control, Content-Type, Pragma, Backoff, ETag, Expires, Content-Length, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 02 Dec 2022 07:08:57 GMT
cache-control: public,max-age=3600
age: 910
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

samba.trffclb.com/favicon.ico

51.83.143.92

200 OK

20 B

URL HTTP/1.1
samba.trffclb.com/favicon.ico
IP
51.83.143.92:0
ASN
#16276 OVH SAS

File type
data
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: samba.trffclb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://samba.trffclb.com/l.php?p=c:9qopki6xwqp07eckv&d=603611c5b7eaf46891533240&s=int_888.us.chrome.
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 02 Dec 2022 07:24:07 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
b2a0d0fe97997d95c0dbec9c59f54fd1
bee6130ac27f4dbb0f8ea7af9ec9c72f01e97a97
be71076cdb4e0ba0865c7d8b5b2557e3586510bd4509532da41e74e132cf8d6a

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 906
Cache-Control: max-age=157543
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:07 GMT
Etag: "638968f4-118"
Expires: Sun, 04 Dec 2022 03:09:50 GMT
Last-Modified: Fri, 02 Dec 2022 02:54:44 GMT
Server: ECS (amb/6B81)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5524
Cache-Control: max-age=98086
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:07 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 10:38:53 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

52.88.220.109

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.88.220.109:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Mn8SbMz0WlyOmK+HIeN9GA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: XnrXXU6vKHvonXn7IQHFLCOVh3Y=

popcash.net/world/go/134600/317194

172.67.194.203

301 Moved Permanently

162 B

URL HTTP/2
popcash.net/world/go/134600/317194
IP
172.67.194.203:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a

HTTP Headers

GET /world/go/134600/317194 HTTP/1.1
Host: popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://samba.trffclb.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
date: Fri, 02 Dec 2022 07:24:07 GMT
content-type: text/html
content-length: 162
location: http://ps.popcash.net/go/134600/317194
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j911oafQ5VYslQcaPDVSvB%2BvHF3z5f%2Bq5UheRKXPIdnma7%2BP1Bjt2jzC0LLed94dSOFEJTVZQ1je2jM9EWdyGRltkZrjJp9YJrroc2RWtFio%2FCouHj%2Bc1E%2BDHCPQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 773252326889b512-OSL
X-Firefox-Spdy: h2

ps.popcash.net/go/134600/317194

52.20.154.189

200 OK

271 B

URL HTTP/1.1
ps.popcash.net/go/134600/317194
IP
52.20.154.189:0
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text
Size
271 B (271 bytes)
Hash
d67b23090ccf958dcecba4e6c3c8e60a
2c04109dbc074c0da9d7a49a15f29ce0a7a58e7c
f26ccece55188e254a3289f780b6336614f5bfe77f3afb226a0144492f337890

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /go/134600/317194 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/html
Date: Fri, 02 Dec 2022 07:24:08 GMT
Server: nginx
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive

ps.popcash.net/ad/ad?p=134600&w=317194&t=6f1bec4c8474f442&r=&vw=1280&vh=0

52.20.154.189

303 See Other

0 B

URL HTTP/1.1
ps.popcash.net/ad/ad?p=134600&w=317194&t=6f1bec4c8474f442&r=&vw=1280&vh=0
IP
52.20.154.189:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ad/ad?p=134600&w=317194&t=6f1bec4c8474f442&r=&vw=1280&vh=0 HTTP/1.1
Host: ps.popcash.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ps.popcash.net/go/134600/317194
Upgrade-Insecure-Requests: 1

HTTP/1.1 303 See Other
Date: Fri, 02 Dec 2022 07:24:08 GMT
Location: http://dipaka-ead.com/zcvisitor/4f428257-7212-11ed-80a6-128fe381c22d/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b#pc151445
Server: nginx
Content-Length: 0
Connection: keep-alive

dipaka-ead.com/zcvisitor/4f428257-7212-11ed-80a6-128fe381c22d/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b

3.212.50.125

302

0 B

URL HTTP/1.1
dipaka-ead.com/zcvisitor/4f428257-7212-11ed-80a6-128fe381c22d/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b
IP
3.212.50.125:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zcvisitor/4f428257-7212-11ed-80a6-128fe381c22d/7fcf9220-c93c-11e7-9820-0e06c6fba698?campaignid=7d7c3280-6dab-11ed-9d23-12beee04f19b HTTP/1.1
Host: dipaka-ead.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 
Date: Fri, 02 Dec 2022 07:24:08 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
X-WebKit-CSP: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
Location: https://bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000190
Server: vcwMmceA

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
7fd04b18b6a7aa13c60a18be8690d354
9e93f6f854f8e879236650b3db6c3357e609a4bb
c5d51a660eb6b3c487626ae53e91f6a8d9485c8cab97bd31ac68127729713553

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=88546
Date: Fri, 02 Dec 2022 07:24:08 GMT
Etag: "6388489d-1d7"
Expires: Sat, 03 Dec 2022 07:59:54 GMT
Last-Modified: Thu, 01 Dec 2022 06:24:29 GMT
Server: ECS (nyb/1D12)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Vd3e4l7la6EJZ0fDm9Th9k1nrN4YsdNJmoW6wFq2UeJ3nCdOrh2gGQ==
Age: 5725

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6055
Expires: Fri, 02 Dec 2022 09:05:04 GMT
Date: Fri, 02 Dec 2022 07:24:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6055
Expires: Fri, 02 Dec 2022 09:05:04 GMT
Date: Fri, 02 Dec 2022 07:24:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6055
Expires: Fri, 02 Dec 2022 09:05:04 GMT
Date: Fri, 02 Dec 2022 07:24:09 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6055
Expires: Fri, 02 Dec 2022 09:05:04 GMT
Date: Fri, 02 Dec 2022 07:24:09 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg

34.120.237.76

200 OK

8.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.9 kB (8863 bytes)
Hash
156e9ea97b774cbd8361072e4041b6c8
fc71ae3cae92ed6011904bb2367f23bf4e69fab4
58d953c19ebbbdfc3965bbe3f52308d4702deaf4d0c029f4674bcb862da138af

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb582f62c-d1ce-4054-b87e-36be40dadfa4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8863
x-amzn-requestid: 798d014b-0f9c-4787-a676-8f5e8fae3d11
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cdG14HBNIAMFdWg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638851bf-7549feac6d476a8512676412;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 07:03:27 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: r_0F64VpyutAOJ9IcTWrs3Sv--fhKiwKsV1FW0fOMSRt1QLLPxvJzg==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 07:43:11 GMT
age: 85258
etag: "fc71ae3cae92ed6011904bb2367f23bf4e69fab4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.2 kB (6174 bytes)
Hash
b986f9fcbeca91ed5c8d58fbfaf47d19
6e6c8bd2bce144cc4da1cd7be375b046b60dca79
07a8938d2841f8c13bd646f4e79e41e46acd6463aa019cd70871b3741f12bb4f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F683f066f-699d-4765-8f4f-33c72e1672e2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6174
x-amzn-requestid: f78f1e9d-8c0c-495d-a862-61838f8297e8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZ0iyH2WoAMFQdg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63870144-45442a8544259930564f685b;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 07:07:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: QIOz71_Kr08pIIwOm2GUkWr421fO7-UyUI7LYld0JBaGnYQ0j3IDFg==
via: 1.1 eece508272520f70691e4eebdc5a6dea.cloudfront.net (CloudFront), 1.1 d6a002c70d55f415107618b0750d493c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 02 Dec 2022 06:00:48 GMT
age: 5001
etag: "6e6c8bd2bce144cc4da1cd7be375b046b60dca79"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

2.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
2.9 kB (2942 bytes)
Hash
b47431190f34eccf0a6efb98e2a32b7d
9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704
08d3b6be354cafb70c20e6865788cb375adbf88d47711651fe1a3b855094daf2

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b6b798b-d396-454d-9d5b-17b47827e4ad.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 2942
x-amzn-requestid: ed26679f-cd56-477f-9914-f9afbcaaeea6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoGFYoAMFWgA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-4ec6bebe21656d5026456994;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: Fw6nrporwF27NW0-vXpaolW79nDXLF2RyS-lqhhp1osHt7q98VpI3g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:49:56 GMT
age: 34453
etag: "9fc7ab3a4eb2d36fd6df7e0267a26a47627d1704"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4840 bytes)
Hash
60ccdde4ce64b4a3fe6fc2a059b3bde1
5ce119089f4a4cd139b523889b6cd84cd79191f4
2089225a6dc13845ab8e031416920d16952ae1461ca10d72c408ad001ed8f27b

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb543a0f6-0efe-4518-9420-4eff88edf8e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4840
x-amzn-requestid: 6bc8fa91-5696-4bc6-b1e7-3c36b2c01801
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGxTFxyoAMFRzA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891e6e-3e85b78905aaa73726eef85a;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:36:46 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: UraCGe--VISONXzaUBpA7vuLuD5l7zihtQIph7LVn1QsS8MjLBbvKw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:48:51 GMT
age: 34518
etag: "5ce119089f4a4cd139b523889b6cd84cd79191f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11443 bytes)
Hash
d08081e2dd562ef50e4e98ebc0136698
b5118bca37feda2ada3001199dc1d80ac6d2aacc
5160333e0cfd338b3887972d0a5c0f817ef88b70b7eb78e4e25d153a85e3478f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F937deb9c-e12c-486f-bf82-4833aed00836.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11443
x-amzn-requestid: 21469d81-ee4b-47f3-8877-b6658b3ea8b8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfHDHE4zoAMFvfw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891ee0-5b39eddd703ea04e6a1355f8;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:38:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: nPuZoyOu_QAqbZvTUaNy1J3BOqnR2ttrIhv9BwRmWnKeba-e6MZWKA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:55:34 GMT
age: 34115
etag: "b5118bca37feda2ada3001199dc1d80ac6d2aacc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.7 kB (7732 bytes)
Hash
379a4a1b95d3aa3c5a4f8e7f9abb030f
d45dceb3dc58a07197aa5077582b5b1cd2ff791a
1b92dec5bf90beffbcd9060052b8788f08645dd4ba34219f7ddb2d40bbd2d151

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F864be807-d5f6-42e3-bd58-f7641a256b9a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7732
x-amzn-requestid: 3781c2b7-082a-468a-a186-f7483494e749
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cfGeoEq3IAMFnKg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63891df7-679fe9f905e07abf4e6a812c;Sampled=0
x-amzn-remapped-date: Thu, 01 Dec 2022 21:34:47 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FhCtGsjgnq83-zRNBH-y9BHUh2IRaN0ahO-BCUw7bTWU8jAanBqdlA==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 21:53:35 GMT
age: 34234
etag: "d45dceb3dc58a07197aa5077582b5b1cd2ff791a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000190

18.210.123.3

200 OK

1.6 kB

URL HTTP/2
bnr.thedataclicks.com/get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000190
IP
18.210.123.3:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (793)
Size
1.6 kB (1571 bytes)
Hash
122ecae1319681ff5fbc29feb8ed1be6
d5231fe55b766b6ebb0a46c5c7f48cb5b8c6da12
d3f2141b143e8b31702cfe3b8d052fa39541263566fa9e0f1a3ad4f95f38d177

HTTP Headers

GET /get/Y2x1uwhzCQUWsRki19S5Fpdr?target=whiskey-ria-ss9gkru3z&source=vitellary-lion&keyword=mainstream&match=&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&trafficType=POPUP&visitorType=NON-ADULT&campaignId=1998166&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&campaignName=NEW+-+ZP5+-+NO&cost=0.000190 HTTP/1.1
Host: bnr.thedataclicks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ps.popcash.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: awselb/2.0
date: Fri, 02 Dec 2022 07:24:09 GMT
content-type: text/html
content-length: 1571
X-Firefox-Spdy: h2

d1aaucsx2ftut2.cloudfront.net/jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg

143.204.42.82

200 OK

184 kB

URL HTTP/2
d1aaucsx2ftut2.cloudfront.net/jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg
IP
143.204.42.82:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 800x575, components 3\012- data
Size
184 kB (184529 bytes)
Hash
ef60018c5db320c478ea0738b33966e5
9dd467554cf4b76fc7df3eaac3766d29bdb2b543
9789121067d1f5aa7eeb3267b926014932e6d089fa6053ff05289875f9b262e5

HTTP Headers

GET /jcm-mm/dbf22d50eb3f9d835a7399371403565c.jpg HTTP/1.1
Host: d1aaucsx2ftut2.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnr.thedataclicks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 184529
last-modified: Wed, 15 Apr 2020 16:57:11 GMT
accept-ranges: bytes
server: AmazonS3
date: Fri, 02 Dec 2022 00:38:15 GMT
etag: "ef60018c5db320c478ea0738b33966e5"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zAYbjqlEeB2uH6Ub7ck66m4qGxjxHQ6j2Zw-4VHzmI7IYG5PfCaRYA==
age: 25868
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
d06c2e72f541ae9febef6cad5ec48667
211308b2ad217e40bc49e6f74454b788273c9e3d
069c430ea7d0aff680c3814ee42280647cbb3e8ba78bed0d56e0d96de1efeccc

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 02 Dec 2022 07:24:09 GMT
Etag: "63888acf-1d7"
Last-Modified: Fri, 02 Dec 2022 06:05:36 GMT
Server: ECS (dcb/7F5E)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: jga6qm1YLqXa6KRuhK2m5Mzmrmvjm4jEAx5XDlu82-XAQE9K5uThkw==
Age: 4713

lnk.clickadsolutions.com/js/c.js

35.181.10.107

200 OK

7.8 kB

URL HTTP/2
lnk.clickadsolutions.com/js/c.js
IP
35.181.10.107:0
ASN
#16509 AMAZON-02

File type
ASCII text
Size
7.8 kB (7804 bytes)
Hash
28f147c32edde42fcfabfc9cfa93edcd
4540d4c6db74de7651a1fe723ea0aa563b4c0678
e762d6ca1ddd7dab2fa0db7702efdbd3bc10e6f7f3be7b0f8818d45d5bcb96d7

HTTP Headers

GET /js/c.js HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000190&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=3451:1796:1796:1; rls=290838:1796:1796:1|291094:1796:1796:1|269379:1796:1796:1; com=162:92:NO:1796:1796:1|10070:141:NO:1796:1796:1|16573:166:NO:1796:1796:1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:24:10 GMT
content-type: application/javascript
content-length: 7804
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
last-modified: Wed, 16 Nov 2022 11:50:41 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2

lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000190&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&c2=true&vpw=1280&vph=1024

35.181.10.107

200 OK

4.9 kB

URL HTTP/2
lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000190&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&c2=true&vpw=1280&vph=1024
IP
35.181.10.107:0
ASN
#16509 AMAZON-02

File type
data
Size
4.9 kB (4865 bytes)
Hash
35dccfb458c52fbd18bd214392bd67fe
7413cfe793820a856872efb9f4252a037c1c2711
999a1c296aa65de6f0dba9f9c1bd8b2d2d002a9b10bffc840d14de1d8f4e6ec8

HTTP Headers

GET /trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000190&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&c2=true&vpw=1280&vph=1024 HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnr.thedataclicks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:24:10 GMT
content-type: text/html;charset=UTF-8
set-cookie: v=t; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 07:24:09 GMT; Secure; SameSite=None
cas=3451:1796:1796:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 07:24:09 GMT; Secure; SameSite=None
rls=290838:1796:1796:1|291094:1796:1796:1|269379:1796:1796:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 07:24:09 GMT; Secure; SameSite=None
com=162:92:NO:1796:1796:1|10070:141:NO:1796:1796:1|16573:166:NO:1796:1796:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Sat, 02 Dec 2023 07:24:09 GMT; Secure; SameSite=None
content-language: en-US
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

lnk.clickadsolutions.com/?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D6389a819478f5c7beed5a9ed-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=6389a819478f5c7beed5a9ed&br=false

35.181.10.107

200 OK

1.6 kB

URL HTTP/2
lnk.clickadsolutions.com/?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D6389a819478f5c7beed5a9ed-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=6389a819478f5c7beed5a9ed&br=false
IP
35.181.10.107:0
ASN
#16509 AMAZON-02

File type
data
Size
1.6 kB (1601 bytes)
Hash
04305d232a32129260d05e8e6c457967
6b6ea405218a68b491357021f9bb0935b90a74a0
8371a992ab8f8dca2750196d67acf2b52b8cc8595680a41b8219afd826e012ad

HTTP Headers

GET /?bt=srw.bannerwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D916%2526c%253Dhttps%25253A%25252F%25252Fgamezone.no%2526b%253D6389a819478f5c7beed5a9ed-RL-291094&log=false&type=ROTATOR_LINK&linkId=291094&clickId=6389a819478f5c7beed5a9ed&br=false HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000190&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=3451:1796:1796:1; rls=290838:1796:1796:1|291094:1796:1796:1|269379:1796:1796:1; com=162:92:NO:1796:1796:1|10070:141:NO:1796:1796:1|16573:166:NO:1796:1796:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:24:10 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2

lnk.clickadsolutions.com/?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253D2b2a62f77d644877a0fadc1de00a8e06%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D6389a819478f5c7beed5a9ed-RL-269379&log=false&type=ROTATOR_LINK&linkId=269379&clickId=6389a819478f5c7beed5a9ed&br=true

35.181.10.107

200 OK

1.3 kB

URL HTTP/2
lnk.clickadsolutions.com/?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253D2b2a62f77d644877a0fadc1de00a8e06%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D6389a819478f5c7beed5a9ed-RL-269379&log=false&type=ROTATOR_LINK&linkId=269379&clickId=6389a819478f5c7beed5a9ed&br=true
IP
35.181.10.107:0
ASN
#16509 AMAZON-02

File type
data
Size
1.3 kB (1306 bytes)
Hash
f9830fa93de266e920150b59ba44a870
a5ddb0f8ec48dd0fd2ed7b7cc72d748ff53bf260
9a9fee7bdd7b32e7f6d51f64bf6f0427946871460f7bfad4c348c4a3657eccc4

HTTP Headers

GET /?bt=lsm.realbiddingtrk.site&ref=&friend=&u=r.srvtrck.com%252Fv1%252Fredirect%253Ftype%253DlinkId%2526id%253D2b2a62f77d644877a0fadc1de00a8e06%2526api_key%253Df316faffab9dc5e272e33894a4e91697%2526site_id%253D30816e2d6f5a44deb6766a9b5bf58c66%2526dch%253Dfeed%2526ad_t%253Dadvertiser%2526yk_tag%253D6389a819478f5c7beed5a9ed-RL-269379&log=false&type=ROTATOR_LINK&linkId=269379&clickId=6389a819478f5c7beed5a9ed&br=true HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/Y2x1uwhzCQUWsRki19S5Fpdr?campaignId=1998166&campaignName=NEW+-+ZP5+-+NO&cost=0.000190&keyword=mainstream&longCampaignId=7d7c3280-6dab-11ed-9d23-12beee04f19b&match=&source=vitellary-lion&target=whiskey-ria-ss9gkru3z&trafficType=POPUP&visitorType=NON-ADULT&zid=zr4f428257721211ed80a6128fe381c22da6e9e7f7d5714985b8c473a78c620a2a06941504be175ba556&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=3451:1796:1796:1; rls=290838:1796:1796:1|291094:1796:1796:1|269379:1796:1796:1; com=162:92:NO:1796:1796:1|10070:141:NO:1796:1796:1|16573:166:NO:1796:1796:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:24:10 GMT
content-type: text/html;charset=UTF-8
referrer-policy: no-referrer
content-language: en-US
X-Firefox-Spdy: h2

www.google-analytics.com/collect?v=1&tid=UA-24877590-4&t=pageview&ds=web&aip=1&cs=tredia&cm=affiliate&cn=3029083&cc=1220128_8215&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1118292371.1887662905

216.239.32.178

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&tid=UA-24877590-4&t=pageview&ds=web&aip=1&cs=tredia&cm=affiliate&cn=3029083&cc=1220128_8215&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1118292371.1887662905
IP
216.239.32.178:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&tid=UA-24877590-4&t=pageview&ds=web&aip=1&cs=tredia&cm=affiliate&cn=3029083&cc=1220128_8215&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1118292371.1887662905 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 17:57:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 48399
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/collect?cs=Tredia&cc=269379&ck=42259&cm=YieldKit&cn=Gymgrossisten&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.gymgrossisten.com&dp=%2F&dt=K%C3%B6p+kosttillskott+och+tr%C3%A4ningskl%C3%A4der+hos+Gymgrossisten.com&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1970525953.1127235332

216.239.32.178

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?cs=Tredia&cc=269379&ck=42259&cm=YieldKit&cn=Gymgrossisten&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.gymgrossisten.com&dp=%2F&dt=K%C3%B6p+kosttillskott+och+tr%C3%A4ningskl%C3%A4der+hos+Gymgrossisten.com&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1970525953.1127235332
IP
216.239.32.178:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?cs=Tredia&cc=269379&ck=42259&cm=YieldKit&cn=Gymgrossisten&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.gymgrossisten.com&dp=%2F&dt=K%C3%B6p+kosttillskott+och+tr%C3%A4ningskl%C3%A4der+hos+Gymgrossisten.com&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1970525953.1127235332 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 17:57:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 48399
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/collect?v=1&tid=UA-199488-1&t=pageview&ds=web&aip=1&cs=referral&cm=4242&cn=%28not+set%29&cc=%28not+set%29&dh=www.gymgrossisten.com&dp=%2F&dt=K%C3%B6p+kosttillskott+och+tr%C3%A4ningskl%C3%A4der+hos+Gymgrossisten.com&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1381569547.1538616732

216.239.32.178

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&tid=UA-199488-1&t=pageview&ds=web&aip=1&cs=referral&cm=4242&cn=%28not+set%29&cc=%28not+set%29&dh=www.gymgrossisten.com&dp=%2F&dt=K%C3%B6p+kosttillskott+och+tr%C3%A4ningskl%C3%A4der+hos+Gymgrossisten.com&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1381569547.1538616732
IP
216.239.32.178:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&tid=UA-199488-1&t=pageview&ds=web&aip=1&cs=referral&cm=4242&cn=%28not+set%29&cc=%28not+set%29&dh=www.gymgrossisten.com&dp=%2F&dt=K%C3%B6p+kosttillskott+och+tr%C3%A4ningskl%C3%A4der+hos+Gymgrossisten.com&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1381569547.1538616732 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 17:57:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 48399
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/collect?cs=Tredia&cc=290838&ck=42259&cm=Impact&cn=Ticketmaster&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1245614112.1302051723

216.239.32.178

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?cs=Tredia&cc=290838&ck=42259&cm=Impact&cn=Ticketmaster&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1245614112.1302051723
IP
216.239.32.178:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?cs=Tredia&cc=290838&ck=42259&cm=Impact&cn=Ticketmaster&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1245614112.1302051723 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 17:57:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 48399
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
8cd876589951719c94a6d49d1494bdbd
01600c8bb95fac543696e509b3e452b90d844572
e03942321526a2303220b1abd51f82f1d4cf80e0dd22a2582cf809b8bd729521

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:11 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

r.srvtrck.com/v1/redirect?type=linkId&id=2b2a62f77d644877a0fadc1de00a8e06&api_key=f316faffab9dc5e272e33894a4e91697&site_id=30816e2d6f5a44deb6766a9b5bf58c66&dch=feed&ad_t=advertiser&yk_tag=6389a819478f5c7beed5a9ed-RL-269379

104.19.168.96

302 Found

0 B

URL HTTP/2
r.srvtrck.com/v1/redirect?type=linkId&id=2b2a62f77d644877a0fadc1de00a8e06&api_key=f316faffab9dc5e272e33894a4e91697&site_id=30816e2d6f5a44deb6766a9b5bf58c66&dch=feed&ad_t=advertiser&yk_tag=6389a819478f5c7beed5a9ed-RL-269379
IP
104.19.168.96:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v1/redirect?type=linkId&id=2b2a62f77d644877a0fadc1de00a8e06&api_key=f316faffab9dc5e272e33894a4e91697&site_id=30816e2d6f5a44deb6766a9b5bf58c66&dch=feed&ad_t=advertiser&yk_tag=6389a819478f5c7beed5a9ed-RL-269379 HTTP/1.1
Host: r.srvtrck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 02 Dec 2022 07:24:11 GMT
content-length: 0
location: http://www.gymgrossisten.com
p3p: CP="CAO PSA OUR"
set-cookie: ykuid=261a223bdb364b48b4ab151e932f3679; Domain=.srvtrck.com; Expires=Sat, 02-Dec-2023 07:24:11 GMT; Path=/
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 773252495b4db51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
a7781d215a907de66a1bf593a688a317
6b28f82822bf1ea4d9b7783940c2c5129f3ed79a
4c253851198db078244b135fb261f7625d92b368f6de368752ae5eb7df0d9a8e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=134824
Date: Fri, 02 Dec 2022 07:24:11 GMT
Etag: "63890546-1d7"
Expires: Sat, 03 Dec 2022 20:51:15 GMT
Last-Modified: Thu, 01 Dec 2022 19:49:26 GMT
Server: ECS (nyb/1D33)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: TOyHRifp9LcSTi0oTbQW5QHeHZeok_bCBpozX_B-rqQEqDRf1kxzVg==
Age: 3709

ocsp.r2m01.amazontrust.com/

54.230.80.227

200 OK

471 B

URL HTTP/1.1
ocsp.r2m01.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
0f57f16aa4488a82f9eee59c80967894
aa66901f7de99aa875ec899df9faa2913df80c09
0b2d8c2247db02218eeedcfe4aecfe2e71c7a7b4b54d71393b60eeee5a8348f5

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=128594
Date: Fri, 02 Dec 2022 07:24:11 GMT
Etag: "6388f017-1d7"
Expires: Sat, 03 Dec 2022 19:07:25 GMT
Last-Modified: Thu, 01 Dec 2022 18:19:03 GMT
Server: ECS (dcb/7FA7)
X-Cache: Miss from cloudfront
Via: 1.1 227a1815a1677b9cf6dd587e443000b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RkHtGpKaFsrvl3GtoFJK3zb1axZvoTXvbZRxb4zb3voCymjY7-__bw==
Age: 2902

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
2cddb193b601ac1b02d970e28ff13d30
5ed1aa99cd33b4959fc77738e467929067f20467
4d05aa961f9304965eecc03fd700eb3f0daa12690345634214d7871ef7a688f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4137
Cache-Control: max-age=150342
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:11 GMT
Etag: "63894038-117"
Expires: Sun, 04 Dec 2022 01:09:53 GMT
Last-Modified: Fri, 02 Dec 2022 00:00:56 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
2cddb193b601ac1b02d970e28ff13d30
5ed1aa99cd33b4959fc77738e467929067f20467
4d05aa961f9304965eecc03fd700eb3f0daa12690345634214d7871ef7a688f1

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4137
Cache-Control: max-age=150342
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:11 GMT
Etag: "63894038-117"
Expires: Sun, 04 Dec 2022 01:09:53 GMT
Last-Modified: Fri, 02 Dec 2022 00:00:56 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
84c8c16dde690dc55e7bea1ae82b471e
5acecaa0d5353416745c243552fd354a5e64db8f
d616ca4d2c4ad42cd72c6824913fa083611246a4fa543cc1101559f6bbedbb64

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2789
Cache-Control: max-age=138892
Content-Type: application/ocsp-response
Date: Fri, 02 Dec 2022 07:24:11 GMT
Etag: "638918c3-118"
Expires: Sat, 03 Dec 2022 21:59:03 GMT
Last-Modified: Thu, 01 Dec 2022 21:12:35 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
2d05c5df8e69de5cf1155440237b9eea
55de2c72883d44fce450d7407c2f30a9e5e24e95
a6113fda5b0faf6c5988682088d108c5d34445bf8d21d049aa5330ede1070645

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Fri, 02 Dec 2022 07:24:11 GMT
Last-Modified: Fri, 02 Dec 2022 06:17:34 GMT
Server: ECS (dcb/7FA8)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: FH8gmd-gt2xLpZih3J8MWcNYRdMhUXEsjrPS8b4DCWfJBO8rb9vJ4w==
Age: 3997

lnk.thebigadsstore.com/ref/www.elbil24.no/

35.181.10.107

200 OK

1.0 kB

URL HTTP/2
lnk.thebigadsstore.com/ref/www.elbil24.no/
IP
35.181.10.107:0
ASN
#16509 AMAZON-02

File type
data
Size
1.0 kB (1003 bytes)
Hash
951d16aae115f14377ecc9ddae6ec1da
be60aeeaaa4406a073a74085b63147c0694fcbae
f021e545b58b06c5d5a1864764db37eb5614d9d3d7c4b8bdf5a35863040873bf

HTTP Headers

POST /ref/www.elbil24.no/ HTTP/1.1
Host: lnk.thebigadsstore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 235
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:24:11 GMT
content-type: text/html;charset=UTF-8
referrer-policy: no-referrer-when-downgrade
content-language: en-US
X-Firefox-Spdy: h2

ticketmaster-no.tm8215.net/3PYq4d?SubId1=6389a819478f5c7beed5a9ed-RL-290838&SubId2=lnk.thebigadsstore.com%2Fref%2Fwww.elbil24.no%2F

52.212.66.198

302 Found

412 B

URL HTTP/2
ticketmaster-no.tm8215.net/3PYq4d?SubId1=6389a819478f5c7beed5a9ed-RL-290838&SubId2=lnk.thebigadsstore.com%2Fref%2Fwww.elbil24.no%2F
IP
52.212.66.198:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (411)
Size
412 B (412 bytes)
Hash
c08317c1646eaad443ed79c1c0619a1e
a86bd12131af6e542e8bfe3714caeaed79138bbf
be63a9357ab1c35ee81b785267154a1a0b6b36c405fb6d80b6c2376763a605f6

HTTP Headers

GET /3PYq4d?SubId1=6389a819478f5c7beed5a9ed-RL-290838&SubId2=lnk.thebigadsstore.com%2Fref%2Fwww.elbil24.no%2F HTTP/1.1
Host: ticketmaster-no.tm8215.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.thebigadsstore.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 02 Dec 2022 07:24:11 GMT
content-type: text/html; charset=utf-8
content-length: 412
location: https://www.ojrq.net/p/?return=https%3A%2F%2Fticketmaster-no.tm8215.net%2Fc%2F3029083%2F462382%2F8215%3FSubId1%3D6389a819478f5c7beed5a9ed-RL-290838%26SubId2%3Dlnk.thebigadsstore.com%252Fref%252Fwww.elbil24.no%252F%26u%3Dhttps%253A%252F%252Fwww.ticketmaster.no%252F%26svlink%3D4982831%26level%3D1%26srcref%3Dhttps%253A%252F%252Flnk.thebigadsstore.com%252F&cid=8215&tpsync=yes
set-cookie: AWSALB=e3qYXIgaoMdFCyQiO4/CoCc/xwW54KKDQRYMjESu+N2EasoMemCiwULsjaZcjKOmtVDGGeMVbDYyj/qa9W2eAxLfy/TbZj1KZYDZ8I1+oFLatQjej7+UOjLiYr8z; Expires=Fri, 09 Dec 2022 07:24:11 GMT; Path=/
AWSALBCORS=e3qYXIgaoMdFCyQiO4/CoCc/xwW54KKDQRYMjESu+N2EasoMemCiwULsjaZcjKOmtVDGGeMVbDYyj/qa9W2eAxLfy/TbZj1KZYDZ8I1+oFLatQjej7+UOjLiYr8z; Expires=Fri, 09 Dec 2022 07:24:11 GMT; Path=/; SameSite=None; Secure
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: Fri, 02 Dec 2022 07:24:11 GMT
p3p: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
ee835c97c4a4d3790b9eeffc144e624f
160979453f3fd95d913192795fce2738fd7f925e
473f0dd7a0d556a901868be368e89de79af74f58e096a28ea50076a8ef2565b6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 07:24:11 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 17:55:44 GMT
Expires: Tue, 06 Dec 2022 17:55:43 GMT
Etag: "160979453f3fd95d913192795fce2738fd7f925e"
Cache-Control: max-age=382891,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7732524dfd190b4d-OSL

www.ojrq.net/p/?return=https%3A%2F%2Fticketmaster-no.tm8215.net%2Fc%2F3029083%2F462382%2F8215%3FSubId1%3D6389a819478f5c7beed5a9ed-RL-290838%26SubId2%3Dlnk.thebigadsstore.com%252Fref%252Fwww.elbil24.no%252F%26u%3Dhttps%253A%252F%252Fwww.ticketmaster.no%252F%26svlink%3D4982831%26level%3D1%26srcref%3Dhttps%253A%252F%252Flnk.thebigadsstore.com%252F&cid=8215&tpsync=yes

34.95.127.121

302 Found

0 B

URL HTTP/2
www.ojrq.net/p/?return=https%3A%2F%2Fticketmaster-no.tm8215.net%2Fc%2F3029083%2F462382%2F8215%3FSubId1%3D6389a819478f5c7beed5a9ed-RL-290838%26SubId2%3Dlnk.thebigadsstore.com%252Fref%252Fwww.elbil24.no%252F%26u%3Dhttps%253A%252F%252Fwww.ticketmaster.no%252F%26svlink%3D4982831%26level%3D1%26srcref%3Dhttps%253A%252F%252Flnk.thebigadsstore.com%252F&cid=8215&tpsync=yes
IP
34.95.127.121:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /p/?return=https%3A%2F%2Fticketmaster-no.tm8215.net%2Fc%2F3029083%2F462382%2F8215%3FSubId1%3D6389a819478f5c7beed5a9ed-RL-290838%26SubId2%3Dlnk.thebigadsstore.com%252Fref%252Fwww.elbil24.no%252F%26u%3Dhttps%253A%252F%252Fwww.ticketmaster.no%252F%26svlink%3D4982831%26level%3D1%26srcref%3Dhttps%253A%252F%252Flnk.thebigadsstore.com%252F&cid=8215&tpsync=yes HTTP/1.1
Host: www.ojrq.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lnk.thebigadsstore.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: Fri, 02 Dec 2022 07:24:11 GMT
p3p: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
set-cookie: brwsr=5165ff07-7212-11ed-9ec9-d90eb3934b0f; Domain=.ojrq.net; Path=/; Secure; Max-Age=62208000; Expires=Thu, 21 Nov 2024 07:24:11 GMT; HttpOnly; SameSite=None
location: https://ticketmaster-no.tm8215.net/c/3029083/462382/8215?SubId1=6389a819478f5c7beed5a9ed-RL-290838&SubId2=lnk.thebigadsstore.com%2Fref%2Fwww.elbil24.no%2F&u=https%3A%2F%2Fwww.ticketmaster.no%2F&svlink=4982831&level=1&srcref=https%3A%2F%2Flnk.thebigadsstore.com%2F&brwsr=5165ff07-7212-11ed-9ec9-d90eb3934b0f&brwsrsig=3r40m8WfFSDyQnaRtr362XAAxEJzGR
content-length: 0
date: Fri, 02 Dec 2022 07:24:11 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ticketmaster-no.tm8215.net/c/3029083/462382/8215?SubId1=6389a819478f5c7beed5a9ed-RL-290838&SubId2=lnk.thebigadsstore.com%2Fref%2Fwww.elbil24.no%2F&u=https%3A%2F%2Fwww.ticketmaster.no%2F&svlink=4982831&level=1&srcref=https%3A%2F%2Flnk.thebigadsstore.com%2F&brwsr=5165ff07-7212-11ed-9ec9-d90eb3934b0f&brwsrsig=3r40m8WfFSDyQnaRtr362XAAxEJzGR

52.212.66.198

301 Moved Permanently

0 B

URL HTTP/2
ticketmaster-no.tm8215.net/c/3029083/462382/8215?SubId1=6389a819478f5c7beed5a9ed-RL-290838&SubId2=lnk.thebigadsstore.com%2Fref%2Fwww.elbil24.no%2F&u=https%3A%2F%2Fwww.ticketmaster.no%2F&svlink=4982831&level=1&srcref=https%3A%2F%2Flnk.thebigadsstore.com%2F&brwsr=5165ff07-7212-11ed-9ec9-d90eb3934b0f&brwsrsig=3r40m8WfFSDyQnaRtr362XAAxEJzGR
IP
52.212.66.198:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/3029083/462382/8215?SubId1=6389a819478f5c7beed5a9ed-RL-290838&SubId2=lnk.thebigadsstore.com%2Fref%2Fwww.elbil24.no%2F&u=https%3A%2F%2Fwww.ticketmaster.no%2F&svlink=4982831&level=1&srcref=https%3A%2F%2Flnk.thebigadsstore.com%2F&brwsr=5165ff07-7212-11ed-9ec9-d90eb3934b0f&brwsrsig=3r40m8WfFSDyQnaRtr362XAAxEJzGR HTTP/1.1
Host: ticketmaster-no.tm8215.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lnk.thebigadsstore.com/
Connection: keep-alive
Cookie: AWSALBCORS=e3qYXIgaoMdFCyQiO4/CoCc/xwW54KKDQRYMjESu+N2EasoMemCiwULsjaZcjKOmtVDGGeMVbDYyj/qa9W2eAxLfy/TbZj1KZYDZ8I1+oFLatQjej7+UOjLiYr8z
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 301 Moved Permanently
date: Fri, 02 Dec 2022 07:24:11 GMT
content-length: 0
location: https://www.ticketmaster.no/?clickId=11tS4yyUmxyNR7RVoXTXjwISUkA0-dxND1MORM0&irgwc=1&utm_source=tredia&utm_medium=affiliate&utm_campaign=3029083&utm_content=1220128_8215
set-cookie: AWSALB=kw5+1I9rCDuY8GCOthR/l7qJ+mcyNIE5ZTsAoOHgjUt0/MkS2IvWDcLUk717Fc2b8x0SQdWtC3rGkW305KX7AxcmiFwsmayG2BEyv4/cmbOR33tAiQ5onsKL6Z4h; Expires=Fri, 09 Dec 2022 07:24:11 GMT; Path=/
AWSALBCORS=kw5+1I9rCDuY8GCOthR/l7qJ+mcyNIE5ZTsAoOHgjUt0/MkS2IvWDcLUk717Fc2b8x0SQdWtC3rGkW305KX7AxcmiFwsmayG2BEyv4/cmbOR33tAiQ5onsKL6Z4h; Expires=Fri, 09 Dec 2022 07:24:11 GMT; Path=/; SameSite=None; Secure
brwsr=5165ff07-7212-11ed-9ec9-d90eb3934b0f; Domain=.tm8215.net; Path=/; Secure; Max-Age=62208000; Expires=Thu, 21 Nov 2024 07:24:11 GMT; HttpOnly; SameSite=None
irld=LyQ71i625FUfARADzxBXisyzpT3fyQsWtWRHgyI6SJWymTXym; Path=/; Secure; Max-Age=15552000; Expires=Wed, 31 May 2023 07:24:11 GMT; HttpOnly; SameSite=None
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: Fri, 02 Dec 2022 07:24:11 GMT
p3p: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT"
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.165

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.165:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
e14bb1df2f9526d470d456a9e92a0a4a
f3eb2ae09fa005f235e1b5c691f80c6bce7a6969
075cec18a706a3177b3707b4b475eec3ebf93e9bc60f88356da8ff46b74f0800

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=110916
Date: Fri, 02 Dec 2022 07:24:11 GMT
Etag: "6388af63-1d7"
Expires: Sat, 03 Dec 2022 14:12:47 GMT
Last-Modified: Thu, 01 Dec 2022 13:42:59 GMT
Server: ECS (nyb/1D1B)
X-Cache: Miss from cloudfront
Via: 1.1 83a23d85c009b0c0e3626072e9f997fe.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: RuSh6YfOd5I_Uu67rIYT8RrQGJ2e07Mxd9E0Hew1TTq5rxHSv3syyw==
Age: 1788

ocsp.sectigo.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.sectigo.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
ee835c97c4a4d3790b9eeffc144e624f
160979453f3fd95d913192795fce2738fd7f925e
473f0dd7a0d556a901868be368e89de79af74f58e096a28ea50076a8ef2565b6

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Fri, 02 Dec 2022 07:24:11 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 29 Nov 2022 17:55:44 GMT
Expires: Tue, 06 Dec 2022 17:55:43 GMT
Etag: "160979453f3fd95d913192795fce2738fd7f925e"
Cache-Control: max-age=382891,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7732524ead9e0b4d-OSL

api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CeYSF0opA62V3CwHqgLsAdXSyySuS9Ap6Y7B40QeTKHYr&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.gamezone.no

143.204.55.22

303 See Other

0 B

URL HTTP/2
api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CeYSF0opA62V3CwHqgLsAdXSyySuS9Ap6Y7B40QeTKHYr&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.gamezone.no
IP
143.204.55.22:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CeYSF0opA62V3CwHqgLsAdXSyySuS9Ap6Y7B40QeTKHYr&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.gamezone.no HTTP/1.1
Host: api.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://srw.bannerwidget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 303 See Other
content-length: 0
location: https://www.gamezone.no
x-gravitee-transaction-id: 67594f88-7131-4643-994f-8871319643dc
x-gravitee-request-id: 67594f88-7131-4643-994f-8871319643dc
clickid: 107698149_1669965852244_10066824
accept-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
set-cookie: datadome=4KJbQBjOqxng65KU3-McQTIeCzDb75e0zsgPf-gPI8JN9FkzJbEe4pYhRjZuuU6K6SYnEkAeX3EbY-H~X_elEQsbNrm1d9SE1lT23y4u4~0pqf3SeA3bt4HQJuYS~Njt; Max-Age=31536000; Expires=Sat, 02 Dec 2023 07:24:12 GMT; SameSite=Lax; Path=/; Domain=.kelkoo.net; Secure
kelkooID=a4c6295-184d1b8ae54-302caf; Max-Age=31536000; Expires=Sat, 02 Dec 2023 07:24:12 GMT; SameSite=None; Path=/; Domain=kelkoogroup.net; Secure; HTTPOnly
x-datadome: protected
request-time: PT0.012665S
x-robots-tag: noindex,nofollow
referrer-policy: origin-when-cross-origin
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
date: Fri, 02 Dec 2022 07:24:12 GMT
x-cache: Miss from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: nwXMXg0bdM_DdzqZCN9SwF-w7l7qIbNtp3HbpZVlroadGTowby5qUQ==
X-Firefox-Spdy: h2

analytics.ticketmaster.no/api/reports

151.101.194.87

200 OK

4 B

URL HTTP/2
analytics.ticketmaster.no/api/reports
IP
151.101.194.87:0
ASN
#54113 FASTLY

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
5b3abf9c1aa7556c3a36fea4e695c5d2
3fd967d09a748e1f2b26d6fe562e7155aa87e9de
98c4922bb641c65c7a30b7bcafdf230b9b00b6693631c56146ab25b2786ee4a3

HTTP Headers

POST /api/reports HTTP/1.1
Host: analytics.ticketmaster.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 7536
Origin: https://www.ticketmaster.no
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
content-type: application/json
cache-control: no-store, private, s-maxage=0
accept-ranges: bytes
date: Fri, 02 Dec 2022 07:24:12 GMT
via: 1.1 varnish
x-robots-tag: none
x-served-by: cache-bma1668-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669965852.371066,VS0,VE41
access-control-allow-origin: https://www.ticketmaster.co.uk https://www.ticketmaster.ie https://www.ticketmaster.com.au https://www.ticketmaster.co.nz https://www.ticketmaster.no https://www.ticketmaster.mx https://www.ticketmaster.pl https://www.ticketmaster.it https://www.ticketmaster.fr https://www.livenation.com https://www.ticketmaster.com https://www.ticketmaster.ae https://www.ticketmaster.de https://www.ticketmaster.se https://www.ticketmaster.ch https://www.ticketmaster.dk https://www.ticketmaster.be https://www.ticketmaster.fi https://www.ticketmaster.ae https://www.ticketmaster.at https://www.ticketmaster.cz https://www.ticketmaster.es https://www.ticketmaster.nl https://www.ticketmaster.com.au https://www.ticketmaster.cz https://www.ticketmaster.es https://www.ticketmaster.nl https://www.ticketmaster.co.za
content-length: 4
X-Firefox-Spdy: h2

www.gamezone.no/

80.86.135.22

301 Moved Permanently

143 B

URL HTTP/2
www.gamezone.no/
IP
80.86.135.22:0
ASN
#21119 Braathe Gruppen AS

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text
Size
143 B (143 bytes)
Hash
fe02ba24a46719f530235ee4d8ad5a5e
abd4b424f60d510cfabbfa948bb6afc90954ff8e
b03292525efcbb04814e994e634589ce3561bc30248740a19dae49765c08af72

HTTP Headers

GET / HTTP/1.1
Host: www.gamezone.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://srw.bannerwidget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 301 Moved Permanently
content-type: text/html; charset=UTF-8
location: https://gamezone.no/
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
date: Fri, 02 Dec 2022 07:24:11 GMT
content-length: 143
X-Firefox-Spdy: h2

gamezone.no/

80.86.135.22

200 OK

20 kB

URL HTTP/2
gamezone.no/
IP
80.86.135.22:0
ASN
#21119 Braathe Gruppen AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2360), with CRLF, LF line terminators
Size
20 kB (20068 bytes)
Hash
3f799c90e24639d980690fbad2963a45
7119ddd4767c8865880ea79a8765402f762c57d6
2a5c67dd86a330f7e205cbe8f6b867e9e369c26b834fed37a0bf4b872804e764

HTTP Headers

GET / HTTP/1.1
Host: gamezone.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://srw.bannerwidget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
cache-control: private
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Microsoft-IIS/10.0
x-frame-options: DENY, DENY
x-aspnet-version: 4.0.30319
set-cookie: .ASPXANONYMOUS=F7Il6rA82QEkAAAAYTdiY2JlNzEtNjExNS00ZjIyLWE5YjYtNWJlNzQ1NmJlMTg5be6fpewGK37X6ngnZLjnOXQIGxc1; expires=Thu, 09-Feb-2023 18:04:12 GMT; path=/; HttpOnly; SameSite=Lax
ASP.NET_SessionId=yxt4mtddncgkls1cdo1eiq3v; path=/; HttpOnly; SameSite=Lax
McWeb3.15.2-3=DeviceSize=lg; expires=Sat, 02-Dec-2023 07:24:12 GMT; path=/; SameSite=Lax
McWeb3.15.2-3=DeviceSize=lg; expires=Sat, 02-Dec-2023 07:24:12 GMT; path=/; SameSite=Lax
x-powered-by: ASP.NET
x-ua-compatible: IE=Edge
date: Fri, 02 Dec 2022 07:24:11 GMT
content-length: 20068
X-Firefox-Spdy: h2

analytics.ticketmaster.no/api/reports

151.101.194.87

200 OK

4 B

URL HTTP/2
analytics.ticketmaster.no/api/reports
IP
151.101.194.87:0
ASN
#54113 FASTLY

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
5b3abf9c1aa7556c3a36fea4e695c5d2
3fd967d09a748e1f2b26d6fe562e7155aa87e9de
98c4922bb641c65c7a30b7bcafdf230b9b00b6693631c56146ab25b2786ee4a3

HTTP Headers

POST /api/reports HTTP/1.1
Host: analytics.ticketmaster.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/csp-report
Content-Length: 7536
Origin: https://www.ticketmaster.no
Connection: keep-alive
Sec-Fetch-Dest: report
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
content-type: application/json
cache-control: no-store, private, s-maxage=0
accept-ranges: bytes
date: Fri, 02 Dec 2022 07:24:12 GMT
via: 1.1 varnish
x-robots-tag: none
x-served-by: cache-bma1668-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669965852.378121,VS0,VE79
access-control-allow-origin: https://www.ticketmaster.co.uk https://www.ticketmaster.ie https://www.ticketmaster.com.au https://www.ticketmaster.co.nz https://www.ticketmaster.no https://www.ticketmaster.mx https://www.ticketmaster.pl https://www.ticketmaster.it https://www.ticketmaster.fr https://www.livenation.com https://www.ticketmaster.com https://www.ticketmaster.ae https://www.ticketmaster.de https://www.ticketmaster.se https://www.ticketmaster.ch https://www.ticketmaster.dk https://www.ticketmaster.be https://www.ticketmaster.fi https://www.ticketmaster.ae https://www.ticketmaster.at https://www.ticketmaster.cz https://www.ticketmaster.es https://www.ticketmaster.nl https://www.ticketmaster.com.au https://www.ticketmaster.cz https://www.ticketmaster.es https://www.ticketmaster.nl https://www.ticketmaster.co.za
content-length: 4
X-Firefox-Spdy: h2

216.239.32.178

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&tid=UA-24877590-4&t=pageview&ds=web&aip=1&cs=tredia&cm=affiliate&cn=3029083&cc=1220128_8215&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1118292371.1887662905
IP
216.239.32.178:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&tid=UA-24877590-4&t=pageview&ds=web&aip=1&cs=tredia&cm=affiliate&cn=3029083&cc=1220128_8215&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1118292371.1887662905 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 17:57:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 48401
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

216.239.32.178

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?cs=Tredia&cc=290838&ck=42259&cm=Impact&cn=Ticketmaster&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1245614112.1302051723
IP
216.239.32.178:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?cs=Tredia&cc=290838&ck=42259&cm=Impact&cn=Ticketmaster&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.ticketmaster.no&dp=%2F&dt=Kj%C3%B8p+billetter+til+konserter%2C+sport%2C+teater%2C+stand+up%2C+festivaler+og+mye+mer+%7C+Ticketmaster&dr=lnk.thebigadsstore.com%2Fref%2Fhttps%3A%2F%2Fwww.elbil24.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1245614112.1302051723 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Thu, 01 Dec 2022 17:57:32 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 48401
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

srw.bannerwidget.tech/

35.181.10.107

200 OK

0 B

URL HTTP/2
srw.bannerwidget.tech/
IP
35.181.10.107:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST / HTTP/1.1
Host: srw.bannerwidget.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 204
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Fri, 02 Dec 2022 07:24:11 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2

www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_6389a819478f5c7beed5a9ed-RL-291094

172.67.128.101

302 Found

0 B

URL HTTP/2
www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_6389a819478f5c7beed5a9ed-RL-291094
IP
172.67.128.101:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_6389a819478f5c7beed5a9ed-RL-291094 HTTP/1.1
Host: www.smartredirect.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://srw.bannerwidget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 02 Dec 2022 07:24:11 GMT
content-type: text/html; charset=UTF-8
location: https://de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_6389a819478f5c7beed5a9ed-RL-291094
cache-control: no-cache, post-check=0, pre-check=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 02 Dec 2022 07:24:11 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI CUR OUR STP"
pragma: no-cache
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PVkruNbpZIn%2BI%2F3UCEK7WeJRWBRJMtHtkfcnQgClEsFGSRW0G5tACHDyZXJhsgZ%2FgSHIIL5M1X93reLqGjXfBaGg6SHsPV7fmk1MLy8e%2F5LwC1ophL5ddiCh2ZoI98kVst%2F13V1%2BvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7732524cb8670b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.ticketmaster.no/?clickId=11tS4yyUmxyNR7RVoXTXjwISUkA0-dxND1MORM0&irgwc=1&utm_source=tredia&utm_medium=affiliate&utm_campaign=3029083&utm_content=1220128_8215

151.101.2.87

200 OK

0 B

URL HTTP/2
www.ticketmaster.no/?clickId=11tS4yyUmxyNR7RVoXTXjwISUkA0-dxND1MORM0&irgwc=1&utm_source=tredia&utm_medium=affiliate&utm_campaign=3029083&utm_content=1220128_8215
IP
151.101.2.87:0
ASN
#54113 FASTLY

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?clickId=11tS4yyUmxyNR7RVoXTXjwISUkA0-dxND1MORM0&irgwc=1&utm_source=tredia&utm_medium=affiliate&utm_campaign=3029083&utm_content=1220128_8215 HTTP/1.1
Host: www.ticketmaster.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lnk.thebigadsstore.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-tmsite: TM_NO
x-build-version: production-9-389-0-4573474
cache-control: max-age=15
x-powered-by: Next.js
content-type: text/html; charset=utf-8
content-encoding: gzip
accept-ranges: bytes
via: 1.1 varnish, 1.1 varnish
age: 0
tmps-correlation-id: ff6f7a62-5382-494a-8486-772e0f98d956
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1
x-frame-options: Deny
content-security-policy: frame-ancestors 'none'; default-src https://*.safeframe.googlesyndication.com https://tpc.googlesyndication.com https://uk.tmconst.com; font-src 'self' https://uk.tmconst.com https://fonts.gstatic.com https://marketer.monetate.net/ https://cdn.smooch.io; connect-src 'self' wss://*.hotjar.com wss://api.smooch.io wss://marketplace.prod.pub-tmaws.io https://*.ticketmaster.co.uk https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.siteintercept.qualtrics.com https://*.hotjar.com https://*.permutive.com https://*.prmutv.co https://*.config.smooch.io https://epsf.ticketmaster.net https://uk.tmconst.com https://checkout.ticketmaster.com https://venueview.io-virtualvenue.com https://pubads.g.doubleclick.net https://securepubads.g.doubleclick.net https://siteintercept.qualtrics.com https://stats.g.doubleclick.net https://pagead2.googlesyndication.com https://vc.hotjar.io https://d2v54wjmlooyi.cloudfront.net https://csi.gstatic.com https://venue.tmol.co https://adservice.google.com https://www.google.com https://analytics.tiktok.com https://ib.adnxs.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://privacyportal.onetrust.com/ https://api.smooch.io https://app.ticketmaster.com https://mapsapi.tmol.co https://availability.ticketmaster.eu https://www.ticketmaster.no https://analytics.ticketmaster.no https://identity.ticketmaster.no https://app.ticketmaster.eu https://pubapi.ticketmaster.com; prefetch-src https://uk.tmconst.com https://pubapi.ticketmaster.com/sdk/ras-sdk-v0.js; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.googletagmanager.com https://*.siteintercept.qualtrics.com https://*.collect.igodigital.com https://epsf.ticketmaster.net https://uk.tmconst.com https://venueview.io-virtualvenue.com https://polyfill.io https://static.hotjar.com https://af.monetate.net https://f.monetate.net https://se.monetate.net https://sb.monetate.net https://marketer.monetate.net/ https://www.googletagservices.com https://www.google-analytics.com https://pagead2.googlesyndication.com https://siteintercept.qualtrics.com https://d2v54wjmlooyi.cloudfront.net/ssp/libs/prod/fanbuilder/v2/fanbuilder.js https://cdn.smooch.io https://api.smooch.io https://cdn.distiltag.com https://widget.ticketmaster.eu https://securepubads.g.doubleclick.net https://script.hotjar.com https://adservice.google.ae https://adservice.google.at https://adservice.google.be https://adservice.google.ca https://adservice.google.ch https://adservice.google.co.il https://adservice.google.co.jp https://adservice.google.co.uk https://adservice.google.co.nz https://adservice.google.com https://adservice.google.com.au https://adservice.google.com.br https://adservice.google.com.mx https://adservice.google.com.ph https://adservice.google.com.sa https://adservice.google.com.ua https://adservice.google.cz https://adservice.google.de https://adservice.google.dk https://adservice.google.es https://adservice.google.fi https://adservice.google.fr https://adservice.google.ie https://adservice.google.it https://adservice.google.nl https://adservice.google.no https://adservice.google.pl https://adservice.google.se https://analytics.twitter.com https://analytics.tiktok.com https://connect.facebook.net https://googleads.g.doubleclick.net https://media.ticketmaster.co.uk https://static.ads-twitter.com https://www.googleadservices.com https://cdn.ampproject.org https://tpc.googlesyndication.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.google.com/pagead/conversion_async.js https://api.permutive.com https://cdn.permutive.com https://cdn.cookielaw.org/ https://geolocation.onetrust.com/ https://s1.ticketm.net/tm/en-us/img/static/tmcore/web-vitals.umd.js https://s.adroll.com/ https://d.adroll.com/ https://s.pinimg.com/ https://swrap.tradedoubler.com https://www.sc.pages06.net https://identity.ticketmaster.no https://my.ticketmaster.com https://secure-entry.ticketmaster.com https://pubapi.ticketmaster.com/sdk/ras-sdk-v0.js; style-src 'unsafe-inline' https://marketer.monetate.net/ https://fonts.googleapis.com/ https://cdn.smooch.io/; frame-src https://*.safeframe.googlesyndication.com https://*.siteintercept.qualtrics.com https://*.fls.doubleclick.net https://player.vimeo.com https://vars.hotjar.com https://tpc.googlesyndication.com https://sb.monetate.net https://www.google.com/recaptcha/ https://www.youtube.com https://media.ticketmaster.co.uk https://cookies.onetrust.mgr.consensu.org/ https://bid.g.doubleclick.net https://securepubads.g.doubleclick.net https://identity.ticketmaster.no https://www.ticketmaster.no https://my.ticketmaster.com; img-src data: 'self' http://track.adform.net/ http://s0.2mdn.net/ https://*.googletagmanager.com https://*.google-analytics.com https://*.fls.doubleclick.net https://*.googleusercontent.com https://uk.tmconst.com https://cbt-assets.tmconst.com https://media.ticketmaster.eu https://media-staging.mfol.eu-west-1.pci.public.tmaws.eu https://s1.ticketm.net https://www.facebook.com https://nova.collect.igodigital.com https://eu.qualtrics.com https://af.monetate.net https://f.monetate.net https://marketer.monetate.net/ https://tpc.googlesyndication.com https://www.google.ae https://www.google.at https://www.google.be https://www.google.ca https://www.google.ch https://www.google.cl https://www.google.co.in https://www.google.co.jp https://www.google.co.uk https://www.google.co.nz https://www.google.co.za https://www.google.com https://www.google.com.au https://www.google.com.br https://www.google.com.co https://www.google.com.ec https://www.google.com.eg https://www.google.com.gt https://www.google.com.mx https://www.google.com.ph https://www.google.com.sa https://www.google.com.ua https://www.google.cz https://www.google.de https://www.google.dk https://www.google.es https://www.google.fi https://www.google.fr https://www.google.ie https://www.google.it https://www.google.nl https://www.google.no https://www.google.pl https://www.google.rs https://www.google.ru https://www.google.se https://ad.doubleclick.net https://cm.g.doubleclick.net https://securepubads.g.doubleclick.net https://googleads.g.doubleclick.net https://pagead2.googlesyndication.com https://prismic-images.tmol.io https://i.ytimg.com/ https://i.vimeocdn.com/ https://media.ticketmaster.co.uk https://s3.eu-west-2.amazonaws.com/onsale-img/tmimages/TM_GenCatImgs_Generic.jpg https://s3.eu-west-2.amazonaws.com/onsale-img/tmimages/TM_GenCatImgs_Music.jpg https://s3.eu-west-1.amazonaws.com/ https://cx.atdmt.com https://venueview.io-virtualvenue.com https://secure.adnxs.com https://t.co https://analytics.twitter.com https://ads.avocet.io https://ads.avct.cloud https://googlesync.permutive.com/ https://cdn.cookielaw.org/ https://pixel.quantserve.com https://www.gstatic.com/ https://image.mailing.ticketmaster.com/ https://cdn.smooch.io https://media.smooch.io https://ct.pinterest.com/ https://sp.analytics.yahoo.com/ https://www.pages06.net/ https://identity.ticketmaster.no https://mapsapi.tmol.co; media-src https://uk.tmconst.com/; object-src 'none'; base-uri 'self'; worker-src 'self' blob: https://www.google.com/recaptcha/; child-src blob: https://*.siteintercept.qualtrics.com; report-uri https://analytics.ticketmaster.no/api/reports
x-fastly: ICCP-GLOBAL-PROD
fastly-restarts: 1
x-origin-name: 1GUugFzYescHPg4UVycAKL--F_iccp
date: Fri, 02 Dec 2022 07:24:12 GMT
x-served-by: cache-bma1648-BMA, cache-bma1648-BMA
x-cache: MISS, MISS
x-cache-hits: 0, 0
vary: Accept-Encoding
content-length: 71553
X-Firefox-Spdy: h2

de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_6389a819478f5c7beed5a9ed-RL-291094

18.198.169.187

302 Found

0 B

URL HTTP/2
de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_6389a819478f5c7beed5a9ed-RL-291094
IP
18.198.169.187:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.gamezone.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidkJXC5f3fDm2du5t2c9cmCBGkfZSmtPfRoneid_6389a819478f5c7beed5a9ed-RL-291094 HTTP/1.1
Host: de.trck.one
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://srw.bannerwidget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Fri, 02 Dec 2022 07:24:12 GMT
content-type: text/html; charset=UTF-8
location: https://api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CeYSF0opA62V3CwHqgLsAdXSyySuS9Ap6Y7B40QeTKHYr&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.gamezone.no
server: nginx
cache-control: no-cache, private
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (69)

URL HTTP/1.1

IP

ASN

File type

Size