Report - a.medfoodsafety.com/loader?a=4793842&s=4780719&t=94&p=12731

Report Overview

Visited public
2023-12-04 21:31:22
Tags
URL
a.medfoodsafety.com/loader?a=4793842&s=4780719&t=94&p=12731
Finishing URL
m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
IP / ASN
172.64.141.30
#13335 CLOUDFLARENET
Title
Video Stream:

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
approachx.media-412.com	unknown	2019-02-26	2023-09-02 02:50:06	2023-11-21 23:00:46	559 B	553 B	35.204.130.99
tds.wooqi.win	unknown	2017-09-11	2019-04-13 02:19:14	2023-12-03 02:25:31	545 B	7.8 kB	18.192.108.151
chemiclk.com	unknown	2023-08-31	2023-09-05 11:54:59	2023-11-27 16:37:42	570 B	1.3 kB	104.21.78.24
chmstrclck.com	unknown	2022-04-05	2022-04-28 16:16:32	2023-11-27 15:58:55	2.2 kB	31 kB	172.67.216.97
tds.findlocalgirls.online	unknown	2019-02-25	2019-07-29 11:33:05	2023-11-27 13:51:46	584 B	880 B	18.193.235.10
www.sex2n8.com	unknown	2021-04-29	2021-04-29 22:00:05	2023-11-30 14:50:04	622 B	8.1 kB	172.67.193.241
trk.wdacashtrk.com	536347	2016-12-11	2017-02-01 08:34:19	2023-12-02 01:24:34	563 B	2.0 kB	3.248.29.190
vtrack.wdavtrk.com	505146	2016-12-11	2017-02-01 08:34:19	2023-11-24 21:57:30	614 B	861 B	18.159.13.173
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-12-04 08:46:32	455 B	32 kB	151.101.130.137
assets.topsrcs.com	174256	2019-06-24	2020-10-20 14:36:12	2023-11-30 05:55:41	4.5 kB	814 kB	104.21.13.52
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2023-12-04 07:58:24	452 B	89 kB	142.250.74.168
m.lokal-flort.com	unknown	2020-08-10	2021-02-04 10:52:32	2023-11-20 22:10:35	654 B	7.6 kB	172.67.203.231
a.medfoodsafety.com	unknown	2021-05-03	2022-09-08 22:27:23	2023-12-04 09:24:22	1.1 kB	1.5 kB	172.64.140.30
s.zlinkd.com	unknown	2022-11-21	2023-05-30 04:13:19	2023-12-04 00:00:48	994 B	5.3 kB	95.211.229.248

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2023-12-04	medium	chmstrclck.com	Sinkholed
2023-12-04	medium	chmstrclck.com	Sinkholed
2023-12-04	medium	chmstrclck.com	Sinkholed
2023-12-04	medium	chmstrclck.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (8)

	URL	From	Size	First Seen	Last Seen
	code.jquery.com/jquery-3.5.1.min.js	ScriptElement	90 kB	2023-03-07	2025-06-07
Pretty URL code.jquery.com/jquery-3.5.1.min.js IP 151.101.130.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-07 09:52 Times Seen112249 Hash dc5e7f18c8d36ac1d3d4753a87c98d0a c8e1c8b386dc5b7a9184c763c88d19a346eb3342 f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d Loading...

	assets.topsrcs.com/js/libs/lib_fosobo.js	ScriptElement	24 kB	2023-11-27	2023-12-04
Pretty URL assets.topsrcs.com/js/libs/lib_fosobo.js IP 104.21.13.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-27 22:37 Last Seen2023-12-04 22:31 Times Seen2 Hash 727c6177bddf4583cb706a9b5f0e1186 de185fa9b912485764fd4c1d82d87dcd339a042e 1e8397183bcd54325d47555e05c54a114a1a2a71eef3696c44b893f42a3c5b0e Loading...

	assets.topsrcs.com/profiles_video/95/English.js	ScriptElement	67 B	2023-07-07	2024-10-04
Pretty URL assets.topsrcs.com/profiles_video/95/English.js IP 104.21.13.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-07-07 09:57 Last Seen2024-10-04 10:26 Times Seen3 Hash df1c9e20a353b12cce4d170c6a1c028a fc0d1ee2476e664b06b1df79555a35a50fc2ea6c 3c323e3275271d153fd303f226605b1c898acf10921b73991647551af452002a Loading...

	assets.topsrcs.com/js/script_video.js	ScriptElement	4.1 kB	2023-12-04	2024-10-04
Pretty URL assets.topsrcs.com/js/script_video.js IP 104.21.13.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 22:31 Last Seen2024-10-04 10:26 Times Seen3 Hash 0321d0c1cbaf3b01324192e9a779620e 6b6821a8e54e3484033882918891ebb197db9042 9779482f793af86d2878480ddd3cd5050b5743ff27b8b1271e4937ff2583da8c Loading...

	assets.topsrcs.com/js/script_pxl.js?_=1701725473194	ScriptElement	31 kB	2023-11-27	2023-12-04
Pretty URL assets.topsrcs.com/js/script_pxl.js?_=1701725473194 IP 104.21.13.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-11-27 22:37 Last Seen2023-12-04 22:31 Times Seen2 Hash 2525c70bcd6b92163510ff9eda721275 97a475770454fa2ade55f7211468911aa584b8a0 19a2486ccc9ac79968280cc4eba76f71c0a10a11ec41fc04d60c974ebc8f76be Loading...

	assets.topsrcs.com/js/script_tpsrcuid.js?_=1701725473195	ScriptElement	9.5 kB	2023-04-11	2025-05-30
Pretty URL assets.topsrcs.com/js/script_tpsrcuid.js?_=1701725473195 IP 104.21.13.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-11 23:26 Last Seen2025-05-30 17:41 Times Seen14 Hash 53d4e8c6a557e5674bf020bfbfd1a905 a64287876c103c850c244c8b4d351e52a4159aa9 2e4bf5b6e694700174d49071e948276be13d28f902715c67d1c85055497d2f70 Loading...

	www.googletagmanager.com/gtag/js?id=G-KFL7Z8ELXT&_=1701725473196	ScriptElement	258 kB	2023-12-04	2023-12-04
Pretty URL www.googletagmanager.com/gtag/js?id=G-KFL7Z8ELXT&_=1701725473196 IP 142.250.74.168 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-12-04 22:31 Last Seen2023-12-04 22:31 Times Seen1 Hash a4efe451bbdc5bb1ca4f6081fbf46c1a dc15a644d9b2ef0ebd0e3bef5f603758959d8176 e438639e22325932cd6be9185c185be97e7c6cb8793ad9884378b5e9690a9794 Loading...

	m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651	ScriptElement	0 B	0001-01-01	2025-06-07
Pretty URL m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651 IP 172.67.203.231 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-07 10:07 Times Seen4871854 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

HTTP Transactions (28)

URL IP Response Size

a.medfoodsafety.com/loader?a=4793842&s=4780719&t=94&p=12731

172.64.140.30

302 Found

0 B

URL User Request GET HTTP/2
a.medfoodsafety.com/loader?a=4793842&s=4780719&t=94&p=12731
IP
172.64.140.30:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint90:FD:DB:96:7B:D5:FA:AA:DA:06:53:8B:D3:A1:8D:E4:05:52:DE:5A
ValidityMon, 13 Feb 2023 00:00:00 GMT - Mon, 12 Feb 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /loader?a=4793842&s=4780719&t=94&p=12731 HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 04 Dec 2023 21:31:03 GMT
content-length: 0
location: https://chmstrclck.com/v1/redirect/10862?utm_term=CK_26_201&utm_source=Adnium_Fallback
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TcDe6pp%2FuBVV0i1jMh7Jbopj9rtF8x%2Bc0Tc6FpA7%2BQYUbcCx9kqJWSjx4u1u0TGBIK2Gk7hNSGIZeYW2giREqME8PEMBa2yuMe9W2LzWbOkcr4haU6by1aDrhBLtCk7kKpooC40k"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830727750c03719e-LHR
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

a.medfoodsafety.com/loader?a=4793842&s=4780719&t=94&p=12731

172.64.140.30

302 Found

0 B

URL User Request GET HTTP/2
a.medfoodsafety.com/loader?a=4793842&s=4780719&t=94&p=12731
IP
172.64.140.30:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint90:FD:DB:96:7B:D5:FA:AA:DA:06:53:8B:D3:A1:8D:E4:05:52:DE:5A
ValidityMon, 13 Feb 2023 00:00:00 GMT - Mon, 12 Feb 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /loader?a=4793842&s=4780719&t=94&p=12731 HTTP/1.1
Host: a.medfoodsafety.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Mon, 04 Dec 2023 21:31:04 GMT
content-length: 0
location: https://chmstrclck.com/v1/redirect/10862?utm_term=CK_26_201&utm_source=Adnium_Fallback
cache-control: no-cache, no-store, must-revalidate
expires: Sat, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a8HrPSHlETOBbjoPS1p68wmx8TW4NxnPztGajIu3ddYSRdpUkZtrCyT3TC1yP3ZunDgdHZj4MEtWAdwGbbRyaEIoXYIvGBC8ak9%2F1F6G32l2wRK3k68UCmpOZ0VTRSZ6efbpm9WW"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83072776fce223db-LHR
alt-svc: h3=":443"; ma=86400

s.zlinkd.com/d.php?z=5026070

95.211.229.248

302 Found

0 B

URL User Request GET HTTP/1.1
s.zlinkd.com/d.php?z=5026070
IP
95.211.229.248:443
ASN
#60781 LeaseWeb Netherlands B.V.

Certificate
IssuerLet's Encrypt
Subjectzlinkd.com
FingerprintC8:FB:68:B1:33:12:3C:36:71:BF:84:18:E9:3D:AD:E1:D3:69:AC:13
ValidityThu, 05 Oct 2023 15:39:08 GMT - Wed, 03 Jan 2024 15:39:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /d.php?z=5026070 HTTP/1.1
Host: s.zlinkd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 04 Dec 2023 21:31:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Accept-Ch: Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Full-Version,Sec-Ch-Ua-Full-Version-list,Sec-Ch-Ua-Platform,Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Bitness,Sec-Ch-Ua-Arch
Location: /d.php?z=5026070&dlo=1
X-Robots-Tag: noindex, follow

s.zlinkd.com/d.php?z=5026070&dlo=1

95.211.229.248

302 Found

0 B

URL User Request GET HTTP/1.1
s.zlinkd.com/d.php?z=5026070&dlo=1
IP
95.211.229.248:443
ASN
#60781 LeaseWeb Netherlands B.V.

Certificate
IssuerLet's Encrypt
Subjectzlinkd.com
FingerprintC8:FB:68:B1:33:12:3C:36:71:BF:84:18:E9:3D:AD:E1:D3:69:AC:13
ValidityThu, 05 Oct 2023 15:39:08 GMT - Wed, 03 Jan 2024 15:39:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /d.php?z=5026070&dlo=1 HTTP/1.1
Host: s.zlinkd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 04 Dec 2023 21:31:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: X-CH-VALUES
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22656e4518804034.222161992643163214%22%3B%7D; expires=Wed, 03 Dec 2025 21:31:04 GMT; path=; domain=.s.zlinkd.com; Secure; SameSite=none
impressions=cxbmsbocnxgxmexaamlcageioslmrxbmnxgxmexmoerbsgeicxbmsbcenxgxmexarxlabgeimrblxocenxgxmexssrsrxgeicxbmsbxcnxgxmexacoomlgeimrblxelonxgxmexsxrlocgeimrblxxxbnxgxmexsxrlocgeimrblxxmbnxgxmexsaesebgeimrblxosonxgxmexaxeoeegeicxbmsboenxgxmexasrsecgeimrblxelenxgxmexsaesebgeimrblxosanxgxmexsxrlocgeioslmroemnxgxmexmosxlageimrblxxrbnxgxmexsxrlocgeimcersxeonxgxmeelarbbageimrblxxoonxgxmexssrsrxgeimrblxosenxgxmexsxrlocgeimrblxxmanxgxmexsxrloogeimrblxoebnxgxmexxssbamgeimrblxxbanxgxmexsasxobgeimrblxxxanxgxmexsxrloogeicaxsscmbnxgxmexaamlcageimrblxxoenxgxmexsaesebgeimrblxxmonxgxmexsrormegeimcclsxxonxgxmexersxeegeislsaroornxgxmexeaxrsbgeimrblxoxonxgxmexaamlcageimcersxrenxgxmexeaemrogeibxxlecaonxgxmexeacccsgeimrblxosbnxgxmexoossargeimrblxebbnxgxmexssrsrxgeimrblxxaenxgxmexsasxobgeisaeeasslnxgxmexebaexogeimcersxbbnxgxmexebaexogeimcersxrbnxgxmexebaexogeimrblxxbonxgxmexsrormegeimrblxoscnxgxmexsxrlocgeimrblxoobnxgxmexxsblacgeirbabxabbnxgxmexcarcsbgeimrblxelcnxgxmexoxslomgeimrblxoeanxgxmexsasxobgeimcclsxxcnxgxmexsxrlocgeimcclsxmanxgxmexssrsrxgeimrblxxmcnxgxmexrrrxmageimrblxxbcnxgxmexoslbcrgeimrblxoxenxgxmexsxrloogeimrblxxacnxgxmexsxrlosgeimrblxxaonxgxmexsxrlocgeimrblxoconxgxmexrxxcsageimrblxxbenxgxmexssrsrxgeimcersxbcnxgxmexsmcaebgeimcclsxmenxgxmexmoerbsgeimcclsxobnxgxmexacoomlgeimcclsoeenxgxmexcbsexegeimcersxcanxgxmexcaeabegeimcclsxaonxgxmexabcarrgeimcclsxlenxgxmexascmcrgeimcclsxsenxgxmexcbsexegeimcclsxlcnxgxmexrrrxmageimcclsxlonxgxmexasrsecgeimcclsxsonxgxmexascmcrgeimcclsxsanxgxmexasrbolgeimcclsxlbnxgxmexascbrsgeimcclsxscnxgxmexasrsecgeimcclsxlanxgxmexasrbolgeibxrlmscbncgxmexaslebagxcceibaeasleenxgxmexaslebagxcceibxscllmonxgxmexaslscxgxcceibblxcmbcnmgxmexacercagxcceibbmrsrbbnsgxmexacxcregxcceibosscxscnxgxmexacoeslgxcceibxlcaslanxgxmexacoeaegxcceibxlcaslenxgxmexacoebegxcceibloacacbnxgxmexacoelogxcceimexxlrbenxgxmexacoelogxcceibosscxoanxgxmexacoxeegxcceibxscllrcnxgxmexacoaxxgxcceibxscllacnxgxmexacoaosgxcceibxscllaonxgxmexacoaosgxcceibxscllrbnxgxmexacoaosgxcceibxlalcoenxgxmexacobrxgxcceibrarbbaenmgxmexacsoxlgxcceibrarbbaonagxmexacsoxlgxcceibmoaeabanxgxmexacsoxlgxcceibslarmcanmgxmexacssxogxcceixbblrmlanxgxmexacssxogxcceibxscllbenxgxmexacssoagxcceiblooeelenxgxmexaccxeogxcceiblooeembnogxmexaccxeogxcceibbmrsmlbnogxmexaccsccgxcceibbbocllenogxmexacbsblgxcceimrxccosanxgxmexacbsblgxcceicloaxxacnogxmexacbsblgxcceibbmrsrlanxgxmexarxsxrgxcceibxocmmcbnxgxmexarxsxrgxcceibxrlmsconxgxmexarxsxrgxcceimbeallxbnxgxmexarroamgxcceibxrlmsscnsgxmexarassbgxcceicloaxxmonxgxmexarmccmgxcceibblcblsenogxmexarmccmgxcceiboelxoscnxgxmexarmaxogxcceimromobabnxgxmexarmaoogxcceimrmbbsxcnxgxmexaaolclgxcceibxrscccbnxgxmexaassoegxcceibxbalrmanxgxmexaasssxgxcceibxbsalaonogxmexaarslmgxcceibxcbmlbanxgxmexaabaomgxcceibrlecbrbnsgxmexamssxcgxcceicloaxxaanxgxmexamaosxgxcceiberrmlmenxgxmexamaosxgxcceimrmbbolonxgxmexamaosxgxcceiboelxbranxgxmexamaosxgxcceibblxcmbanmgxmexamaaaxgxcceibacbcalenxgxmexamamabgxcceibomrloronogxmexamamabgxcceibaosabmcnxgxmexamamabgxcceibxlsblbenxgxmexamamabgxcceimclsaoxbnrgxmexabebrsgxcceibleereaensgxmexabebrsgxcceibobmlleencgxmexabebrsgxcceibxrceomoncgxmexabxsecgxcceimcclsxcanxgxmexabcarbgeicxexraernxgxmexabcarmgxcceibleereaonxgxmexabcarmgxcceimrmbbseonxgxmexablcxxgxcceimaceoeebnxgxmexablcxxgxcceimaceoesbnxgxmexablcxxgxcceiberrmlcbnxgxmexablcxxgxcceiberrmlaanxgxmexablcxxgxcceicloaecocnxgxmexalacxsgxcceicloaxxoanxgxmexalacxsgxcceimeembecenxgxmexalbraogxcceicloaxxobnxgxmexalloxegxcceimeembesonxgxmexalloxogxcceimeembescnxgxmexalloxogxcceiberrmlbcnxgxmexalloxogxcceimbbcemoancgxmexmexbssgxcceibclceaoenxgxmexmeooaagxcceibcbarrbenxgxmexmeomeagxcceibxocbamanxgxmexmesmaxgxcceimbealcscnxgxmexmeboaegxcceicloaecoenxgxmexmebollgxcceimrmmbscenxgxmexmxoabagxcceibloxlmeanxgxmexmxcceagxcceibobmllxcnogxmexmxcceagxcceibleereacnxgxmexmoxabbgxcceicloaxxabnxgxmexmosxlagxcceibxcbmlbonxgxmexmosoeogxcceibbxaalrenxgxmexmosossgxcceimaacsemenogxmexmoccsxgxcce; expires=Tue, 05 Dec 2023 21:31:04 GMT; path=/; domain=.zlinkd.com; Secure; SameSite=none
c-tag=%7B%22tag-link%22%3A%22v4%7C%7CNOR%7C5026070%7C76643070%7C0%7C%7C508%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7C%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1701725464%7C2aa38b40692d5f369f6873f23aab4a0e%7Cok%22%7D; expires=Sun, 03 Mar 2024 21:31:04 GMT; path=/; domain=.zlinkd.com; Secure; SameSite=none
Location: https://chmstrclck.com/v1/redirect/10862?utm_term=CK_26_201&utm_source=ExoClick_Fallback
Accept-CH: 
X-Robots-Tag: noindex, follow

tds.findlocalgirls.online/04e86abf-2a80-479a-93c0-7874f04555c0?cmpid=8493F&sub_source=CK_26_201&adzone=10862&cost=0.33

18.193.235.10

302 Found

0 B

URL User Request GET HTTP/2
tds.findlocalgirls.online/04e86abf-2a80-479a-93c0-7874f04555c0?cmpid=8493F&sub_source=CK_26_201&adzone=10862&cost=0.33
IP
18.193.235.10:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjecttds.findlocalgirls.online
FingerprintDA:D6:A4:91:47:9A:BF:7A:D1:76:86:B0:98:87:B5:9B:07:EE:E3:50
ValidityFri, 10 Nov 2023 07:08:46 GMT - Thu, 08 Feb 2024 07:08:45 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /04e86abf-2a80-479a-93c0-7874f04555c0?cmpid=8493F&sub_source=CK_26_201&adzone=10862&cost=0.33 HTTP/1.1
Host: tds.findlocalgirls.online
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Mon, 04 Dec 2023 21:31:04 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://chemiclk.com/v1/redirect/9735?clickid=weh3271bogpp9dgt2p7kpv1q&utm_camp=8493F&utm_land=&utm_content=mb01
pragma: no-cache
set-cookie: 04e86abf-2a80-479a-93c0-7874f04555c0-v4=bKmQRoS13t1nXCyANyCaFqYRgS0Fu70U6IVmWESO3JM; Max-Age=86400; Expires=Tue, 05-Dec-2023 21:31:04 GMT; Domain=tds.findlocalgirls.online; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=dqwJ2y3mUSYV40oOBjmUNHBD%2FqP1gGn6T%2BLSzX0Z7BCzBFESHm7U0xAK7jRoBVnUQVXYtFCp%2FU5HcnR4WE1hmdUBxacsrJdP6UvqjUrDcHlVIcDrBRCJh%2FZtT9eCCROuHm4DFQx6tHXwZ21c1YoasA%3D%3D; Max-Age=31536000; Expires=Tue, 03-Dec-2024 21:31:04 GMT; Domain=tds.findlocalgirls.online; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

chemiclk.com/v1/redirect/9735?clickid=weh3271bogpp9dgt2p7kpv1q&utm_camp=8493F&utm_land=&utm_content=mb01

104.21.78.24

301 Moved Permanently

482 B

URL User Request GET HTTP/2
chemiclk.com/v1/redirect/9735?clickid=weh3271bogpp9dgt2p7kpv1q&utm_camp=8493F&utm_land=&utm_content=mb01
IP
104.21.78.24:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectchemiclk.com
Fingerprint5D:48:CC:08:75:3E:00:E5:C9:1B:E5:98:CB:13:A9:2F:A8:B7:AA:69
ValiditySat, 04 Nov 2023 01:45:30 GMT - Fri, 02 Feb 2024 01:45:29 GMT

File type
HTML document, ASCII text, with very long lines (482), with no line terminators
Size
482 B (482 bytes)
Hash
a887863ea1ba740259d8cf4cc17bc368
76be0d5bd4f87674b37b59bf8e9c55b87637fbbe
fa38ca84b416c98d33123a0acf2e69910d3fbfc93cb4361f296991926683f21b

HTTP Headers

GET /v1/redirect/9735?clickid=weh3271bogpp9dgt2p7kpv1q&utm_camp=8493F&utm_land=&utm_content=mb01 HTTP/1.1
Host: chemiclk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Mon, 04 Dec 2023 21:31:05 GMT
content-type: text/html; charset=utf-8
location: https://chmstrclck.com/v1/redirect/9736?utm_campaign=8493F&utm_medium=&utm_term=mb01
x-powered-by: lb-ads-display/3.1.0
x-environment: prod
cache-control: no-cache, no-store, max-age=0, must-revalidate
vary: Accept
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yKFsZmfvGARJbJxfkz%2Bvbn6UxcFrOdTo7K2gqvq3W2y3CEPoIYk5%2Fnoh14bC0Jz8pcXHesOAlLO%2FleUR8xTUKkKdT7VZp9PLHNdzvYmLHeUKLuLOSuuNbyEuEdIJ7Es%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307277c5ca556b1-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

trk.wdacashtrk.com/aff_c?offer_id=1171&aff_id=14521&aff_sub=wifcqt5o1etredgt22v3p1o4&source=8493F

3.248.29.190

302 Found

352 B

URL User Request GET HTTP/1.1
trk.wdacashtrk.com/aff_c?offer_id=1171&aff_id=14521&aff_sub=wifcqt5o1etredgt22v3p1o4&source=8493F
IP
3.248.29.190:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjecttrk.wdacashtrk.com
Fingerprint5A:93:70:47:8B:7F:07:94:FD:53:B4:68:E4:8E:AE:44:C3:E4:14:94
ValiditySat, 30 Sep 2023 00:00:00 GMT - Sat, 26 Oct 2024 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
352 B (352 bytes)
Hash
e7363e47f81bc90c0d16f4cc58a21c6b
c233c3f447dfc60a33a178a58f4299fec93e6ddf
00b53e8646d2707ad53b6f2b9001fa62de6c32025671e9f19b9370f5ee1f5ee2

HTTP Headers

GET /aff_c?offer_id=1171&aff_id=14521&aff_sub=wifcqt5o1etredgt22v3p1o4&source=8493F HTTP/1.1
Host: trk.wdacashtrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Mon, 04 Dec 2023 21:31:05 GMT
Content-Type: text/html; charset=iso-8859-1
Content-Length: 352
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Location: https://vtrack.wdavtrk.com/a96179f3-7c30-4554-9e8c-872ef4a047de?affiliate_id=14521&offer_id=1171&transaction_id=10273324b7a44d715ab5e244f40e77&email={email}
P3p: CP="NOI CUR OUR NOR INT"
Pragma: no-cache
Set-Cookie: enc_aff_session_1171=ENC03fc322e1a4b79cfae73e09c2d305c2862c089db054538b5d9a0faf23393c61779da6bef2fb4cccc7b322f96ac4dc6548104ce799ebb78898089f136a5ac19f60d5a6439c95caa5cddaafab8533102beacb8bcd007c6ba971903a285dc9e9f3b4b4c2321a022962cd5210d958615f195d43be79cf21a321ee3fb8518a3e25efff41c681ee330b6dcdd597430a052b83be9e1e3d9c76830e05be566e745f35ab7e4007e1f0f; expires=Thu, 04 Jan 2024 21:31:05 GMT; path=/; SameSite=None; Secure
ho_mob=eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJGaXJlZm94IiwibW9iaWxlX2RldmljZV9icmFuZCI6Ik1vemlsbGEiLCJtb2JpbGVfYnJvd3NlciI6IkZpcmVmb3ggRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMDUuMCIsIm1vYmlsZV9jYXJyaWVyIjoiPyIsInVzZXJfYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgWDY0OyBSdjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsImFjY2VwdF9sYW5ndWFnZSI6ImVuLVVTLGVuO3E9MC41IiwiY29ubmVjdGlvbl9zcGVlZCI6ImJyb2FkYmFuZCJ9; expires=Thu, 29 Oct 2026 08:11:05 GMT; path=/; SameSite=None; Secure
Tracking_id: 10273324b7a44d715ab5e244f40e77
X-Robots-Tag: noindex, nofollow
Access-Control-Allow-Origin: *
X-Request-Id: 163fe394fd30d5ca8624dbd65c676563
Access-Control-Allow-Headers: Tune-SDK-Version

vtrack.wdavtrk.com/a96179f3-7c30-4554-9e8c-872ef4a047de?affiliate_id=14521&offer_id=1171&transaction_id=10273324b7a44d715ab5e244f40e77&email={email}

18.159.13.173

302 Found

0 B

URL User Request GET HTTP/2
vtrack.wdavtrk.com/a96179f3-7c30-4554-9e8c-872ef4a047de?affiliate_id=14521&offer_id=1171&transaction_id=10273324b7a44d715ab5e244f40e77&email={email}
IP
18.159.13.173:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectvtrack.wdavtrk.com
FingerprintED:F5:EE:C1:78:B0:FB:FA:5E:A3:39:B1:D2:39:69:57:73:C8:55:EB
ValidityFri, 17 Nov 2023 06:47:59 GMT - Thu, 15 Feb 2024 06:47:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /a96179f3-7c30-4554-9e8c-872ef4a047de?affiliate_id=14521&offer_id=1171&transaction_id=10273324b7a44d715ab5e244f40e77&email={email} HTTP/1.1
Host: vtrack.wdavtrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Mon, 04 Dec 2023 21:31:05 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://approachx.media-412.com/click?pid=937&offer_id=341&ref_id=weh3271bogpp9dgt28n480vk&sub1=14521
pragma: no-cache
set-cookie: a96179f3-7c30-4554-9e8c-872ef4a047de-v4=v4tKrn_ufyAaLmQKolnIIOOR583AxyuWLx8rkVfPGnA; Max-Age=86400; Expires=Tue, 05-Dec-2023 21:31:05 GMT; Domain=vtrack.wdavtrk.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=rEzaSbRkaF%2BTIdv88N5SwLKT%2Fw%2FvXJl%2FNm0Khcz9XJ%2B1QywROTCQ8%2Fq77qik5X0gyclBqIyqfwzFDbCrqE6Bh0iFMOVSKU0vUWTr25ZBoRuIce1w%2FU8igIK1J882GchnXo7neEyUKRMGn8nT1Go67Q%3D%3D; Max-Age=31536000; Expires=Tue, 03-Dec-2024 21:31:05 GMT; Domain=vtrack.wdavtrk.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

approachx.media-412.com/click?pid=937&offer_id=341&ref_id=weh3271bogpp9dgt28n480vk&sub1=14521

35.204.130.99

302 Found

0 B

URL User Request GET HTTP/2
approachx.media-412.com/click?pid=937&offer_id=341&ref_id=weh3271bogpp9dgt28n480vk&sub1=14521
IP
35.204.130.99:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Certificate
IssuerGoDaddy.com, Inc.
Subject*.media-412.com
Fingerprint16:AB:3B:E7:5C:01:8D:17:4C:E5:2A:16:CE:5F:3B:FB:DE:12:ED:4C
ValiditySun, 09 Jul 2023 20:53:14 GMT - Fri, 09 Aug 2024 20:53:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?pid=937&offer_id=341&ref_id=weh3271bogpp9dgt28n480vk&sub1=14521 HTTP/1.1
Host: approachx.media-412.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Mon, 04 Dec 2023 21:31:05 GMT
content-length: 0
location: https://www.sex2n8.com/c/7a0e415a61ac20ce?clickid=656e4519b09cbb000164d969&token1=26667937341&token2=x&token3=x&token4=affise&token5=14521&token6=&token7=&token8=
x-adjust-use-original-forwarded-for: 1
set-cookie: afclick=656e4519b09cbb000164d969; expires=Tue, 03 Dec 2024 21:31:05 GMT; secure; SameSite=None
afoffers={"341":1701725465}; expires=Tue, 03 Dec 2024 21:31:05 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.5.1.min.js

151.101.130.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.min.js
IP
151.101.130.137:443
ASN
#54113 FASTLY

Requested by
https://m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65451)
Size
31 kB (30879 bytes)
Hash
dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

HTTP Headers

GET /jquery-3.5.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://m.lokal-flort.com
DNT: 1
Connection: keep-alive
Referer: https://m.lokal-flort.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d84"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Mon, 04 Dec 2023 21:31:07 GMT
age: 3270779
x-served-by: cache-lga13628-LGA, cache-bma1676-BMA
x-cache: HIT, HIT
x-cache-hits: 20, 85676
x-timer: S1701725467.268947,VS0,VE0
vary: Accept-Encoding
content-length: 30879
X-Firefox-Spdy: h2

assets.topsrcs.com/media/preloader.gif

104.21.13.52

200 OK

7.0 kB

URL GET HTTP/2
assets.topsrcs.com/media/preloader.gif
IP
104.21.13.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
Certificate
IssuerGoogle Trust Services LLC
Subjecttopsrcs.com
Fingerprint63:30:14:37:47:7B:D7:1A:75:C6:FE:09:66:69:A6:27:8B:5E:8F:7B
ValidityWed, 29 Nov 2023 00:21:35 GMT - Tue, 27 Feb 2024 00:21:34 GMT

File type
GIF image data, version 89a, 160 x 160\012- data
Size
7.0 kB (7010 bytes)
Hash
5794040ee88def220320edd0ed2e2ac9
7ec6d7843172d2bec7c0ed0d7eabed19a800fd7b
c1a4896adebc502e9be1248a28bc641ef9a5b75c6bdefa5d704a220c128ee34e

HTTP Headers

GET /media/preloader.gif HTTP/1.1
Host: assets.topsrcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.lokal-flort.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 21:31:07 GMT
content-type: image/gif
content-length: 7010
last-modified: Mon, 21 Sep 2020 02:40:17 GMT
etag: "5f681291-1b62"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1008308
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ad1K%2FFX%2BXwX%2Fs1IeO7pv0G7H7sNdJJ%2Fb3iO6qwub3mg%2BhW51k12UET2tGpezhBzIl4Rm0ARN%2Bav%2BTjui0BcutWkpKvAq%2FYyDmHtWR3PZlh2mmO6PrzDCQxHkx4%2F%2BwY2Uci5NooU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307278a6c907131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.topsrcs.com/profiles_video/95/img.jpg

104.21.13.52

200 OK

721 kB

URL GET HTTP/2
assets.topsrcs.com/profiles_video/95/img.jpg
IP
104.21.13.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
Certificate
IssuerGoogle Trust Services LLC
Subjecttopsrcs.com
Fingerprint63:30:14:37:47:7B:D7:1A:75:C6:FE:09:66:69:A6:27:8B:5E:8F:7B
ValidityWed, 29 Nov 2023 00:21:35 GMT - Tue, 27 Feb 2024 00:21:34 GMT

File type
PNG image data, 657 x 650, 8-bit/color RGBA, non-interlaced\012- data
Size
721 kB (721207 bytes)
Hash
3daa41270f1ef4b9fabaddc98f68f921
609dacb2cb984f2adc769f1b81ccdd1a1d2d36a4
c643020fc7b67427853263d0fa6f7c98190fa43198b5dc0591ab70f14d08bb09

HTTP Headers

GET /profiles_video/95/img.jpg HTTP/1.1
Host: assets.topsrcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.lokal-flort.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Mon, 04 Dec 2023 21:31:07 GMT
content-type: image/jpeg
content-length: 721207
last-modified: Fri, 02 Apr 2021 09:29:38 GMT
etag: "6066e402-b0137"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1091050
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K7SMfbUgqpTsB%2Fxs0TUPVUah6eQNa6xcIYd638rWPxxiMMiBgjXLqsjLwJi3x5sjQHi%2F8M2E3%2BOdBOaaxx%2FaAbbduumgEEiqsvPTm4T%2FZzUwCZmk9iup0QYa0YvGiTX20grc3v4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307278a6c917131-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.topsrcs.com/profiles_video/95/video.mp4

104.21.13.52

206 Partial Content

4.6 kB

URL GET HTTP/2
assets.topsrcs.com/profiles_video/95/video.mp4
IP
104.21.13.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
Certificate
IssuerGoogle Trust Services LLC
Subjecttopsrcs.com
Fingerprint63:30:14:37:47:7B:D7:1A:75:C6:FE:09:66:69:A6:27:8B:5E:8F:7B
ValidityWed, 29 Nov 2023 00:21:35 GMT - Tue, 27 Feb 2024 00:21:34 GMT

File type
data
Size
4.6 kB (4587 bytes)
Hash
100bb8f8b54d860dd2f8b1957d79ae9f
ae3a54b1a64015b5c2c4b6279242d7ccc22417f9
b16f49b0fe97fb934dc13235055ac11b429719542c7f9a9437be3d96f0f26823

HTTP Headers

GET /profiles_video/95/video.mp4 HTTP/1.1
Host: assets.topsrcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=17367040-
DNT: 1
Connection: keep-alive
Referer: https://m.lokal-flort.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 206 Partial Content
date: Mon, 04 Dec 2023 21:31:07 GMT
content-type: video/mp4
content-length: 4587
last-modified: Fri, 02 Apr 2021 09:29:43 GMT
etag: "6066e407-10911eb"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1003276
content-range: bytes 17367040-17371626/17371627
priority: u=4,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZMo89NQRmk3%2B2gKF0IGkH7eZZ74VBwJmBly2xb5qFWV3%2BWwj1nzzw2JzSUONbBWvOsQ1SvO7SvBGCSv4xlRiix1s%2FJzrXYsDo263mubQFM5JzIF2BdvTSK9xprQZ6NZn9V7jDA8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307278d599556ae-OSL
alt-svc: h3=":443"; ma=86400

www.googletagmanager.com/gtag/js?id=G-KFL7Z8ELXT&_=1701725473196

142.250.74.168

200 OK

88 kB

URL GET HTTP/2
www.googletagmanager.com/gtag/js?id=G-KFL7Z8ELXT&_=1701725473196
IP
142.250.74.168:443
ASN
#15169 GOOGLE

Requested by
https://m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
Certificate
IssuerGoogle Trust Services LLC
Subject*.google-analytics.com
Fingerprint37:42:10:B7:89:70:45:51:80:81:66:CE:95:21:72:5D:46:0B:E2:34
ValidityMon, 23 Oct 2023 11:18:19 GMT - Mon, 15 Jan 2024 11:18:18 GMT

File type
ASCII text, with very long lines (4179)
Size
88 kB (88002 bytes)
Hash
a4efe451bbdc5bb1ca4f6081fbf46c1a
dc15a644d9b2ef0ebd0e3bef5f603758959d8176
e438639e22325932cd6be9185c185be97e7c6cb8793ad9884378b5e9690a9794

HTTP Headers

GET /gtag/js?id=G-KFL7Z8ELXT&_=1701725473196 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.lokal-flort.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 04 Dec 2023 21:31:07 GMT
expires: Mon, 04 Dec 2023 21:31:07 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88002
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

assets.topsrcs.com/js/libs/lib_fosobo.js

104.21.13.52

200 OK

24 kB

URL GET HTTP/2
assets.topsrcs.com/js/libs/lib_fosobo.js
IP
104.21.13.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
Certificate
IssuerGoogle Trust Services LLC
Subjecttopsrcs.com
Fingerprint63:30:14:37:47:7B:D7:1A:75:C6:FE:09:66:69:A6:27:8B:5E:8F:7B
ValidityWed, 29 Nov 2023 00:21:35 GMT - Tue, 27 Feb 2024 00:21:34 GMT

File type
ASCII text, with very long lines (1783)
Size
24 kB (24345 bytes)
Hash
727c6177bddf4583cb706a9b5f0e1186
de185fa9b912485764fd4c1d82d87dcd339a042e
1e8397183bcd54325d47555e05c54a114a1a2a71eef3696c44b893f42a3c5b0e

HTTP Headers

GET /js/libs/lib_fosobo.js HTTP/1.1
Host: assets.topsrcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.lokal-flort.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 21:31:07 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=29428
access-control-allow-origin: *
etag: W/"64c90c67-72f4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 01 Aug 2023 13:45:11 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 925342
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pVYNRvDN7%2BhOsk3dZf6NzAg4wmJoul7A26mSBrOvOUB4w4DFo%2FgaEtemWG%2Bir1wiKdgIreOYCIN%2BVjel3Op5%2FPIZn%2FGYsA5hew%2FmU5LeFahPodLXRVIp7JuHD0oVYMK4CtkGlp4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307278a6c8d7131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

tds.wooqi.win/effd7e8e-7960-4a53-b8f1-fb35008d5694?var1=8493F&var2=&var3=mb01

18.192.108.151

302 Found

6.9 kB

URL User Request GET HTTP/2
tds.wooqi.win/effd7e8e-7960-4a53-b8f1-fb35008d5694?var1=8493F&var2=&var3=mb01
IP
18.192.108.151:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjecttds.wooqi.win
Fingerprint11:1F:8C:2F:8A:01:6F:D7:4A:F3:40:1A:89:F4:58:50:07:44:D5:13
ValidityFri, 13 Oct 2023 05:52:46 GMT - Thu, 11 Jan 2024 05:52:45 GMT

File type

Size
6.9 kB (6906 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /effd7e8e-7960-4a53-b8f1-fb35008d5694?var1=8493F&var2=&var3=mb01 HTTP/1.1
Host: tds.wooqi.win
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: nginx
date: Mon, 04 Dec 2023 21:31:05 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://trk.wdacashtrk.com/aff_c?offer_id=1171&aff_id=14521&aff_sub=wifcqt5o1etredgt22v3p1o4&source=8493F
pragma: no-cache
set-cookie: effd7e8e-7960-4a53-b8f1-fb35008d5694-v4=xeKZDT62jQihmnSSZgOqTvIRX76w-vLUsJ40R08HwxA; Max-Age=86400; Expires=Tue, 05-Dec-2023 21:31:05 GMT; Domain=tds.wooqi.win; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=5I8NUI26xypUMIUdEQKNLsDFuRe8IxVvx98HGX16tAdYZcUisorFps3AycYfDAVF%2Bui%2B0%2Fr2OKD%2FqGf0PxH3zeWI1lOXI20NPOQqc3pT1uuCRznOxbZmUd3w63vACyxYc5SGvnGwRXoqHJUiBRblyA%3D%3D; Max-Age=31536000; Expires=Tue, 03-Dec-2024 21:31:05 GMT; Domain=tds.wooqi.win; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2

www.sex2n8.com/c/7a0e415a61ac20ce?clickid=656e4519b09cbb000164d969&token1=26667937341&token2=x&token3=x&token4=affise&token5=14521&token6=&token7=&token8=

172.67.193.241

302 Found

6.9 kB

URL User Request GET HTTP/2
www.sex2n8.com/c/7a0e415a61ac20ce?clickid=656e4519b09cbb000164d969&token1=26667937341&token2=x&token3=x&token4=affise&token5=14521&token6=&token7=&token8=
IP
172.67.193.241:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint7E:6F:F9:EE:00:5F:51:86:D9:59:51:DF:A4:64:9E:4D:59:3A:C5:C0
ValidityWed, 08 Feb 2023 00:00:00 GMT - Wed, 07 Feb 2024 23:59:59 GMT

File type

Size
6.9 kB (6906 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /c/7a0e415a61ac20ce?clickid=656e4519b09cbb000164d969&token1=26667937341&token2=x&token3=x&token4=affise&token5=14521&token6=&token7=&token8= HTTP/1.1
Host: www.sex2n8.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
date: Mon, 04 Dec 2023 21:31:06 GMT
content-type: text/html; charset=utf-8
location: https://m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
set-cookie: unique_id=656e451a00078b62; Path=/; Expires=Fri, 02 Feb 2024 21:31:06 GMT; Secure; SameSite=None
unique_id2=656e451a00079381; Path=/; Expires=Sun, 03 Mar 2024 21:31:06 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Mon, 04 Dec 2023 21:31:06 GMT; Secure; SameSite=None
tid=trmuh656e451a0005ac1d; Path=/; Expires=Tue, 07 Nov 2028 21:31:06 GMT; Secure; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MKyac1I%2FSbSSw4W%2FnWE9aGFqwyf1L8%2BStas0ddnr7fqYhJxtmVpLH900ZDstz5mGIuBQIhmSwwQ2ksXd54ut%2B5MoXh7IxgmPUwC1QuNne%2Fsz93XX92wFvKeSLGq20zpOPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83072781cc505687-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.topsrcs.com/css/style_vid.css

104.21.13.52

200 OK

4.0 kB

URL GET HTTP/2
assets.topsrcs.com/css/style_vid.css
IP
104.21.13.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
Certificate
IssuerGoogle Trust Services LLC
Subjecttopsrcs.com
Fingerprint63:30:14:37:47:7B:D7:1A:75:C6:FE:09:66:69:A6:27:8B:5E:8F:7B
ValidityWed, 29 Nov 2023 00:21:35 GMT - Tue, 27 Feb 2024 00:21:34 GMT

File type
ASCII text, with very long lines (3984), with no line terminators
Size
4.0 kB (3978 bytes)
Hash
7f5280e87ab1b9c445a760123cbbda99
f337b4b5060866660eacf0fcdd0bac6f8fbeb327
40553f4122dc3ed00d7a38156d578a04f9b5423f3a5ba072df4c5e62fbc1524d

HTTP Headers

GET /css/style_vid.css HTTP/1.1
Host: assets.topsrcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.lokal-flort.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 21:31:07 GMT
content-type: text/css
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=6110
access-control-allow-origin: *
etag: W/"616e6e3d-17de"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 19 Oct 2021 07:05:33 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 5552
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Vya08sg2qJQ8yvjuvE%2Fo0ry3gJJ%2FzlWO1VMEDO9JuCxi0t5Js1yMq8Aky4RXp33UVnuUE40h1%2BmP%2FRXmdpNZCKPd13oU6o5oUwIZrfs3R9zYRY3vCaVegucevqT2CcTRFOlh%2FH0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307278a7ca07131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.topsrcs.com/js/script_pxl.js?_=1701725473194

104.21.13.52

200 OK

31 kB

URL GET HTTP/3
assets.topsrcs.com/js/script_pxl.js?_=1701725473194
IP
104.21.13.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
Certificate
IssuerGoogle Trust Services LLC
Subjecttopsrcs.com
Fingerprint63:30:14:37:47:7B:D7:1A:75:C6:FE:09:66:69:A6:27:8B:5E:8F:7B
ValidityWed, 29 Nov 2023 00:21:35 GMT - Tue, 27 Feb 2024 00:21:34 GMT

File type
ASCII text
Size
31 kB (31018 bytes)
Hash
2525c70bcd6b92163510ff9eda721275
97a475770454fa2ade55f7211468911aa584b8a0
19a2486ccc9ac79968280cc4eba76f71c0a10a11ec41fc04d60c974ebc8f76be

HTTP Headers

GET /js/script_pxl.js?_=1701725473194 HTTP/1.1
Host: assets.topsrcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.lokal-flort.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:31:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Wed, 06 Sep 2023 13:05:40 GMT
vary: Accept-Encoding
etag: W/"64f87924-792a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TjCjqYrqrCc0ZR8Joq4wmYuvPvVI9DTCUn9O5zJYQ70M15j1tsPcJa%2B3VCUOJa4k5GxqBfczBVfdk9KYedpad1DBmfl38V4WkeDHTOGXkpRHg2OGrf3pxJr34DXlpKd0g1h%2FsC4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307278d599656ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

chmstrclck.com/v1/redirect/9736?utm_campaign=8493F&utm_medium=&utm_term=mb01

172.67.216.97

301 Moved Permanently

6.9 kB

URL User Request GET HTTP/3
chmstrclck.com/v1/redirect/9736?utm_campaign=8493F&utm_medium=&utm_term=mb01
IP
172.67.216.97:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectchmstrclck.com
FingerprintFB:65:1D:59:4E:78:21:4B:63:71:65:AE:7C:CC:12:39:BB:63:73:FF
ValiditySun, 19 Nov 2023 13:25:31 GMT - Sat, 17 Feb 2024 13:25:30 GMT

File type

Size
6.9 kB (6906 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v1/redirect/9736?utm_campaign=8493F&utm_medium=&utm_term=mb01 HTTP/1.1
Host: chmstrclck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Mon, 04 Dec 2023 21:31:05 GMT
content-type: text/html; charset=utf-8
location: https://tds.wooqi.win/effd7e8e-7960-4a53-b8f1-fb35008d5694?var1=8493F&var2=&var3=mb01
x-powered-by: lb-ads-display/3.1.0
x-environment: prod
cache-control: no-cache, no-store, max-age=0, must-revalidate
vary: Accept
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fp40b8XzeuWVwY2GXlMFqgq7ZXYref%2FhPxwrbfrZz5XwIds9ZdIT945W6UTVJEZZALZAd6IQ1xs11kUvuGGoH0YcurroUB4RPYrbRNifKrAOaMgBMxFKLMcoNZPEDYlgKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307277cf8e5b511-OSL
alt-svc: h3=":443"; ma=86400

m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651

172.67.203.231

200 OK

6.9 kB

URL User Request GET HTTP/2
m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
IP
172.67.203.231:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectlokal-flort.com
FingerprintC4:91:8C:30:C8:98:A7:D5:BD:27:90:B5:D2:37:9A:41:FD:36:93:3A
ValidityFri, 24 Nov 2023 14:30:09 GMT - Thu, 22 Feb 2024 14:30:08 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (7163), with no line terminators
Size
6.9 kB (6906 bytes)
Hash
b7d3245e032acabd1921754fee66def5
07b50a3a85e4c3202704bed7540591e8af101a62
0e7326e20f04bcc75f21dbe121b80626b7e5b4b5007d006d274326068e322df6

HTTP Headers

GET /lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651 HTTP/1.1
Host: m.lokal-flort.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 21:31:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pu5gcbvkkEC53%2FqVSyB0ai16M9t5mwLfkQhKx6kcXWwdSVyVv4zRA6%2BG1emx6okIQhCHco3CDBT%2FujaYuJ5WLDNUYrNhra1eNJ2s27oFKtk3NqMZHEtleCqcXl%2Fu50Lp86mTAg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830727837a285688-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.topsrcs.com/profiles_video/95/English.js

104.21.13.52

200 OK

67 B

URL GET HTTP/2
assets.topsrcs.com/profiles_video/95/English.js
IP
104.21.13.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
Certificate
IssuerGoogle Trust Services LLC
Subjecttopsrcs.com
Fingerprint63:30:14:37:47:7B:D7:1A:75:C6:FE:09:66:69:A6:27:8B:5E:8F:7B
ValidityWed, 29 Nov 2023 00:21:35 GMT - Tue, 27 Feb 2024 00:21:34 GMT

File type
Unicode text, UTF-8 text, with no line terminators
Size
67 B (67 bytes)
Hash
2f7d7e2129f5ba89c3745051606fe425
528142946ff115e8c70c19dc4b6ddbf8bc04db56
a04da6bf3cd8eb796874846a80048aa1de64cc52727e7e94e06886f820fd02c5

HTTP Headers

GET /profiles_video/95/English.js HTTP/1.1
Host: assets.topsrcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.lokal-flort.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 21:31:07 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=76
access-control-allow-origin: *
etag: W/"6066e402-4c"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Fri, 02 Apr 2021 09:29:38 GMT
cf-cache-status: HIT
age: 648886
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3frWtuIvwqW4ubNoFEUmu%2F8D9DN7nv9X1ttExBTkxB94May9QkEU%2Fbzk48dWe1I%2BLT7EIQkvRl2eHnby08OOlk%2FwRlWhWXqFirB2ha%2FUUw9rBd91fiACozNZQQolzQUCg9HG9%2FE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307278a7c987131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

chmstrclck.com/v1/redirect/10862?utm_term=CK_26_201&utm_source=Adnium_Fallback

172.67.216.97

301 Moved Permanently

6.9 kB

URL User Request GET HTTP/2
chmstrclck.com/v1/redirect/10862?utm_term=CK_26_201&utm_source=Adnium_Fallback
IP
172.67.216.97:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectchmstrclck.com
FingerprintFB:65:1D:59:4E:78:21:4B:63:71:65:AE:7C:CC:12:39:BB:63:73:FF
ValiditySun, 19 Nov 2023 13:25:31 GMT - Sat, 17 Feb 2024 13:25:30 GMT

File type

Size
6.9 kB (6906 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v1/redirect/10862?utm_term=CK_26_201&utm_source=Adnium_Fallback HTTP/1.1
Host: chmstrclck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Mon, 04 Dec 2023 21:31:04 GMT
content-type: text/html; charset=utf-8
location: https://a.medfoodsafety.com/loader?a=4793842&s=4780719&t=94&p=12731
x-powered-by: lb-ads-display/3.1.0
x-environment: prod
cache-control: no-cache, no-store, max-age=0, must-revalidate
vary: Accept
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1eOd%2FmkBh2R1lL2QBTl8RcUro%2FRSyOYgUIgwSuskmHMYVwXSp5UyPOEr8VfDcdf4Bm745YWOfNCtOuIF%2FbfjiJ1FXozwSyIW9wjgUMUAk8fIxEe047acRxXAe%2BSA3KAJog%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830727760a02b50f-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

chmstrclck.com/v1/redirect/10862?utm_term=CK_26_201&utm_source=Adnium_Fallback

172.67.216.97

301 Moved Permanently

6.9 kB

URL User Request GET HTTP/3
chmstrclck.com/v1/redirect/10862?utm_term=CK_26_201&utm_source=Adnium_Fallback
IP
172.67.216.97:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectchmstrclck.com
FingerprintFB:65:1D:59:4E:78:21:4B:63:71:65:AE:7C:CC:12:39:BB:63:73:FF
ValiditySun, 19 Nov 2023 13:25:31 GMT - Sat, 17 Feb 2024 13:25:30 GMT

File type

Size
6.9 kB (6906 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v1/redirect/10862?utm_term=CK_26_201&utm_source=Adnium_Fallback HTTP/1.1
Host: chmstrclck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Mon, 04 Dec 2023 21:31:04 GMT
content-type: text/html; charset=utf-8
location: https://s.zlinkd.com/d.php?z=5026070
x-powered-by: lb-ads-display/3.1.0
x-environment: prod
cache-control: no-cache, no-store, max-age=0, must-revalidate
vary: Accept
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rCkmBFCd0kp79H5jFe5esOwVmgoGnXfqHaMjPHiKoMZQzY4R3SNB%2Bih91126m7y3JTdcnqyiXVbvot35BSTFrxPN%2FcZhOakemaVLqpWBHSCpIA7VC62NPDrKUM6%2FFOiWWw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 83072777dc5db511-OSL
alt-svc: h3=":443"; ma=86400

assets.topsrcs.com/js/script_tpsrcuid.js?_=1701725473195

104.21.13.52

200 OK

9.5 kB

URL GET HTTP/3
assets.topsrcs.com/js/script_tpsrcuid.js?_=1701725473195
IP
104.21.13.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
Certificate
IssuerGoogle Trust Services LLC
Subjecttopsrcs.com
Fingerprint63:30:14:37:47:7B:D7:1A:75:C6:FE:09:66:69:A6:27:8B:5E:8F:7B
ValidityWed, 29 Nov 2023 00:21:35 GMT - Tue, 27 Feb 2024 00:21:34 GMT

File type
Unicode text, UTF-8 text, with very long lines (9648), with no line terminators
Size
9.5 kB (9460 bytes)
Hash
b35ff5d22e375e69d300e694f8cca029
d81a343520833375992c803f416cc68b931343b3
2872e05c87b7c8e06327fc66da1f63e3cf118e935081d88248db175113b03e5e

HTTP Headers

GET /js/script_tpsrcuid.js?_=1701725473195 HTTP/1.1
Host: assets.topsrcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.lokal-flort.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:31:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 11 Apr 2023 14:23:43 GMT
vary: Accept-Encoding
etag: W/"64356d6f-24f4"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: MISS
priority: u=3,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fev2TkKbTlKOF7%2BAWUawhswQiG3iKpmSnm0zz6EnzXGit0nfvdbhAhLAcCJAWfLRFybLweCfBc2%2FPHj7s9jyq0f%2Fzp8ZZlBmg8wo78A2xpEaIxBOVT8lz9LfMjmyXlfhANNE7fs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307278d599756ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

chmstrclck.com/v1/redirect/10862?utm_term=CK_26_201&utm_source=ExoClick_Fallback

172.67.216.97

301 Moved Permanently

6.9 kB

URL User Request GET HTTP/3
chmstrclck.com/v1/redirect/10862?utm_term=CK_26_201&utm_source=ExoClick_Fallback
IP
172.67.216.97:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerGoogle Trust Services LLC
Subjectchmstrclck.com
FingerprintFB:65:1D:59:4E:78:21:4B:63:71:65:AE:7C:CC:12:39:BB:63:73:FF
ValiditySun, 19 Nov 2023 13:25:31 GMT - Sat, 17 Feb 2024 13:25:30 GMT

File type

Size
6.9 kB (6906 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /v1/redirect/10862?utm_term=CK_26_201&utm_source=ExoClick_Fallback HTTP/1.1
Host: chmstrclck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 301 Moved Permanently
date: Mon, 04 Dec 2023 21:31:04 GMT
content-type: text/html; charset=utf-8
location: https://tds.findlocalgirls.online/04e86abf-2a80-479a-93c0-7874f04555c0?cmpid=8493F&sub_source=CK_26_201&adzone=10862&cost=0.33
x-powered-by: lb-ads-display/3.1.0
x-environment: prod
cache-control: no-cache, no-store, max-age=0, must-revalidate
vary: Accept
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=egHvOCSAM3WMaSDt45zGJFHhu8mURbuh%2FRblADjc0G6kyPjy32Ut2G70FBi5%2B1BP2ZYWSa7Ledsl8wKo%2BExZrnVdyEq8wSb4YT9iysrigUzAIRfr6Q8%2BmLwmqzcWP6gIxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 830727797d99b511-OSL
alt-svc: h3=":443"; ma=86400

assets.topsrcs.com/js/script_video.js

104.21.13.52

200 OK

4.1 kB

URL GET HTTP/2
assets.topsrcs.com/js/script_video.js
IP
104.21.13.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
Certificate
IssuerGoogle Trust Services LLC
Subjecttopsrcs.com
Fingerprint63:30:14:37:47:7B:D7:1A:75:C6:FE:09:66:69:A6:27:8B:5E:8F:7B
ValidityWed, 29 Nov 2023 00:21:35 GMT - Tue, 27 Feb 2024 00:21:34 GMT

File type
HTML document, ASCII text, with very long lines (4169), with no line terminators
Size
4.1 kB (4061 bytes)
Hash
2462c119e0d520acc9b66ae5772a20e1
57aa9ab2079245c3e4da42f2cc6454e5427e691e
d923ad1bf50db97968d2e15b19ee92279ca9cec67c595d24b65f6149228ec599

HTTP Headers

GET /js/script_video.js HTTP/1.1
Host: assets.topsrcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.lokal-flort.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Mon, 04 Dec 2023 21:31:07 GMT
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=5866
access-control-allow-origin: *
etag: W/"653fb924-16ea"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 30 Oct 2023 14:09:40 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 1103615
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EAnpc1CqPVFHk%2B7nwR9FpbXSwubZCCVZ0NhJlNb8brAn25CCh0eLTaM1d1xN4F3UCoCTQ1pxw6d%2F2rm1stAiKMEEAQGuQgmIHXboLZSe3a7zh8Cm2fy5tYPvvODHO4daOjmZOGY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8307278a8ca67131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

assets.topsrcs.com/media/favicon.ico

0.0.0.0

0 B

URL GET
assets.topsrcs.com/media/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
https://m.lokal-flort.com/lps/vid/?p=95&l=English&country=NO&city=oslo&token1=26667937341&token4=affise&tid=trmuh656e451a0005ac1d&s=dark&lp=885897__sukkersota_x&token5=14521&token6=&token8=34651
Certificate
IssuerGoogle Trust Services LLC
Subjecttopsrcs.com
Fingerprint63:30:14:37:47:7B:D7:1A:75:C6:FE:09:66:69:A6:27:8B:5E:8F:7B
ValidityWed, 29 Nov 2023 00:21:35 GMT - Tue, 27 Feb 2024 00:21:34 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /media/favicon.ico HTTP/1.1
Host: assets.topsrcs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://m.lokal-flort.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Mon, 04 Dec 2023 21:31:07 GMT
content-type: image/x-icon
last-modified: Mon, 21 Sep 2020 02:40:17 GMT
etag: W/"5f681291-47e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
access-control-allow-origin: *
cf-cache-status: HIT
age: 1001161
priority: u=6,i=?0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a0J5tYsHvplI2oNt6AWsILwEmmwm3IxAzY8%2BKxR2JTJg%2BL5ARjPmVy4AAyuPeY540vjFE%2FqwFZIPZ3LPY3jccThPFOly5diMvp6jQ63SA%2Bo2lArTvkCelHgUUToOFj2HpGGlgIs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8307278eeb9856ae-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (8)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (28)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP