Report - andicomedicalsuppliers.com/chromestre/113on892it.exe

Report Overview

Submitted URL
andicomedicalsuppliers.com/chromestre/113on892it.exe
IP
185.107.56.55
ASN
#43350 NForce Entertainment B.V.
Submitted
2023-01-28 10:17:27
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.9 kB	34.160.144.191
r.redirekted.com	645251	2014-06-22T14:45:47Z	2023-03-06T13:55:30Z	2.5 kB	12 kB	66.165.243.160
dd.kelkoogroup.net	unknown	2022-06-24T12:22:42Z	2023-03-13T08:22:44Z	549 B	31 kB	54.230.111.93
fonts.googleapis.com	8877	2013-06-10T22:14:26Z	2023-03-13T08:14:31Z	478 B	630 B	142.250.74.106
api-js.datadome.co	8155	2017-10-11T16:14:56Z	2023-03-13T07:50:57Z	470 B	507 B	13.51.192.216
ocsp.digicert.com	86	2012-05-21T09:02:23Z	2023-03-13T06:00:13Z	1.4 kB	17 kB	93.184.220.29
ssl.google-analytics.com	275	2012-10-02T06:58:30Z	2023-03-13T08:41:35Z	365 B	18 kB	142.250.74.40
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
www.google-analytics.com	40	2012-10-03T03:04:21Z	2023-03-13T07:36:03Z	3.0 kB	237 kB	142.250.74.46
status.thawte.com	5123	2017-11-27T13:33:51Z	2023-03-13T05:14:46Z	341 B	797 B	93.184.220.29
no-go.kelkoogroup.net	unknown	2017-10-30T15:27:38Z	2023-03-13T08:22:43Z	7.0 kB	35 kB	95.211.116.26
ocsp.usertrust.com	899	2012-05-21T17:43:18Z	2023-03-13T08:38:38Z	342 B	1.0 kB	104.18.32.68
fonts.gstatic.com	unknown	2014-09-09T02:40:21Z	2023-03-13T08:44:36Z	2.9 kB	104 kB	142.250.74.35
andicomedicalsuppliers.com	unknown	2020-05-01T17:55:55Z	2023-03-09T12:28:22Z	1.6 kB	1.6 kB	23.82.12.36
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.2 kB	56 kB	34.120.237.76
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	4.1 kB	194 kB	142.250.74.131
chat.chatra.io	29381	2015-03-31T08:17:34Z	2023-03-10T17:49:59Z	572 B	2.5 kB	172.67.13.227
uc.chatra-usercontent.com	53154	2020-07-15T13:43:54Z	2023-03-10T17:50:01Z	435 B	6.3 kB	104.21.74.23
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.0 kB	5.3 kB	23.33.119.27
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	35.155.48.47
call.chatra.io	32858	2015-12-25T15:00:06Z	2023-03-10T17:49:59Z	359 B	131 kB	104.22.2.142
urtesenteret.no	unknown	2012-07-21T21:20:41Z	2023-02-17T09:56:24Z	581 B	63 kB	104.21.37.61

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2023-01-28	medium	andicomedicalsuppliers.com/chromestre/113on892it.exe	Malware

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (58)

	URL	Size	First Seen	Last Seen
	urtesenteret.no/wa-apps/shop/plugins/flexdiscount/js/flexdiscountFrontend.min.js?4.43.0	16 kB	2023-03-09	2024-01-20
Pretty URL urtesenteret.no/wa-apps/shop/plugins/flexdiscount/js/flexdiscountFrontend.min.js?4.43.0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:39:03 Last Seen2024-01-20 15:06:55 Times Seen10 Hash 4561420b55efea5eacaf23d9bf138f3c 9398473eb7b5f80e3a9461ddf620413d663fb200 cb856d568651db7f02986f7662673a0b7e1bfe8d380796b3ea2d5a3c14a02e99 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	625 B	2023-03-13	2023-03-14
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:59:26 Last Seen2023-03-14 01:57:21 Times Seen1 Hash 48ea890aca77465203546a27c3272e35 bb59ce3215e29ff768bf0f983d566805f57d7e1d 0e6f831cfc6ca4fd3edd623653ea21193a415b1e476ff6880f7b2fd14e2793d2 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	947 B	2023-03-13	2023-03-13
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:38:33 Last Seen2023-03-13 22:53:59 Times Seen1 Hash cea1d876b972663f314642adf05ac673 a1b43554b2b9fb13bd137d8e16a5cd006aacaa3e 1ff347ea9ba6a18661952123de6e52c5204aecb62cbea2a4507979703f2b763a Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	457 B	2023-03-13	2023-03-14
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:59:26 Last Seen2023-03-14 01:57:20 Times Seen1 Hash eb145632ce3ccc94e9aacabdbbf7fc1e 8894ffc6f4461a01289d9523af851e4aec7614b8 543ce42de8404218d35dc966bb5e8303fc168f831fcca1f038c9a054182c424b Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	413 B	2023-03-13	2023-03-14
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:38:33 Last Seen2023-03-14 01:57:20 Times Seen1 Hash 89cb668d881854e229eb215995668f61 2bb5b25fbe34ff335dfcf5c8c78a02d901b242e3 85e95ffb420386eac6587895f9a9ca7efa9b4368f07a5067bba3e9dfb41d8a2e Loading...

	chat.chatra.io/meteor_runtime_config.js?hash=d9329ed12de50cf84a6270aed43fc15bcdc8db0a	681 B	2023-03-13	2023-03-13
Pretty URL chat.chatra.io/meteor_runtime_config.js?hash=d9329ed12de50cf84a6270aed43fc15bcdc8db0a IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 01:18:22 Last Seen2023-03-13 09:38:33 Times Seen1 Hash 83a4079da77fa7f73ce1ab5f7c2bb7f2 c1eaa6fb7920c4275f7b755ea525c10853aff5f0 9851acbac4f3c698c4e1bfce5d437e4a7e6d7853b1aa082b3be46cef292aa884 Loading...

	r.redirekted.com/js/adren.min.js?n=2222431398	7.5 kB	2023-03-08	2023-03-14
Pretty URL r.redirekted.com/js/adren.min.js?n=2222431398 IP 66.165.243.160 ASN #29802 HVC-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:11:25 Last Seen2023-03-14 08:42:01 Times Seen1 Hash 9a9ec61d7e275f25fe83f0aa93bd2e41 8a3a23c432b601e9f8f8fe2b61f0fedbc341c9ac 55afe8ae4db5b6ca9ec5a3aca1f3a7b482ca51d0914acd250093f1a9ecbfccec Loading...

	urtesenteret.no/wa-apps/shop/plugins/question/js/question.js?v=4.2.0	5.4 kB	2023-03-09	2023-03-13
Pretty URL urtesenteret.no/wa-apps/shop/plugins/question/js/question.js?v=4.2.0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-13 09:38:33 Times Seen1 Hash 9dd97813dc39690f8bfcc4bf5f1808d5 94c30c64b03a051c188d03dcfee1a86d3292f5bd e83ad98470f48f93646b1d6ed82c14d88e73e59b5ae49f97e2ca9ab7ef8e9e63 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	328 B	2023-03-09	2023-03-14
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-14 01:57:21 Times Seen1 Hash eea050d214e557447c127113bb3ae285 d37a4cd2688312126f03e1be115fff43239d95a5 e2c67484bad4e38a004a129d32990226bd54a5ba34418f2f2585f1b521b95335 Loading...

	urtesenteret.no/wa-data/public/site/themes/prostore/theme_plugins/lazysizes.min.js?v4.1.7	13 kB	2023-03-09	2023-04-05
Pretty URL urtesenteret.no/wa-data/public/site/themes/prostore/theme_plugins/lazysizes.min.js?v4.1.7 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-04-05 01:37:15 Times Seen2 Hash 0ed65854253ee4b7f2f6d5a2d3c42844 8c5d54e0902cdfa1ef59adfc12f8cc029d1bfefd 980f422c83ef4e8996e462ad8c36ef9818eaafb820fa1359748fa0548c5bea95 Loading...

	ssl.google-analytics.com/ga.js	46 kB	2023-03-07	2024-04-16
Pretty URL ssl.google-analytics.com/ga.js IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:00 Last Seen2024-04-16 23:24:27 Times Seen3495 Hash e9372f0ebbcf71f851e3d321ef2a8e5a 2c7d19d1af7d97085c977d1b69dcb8b84483d87c 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	391 B	2023-03-09	2023-03-14
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-14 01:57:20 Times Seen1 Hash 530b36e3fee4c502b2e66de43ab8fec5 9756712323b7bb301de5c4a01ca47a11f06d7ee6 c2f07475983ad53ca9031e147d3d36b38e1b263738574d92e80381ee2db234f0 Loading...

	urtesenteret.no/wa-apps/shop/plugins/arrived/js/main.js?v3.2.2	3.6 kB	2023-03-09	2023-03-13
Pretty URL urtesenteret.no/wa-apps/shop/plugins/arrived/js/main.js?v3.2.2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-13 09:38:33 Times Seen1 Hash 55557af232aab2b1294e729fce40cafc f53d5b9470075102a77f13826e7008dc80106e08 1cec69ec762116674e8b4b959b02b8057a23a8094d57cabc13726e52a12784c7 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	284 B	2023-03-09	2023-03-14
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-14 01:57:20 Times Seen1 Hash 7c3b1511c3ffe235dec7ce116817fef0 2d66b21abe600cc7bb0b883ff36fdf51c6d28b75 39a2756705c2ace737a3ff6a8bc456cb8f22fd2ea8509108875124aa73e22276 Loading...

	urtesenteret.no/wa-data/public/site/themes/prostore/script.min.js?v1.7.4	151 kB	2023-03-09	2023-04-05
Pretty URL urtesenteret.no/wa-data/public/site/themes/prostore/script.min.js?v1.7.4 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-04-05 01:37:15 Times Seen2 Hash e4525d587d7e2073b6c9477605c34007 84b7ca27890725b67c8b768ca291537ee0ffa431 47ee0f752537e3dc03e8dedf2d633862701fd32d757c9991621023e06bdffe6b Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	252 B	2023-03-09	2023-12-02
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-12-02 16:14:50 Times Seen3 Hash f146375784a7d6336053e5611a80c416 f64fc132be7992d94d93631cec454d4b948d1c99 dc2f044a5509d5d877b2410849d1a852747a3a96b54bccde115d835d02028d3e Loading...

	urtesenteret.no/wa-data/public/shop/themes/prostore/product.fav-buttons.min.js?v1.7.4	4.3 kB	2023-03-09	2023-03-14
Pretty URL urtesenteret.no/wa-data/public/shop/themes/prostore/product.fav-buttons.min.js?v1.7.4 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-14 01:57:20 Times Seen1 Hash ed6f5eef237dea2cd3078e4495b2f540 2a173bf04173fedccb7267f1d0bf559fe7d40856 ab1703c3688fa4a8ce04535b4337d7c73ebd12d7f24876593fbc967f13af2288 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	947 B	2023-03-13	2023-03-13
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:38:33 Last Seen2023-03-13 22:53:59 Times Seen1 Hash f2948cb228180918ee76fd356796ef9a da18f48c428821588263c1a5ee9e1234fece214c 36efe47c354e7df263fcf42fe7f33eadd0a002d514ce21b0c8cc529766d33d52 Loading...

	andicomedicalsuppliers.com/chromestre/113on892it.exe	408 B	2023-03-13	2023-03-13
Pretty URL andicomedicalsuppliers.com/chromestre/113on892it.exe IP 23.82.12.36 ASN #30633 LEASEWEB-USA-WDC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:38:33 Last Seen2023-03-13 09:38:33 Times Seen1 Hash 6c41aff78e2cf5e15dd333f5f5181b5a f125ddf3d67f36734c9921fd30c541ba17ebbdb0 aec5c1a3b9315e8b582e6f141297419b6eb10e9eafcc3e7dcaf76cc61fe39fde Loading...

	dd.kelkoogroup.net/tags.js	144 kB	2023-03-13	2023-03-13
Pretty URL dd.kelkoogroup.net/tags.js IP 54.230.111.93 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 08:17:27 Last Seen2023-03-13 13:03:14 Times Seen1 Hash 25ceca2547af0605d2f60249c1fd9c18 604b7e7a90f284409ab9fdb03e375de2ea974b90 02a44dbd4d7355457803d1f00e78e2391658983f43b9eacebe05365d4b57a226 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	329 B	2023-03-09	2023-06-03
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-06-03 00:35:09 Times Seen5 Hash 8706455da236d821c71b4acc10d3aeab 48d42ffb40525be6e8fb84119779edb163b81156 5af2cd515d90bb5fb217fea92cc7ed08423ff19d0694f471fffd09b805c22539 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	37 B	2023-03-09	2024-01-20
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2024-01-20 15:06:54 Times Seen28 Hash cbf288b577710491c9456e99af12bfa8 27e5fa398419170d5d099ef11dc30ab1c7e7068c 788ebe51b826f6ce760131cd297a4e64026f1d759b83791eda954d38a03eb552 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	1.7 kB	2023-03-09	2024-01-20
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2024-01-20 15:06:54 Times Seen2 Hash 1a1a18055808bb8f32aeda5f46e93a4c d5b6f19af5d5968acb0bb493597eb1b304363c1b a74a81d6c07af5a4ff910a803ed7d4ec7d3d96ad590013d1079c836489540457 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	4.3 kB	2023-03-13	2023-03-13
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:38:33 Last Seen2023-03-13 22:53:59 Times Seen1 Hash dbbc3ea997dd890faa439ebc20f75b41 74b13b4833ada13c12797dfcadc4191dcb3085b9 a69b978cb03b68adf9aca6d53dd39a3a1c1e96785b74e4b1a60a1c9075c7a7a4 Loading...

	urtesenteret.no/wa-data/public/shop/themes/prostore/script.shop.min.js?v1.7.4	16 kB	2023-03-09	2023-04-05
Pretty URL urtesenteret.no/wa-data/public/shop/themes/prostore/script.shop.min.js?v1.7.4 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-04-05 01:37:15 Times Seen2 Hash 7e0cede5393b858163efda62f42e26cd d57933d481dcafb61bd88959c1ed1714d1900f92 781a1600c3189e26339284e67fad85dd5c07e71c90079427d8364257eac3bf5f Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	522 B	2023-03-09	2023-04-05
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-04-05 01:37:15 Times Seen2 Hash f1141e7ab8c8bbbcd02be9daa70f6ac8 e15ff509b30c8612efdcfca83484f1d0977fe760 ad4ebddc25c2b8e034955fd601b0663f52087d3bcb6f1f2e4ace032f7b85661a Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-12	2024-04-15
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.46 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 21:46:21 Last Seen2024-04-15 18:54:35 Times Seen35101 Hash 54e51056211dda674100cc5b323a58ad 26dc5034cb6c7f3bbe061edd37c7fc6006cb835b 5971b095cff574a66d35ada016d4c077c86e2dea62e9c0f14cf7c94b258619de Loading...

	no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB	1.6 kB	2023-03-13	2023-03-13
Pretty URL no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB IP 95.211.116.26 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:38:33 Last Seen2023-03-13 09:38:33 Times Seen1 Hash b31e2d1149d6753ede27dc9af6733477 116dac648c2619e075478d4bbebf0dcbd519288b 3d2cc5b71fa3384804f108bea463608045b3990811cadbe5732ee96dbabf8cc2 Loading...

	urtesenteret.no/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js	12 kB	2023-03-07	2024-04-23
Pretty URL urtesenteret.no/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:06 Last Seen2024-04-23 06:31:17 Times Seen42996 Hash 88a769d2fe35899fd45a332a0a032cc0 514c6c1d8475d17e412849a4c90159517d0fa10a ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	2.9 kB	2023-03-09	2023-03-14
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-14 01:57:21 Times Seen1 Hash b24b54d1f7e1accb9473351478701984 ec7ff87ebc0815c1e12ba09a6e83d1b0d3256a20 f7d6269862e22bb9dd9aba4fa6bda7a5f338708c534123572484b89a70b0e8bf Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	947 B	2023-03-13	2023-03-13
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:38:33 Last Seen2023-03-13 22:53:59 Times Seen1 Hash 7b0e0afebbc90fb69aeb7641cc1ee233 f505c7fcedfbcb056df8bc6a43669546fe32ee20 0a48806a26f83605b464e6d831480267558063ab6fb9f6ebbc72cf89e718fd66 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	474 B	2023-03-09	2023-03-14
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-14 01:57:20 Times Seen1 Hash 6dd77e8e1a6ed069eba8dee1eb3fc033 865ad6f3deb06099eb703d2102ca9e7a479d88df 1d94dc6e0351b5961954f58490a0e137345a9e314df084d7659497bd953b80f1 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	2.0 kB	2023-03-09	2023-03-13
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-13 09:38:33 Times Seen1 Hash 712976282430944ec0fba934d3158f75 c061a0642305cc3e4d078fe442b76f7327721b65 2224e8ae9175a050b3033f5d582853687c7a01163e3c241711302ffb65d9f80e Loading...

	r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc	207 B	2023-03-13	2023-03-13
Pretty URL r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc IP 66.165.243.160 ASN #29802 HVC-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:38:33 Last Seen2023-03-13 09:38:33 Times Seen1 Hash 27e1319da2f67ac60dfdc283af6821f6 965fb558a2ed9fa07d0daad1bc7a9b9c45aa78be f8dc98918657b82807400edfe051f61d2e7bb210ea44a74be8b7d93221457e68 Loading...

	r.redirekted.com/go?e=NA-pFFuHPrX5KW8ETs7plBefmW6bFWzxxXYk3FeLUrtcvCe0wsyDKF8MUsY1KLwfGr_xUCuHvWxgvCw0mXmkQF8MaXtk3Ba0wXyblLd4Qqwk3FjOzsmMlL9AKA9bPXvDJr_xaCutFBsImqjI2rXuJBm4mVOcFLbI0XbZFDdRJqREwLatRA2yHDexFrYgaC9q0ZxpzCmfmKXk3B4cHsmkKF8gRCwyaC9AHVbDTLmLUF-ZmC99SA78yL9ElXSglpafHA3uUneZUpxcvCd8SsyLlK9MUqYk3FdNzXyVFLdfRCV13F10wX-tULeHPstclF85QAu1aF1f0KWk3B4tHr_03B04QBb5KW8EJr_VPn1pKrtgvV	1.8 kB	2023-03-13	2023-03-13
Pretty URL r.redirekted.com/go?e=NA-pFFuHPrX5KW8ETs7plBefmW6bFWzxxXYk3FeLUrtcvCe0wsyDKF8MUsY1KLwfGr_xUCuHvWxgvCw0mXmkQF8MaXtk3Ba0wXyblLd4Qqwk3FjOzsmMlL9AKA9bPXvDJr_xaCutFBsImqjI2rXuJBm4mVOcFLbI0XbZFDdRJqREwLatRA2yHDexFrYgaC9q0ZxpzCmfmKXk3B4cHsmkKF8gRCwyaC9AHVbDTLmLUF-ZmC99SA78yL9ElXSglpafHA3uUneZUpxcvCd8SsyLlK9MUqYk3FdNzXyVFLdfRCV13F10wX-tULeHPstclF85QAu1aF1f0KWk3B4tHr_03B04QBb5KW8EJr_VPn1pKrtgvV IP 66.165.243.160 ASN #29802 HVC-AS Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:38:33 Last Seen2023-03-13 09:38:33 Times Seen1 Hash 02b53ea59a2c9a0dfcf94f3efc64f060 7de7969bb49b9d73359e293ab40a69ef0a4e1668 a7589bfb59f2a8fd90156aa4a82bd7977c15c00c2c700205d010d077ffe8cd09 Loading...

	urtesenteret.no/wa-data/public/site/themes/prostore/script.jquery.1.11.min.js	108 kB	2023-03-09	2023-12-02
Pretty URL urtesenteret.no/wa-data/public/site/themes/prostore/script.jquery.1.11.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-12-02 16:14:52 Times Seen4 Hash 816c691bae78115008d957223d720acf db67d985ddcf67e4afd4f642bd02b63040283f67 540411e35839e4fa49f15d5072766f06e0e2372990a5d40b9f8b36edf4863728 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	679 B	2023-03-09	2023-03-14
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-14 01:57:20 Times Seen1 Hash bb9b88b90568f19f3e1eaf67b48a89f6 e33c2f7a8d51c817d0ca8093370a92e0eab877f6 c55452b6edcf46800e7b8c5bbcdcabbc94bdf70390766a76764503795d8aebc1 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	439 B	2023-03-09	2023-03-14
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-14 01:57:20 Times Seen1 Hash dd65c7ff902cf61063c20c7f6d9216b5 425fe0d9d6029616e6d5c0d59897398f90a7bbcb d173203a5676fbf091088856364c14b58455623ffe37f21720a0f4524b1e7917 Loading...

	no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB	17 kB	2023-03-13	2023-03-13
Pretty URL no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB IP 95.211.116.26 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:38:33 Last Seen2023-03-13 09:38:33 Times Seen1 Hash e18f08302face93032998351af719e8e 9e05d7fcd5d5f19e32e2a041de237a1711e9d932 476d4068702c14b6ef1fadd61efa27297a1052b4a3547de2916d7cb9206b014c Loading...

	urtesenteret.no/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	1.2 kB	2023-03-07	2024-04-23
Pretty URL urtesenteret.no/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02:00 Last Seen2024-04-23 08:04:51 Times Seen54707 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	36 B	2023-03-09	2023-03-14
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-14 01:57:20 Times Seen1 Hash 66e3e2708db2cb4116860329fd8f266a da0b1a1b40b855943f9368238fed153f51282b7d 1fb4da0bf9bf1d6fa4e353b44bab59dafc405418218c2bee41199d42b0e7ffea Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	5.5 kB	2023-03-13	2023-03-14
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 02:59:26 Last Seen2023-03-14 01:57:20 Times Seen1 Hash 9316c3af66305583e6ab10feb034b4b4 2e1b9b4e7ef276fa83b5e2e93b3db0bd8cb7fbed 35bda709fda7e8fb84e1709a5a8c040cf4694ac00561f014604bed278f0357c4 Loading...

	call.chatra.io/chatra.js	47 kB	2023-03-09	2023-04-24
Pretty URL call.chatra.io/chatra.js IP 104.22.2.142 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 21:07:48 Last Seen2023-04-24 06:38:57 Times Seen38 Hash 7932767a1a4721be098c8af90c44fd69 9a080888f3ed02993965f65c597644c08a6e5a71 048a1435e4cd4ea438b746fe84848a1df9185e10b9419f8a17fcbfa6da91f9d6 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	947 B	2023-03-13	2023-03-13
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:38:33 Last Seen2023-03-13 22:53:59 Times Seen1 Hash f492d9560370a67110cdc51c7abe8fa6 6192d479b31bd3fc04fe65b7396a64ca35d1fb3c 06fedadb765bf987bc03354e27329d6eabbe99187c3eb372fab89ce769ccf000 Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	5.2 kB	2023-03-09	2023-03-14
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-14 01:57:20 Times Seen1 Hash 42ce1dbea8e88cffd193955dc3d420e9 c1bdb48ff1ebd8ac7bfd1b0381c526d433fd3cfc d097fdce14d3eccc3be7249175860d3ad1bd99df7ff8e7ef106f3997978535a9 Loading...

	no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB	11 kB	2023-03-13	2023-03-13
Pretty URL no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB IP 95.211.116.26 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:38:33 Last Seen2023-03-13 09:38:33 Times Seen1 Hash b28e0c3b4fdb1ae69bee16b6d7126db6 6de3074f8c944986d54ce2a38dcf7893f413d9fd 1162c5fb695e23860fa3b6f989d871eec3c585a30064fced897d5459b64ced75 Loading...

	urtesenteret.no/wa-apps/shop/plugins/quickorder/js/dialog/jquery.dialog.min.js?2.12.2	7.4 kB	2023-03-09	2024-01-20
Pretty URL urtesenteret.no/wa-apps/shop/plugins/quickorder/js/dialog/jquery.dialog.min.js?2.12.2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 01:39:03 Last Seen2024-01-20 15:06:56 Times Seen20 Hash 021e8cd4a4a717089fc927bdedb0d015 03143f870a6755ffe8d1fcd75a943f5b21250ba8 45a1e3bd613c054b1c062a862f6752f5b0d7e360a720d468a51d46ff50cf6aaa Loading...

	urtesenteret.no/wa-apps/shop/plugins/quickorder/js/frontend.min.js?2.12.2	38 kB	2023-03-09	2023-10-29
Pretty URL urtesenteret.no/wa-apps/shop/plugins/quickorder/js/frontend.min.js?2.12.2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-10-29 15:20:52 Times Seen8 Hash a4ab39f28daea2d0e51ae61fcb095e57 ea923c47b58292ef4df032820f01e6fc134ae508 3dd409a6ef14adfeb38d5e8dab3bdbb6443bc0c782c641264ba9d9cab1c57198 Loading...

	urtesenteret.no/wa-apps/shop/plugins/supercache/js/supercache-unregister.js?2.1.0	547 B	2023-03-09	2023-03-13
Pretty URL urtesenteret.no/wa-apps/shop/plugins/supercache/js/supercache-unregister.js?2.1.0 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-13 09:38:33 Times Seen1 Hash 6bc451919611b1671a0dca5fb3991da0 374c60afb2ff2392b7b82bcf2746f06c7c4e5d87 58a5e9eb8a1cbb86c0c8caa2ce9c505e5e39762427dac817c96b336d47a667bb Loading...

	urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29	947 B	2023-03-13	2023-03-13
Pretty URL urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 IP 104.21.37.61 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 09:38:33 Last Seen2023-03-13 22:53:59 Times Seen1 Hash 5654f68c3ae75cc67ebda330389f9815 7d5adbd02cd557a6d0fa8aa14141c0a0fa5ff3a2 a93923f88de69000cf22db1683fff1ac2ff0aed35c44087b52c874ce6c734413 Loading...

		Size	First Seen	Last Seen
	#1 Eval - d024c09f2ab3124b27775ab3d26ec545	8.0 kB	2023-03-09	2023-03-14
Pretty Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-14 01:57:21 Times Seen1 Hash d024c09f2ab3124b27775ab3d26ec545 cfcb66c8cbabbd705bc49bfcff8d6c82a86f63f4 d0ba46778b1253df811dddf9a0647e429f239ca2b3666e7563e637fcf1cfb6da Loading...

	#2 Eval - 30f491566fb1d7a569f2b63492068d48	18 kB	2023-03-09	2023-12-02
Pretty Observations First Seen2023-03-09 02:45:12 Last Seen2023-12-02 16:14:52 Times Seen4 Hash 30f491566fb1d7a569f2b63492068d48 94611b04f1ed24350a0470e163732e4187eb1e7b 86486406b0ccea9519424e14c53fe09bb3e25c9fe78580c1f690b69807d751a6 Loading...

	#3 Eval - 1fbb7efb9873455f213c5125961f6a49	2.2 kB	2023-03-09	2023-12-02
Pretty Observations First Seen2023-03-09 02:45:12 Last Seen2023-12-02 16:14:50 Times Seen3 Hash 1fbb7efb9873455f213c5125961f6a49 204fd6395462f9eeccf99464a3312c125056c7b0 cb60b0b1981fe3dda74fec9e8eab7ad3c7aea71a51c99355e61c78e8e6759884 Loading...

	#4 Eval - 7a1b211bf7ffa712cd69f728ede1ae15	2.1 kB	2023-03-09	2023-03-14
Pretty Observations First Seen2023-03-09 02:45:12 Last Seen2023-03-14 01:57:21 Times Seen1 Hash 7a1b211bf7ffa712cd69f728ede1ae15 5c11cd041ca3007018bc2abe3ddf475c79735b4b d751597b87bf98d952e16a7501ed9502d4fcd71dff44822e635e3e31fae4698b Loading...

	#5 Eval - 7e2893ef542a12a5c7207d438bfa87d8	12 kB	2023-03-07	2024-04-19
Pretty Observations First Seen2023-03-07 01:40:16 Last Seen2024-04-19 12:57:48 Times Seen1081 Hash 7e2893ef542a12a5c7207d438bfa87d8 73852c24b51ec9c89260b32a4a66b3e2bfa226c2 e0ee294b5487df566aad23b603fd902535634cfa957be8e7620396515afb1047 Loading...

	#6 Eval - e5a12d278c5e9c958a9689e33f7f5807	1.8 kB	2023-03-09	2023-12-02
Pretty Observations First Seen2023-03-09 02:45:12 Last Seen2023-12-02 16:14:50 Times Seen3 Hash e5a12d278c5e9c958a9689e33f7f5807 abebf0fbceb2b4a49cd94c0b02ff4f3fec27ed6f eec0d55d4c95aae9f8b1a4847e4bde3e5085aafbe67e3fabb1d72492316f05fd Loading...

	#7 Eval - a31e11a99f5ca732f90fca0d7f08577a	3.6 kB	2023-03-09	2023-12-02
Pretty Observations First Seen2023-03-09 02:45:12 Last Seen2023-12-02 16:14:50 Times Seen7 Hash a31e11a99f5ca732f90fca0d7f08577a 160b6bc00775fd7e94650f0adc83045938473bac 19727f38320275cb654b377d5c18f441fbdf8352756cfb892a7f8bb8b75d9101 Loading...

	#8 Eval - e0322708943e58f10e1283afdb5beb28	4.3 kB	2023-03-09	2023-12-02
Pretty Observations First Seen2023-03-09 02:45:12 Last Seen2023-12-02 16:14:50 Times Seen3 Hash e0322708943e58f10e1283afdb5beb28 bb20b3d1d18eee4c589a7756bfc029176b40be4c e0d99024112997ce40512f958fdb3d3360af9d102db39038da7153af88c239a1 Loading...

HTTP Transactions (65)

URL IP Response Size

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
9fbe85f42e8ae8ae41cc12df5f98b141
949fa36ff0f22f72565fd584bef094dd4de23037
184d3e4df4bce559b4d7c4836372f5fd2de9782a96b04d364230b7d695d737d8

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "184D3E4DF4BCE559B4D7C4836372F5FD2DE9782A96B04D364230B7D695D737D8"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3276
Expires: Sat, 28 Jan 2023 11:11:52 GMT
Date: Sat, 28 Jan 2023 10:17:16 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
81dd5c5cc5b3278876cb44dcb520a60f
c0511a59e9eccdcdda98717b87c89c5d59974808
41736c303afdb3d31e48724b107dcb22883cae02f3562308eb52d9164001a2de

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41736C303AFDB3D31E48724B107DCB22883CAE02F3562308EB52D9164001A2DE"
Last-Modified: Fri, 27 Jan 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7382
Expires: Sat, 28 Jan 2023 12:20:18 GMT
Date: Sat, 28 Jan 2023 10:17:16 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
bf0c602d32b3c14606f22a86183b5e3c
6eabd8d83475eba731968abe1a05a8bfd272f160
6c6a7c519a9e950c2445ed874a25211a94dd4d3cf3afb0103af9dcd1dbd5ff9e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Retry-After, Content-Type, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sat, 28 Jan 2023 09:35:29 GMT
content-type: application/json
age: 2507
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
69f73ac59327cd9ad7d99816ccfcc03e
c54844f82dbee0d5ee4c8ce344eb0139373e6c6b
e81c685b2d8f0e31b89e5cfc911a2c5a99a556646830ac5a8468d991b5e871a3

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E81C685B2D8F0E31B89E5CFC911A2C5A99A556646830AC5A8468D991B5E871A3"
Last-Modified: Thu, 26 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20902
Expires: Sat, 28 Jan 2023 16:05:38 GMT
Date: Sat, 28 Jan 2023 10:17:16 GMT
Connection: keep-alive

andicomedicalsuppliers.com/chromestre/113on892it.exe

23.82.12.36

200 OK

512 B

URL HTTP/1.1
andicomedicalsuppliers.com/chromestre/113on892it.exe
IP
23.82.12.36:0
ASN
#30633 LEASEWEB-USA-WDC

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (512), with no line terminators
Size
512 B (512 bytes)
Hash
7dcd8de9f20dbf7c1d5f24d71f778374
b4b9145fe89fbb3c81f9ebcc56e188dcca53dfd5
ae8d43947cc66a6e41b473583f630c710d9b8d191715d86e7234816b37d5856a

Detections

Analyzer	Verdict	Alert
fortinet	Malware

HTTP Headers

GET /chromestre/113on892it.exe HTTP/1.1
Host: andicomedicalsuppliers.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 512
content-type: text/html; charset=utf-8
date: Sat, 28 Jan 2023 10:17:15 GMT
server: nginx
set-cookie: sid=f0592c20-9ef4-11ed-959e-8b932897ae36; path=/; domain=.andicomedicalsuppliers.com; expires=Thu, 15 Feb 2091 13:31:23 GMT; max-age=2147483647; HttpOnly

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: SsXIMbITMwfL9uozhIKQh9sBta645YTzsJRZEfCQVPRNPCjTnhyheT+ygFdtXMlQTm9DUzAGp/Rytxm8NYO0sw==
x-amz-request-id: EW63DR3ERGKS8AXR
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sat, 28 Jan 2023 09:20:55 GMT
age: 3381
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sat, 28 Jan 2023 10:17:16 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

andicomedicalsuppliers.com/favicon.ico

23.82.12.36

404 Not Found

9 B

URL HTTP/1.1
andicomedicalsuppliers.com/favicon.ico
IP
23.82.12.36:0
ASN
#30633 LEASEWEB-USA-WDC

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: andicomedicalsuppliers.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://andicomedicalsuppliers.com/chromestre/113on892it.exe
Cookie: sid=f0592c20-9ef4-11ed-959e-8b932897ae36

HTTP/1.1 404 Not Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 9
date: Sat, 28 Jan 2023 10:17:15 GMT
server: nginx

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Alert, Last-Modified, Pragma, ETag, Retry-After, Content-Type, Content-Length, Expires, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sat, 28 Jan 2023 09:49:03 GMT
age: 1693
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
16a7b6a7128312e2f985d30df18c4487
6017bff79ffb525d9c7f9f32b999b74b5dc69602
663fd12209627f08e759c2ed1c76278a5da79dae1e0b46082dd1bb44775f7a16

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "663FD12209627F08E759C2ED1C76278A5DA79DAE1E0B46082DD1BB44775F7A16"
Last-Modified: Fri, 27 Jan 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5247
Expires: Sat, 28 Jan 2023 11:44:43 GMT
Date: Sat, 28 Jan 2023 10:17:16 GMT
Connection: keep-alive

andicomedicalsuppliers.com/chromestre/113on892it.exe?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NDkwODIzNiwiaWF0IjoxNjc0OTAxMDM2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3Y3MzdpNG43YnEzdnZhZDA0ZGNwczciLCJuYmYiOjE2NzQ5MDEwMzYsInRzIjoxNjc0OTAxMDM2MDAwMDc0fQ.TGBUzpiW5mwixkEQZh00kQKHV6Ktwf21XvcLU7aHMac&sid=f0592c20-9ef4-11ed-959e-8b932897ae36

23.82.12.36

302 Found

11 B

URL HTTP/1.1
andicomedicalsuppliers.com/chromestre/113on892it.exe?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NDkwODIzNiwiaWF0IjoxNjc0OTAxMDM2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3Y3MzdpNG43YnEzdnZhZDA0ZGNwczciLCJuYmYiOjE2NzQ5MDEwMzYsInRzIjoxNjc0OTAxMDM2MDAwMDc0fQ.TGBUzpiW5mwixkEQZh00kQKHV6Ktwf21XvcLU7aHMac&sid=f0592c20-9ef4-11ed-959e-8b932897ae36
IP
23.82.12.36:0
ASN
#30633 LEASEWEB-USA-WDC

File type
ASCII text, with no line terminators
Size
11 B (11 bytes)
Hash
32682312d17c7cbf18e73594f5570319
60e22121bdd0bc71cdb2bae2a3aa577006b2eae9
e55fb1a1d731153e943b68844af12dcce8bfac917c98ffdea64c80da0607dd47

HTTP Headers

GET /chromestre/113on892it.exe?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTY3NDkwODIzNiwiaWF0IjoxNjc0OTAxMDM2LCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIyc3Y3MzdpNG43YnEzdnZhZDA0ZGNwczciLCJuYmYiOjE2NzQ5MDEwMzYsInRzIjoxNjc0OTAxMDM2MDAwMDc0fQ.TGBUzpiW5mwixkEQZh00kQKHV6Ktwf21XvcLU7aHMac&sid=f0592c20-9ef4-11ed-959e-8b932897ae36 HTTP/1.1
Host: andicomedicalsuppliers.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://andicomedicalsuppliers.com/chromestre/113on892it.exe
Cookie: sid=f0592c20-9ef4-11ed-959e-8b932897ae36
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sat, 28 Jan 2023 10:17:16 GMT
location: http://r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc
server: nginx
set-cookie: sid=f0592c20-9ef4-11ed-959e-8b932897ae36; path=/; domain=.andicomedicalsuppliers.com; expires=Thu, 15 Feb 2091 13:31:24 GMT; max-age=2147483647; HttpOnly

push.services.mozilla.com/

35.155.48.47

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.155.48.47:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: YjY023561J0ehjKn8bVrfQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 47wXoZqZssF5KswfWffSGbE3EH8=

r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc

66.165.243.160

200 OK

808 B

URL HTTP/1.1
r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc
IP
66.165.243.160:0
ASN
#29802 HVC-AS

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (303)
Size
808 B (808 bytes)
Hash
0922b0318271ddb0634deb4c2bbb5c51
bd2be2c2bf257ec06a1a5b9e54b58e1a1a6a7d9d
d17a9222c232b125406bd5e7904ea53ff990c558b6682f138502fcd3fa42bdc9

HTTP Headers

GET /redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc HTTP/1.1
Host: r.redirekted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://andicomedicalsuppliers.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx/1.23.3
Date: Sat, 28 Jan 2023 10:17:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.1.13

r.redirekted.com/css/adren.css?n=2222431398

66.165.243.160

200 OK

243 B

URL HTTP/1.1
r.redirekted.com/css/adren.css?n=2222431398
IP
66.165.243.160:0
ASN
#29802 HVC-AS

File type
ASCII text
Size
243 B (243 bytes)
Hash
f72acd3fece9f7cf58643616c745b2ea
92bc529a83c5466fbf6b9e702eef1e59644687a1
e2d9fd8b995f146baf54bc35d162d3e8169a5345368058b10a3b3bf4592ed777

HTTP Headers

GET /css/adren.css?n=2222431398 HTTP/1.1
Host: r.redirekted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc

HTTP/1.1 200 OK
Server: nginx/1.23.3
Date: Sat, 28 Jan 2023 10:17:17 GMT
Content-Type: text/css
Content-Length: 243
Last-Modified: Sat, 03 Jul 2021 05:46:18 GMT
Connection: keep-alive
ETag: "60dff9aa-f3"
Accept-Ranges: bytes

r.redirekted.com/js/adren.min.js?n=2222431398

66.165.243.160

200 OK

7.5 kB

URL HTTP/1.1
r.redirekted.com/js/adren.min.js?n=2222431398
IP
66.165.243.160:0
ASN
#29802 HVC-AS

File type
ASCII text, with very long lines (7528), with no line terminators
Size
7.5 kB (7528 bytes)
Hash
9a9ec61d7e275f25fe83f0aa93bd2e41
8a3a23c432b601e9f8f8fe2b61f0fedbc341c9ac
55afe8ae4db5b6ca9ec5a3aca1f3a7b482ca51d0914acd250093f1a9ecbfccec

HTTP Headers

GET /js/adren.min.js?n=2222431398 HTTP/1.1
Host: r.redirekted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc

HTTP/1.1 200 OK
Server: nginx/1.23.3
Date: Sat, 28 Jan 2023 10:17:17 GMT
Content-Type: application/javascript
Content-Length: 7528
Last-Modified: Sat, 03 Jul 2021 05:46:18 GMT
Connection: keep-alive
ETag: "60dff9aa-1d68"
Accept-Ranges: bytes

r.redirekted.com/favicon.ico

66.165.243.160

200 OK

0 B

URL HTTP/1.1
r.redirekted.com/favicon.ico
IP
66.165.243.160:0
ASN
#29802 HVC-AS

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: r.redirekted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc

HTTP/1.1 200 OK
Server: nginx/1.23.3
Date: Sat, 28 Jan 2023 10:17:18 GMT
Content-Type: image/x-icon
Content-Length: 0
Last-Modified: Sat, 03 Jul 2021 05:46:18 GMT
Connection: keep-alive
ETag: "60dff9aa-0"
Accept-Ranges: bytes

r.redirekted.com/go?e=NA-pFFuHPrX5KW8ETs7plBefmW6bFWzxxXYk3FeLUrtcvCe0wsyDKF8MUsY1KLwfGr_xUCuHvWxgvCw0mXmkQF8MaXtk3Ba0wXyblLd4Qqwk3FjOzsmMlL9AKA9bPXvDJr_xaCutFBsImqjI2rXuJBm4mVOcFLbI0XbZFDdRJqREwLatRA2yHDexFrYgaC9q0ZxpzCmfmKXk3B4cHsmkKF8gRCwyaC9AHVbDTLmLUF-ZmC99SA78yL9ElXSglpafHA3uUneZUpxcvCd8SsyLlK9MUqYk3FdNzXyVFLdfRCV13F10wX-tULeHPstclF85QAu1aF1f0KWk3B4tHr_03B04QBb5KW8EJr_VPn1pKrtgvV

66.165.243.160

200 OK

1.8 kB

URL HTTP/1.1
r.redirekted.com/go?e=NA-pFFuHPrX5KW8ETs7plBefmW6bFWzxxXYk3FeLUrtcvCe0wsyDKF8MUsY1KLwfGr_xUCuHvWxgvCw0mXmkQF8MaXtk3Ba0wXyblLd4Qqwk3FjOzsmMlL9AKA9bPXvDJr_xaCutFBsImqjI2rXuJBm4mVOcFLbI0XbZFDdRJqREwLatRA2yHDexFrYgaC9q0ZxpzCmfmKXk3B4cHsmkKF8gRCwyaC9AHVbDTLmLUF-ZmC99SA78yL9ElXSglpafHA3uUneZUpxcvCd8SsyLlK9MUqYk3FdNzXyVFLdfRCV13F10wX-tULeHPstclF85QAu1aF1f0KWk3B4tHr_03B04QBb5KW8EJr_VPn1pKrtgvV
IP
66.165.243.160:0
ASN
#29802 HVC-AS

File type
HTML document, ASCII text, with very long lines (484)
Size
1.8 kB (1794 bytes)
Hash
e188643eede3fead40c1c69a8bb89f3b
b43e7547a5848311d3903062941cf4988b1afd68
e873965349d231e0bacc40ada69897069b7ff0b73bf8f078b6086bcbc5665255

HTTP Headers

GET /go?e=NA-pFFuHPrX5KW8ETs7plBefmW6bFWzxxXYk3FeLUrtcvCe0wsyDKF8MUsY1KLwfGr_xUCuHvWxgvCw0mXmkQF8MaXtk3Ba0wXyblLd4Qqwk3FjOzsmMlL9AKA9bPXvDJr_xaCutFBsImqjI2rXuJBm4mVOcFLbI0XbZFDdRJqREwLatRA2yHDexFrYgaC9q0ZxpzCmfmKXk3B4cHsmkKF8gRCwyaC9AHVbDTLmLUF-ZmC99SA78yL9ElXSglpafHA3uUneZUpxcvCd8SsyLlK9MUqYk3FdNzXyVFLdfRCV13F10wX-tULeHPstclF85QAu1aF1f0KWk3B4tHr_03B04QBb5KW8EJr_VPn1pKrtgvV HTTP/1.1
Host: r.redirekted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://r.redirekted.com/redirect?redirect_id=59fded900f525ea68ba830585847ead9&request_id=2293925cf5ba51c33db5bfe9110c37dc
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx/1.23.3
Date: Sat, 28 Jan 2023 10:17:18 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/8.1.13
Set-Cookie: uuid=1541225467358433024; expires=Sun, 29-Jan-2023 10:17:18 GMT; Max-Age=86400

www.google-analytics.com/analytics.js

142.250.74.46

200 OK

20 kB

URL HTTP/1.1
www.google-analytics.com/analytics.js
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1490)
Size
20 kB (20085 bytes)
Hash
ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://r.redirekted.com/

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Encoding: gzip
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 20085
Date: Sat, 28 Jan 2023 08:18:19 GMT
Expires: Sat, 28 Jan 2023 10:18:19 GMT
Cache-Control: public, max-age=7200
Age: 7139
Last-Modified: Tue, 10 Jan 2023 21:29:14 GMT
Content-Type: text/javascript

www.google-analytics.com/collect?v=1&_v=j99&a=1811668771&t=pageview&_s=2&dl=http%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DNA-pFFuHPrX5KW8ETs7plBefmW6bFWzxxXYk3FeLUrtcvCe0wsyDKF8MUsY1KLwfGr_xUCuHvWxgvCw0mXmkQF8MaXtk3Ba0wXyblLd4Qqwk3FjOzsmMlL9AKA9bPXvDJr_xaCutFBsImqjI2rXuJBm4mVOcFLbI0XbZFDdRJqREwLatRA2yHDexFrYgaC9q0ZxpzCmfmKXk3B4cHsmkKF8gRCwyaC9AHVbDTLmLUF-ZmC99SA78yL9ElXSglpafHA3uUneZUpxcvCd8SsyLlK9MUqYk3FdNzXyVFLdfRCV13F10wX-tULeHPstclF85QAu1aF1f0KWk3B4tHr_03B04QBb5KW8EJr_VPn1pKrtgvV&ul=en-us&de=UTF-8&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=2117048619.1674901040&tid=UA-32454353-1&_gid=1532368935.1674901040&cd1=oz9lo258n2kesUk8sT5ipz9hsTgfn3k8sUj%3D&z=1700451042

142.250.74.46

200 OK

35 B

URL HTTP/1.1
www.google-analytics.com/collect?v=1&_v=j99&a=1811668771&t=pageview&_s=2&dl=http%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DNA-pFFuHPrX5KW8ETs7plBefmW6bFWzxxXYk3FeLUrtcvCe0wsyDKF8MUsY1KLwfGr_xUCuHvWxgvCw0mXmkQF8MaXtk3Ba0wXyblLd4Qqwk3FjOzsmMlL9AKA9bPXvDJr_xaCutFBsImqjI2rXuJBm4mVOcFLbI0XbZFDdRJqREwLatRA2yHDexFrYgaC9q0ZxpzCmfmKXk3B4cHsmkKF8gRCwyaC9AHVbDTLmLUF-ZmC99SA78yL9ElXSglpafHA3uUneZUpxcvCd8SsyLlK9MUqYk3FdNzXyVFLdfRCV13F10wX-tULeHPstclF85QAu1aF1f0KWk3B4tHr_03B04QBb5KW8EJr_VPn1pKrtgvV&ul=en-us&de=UTF-8&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=2117048619.1674901040&tid=UA-32454353-1&_gid=1532368935.1674901040&cd1=oz9lo258n2kesUk8sT5ipz9hsTgfn3k8sUj%3D&z=1700451042
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&_v=j99&a=1811668771&t=pageview&_s=2&dl=http%3A%2F%2Fr.redirekted.com%2Fgo%3Fe%3DNA-pFFuHPrX5KW8ETs7plBefmW6bFWzxxXYk3FeLUrtcvCe0wsyDKF8MUsY1KLwfGr_xUCuHvWxgvCw0mXmkQF8MaXtk3Ba0wXyblLd4Qqwk3FjOzsmMlL9AKA9bPXvDJr_xaCutFBsImqjI2rXuJBm4mVOcFLbI0XbZFDdRJqREwLatRA2yHDexFrYgaC9q0ZxpzCmfmKXk3B4cHsmkKF8gRCwyaC9AHVbDTLmLUF-ZmC99SA78yL9ElXSglpafHA3uUneZUpxcvCd8SsyLlK9MUqYk3FdNzXyVFLdfRCV13F10wX-tULeHPstclF85QAu1aF1f0KWk3B4tHr_03B04QBb5KW8EJr_VPn1pKrtgvV&ul=en-us&de=UTF-8&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=&gjid=&cid=2117048619.1674901040&tid=UA-32454353-1&_gid=1532368935.1674901040&cd1=oz9lo258n2kesUk8sT5ipz9hsTgfn3k8sUj%3D&z=1700451042 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://r.redirekted.com/

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Pragma: no-cache
X-Content-Type-Options: nosniff
Cross-Origin-Resource-Policy: cross-origin
Server: Golfe2
Content-Length: 35
Date: Sat, 28 Jan 2023 00:43:43 GMT
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
Content-Type: image/gif
Age: 34415

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10026
Expires: Sat, 28 Jan 2023 13:04:24 GMT
Date: Sat, 28 Jan 2023 10:17:18 GMT
Connection: keep-alive

r3.o.lencr.org/

23.33.119.27

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.33.119.27:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
2e21811f62c077f45a93d7c3b543998d
3e890a73bb51d9dd1021d5339271aa40833ba258
c6b77371a50390fd68d44ff05e080f064c16c3095df8856b330ab0c6685cd3d1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C6B77371A50390FD68D44FF05E080F064C16C3095DF8856B330AB0C6685CD3D1"
Last-Modified: Thu, 26 Jan 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10026
Expires: Sat, 28 Jan 2023 13:04:24 GMT
Date: Sat, 28 Jan 2023 10:17:18 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg

34.120.237.76

200 OK

12 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
12 kB (11568 bytes)
Hash
b7a0759c043594fbe85af422b59b8227
a05cfaad16078f42218dae233da38f6f5dff8487
e898d6ef1b3998fb9322a8fc190069ec5f7b3582bfe8397a2367497d84a27549

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdfb887e5-87fa-4855-b0ee-712d39779fa0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11568
x-amzn-requestid: 79b70f1f-a157-4dd4-8743-825714195b3c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: e9T3UGA3oAMFSlQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63c86695-36e60aba09c152c73b8aefcb;Sampled=0
x-amzn-remapped-date: Wed, 18 Jan 2023 21:37:25 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: zt4bgV2C6Wb_Ufa5mZ7-UDTfCvhXJggPJw9668v5DEmyBnWZ-aNrCg==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 943c6a4d4ee43b18ee91634536f53eae.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 23:03:41 GMT
age: 40417
etag: "a05cfaad16078f42218dae233da38f6f5dff8487"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

5.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c808e0-eda9-4074-b1ed-65637dbd4ba9.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.7 kB (5742 bytes)
Hash
940946e65210c717266c3a64751f1b72
f0e66aeef0c72865d565f48b563f66a184b758a9
1d031b8a530a1e6d84d79fae891f023e1ab7646596c00c57d83cfffce1f6fdf5

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F25c808e0-eda9-4074-b1ed-65637dbd4ba9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 5742
x-amzn-requestid: b22fd8a5-eefc-494e-a304-75b69eef069d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fPFr2GsdoAMFpqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cf8318-69b5e7c726fa92134d08c775;Sampled=0
x-amzn-remapped-date: Tue, 24 Jan 2023 07:04:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xBpEdVPmvtXlsyGTvZCkIahK7_Ivhq4yswhw23ixIOH1zlgWPyLH9Q==
via: 1.1 01c28b52813cd0e82f810c492808b142.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Sat, 28 Jan 2023 04:39:18 GMT
age: 20280
etag: "f0e66aeef0c72865d565f48b563f66a184b758a9"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.5 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.5 kB (4475 bytes)
Hash
4205d8106659e00fff1cbe9262918b8c
ab4f6528594a1725934727dc7d834c028a79c609
31f1a28602a194bd0856495d4d81d5c72cd7ff4e5bad6bdd1a31ec3041f4a2cc

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5f0097a6-af00-4a1c-8faa-f9516e27b31a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4475
x-amzn-requestid: b7b272d6-3089-4f33-89b5-5cb388640e10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_e6HsaIAMF5Lg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d445f8-1789f7f4264270916da323db;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:45:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: hAzO-IMqc1CFpiBAlRl8seIYL9UonyrBMATibovyFq5kEuaweY_VyA==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:56:46 GMT
age: 44432
etag: "ab4f6528594a1725934727dc7d834c028a79c609"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13375 bytes)
Hash
b4afa01d2ffe17f8378e4c0b5afd4608
f5c7e2137efa07a207427a6b6fe1df541f85ea25
84fc0c05d25d674b5594b54720017332b86d391f66c7136d76cfce3e884e8e12

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6f884785-3b60-4d1a-b7b9-f58e73d6d819.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13375
x-amzn-requestid: 372fcbe8-85a1-4be2-a006-31fb9289c5e9
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa-CxF6BoAMFyGg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d443ab-4b9860545c612cc416cbe599;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:35:39 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: otEuPlfCL7DeVwGZiGJuMjxjVyGdMwxPWeCz5T_mpXboi-oRujKhBw==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 21:48:58 GMT
age: 44900
etag: "f5c7e2137efa07a207427a6b6fe1df541f85ea25"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

7.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
7.6 kB (7585 bytes)
Hash
ea24bcba583bd8bd139559448a343e68
b9d37c2b14f890d41983a59f352e8f7caa9c94bb
e5ef5975eec964ae1684deb424f00833f2d217bdc7e6c385320ed3adeb6bc1c4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F22cc3f55-9811-4ec2-a57e-a3e71a3f0554.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 7585
x-amzn-requestid: bfb52acb-e0d7-482d-8be9-be5db1c16cac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkE5roAMF0Hw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-2d38d314177e0ac40d4c8240;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: K9YWM9eaEc1DQ6wtEEuADnG1U-ahRBXDaiHIAm20dkWMOxPWBlJidw==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 7022a5bbf9872d4a09d63e6cdb457dfe.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:46:13 GMT
age: 41465
etag: "b9d37c2b14f890d41983a59f352e8f7caa9c94bb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

6.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b7aa725-5968-4227-af9b-77dd57d6a123.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
6.7 kB (6733 bytes)
Hash
0856916fa7de25bdb308c04d0ae58180
72abe5101dc03c35399e6e5aab02328c206f480a
9b8c3380c842aa6de358def0d56263bafec61e37bc951a06c06e6953419e2804

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6b7aa725-5968-4227-af9b-77dd57d6a123.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 6733
x-amzn-requestid: cd0cc842-d109-42b4-9104-0cb48a964794
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fa_vkGupoAMF3Pw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63d44663-14b754495bb33b0f5f0cd805;Sampled=0
x-amzn-remapped-date: Fri, 27 Jan 2023 21:47:15 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: uljLkKCpEyZIyKev_CU76OjxNnvivx2qeLVkR48liHIJx1GwCqPP_A==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Fri, 27 Jan 2023 22:12:59 GMT
age: 43459
etag: "72abe5101dc03c35399e6e5aab02328c206f480a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

status.thawte.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
status.thawte.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
e0344c44b03467980735c529ec222084
5a02acb712776b4c0bba6346ec3ea99d4d13226b
fb50323f02dd9e830af11038626f7415845f97dd40e409f3bfc1e6e02f77f921

HTTP Headers

POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4697
Cache-Control: max-age=117102
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:18 GMT
Etag: "63d40a43-1d7"
Expires: Sun, 29 Jan 2023 18:49:00 GMT
Last-Modified: Fri, 27 Jan 2023 17:30:43 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471

no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB

95.211.116.26

200 OK

32 kB

URL HTTP/1.1
no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB
IP
95.211.116.26:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12878)
Size
32 kB (31462 bytes)
Hash
e35f9d0398da6834affba4603ec5175d
0bc9eb77546e8696ef50fff9bbec0e49fe4235e2
31be413a052d09cea96d7460c51666f582890aa6962b3ceac034b42d0fb36dd8

HTTP Headers

GET /offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://r.redirekted.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 200 OK
leadId: dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674901038359_607082
clickId: 107698148_1674901038354_2500475
country: no
Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
Set-Cookie: datadome=4LvRsxHSIU-llDM55yyT1WBa3UF~790h-PDQZSErMB8nNw9q_ihA4NJXb5Erbyy1so6RnIGL4J8ylTvMclG4FIHnfnDdS_hcg4g9caQU2Ce3Slor0CUZSSWWt8us-zB4; Max-Age=31536000; Expires=Sun, 28 Jan 2024 10:17:18 GMT; SameSite=Lax; Path=/; Domain=.kelkoogroup.net; Secure
kelkooID=a4c6294-185f7e1a513-83198; Max-Age=31536000; Expires=Sun, 28 Jan 2024 10:17:18 GMT; SameSite=None; Path=/; Domain=kelkoogroup.net; Secure; HTTPOnly
X-DataDome: protected
Request-Time: PT0.015213S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Sat, 28 Jan 2023 10:17:18 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 31462

no-go.kelkoogroup.net/assets/images/p.png?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b

95.211.116.26

200 OK

68 B

URL HTTP/1.1
no-go.kelkoogroup.net/assets/images/p.png?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b
IP
95.211.116.26:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

HTTP Headers

GET /assets/images/p.png?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB
Connection: keep-alive
Cookie: datadome=4LvRsxHSIU-llDM55yyT1WBa3UF~790h-PDQZSErMB8nNw9q_ihA4NJXb5Erbyy1so6RnIGL4J8ylTvMclG4FIHnfnDdS_hcg4g9caQU2Ce3Slor0CUZSSWWt8us-zB4; kelkooID=a4c6294-185f7e1a513-83198
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
leadId: dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674901038359_607082
clickId: 107698148_1674901038354_2500475
country: no
Request-Time: PT0.0016S
X-Robots-Tag: noindex,nofollow
Cache-Control: private, must-revalidate
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Sat, 28 Jan 2023 10:17:18 GMT
Content-Type: image/png
Content-Length: 68

no-go.kelkoogroup.net/fp?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b

95.211.116.26

200 OK

0 B

URL HTTP/1.1
no-go.kelkoogroup.net/fp?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b
IP
95.211.116.26:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /fp?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB
Content-Type: text/plain;charset=utf-8
Content-Length: 536
Origin: https://no-go.kelkoogroup.net
Connection: keep-alive
Cookie: datadome=4LvRsxHSIU-llDM55yyT1WBa3UF~790h-PDQZSErMB8nNw9q_ihA4NJXb5Erbyy1so6RnIGL4J8ylTvMclG4FIHnfnDdS_hcg4g9caQU2Ce3Slor0CUZSSWWt8us-zB4; kelkooID=a4c6294-185f7e1a513-83198; _ga=GA1.2.1532827018.1674901040; _gid=GA1.2.1865613896.1674901040
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
leadId: dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674901038359_607082
clickId: 107698148_1674901038354_2500475
country: no
Request-Time: PT0.005522S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Sat, 28 Jan 2023 10:17:18 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0

dd.kelkoogroup.net/tags.js

54.230.111.93

200 OK

30 kB

URL HTTP/2
dd.kelkoogroup.net/tags.js
IP
54.230.111.93:0
ASN
#16509 AMAZON-02

File type
ASCII text, with very long lines (65432)
Size
30 kB (30111 bytes)
Hash
0add9cf2baf251589bdb6d0f505f525c
3cf7faea1ce7930df15c69e8290c94f40ba0b781
420a86f368eb2275df2fdc42bc545c7cc28a8e5caba3aa792fd4df75ea03776b

HTTP Headers

GET /tags.js HTTP/1.1
Host: dd.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/
Connection: keep-alive
Cookie: datadome=4LvRsxHSIU-llDM55yyT1WBa3UF~790h-PDQZSErMB8nNw9q_ihA4NJXb5Erbyy1so6RnIGL4J8ylTvMclG4FIHnfnDdS_hcg4g9caQU2Ce3Slor0CUZSSWWt8us-zB4; kelkooID=a4c6294-185f7e1a513-83198
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site

HTTP/2 200 OK
content-type: text/javascript
content-length: 30111
server: Apache
strict-transport-security: max-age=63072000; includeSubDomains; preload
last-modified: Fri, 27 Jan 2023 08:15:06 GMT
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
via: 1.1 f49c99d2326b14738507e1c2ddcae1dc.cloudfront.net (CloudFront), 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
date: Sat, 28 Jan 2023 10:15:21 GMT
cache-control: max-age=3600, public
expires: Sat, 28 Jan 2023 11:15:21 GMT
etag: "231a0-5f33a7691305c-gzip"
vary: Accept-Encoding
x-cache: Hit from cloudfront
x-amz-cf-pop: FRA60-P2, OSL50-P1
x-amz-cf-id: 2LodvLeVYh48u3HvoY6qar56DRlKPq_Ekqt3VmRxDmaK0yw3He_Y9A==
age: 117
X-Firefox-Spdy: h2

no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b&url=https%3A%2F%2Furtesenteret.no%2Fremasan-%2F%3Futm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DRemasan%2B%2528%25C3%2598sters-sopp%2529&initiator=timeout

95.211.116.26

303 See Other

0 B

URL HTTP/1.1
no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b&url=https%3A%2F%2Furtesenteret.no%2Fremasan-%2F%3Futm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DRemasan%2B%2528%25C3%2598sters-sopp%2529&initiator=timeout
IP
95.211.116.26:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff437567c460be4e08eeda135e9e27ccce06c80da343d21e2b48db3fa6b6c3515ded058b2d956fb02dbef7a3b10fef3d77b691e4f670744c14dcdd2449de1e318f5107f7c6b087b1bad63b239827b8de9a99e85d69218273eb98ac11e39437018c1b82c9b16ba6924de5320e1ce8ade1eb635b851a69a2bb54ab7aeccefe37dd86caf5b8c821ae7e0c14dc5a143bcac0ff895f011137c9ac09d64a84e858e622ceef44b197e8632b070ac29a8abfe7c6292adf7aae5870fa72276c7cfe4a518c20aa3cc1433b379fef4d4c85e755c5c0569307128dc58ef30177eabfbc64abb91ec5688dd4c44989f7ab556295146c136db3e69ceea93163618bb3b0250265ebd959a811a7f33b9c09ad99d04ead8a90088cba3acdc73500476bb8d419a301a0da86c088125a2ebb206e642629cd255b5679d3335491910cea286316005d9905edc6af6264254c2f23c51b86e0727cf5cd223e8a78e0a98a4bbcd12b07f8473a02c4fe68a18cd0c48f32d36dd5d9274d05e4db28c078b1f58cb0dca6c32cb34b52668e7573ddda482712947aafb7b92dcb0c38005fbf8d85ccaa029d4af69647fdc07ca0421dfc652e05b&url=https%3A%2F%2Furtesenteret.no%2Fremasan-%2F%3Futm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DRemasan%2B%2528%25C3%2598sters-sopp%2529&initiator=timeout HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/offersearchGo?.ts=1674835113129&.sig=G0Z4ruEmRNtIUI7yHpBhgS389lE-&affiliationId=96965866&comId=100542275&country=no&offerId=6e11aeff4f2e19ce092e2b8ba86dca81&service=37&tokenId=35e025c3-2943-4e2d-874f-eaee491f9fab&wait=true&addedParams=true&custom1=Ns7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL&custom2=jKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB
Connection: keep-alive
Cookie: datadome=4LvRsxHSIU-llDM55yyT1WBa3UF~790h-PDQZSErMB8nNw9q_ihA4NJXb5Erbyy1so6RnIGL4J8ylTvMclG4FIHnfnDdS_hcg4g9caQU2Ce3Slor0CUZSSWWt8us-zB4; kelkooID=a4c6294-185f7e1a513-83198; _ga=GA1.2.1532827018.1674901040; _gid=GA1.2.1865613896.1674901040
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

HTTP/1.1 303 See Other
leadId: dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674901038359_607082
clickId: 107698148_1674901038354_2500475
country: no
Location: https://urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29
Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
Set-Cookie: datadome=7w8S-18Xook3aVfMKkgT6UWLDhllg8meH62D0NB9DIUua_tAyxI4zDQLFGG7LnwXE7ab8SKnex1Kb96aBHkQTjeaBQFQRxMNzt3HCCbJ45ZQbRuBL0x2mSU78mpthn0V; Max-Age=31536000; Expires=Sun, 28 Jan 2024 10:17:18 GMT; SameSite=Lax; Path=/; Domain=.kelkoogroup.net; Secure
X-DataDome: protected
Request-Time: PT0.012159S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Sat, 28 Jan 2023 10:17:18 GMT
Content-Length: 0

ocsp.usertrust.com/

104.18.32.68

200 OK

471 B

URL HTTP/1.1
ocsp.usertrust.com/
IP
104.18.32.68:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
ff795c28e4447eec6b2c7983ba548c0d
f01e8e24e5bd9c35a0c11b2b7c7d9336c43a97d7
92044962246faacf3c78c682916f438476d11eb65adbefff757177667ff93217

HTTP Headers

POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 28 Jan 2023 10:17:18 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sat, 28 Jan 2023 01:51:18 GMT
Expires: Sat, 04 Feb 2023 01:51:17 GMT
Etag: "f01e8e24e5bd9c35a0c11b2b7c7d9336c43a97d7"
Cache-Control: max-age=603675,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1365
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7908fa446a04b512-OSL

api-js.datadome.co/js/

13.51.192.216

200 OK

236 B

URL HTTP/2
api-js.datadome.co/js/
IP
13.51.192.216:0
ASN
#16509 AMAZON-02

File type
JSON data\012- , ASCII text, with no line terminators
Size
236 B (236 bytes)
Hash
b347ae010b44510423aab0d5003dafea
5664b56cacd1758cfa4417bf1414c8d01bf7e211
4011ac081bf854997c53d9f56880fadd3f6c1e912f3a102456c2b07234b8b0ef

HTTP Headers

POST /js/ HTTP/1.1
Host: api-js.datadome.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Content-Length: 4569
Origin: https://no-go.kelkoogroup.net
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:17:18 GMT
content-type: application/json;charset=utf-8
content-length: 236
server: DataDome
access-control-allow-origin: *
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/collect?v=1&_v=j96&t=pageview&_s=1&dl=https%3A%2F%2Fno-go.kelkoogroup.net%2FoffersearchGo%3F.ts%3D1674835113129%26.sig%3DG0Z4ruEmRNtIUI7yHpBhgS389lE-%26affiliationId%3D96965866%26comId%3D100542275%26country%3Dno%26offerId%3D6e11aeff4f2e19ce092e2b8ba86dca81%26service%3D37%26tokenId%3D35e025c3-2943-4e2d-874f-eaee491f9fab%26wait%3Dtrue%26addedParams%3Dtrue%26custom1%3DNs7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL%26custom2%3DjKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB&dr=http%3A%2F%2Fr.redirekted.com%2F&dp=%2F96965866%7C100542275%7C&ul=en-us&de=UTF-8&dt=Du%20sendes%20videre%20til%20Urtesenteret.no&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAAABAAAAAC~&cid=1532827018.1674901040&tid=UA-168544891-6&_gid=1865613896.1674901040&_r=1&cd1=96965866&cd2=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674901038359_607082&cd3=100542275&cd4=a4c6294-185f7e1a513-83198&cd5=&cd6=96965866%7C100542275%7C&z=1292265364

142.250.74.46

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&_v=j96&t=pageview&_s=1&dl=https%3A%2F%2Fno-go.kelkoogroup.net%2FoffersearchGo%3F.ts%3D1674835113129%26.sig%3DG0Z4ruEmRNtIUI7yHpBhgS389lE-%26affiliationId%3D96965866%26comId%3D100542275%26country%3Dno%26offerId%3D6e11aeff4f2e19ce092e2b8ba86dca81%26service%3D37%26tokenId%3D35e025c3-2943-4e2d-874f-eaee491f9fab%26wait%3Dtrue%26addedParams%3Dtrue%26custom1%3DNs7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL%26custom2%3DjKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB&dr=http%3A%2F%2Fr.redirekted.com%2F&dp=%2F96965866%7C100542275%7C&ul=en-us&de=UTF-8&dt=Du%20sendes%20videre%20til%20Urtesenteret.no&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAAABAAAAAC~&cid=1532827018.1674901040&tid=UA-168544891-6&_gid=1865613896.1674901040&_r=1&cd1=96965866&cd2=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674901038359_607082&cd3=100542275&cd4=a4c6294-185f7e1a513-83198&cd5=&cd6=96965866%7C100542275%7C&z=1292265364
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

POST /collect?v=1&_v=j96&t=pageview&_s=1&dl=https%3A%2F%2Fno-go.kelkoogroup.net%2FoffersearchGo%3F.ts%3D1674835113129%26.sig%3DG0Z4ruEmRNtIUI7yHpBhgS389lE-%26affiliationId%3D96965866%26comId%3D100542275%26country%3Dno%26offerId%3D6e11aeff4f2e19ce092e2b8ba86dca81%26service%3D37%26tokenId%3D35e025c3-2943-4e2d-874f-eaee491f9fab%26wait%3Dtrue%26addedParams%3Dtrue%26custom1%3DNs7VPF-AKAacPXxkwZb03EmtlW8VQX9ymZ31UL0pKpRWQXabRAXE2BmRTLaIPCbqzsyDaE-IPpT13p4MRsyLlK3ZUqVk3pzZTsmuUL%26custom2%3DjKWjuHsyVvF8gQAtqwqSExZvyxEmVJrUAQB&dr=http%3A%2F%2Fr.redirekted.com%2F&dp=%2F96965866%7C100542275%7C&ul=en-us&de=UTF-8&dt=Du%20sendes%20videre%20til%20Urtesenteret.no&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=QACAAAABAAAAAC~&cid=1532827018.1674901040&tid=UA-168544891-6&_gid=1865613896.1674901040&_r=1&cd1=96965866&cd2=dc1-kls-prod-ls-04.prod.dc1.kelkoo.net_1674901038359_607082&cd3=100542275&cd4=a4c6294-185f7e1a513-83198&cd5=&cd6=96965866%7C100542275%7C&z=1292265364 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://no-go.kelkoogroup.net
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
access-control-allow-origin: https://no-go.kelkoogroup.net
date: Sat, 28 Jan 2023 10:17:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
x-content-type-options: nosniff
access-control-allow-credentials: true
content-type: image/gif
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

1.2 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
1.2 kB (1172 bytes)
Hash
650ee3adf55a5052b414652caf8a1d42
5d84f416f0fea3b9f43e52a5f4725f5ea08fbf51
bf0544cf467b7fae0a6766d34c6657354103ad79aa0a19cde916f13f2307ba3c

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.46

200 OK

215 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.46:0
ASN
#15169 GOOGLE

File type
data
Size
215 kB (214633 bytes)
Hash
cb412805462b298f7b5ff4eae7cf9d7e
6228ff21d8aecdd12ff8dc5bf5ea5e0b2b110f09
a9073d5a211705faa78722acdcecf44c38a958e77766ed160a93e2a0ec1c0044

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://urtesenteret.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Sat, 28 Jan 2023 09:45:20 GMT
expires: Sat, 28 Jan 2023 11:45:20 GMT
cache-control: public, max-age=7200
age: 1923
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
36147c185553851c38547798733a9fb2
912ec40237eae2ed558d09103c86c41f87896eca
a4fd9090983c75e1b7faf5ea9439532f51d747faf1853138ac13bdaafa490246

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
a89188d5a8605005d57f5bd7b7981413
a5949f3a51b1e357bf8dbd9e3dbbee0311ac45ce
460552ba4e9040f3ace71b03092d011435c23c4241246c82ffde2a051cc8eaa4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1657
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Last-Modified: Sat, 28 Jan 2023 09:49:46 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280

ssl.google-analytics.com/ga.js

142.250.74.40

200 OK

18 kB

URL HTTP/2
ssl.google-analytics.com/ga.js
IP
142.250.74.40:0
ASN
#15169 GOOGLE

File type
data
Size
18 kB (17455 bytes)
Hash
ac56fb3fefa48e21bd63125266fa338f
f5a17034b54510408d7b60a1c476266db30d2950
c3abea3db80ce077ab76a9b3a5606976d6640691242a2725305d14853e7d35ac

HTTP Headers

GET /ga.js HTTP/1.1
Host: ssl.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://urtesenteret.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 17168
date: Sat, 28 Jan 2023 08:41:14 GMT
expires: Sat, 28 Jan 2023 10:41:14 GMT
cache-control: public, max-age=7200
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
age: 5769
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
a89188d5a8605005d57f5bd7b7981413
a5949f3a51b1e357bf8dbd9e3dbbee0311ac45ce
460552ba4e9040f3ace71b03092d011435c23c4241246c82ffde2a051cc8eaa4

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1657
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Last-Modified: Sat, 28 Jan 2023 09:49:46 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

169 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (47898)
Size
169 kB (168613 bytes)
Hash
f7416a3b6d95171116714af44c21911c
e8bc1a7666a2a6d60c355d315065280b7c4790f3
2d25550eaa2f6587985f87d4e9634da55da42155adb125e41dd6670842b22a8b

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

18 kB

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
18 kB (17776 bytes)
Hash
f14e717891957d1fad73050b7feec1cc
128639d284885dc8f10705173cfdd5a6190f5baf
7a72065418dbe00eb29f8ed915aeea8dcb02214f0499d9bda65069c1c9e3b6b4

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

call.chatra.io/chatra.js

104.22.2.142

200 OK

131 kB

URL HTTP/2
call.chatra.io/chatra.js
IP
104.22.2.142:0
ASN
#13335 CLOUDFLARENET

File type
Unicode text, UTF-8 text, with very long lines (38492), with no line terminators
Size
131 kB (130823 bytes)
Hash
a79b6c2aaf61f075e9f1679b4b9e8d01
a53c2de549cb8f678bd41a673da7a6c37fa30162
df640cd9a14d245a8a59d6b569e55d73819362e9d801fe30628655a53e1f4def

HTTP Headers

GET /chatra.js HTTP/1.1
Host: call.chatra.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://urtesenteret.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:17:23 GMT
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=300, stale-if-error=1800
last-modified: Mon, 16 Jan 2023 16:18:10 GMT
etag: W/"b6f7-185bb5fb5d0"
cf-cache-status: HIT
age: 1524
vary: Accept-Encoding
server: cloudflare
cf-ray: 7908fa604d49b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29

104.21.37.61

200 OK

60 kB

URL HTTP/2
urtesenteret.no/remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29
IP
104.21.37.61:0
ASN
#13335 CLOUDFLARENET

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (46791)
Size
60 kB (60328 bytes)
Hash
caff8d7e2b7d84a0adf8469800fe9d49
5210ad358862ac1e368a13bd1fdf15f75f35837e
bcfc0cffaf92e19825ce694c7d6e1e5ee909740c3aaaaf14321e73c53985173f

HTTP Headers

GET /remasan-/?utm_source=kelkoono&utm_medium=cpc&utm_campaign=kelkooclick&utm_term=Remasan+%28%C3%98sters-sopp%29 HTTP/1.1
Host: urtesenteret.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:17:22 GMT
content-type: text/html; charset=utf-8
set-cookie: utm=%7B%22source%22%3A%22kelkoono%22%2C%22medium%22%3A%22cpc%22%2C%22campaign%22%3A%22kelkooclick%22%2C%22term%22%3A%22Remasan%20%28%5Cu00d8sters-sopp%29%22%7D; expires=Fri, 28-Apr-2023 10:17:18 GMT; Max-Age=7776000; path=/; secure; HttpOnly; SameSite=None
referer=https%3A%2F%2Fno-go.kelkoogroup.net%2F; expires=Fri, 28-Apr-2023 10:17:18 GMT; Max-Age=7776000; path=/; secure; HttpOnly; SameSite=None
landing=%2Fremasan-%2F%3Futm_source%3Dkelkoono%26utm_medium%3Dcpc%26utm_campaign%3Dkelkooclick%26utm_term%3DRemasan%2B%2528%25C3%2598sters-sopp%2529; path=/; secure; HttpOnly; SameSite=None
utm=%7B%22source%22%3A%22kelkoono%22%2C%22medium%22%3A%22cpc%22%2C%22campaign%22%3A%22kelkooclick%22%2C%22term%22%3A%22Remasan%20%28%5Cu00d8sters-sopp%29%22%7D; expires=Fri, 28-Apr-2023 10:17:18 GMT; Max-Age=7776000; path=/; secure; HttpOnly; SameSite=None
referer=https%3A%2F%2Fno-go.kelkoogroup.net%2F; expires=Fri, 28-Apr-2023 10:17:18 GMT; Max-Age=7776000; path=/; secure; HttpOnly; SameSite=None
viewed_products_ids=2516; expires=Mon, 27-Feb-2023 10:17:18 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=None
shop_cart=b6b416e0aca1727cb25a93637f900c2d; expires=Mon, 27-Feb-2023 10:17:18 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=None
PHPSESSID=2d9328cfda2bd9fe87c76920ff65187f; path=/; HttpOnly; secure
supercache-version=1; expires=Mon, 27-Feb-2023 10:17:22 GMT; Max-Age=2592000; path=/; secure; SameSite=None
p3p: CP="NOI ADM DEV COM NAV OUR STP"
link: <https://urtesenteret.no/remasan-/>; rel='canonical'
last-modified: Sat, 28 Jan 2023 10:17:22 GMT
cache-control: max-age=0
vary: Accept-Encoding,User-Agent
strict-transport-security: max-age=15768000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U1XnW1Ib9hQyZs0Y2%2Fr5GGBCALRXKW57bHeb8NyL4%2Bd8RFLd2697%2FKUSlcAOalDbZ4RkZXPweEb4jdL4CjE9qr8jASjDpNE3xrG6TJAAQ0Z14pFzMn6ooYAPhYOl5QMdylc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7908fa439bdbb518-OSL
content-encoding: br
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size
16 kB (15740 bytes)
Hash
b9c29351c46f3e8c8631c4002457f48a
e57e59c5780995ff2937ab2b511a769212974a87
f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://urtesenteret.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Jan 2023 10:26:49 GMT
expires: Sun, 21 Jan 2024 10:26:49 GMT
cache-control: public, max-age=31536000
age: 604234
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2

142.250.74.35

200 OK

17 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 17368, version 1.0\012- data
Size
17 kB (17368 bytes)
Hash
abe083d96b58eb02ada8b7c30d7b09f2
61447d66d13a8c8f4335696777a85c438c46f749
db0424fb67fb52e7e538490240cc7fb9c05aa076333a4968f3dee30b825dabf9

HTTP Headers

GET /s/roboto/v30/KFOkCnqEu92Fr1Mu51xIIzI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://urtesenteret.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17368
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 07:01:24 GMT
expires: Wed, 24 Jan 2024 07:01:24 GMT
cache-control: public, max-age=31536000
age: 357359
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2

142.250.74.35

200 OK

17 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 17032, version 1.0\012- data
Size
17 kB (17032 bytes)
Hash
05a47f9e469d408c629f931cd33ff8b2
823f21f7b1d456db889c3afea393f0d2b9581c38
6be97ca17228a69c406231d89c003194c3dfba7401eaa9fe9e9ed0ef1c18dc38

HTTP Headers

GET /s/roboto/v30/KFOjCnqEu92Fr1Mu51TzBic6CsQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://urtesenteret.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17032
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 26 Jan 2023 00:13:35 GMT
expires: Fri, 26 Jan 2024 00:13:35 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:52 GMT
content-type: font/woff2
age: 209028
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size
16 kB (15920 bytes)
Hash
3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://urtesenteret.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 25 Jan 2023 07:51:59 GMT
expires: Thu, 25 Jan 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 267924
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2

142.250.74.35

200 OK

17 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 17336, version 1.0\012- data
Size
17 kB (17336 bytes)
Hash
eec8dbfc49267c4d33cf31b49661bf37
0f49d4563cf9e22e3af6907d0785b9a6facadbf0
661d4b208656c006e7aab58acf7784857963123675de2302279fbe6c05313547

HTTP Headers

GET /s/roboto/v30/KFOjCnqEu92Fr1Mu51S7ACc6CsQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://urtesenteret.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 17336
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 21:41:49 GMT
expires: Wed, 24 Jan 2024 21:41:49 GMT
cache-control: public, max-age=31536000
age: 304534
last-modified: Wed, 11 May 2022 19:24:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.35

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://urtesenteret.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 24 Jan 2023 13:09:06 GMT
expires: Wed, 24 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 335297
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
cbe94bc7052911313fffd1cdad964a74
a96a6606f1d20baeeb4040c9ced3ba2f7bd1aada
430d90ac0a39038dbb5336cf29baf6786ac29491c5a8e4dcce04e93d9fceb5e1

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

chat.chatra.io/sockjs/774/tmofrk1a/websocket

172.67.13.227

101 Switching Protocols

1.8 kB

URL HTTP/1.1
chat.chatra.io/sockjs/774/tmofrk1a/websocket
IP
172.67.13.227:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.8 kB (1784 bytes)
Hash
a43cb7016099f22cdf76798cf040118e
c0b1e155e8dcacdb02a40b50199d12c2d896a48d
385fb9fe2d7c027ad5dd2adf4d6b452fe03ee5547b441776ec548040194b8384

HTTP Headers

GET /sockjs/774/tmofrk1a/websocket HTTP/1.1
Host: chat.chatra.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://chat.chatra.io
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 8ebTO8mXVkgD6ZmF+QILKw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Date: Sat, 28 Jan 2023 10:17:24 GMT
Connection: upgrade
Set-Cookie: AWSALB=Yuz+tLVFxlePAJZ/0/S5tbzR2iIfj6xaNM61yzNxnwd5grwLrHfyX8kQ4/9AMgCk/fFqEJMG8cOlONH3FCtj9nQWnLLC2q/dADB61+M7yxOKyzm4IpJRso9knvoD; Expires=Sat, 04 Feb 2023 10:17:24 GMT; Path=/
AWSALBCORS=Yuz+tLVFxlePAJZ/0/S5tbzR2iIfj6xaNM61yzNxnwd5grwLrHfyX8kQ4/9AMgCk/fFqEJMG8cOlONH3FCtj9nQWnLLC2q/dADB61+M7yxOKyzm4IpJRso9knvoD; Expires=Sat, 04 Feb 2023 10:17:24 GMT; Path=/; SameSite=None
Upgrade: websocket
Sec-WebSocket-Accept: lWvY2NElEXy+PVyRMt/fo1EWJfs=
Sec-WebSocket-Extensions: permessage-deflate
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7908fa67bdd7b4f9-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

ocsp.digicert.com/

93.184.220.29

200 OK

15 kB

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
15 kB (15289 bytes)
Hash
01fbab43251c84b017109acd98ee985e
02e9cae27f1e0c43dd25c747c258c87cf13b6629
31cb8221b9e6aea26d6a048e635c5145239769681161064fb03448896536f507

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3969
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:24 GMT
Last-Modified: Sat, 28 Jan 2023 09:11:15 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279

uc.chatra-usercontent.com/826262bb-0747-4589-97ba-fc3e5be28afd/-/resize/200x200/

104.21.74.23

200 OK

5.1 kB

URL HTTP/2
uc.chatra-usercontent.com/826262bb-0747-4589-97ba-fc3e5be28afd/-/resize/200x200/
IP
104.21.74.23:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 200x200, components 3\012- data
Size
5.1 kB (5096 bytes)
Hash
d71dd85aeb53c7902d2a34754601040b
082c8a632743252f82c5ed2aed40ae498a24dc4b
eef2acc4be5cf8def41a9011bfcbee044d72da63ba602a2ad06ac51ef6d77d8a

HTTP Headers

GET /826262bb-0747-4589-97ba-fc3e5be28afd/-/resize/200x200/ HTTP/1.1
Host: uc.chatra-usercontent.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://chat.chatra.io/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sat, 28 Jan 2023 10:17:24 GMT
content-type: image/jpeg
content-length: 5096
access-control-allow-methods: HEAD, GET, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Etag, X-Image-Width, X-Image-Height, X-Image-Acceptable-Original, X-Image-Acceptable-Improved
content-disposition: inline
etag: "506dc58910e0990e1783cf85490c5ebd"
x-image-height: 200
x-image-width: 200
x-robots-tag: noindex, nofollow, nosnippet, noarchive
cache-control: public, max-age=29542215
cf-cache-status: HIT
age: 20340412
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xe%2BiBzkkbGU%2BYz5PW3RTnGuC4xrHfqyJmuIvMeMSaHZ6a3MpwXh%2BHhc%2BC25P4cuqnsCNjGkYqz1W0%2FR3sXNMU8gDDu8WUR5WFDYvbTaNGs5QjMfTBjorfmVW19P%2FaIt7GV50BTnwCigTG6EO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7908fa6a584a0b3d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

279 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
279 B (279 bytes)
Hash
d74ef2f1aded46439331cb8725ad60df
f64ebefa3d6f08a25e5341c9450f0e2a999688bb
d79171f80f75d0e022d891aa0b416019e37324ec759ec90b40cddc8ac25b6094

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3969
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Sat, 28 Jan 2023 10:17:24 GMT
Last-Modified: Sat, 28 Jan 2023 09:11:15 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 279

fonts.googleapis.com/css?family=Roboto:400,400italic,500,500italic,700,700italic,300,300italic&subset=cyrillic-ext,latin,cyrillic

142.250.74.106

200 OK

0 B

URL HTTP/2
fonts.googleapis.com/css?family=Roboto:400,400italic,500,500italic,700,700italic,300,300italic&subset=cyrillic-ext,latin,cyrillic
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /css?family=Roboto:400,400italic,500,500italic,700,700italic,300,300italic&subset=cyrillic-ext,latin,cyrillic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://urtesenteret.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sat, 28 Jan 2023 10:17:23 GMT
date: Sat, 28 Jan 2023 10:17:23 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (58)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML