Report - teletele.website/christmas/cl/claro

Report Overview

Submitted URL
teletele.website/christmas/cl/claro
IP
212.237.233.86
ASN
#212531 UAB Interneto vizija
Submitted
2022-11-27 06:04:32
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
10

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
whampamp.com	30947	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.6 kB	5.7 kB	139.45.197.236
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	4.2 kB	3.7 kB	142.250.74.174
clk.tradedoubler.com	65246	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	538 B	1.3 kB	35.186.231.97
de.trck.one	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	683 B	895 B	35.156.26.226
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.7 kB	5.2 kB	93.184.220.29
ocsp.r2m02.amazontrust.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	700 B	2.0 kB	54.230.80.227
ocsp2.globalsign.com	1544	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	357 B	1.9 kB	104.18.21.226
www.lampegiganten.no	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	476 B	668 B	104.18.22.160
lnk.clickadsolutions.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.6 kB	13 kB	3.10.244.69
my.rtmark.net	9054	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	493 B	696 B	139.45.195.8
bnr.thedataclicks.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	810 B	1.7 kB	54.82.151.162
d1aaucsx2ftut2.cloudfront.net	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	435 B	183 kB	143.204.42.138
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.4 kB	2.8 kB	142.250.74.35
perf.af.funneldrivers.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	660 B	608 B	35.187.21.229
api.kelkoogroup.net	468795	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	663 B	1.3 kB	143.204.55.112
www.sparnet.no	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.0 kB	866 B	109.205.183.31
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
as.ad4m.at	2183	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	549 B	1.2 kB	104.26.10.209
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	2.9 kB	143.204.42.158
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	34.214.236.46
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.2 kB	50 kB	34.120.237.76
fnc.contextwidget.tech	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	593 B	136 B	52.202.106.26
teletele.website	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	733 B	738 B	212.237.233.86

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-11-27	medium	teletele.website/christmas/cl/claro	Phishing
2022-11-27	medium	teletele.website/christmas/cl/claro/	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2022-11-26	medium	whampamp.com	Sinkholed
2022-11-26	medium	whampamp.com	Sinkholed
2022-11-26	medium	whampamp.com	Sinkholed

JavaScript (5)

	URL	Size	First Seen	Last Seen
	whampamp.com/4/5087048?var=ag2	5.4 kB	2023-03-11	2023-03-11
Pretty URL whampamp.com/4/5087048?var=ag2 IP 139.45.197.236 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:10:40 Last Seen2023-03-11 21:10:40 Times Seen1 Hash 6e5806176e925da8166516297fd9e756 f9f9a0abd9ec4b8fe01be6f09bc840e1f0fcd196 82207b541d2a4348aeddb0b1568f57234a75b394916ec8e7d8db3c137ded02d4 Loading...

	bnr.thedataclicks.com/get/3aaXhDsaBY714mUXMA89pND9?connectionType=broadband&carrier=?&browserVersion=105&region=03&device=desktop&operatingSystem=windows&osVersion=win10&country=NO&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&browser=firefox&zoneId=5087048&cost=0.002240&campaignId=6359297&paid=620612465671283612&rdk=rk3	773 B	2023-03-11	2023-03-11
Pretty URL bnr.thedataclicks.com/get/3aaXhDsaBY714mUXMA89pND9?connectionType=broadband&carrier=?&browserVersion=105&region=03&device=desktop&operatingSystem=windows&osVersion=win10&country=NO&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&browser=firefox&zoneId=5087048&cost=0.002240&campaignId=6359297&paid=620612465671283612&rdk=rk3 IP 54.82.151.162 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 21:10:40 Last Seen2023-03-11 21:10:40 Times Seen1 Hash 94d34df99e0ca2da40e943f6a4d6c8b6 e879fab5f705270daef3ef7a7ebad5e4d5dafa56 3aad22b55dfb69a4454059717c6e74dc2f72cc2941489145239b2592ecdf4065 Loading...

	lnk.clickadsolutions.com/?bt=lnk.funneldrivers.com&ref=https%3A%2F%2Fwww.startsiden.no%2F&friend=&u=perf.af.funneldrivers.com%252Fts%252Fi5043812%252Ftsc%253Ftyp%253Dr%2526amc%253Daff.eficads.373016.506668.CRT4hd3Uaqi%2526smc1%253D6382fde75c7ea728c30a5fe8-RL-186890%2526smc5%253Dlnk.funneldrivers.com%25252Fref%25252Fwww.startsiden.no%25252F&log=false&type=ROTATOR_LINK&linkId=186890&clickId=6382fde75c7ea728c30a5fe8&br=false	48 B	2023-03-08	2023-04-05
Pretty URL lnk.clickadsolutions.com/?bt=lnk.funneldrivers.com&ref=https%3A%2F%2Fwww.startsiden.no%2F&friend=&u=perf.af.funneldrivers.com%252Fts%252Fi5043812%252Ftsc%253Ftyp%253Dr%2526amc%253Daff.eficads.373016.506668.CRT4hd3Uaqi%2526smc1%253D6382fde75c7ea728c30a5fe8-RL-186890%2526smc5%253Dlnk.funneldrivers.com%25252Fref%25252Fwww.startsiden.no%25252F&log=false&type=ROTATOR_LINK&linkId=186890&clickId=6382fde75c7ea728c30a5fe8&br=false IP 3.10.244.69 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:27 Last Seen2023-04-05 02:08:51 Times Seen2 Hash 4b0a2f4dabda3d3b5356c55d46a8ad3b 48421c432e202bb4e2c4d42124cf40515ca0bcab 88b835b90d7455e201ce090833d5056c11df0b91e86c483b581121a9c361fc76 Loading...

	lnk.funneldrivers.com/ref/www.startsiden.no/	99 B	2023-03-08	2023-04-05
Pretty URL lnk.funneldrivers.com/ref/www.startsiden.no/ IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:27 Last Seen2023-04-05 02:08:50 Times Seen2 Hash a536872d923707207a883ec41c6c690f 3e90562383a35824c8841b047f1d0c208a09304c 8fe3869a9284726d2f7f8baff0c69342a06f13f900d5a8e066f6db93054d5abd Loading...

	lnk.clickadsolutions.com/js/c.js	7.8 kB	2023-03-08	2023-03-13
Pretty URL lnk.clickadsolutions.com/js/c.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:23:28 Last Seen2023-03-13 08:19:05 Times Seen1 Hash 28f147c32edde42fcfabfc9cfa93edcd 4540d4c6db74de7651a1fe723ea0aa563b4c0678 e762d6ca1ddd7dab2fa0db7702efdbd3bc10e6f7f3be7b0f8818d45d5bcb96d7 Loading...

HTTP Transactions (62)

URL IP Response Size

teletele.website/christmas/cl/claro

212.237.233.86

301 Moved Permanently

251 B

URL HTTP/1.1
teletele.website/christmas/cl/claro
IP
212.237.233.86:0
ASN
#212531 UAB Interneto vizija

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size
251 B (251 bytes)
Hash
7ddcd23fd23654b848f70fe73b3320ac
420886279fbb4b7c7d237e33cb1bfd06add91225
1f75c5b2ebde3f6ce7ca88c7ecaa9dbe0ce5088e196df79d10c1fa7d6f01d573

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /christmas/cl/claro HTTP/1.1
Host: teletele.website
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 301 Moved Permanently
Date: Sun, 27 Nov 2022 06:04:21 GMT
Server: Apache
Location: http://teletele.website/christmas/cl/claro/
Content-Length: 251
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10784
Expires: Sun, 27 Nov 2022 09:04:05 GMT
Date: Sun, 27 Nov 2022 06:04:21 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
15b59d5e62caedb4bec3ba6724906c1e
960f801e608a56fdd11449f4face29f62cad2b21
8c72a45737c2eeddf328b0ed3236f3243551d904e94ec9dd7254972ebfb9229e

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4256
Cache-Control: max-age=106663
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 06:04:21 GMT
Etag: "6381eaec-1d7"
Expires: Mon, 28 Nov 2022 11:42:04 GMT
Last-Modified: Sat, 26 Nov 2022 10:31:08 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17709
Expires: Sun, 27 Nov 2022 10:59:30 GMT
Date: Sun, 27 Nov 2022 06:04:21 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 27 Nov 2022 05:17:36 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 2805
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 8R+8K/9ac22L4lCUoyZqA3+JyuZWcSV5YwtzLnk8uGKfsYDZ82neosBC0OkoNTsRxCo8FwzrUmQ=
x-amz-request-id: AXXX5028R1CG3N7E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 27 Nov 2022 05:44:31 GMT
age: 1190
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

teletele.website/christmas/cl/claro/

212.237.233.86

302 Found

0 B

URL HTTP/1.1
teletele.website/christmas/cl/claro/
IP
212.237.233.86:0
ASN
#212531 UAB Interneto vizija

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /christmas/cl/claro/ HTTP/1.1
Host: teletele.website
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Date: Sun, 27 Nov 2022 06:04:21 GMT
Server: Apache
Location: //whampamp.com/4/5087048?var=ag2
Keep-Alive: timeout=2, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 06:04:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

whampamp.com/4/5087048?var=ag2

139.45.197.236

200 OK

3.0 kB

URL HTTP/1.1
whampamp.com/4/5087048?var=ag2
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5405)
Size
3.0 kB (2951 bytes)
Hash
a43b3cfebb6abf17efd0231ba9e02bf0
805f94e218997fa705302f91917a53bc3218e44d
c1cc0362bb9e02ab6a635224795cc95cad7784b17912ec6c510a8b84bdf9153b

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /4/5087048?var=ag2 HTTP/1.1
Host: whampamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: OAID=042db54985274c63a3fe101647e42c0c; oaidts=1669516349; syncedCookie=true
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 27 Nov 2022 06:04:21 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: d62e7ff588d8140c98066b1a1ad47a27
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 86400
Timing-Allow-Origin: *
Set-Cookie: OAID=042db54985274c63a3fe101647e42c0c; expires=Mon, 27 Nov 2023 06:04:21 GMT; path=/
oaidts=1669516349; expires=Mon, 27 Nov 2023 06:04:21 GMT; path=/
Pragma: no-cache, no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, Accept, Content-Type, Content-Length, Accept-Encoding
Content-Encoding: gzip

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
e413346bdf4cea48847886fc7871e4d8
5d89ec3ae90ebf5069321bfc6fb0abeff77db028
85398a907af9d7c7041b28ec00595c5056ee3ecb51d9f09e4e75b6bfa0859d84

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "85398A907AF9D7C7041B28EC00595C5056EE3ECB51D9F09E4E75B6BFA0859D84"
Last-Modified: Sat, 26 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13679
Expires: Sun, 27 Nov 2022 09:52:21 GMT
Date: Sun, 27 Nov 2022 06:04:22 GMT
Connection: keep-alive

whampamp.com/?z=5087048&syncedCookie=false&rhd=false

139.45.197.236

302 Found

0 B

URL HTTP/1.1
whampamp.com/?z=5087048&syncedCookie=false&rhd=false
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

POST /?z=5087048&syncedCookie=false&rhd=false HTTP/1.1
Host: whampamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 463
Origin: http://whampamp.com
Connection: keep-alive
Referer: http://whampamp.com/afu.php?zoneid=5087048&var=5087048&rid=uZkGuFtJfk-T2gq_XdzZSg%3D%3D&rhd=false
Cookie: OAID=042db54985274c63a3fe101647e42c0c; oaidts=1669516349; syncedCookie=true
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 27 Nov 2022 06:04:22 GMT
Content-Length: 0
Connection: keep-alive
X-Trace-Id: e76a519c791b7421018cf328a517c403
Link: <https://bnr.thedataclicks.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Referrer-Policy: no-referrer
Location: https://bnr.thedataclicks.com/get/3aaXhDsaBY714mUXMA89pND9?connectionType=broadband&carrier=?&browserVersion=105&region=03&device=desktop&operatingSystem=windows&osVersion=win10&country=NO&language=en&userAgent=Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0&browser=firefox&zoneId=5087048&cost=0.002240&campaignId=6359297&paid=620612465671283612&rdk=rk3
Access-Control-Allow-Origin: http://whampamp.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=042db54985274c63a3fe101647e42c0c; expires=Mon, 27 Nov 2023 06:04:22 GMT; path=/
oaidts=1669516349; expires=Mon, 27 Nov 2023 06:04:22 GMT; path=/
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *

my.rtmark.net/img.gif?f=merge&userId=042db54985274c63a3fe101647e42c0c

139.45.195.8

200 OK

43 B

URL HTTP/2
my.rtmark.net/img.gif?f=merge&userId=042db54985274c63a3fe101647e42c0c
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

POST /img.gif?f=merge&userId=042db54985274c63a3fe101647e42c0c HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://whampamp.com
Connection: keep-alive
Referer: http://whampamp.com/
Cookie: ID=042db54985274c63a3fe101647e42c0c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 06:04:22 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: http://whampamp.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=042db54985274c63a3fe101647e42c0c; expires=Mon, 27 Nov 2023 06:04:22 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

whampamp.com/favicon.ico

139.45.197.236

204 No Content

0 B

URL HTTP/1.1
whampamp.com/favicon.ico
IP
139.45.197.236:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
quad9	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: whampamp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://whampamp.com/afu.php?zoneid=5087048&var=5087048&rid=uZkGuFtJfk-T2gq_XdzZSg%3D%3D&rhd=false
Cookie: OAID=042db54985274c63a3fe101647e42c0c; oaidts=1669516349; syncedCookie=true

HTTP/1.1 204 No Content
Server: nginx
Date: Sun, 27 Nov 2022 06:04:22 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 27 Nov 2022 05:08:54 GMT
cache-control: public,max-age=3600
age: 3328
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
31793b913ea60c7594614d15502279d9
2c7586bbd4669f3c0bef3e1c39da16edcf60a3aa
d5a46ffddc1620aa5fb58f55fc977fb58ba5989bf61602ae790ea59026f23482

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=91942
Date: Sun, 27 Nov 2022 06:04:22 GMT
Etag: "6381b120-1d7"
Expires: Mon, 28 Nov 2022 07:36:45 GMT
Last-Modified: Sat, 26 Nov 2022 06:24:32 GMT
Server: ECS (bsa/EB13)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: Z-fHx_n4C3iGfDbgc9D5h_Z3QpCpx5jlYYw_gm1iisqOEbU80y5M6A==
Age: 4332

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
d3df71aab146eefc49acb608796aab63
8401892995193919376dfcd798b09c8261579454
a616c1e54e896576601e6107c1814adbebf35364d8ed807cdd89ac36b8200c88

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 669
Cache-Control: max-age=98018
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 06:04:22 GMT
Etag: "6381d72b-1d7"
Expires: Mon, 28 Nov 2022 09:18:00 GMT
Last-Modified: Sat, 26 Nov 2022 09:06:51 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 471

bnr.thedataclicks.com/get/3aaXhDsaBY714mUXMA89pND9?connectionType=broadband&carrier=?&browserVersion=105&region=03&device=desktop&operatingSystem=windows&osVersion=win10&country=NO&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&browser=firefox&zoneId=5087048&cost=0.002240&campaignId=6359297&paid=620612465671283612&rdk=rk3

54.82.151.162

200 OK

1.6 kB

URL HTTP/2
bnr.thedataclicks.com/get/3aaXhDsaBY714mUXMA89pND9?connectionType=broadband&carrier=?&browserVersion=105&region=03&device=desktop&operatingSystem=windows&osVersion=win10&country=NO&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&browser=firefox&zoneId=5087048&cost=0.002240&campaignId=6359297&paid=620612465671283612&rdk=rk3
IP
54.82.151.162:0
ASN
#14618 AMAZON-AES

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (823)
Size
1.6 kB (1601 bytes)
Hash
faec02e714b1abef9f9ac9767af340b1
60c03f75cec490adc4d4c3a99aef39ce2dafe886
d81fac45dc7beccb8ac2125b0f9edc234b5cfe79c6c9ff64bacb30b18db3403d

HTTP Headers

GET /get/3aaXhDsaBY714mUXMA89pND9?connectionType=broadband&carrier=?&browserVersion=105&region=03&device=desktop&operatingSystem=windows&osVersion=win10&country=NO&language=en&userAgent=Mozilla/5.0%20(Windows%20NT%2010.0;%20Win64;%20x64;%20rv:105.0)%20Gecko/20100101%20Firefox/105.0&browser=firefox&zoneId=5087048&cost=0.002240&campaignId=6359297&paid=620612465671283612&rdk=rk3 HTTP/1.1
Host: bnr.thedataclicks.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: awselb/2.0
date: Sun, 27 Nov 2022 06:04:22 GMT
content-type: text/html
content-length: 1601
X-Firefox-Spdy: h2

d1aaucsx2ftut2.cloudfront.net/jcm-mm/df65b48d452bb5a2f073ffeb75bffd03.jpg

143.204.42.138

200 OK

182 kB

URL HTTP/2
d1aaucsx2ftut2.cloudfront.net/jcm-mm/df65b48d452bb5a2f073ffeb75bffd03.jpg
IP
143.204.42.138:0
ASN
#16509 AMAZON-02

File type
JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, progressive, precision 8, 800x575, components 3\012- data
Size
182 kB (182382 bytes)
Hash
f9e641f66ce52e5cd289bc9ec04177a0
8f92da1eea761eeb085c677006807340a080d561
5bfbf5de7aa72c3556ace1009592e5156d5df495f8369be07b4f254cd742034c

HTTP Headers

GET /jcm-mm/df65b48d452bb5a2f073ffeb75bffd03.jpg HTTP/1.1
Host: d1aaucsx2ftut2.cloudfront.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnr.thedataclicks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-length: 182382
last-modified: Wed, 15 Apr 2020 16:55:34 GMT
accept-ranges: bytes
server: AmazonS3
date: Sun, 27 Nov 2022 05:08:38 GMT
etag: "f9e641f66ce52e5cd289bc9ec04177a0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: hWU1_YPWpa3eps_KpYGhzyx3TlY9y31X72pKdyphemjI2hV3j7wDKg==
age: 3345
X-Firefox-Spdy: h2

push.services.mozilla.com/

34.214.236.46

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
34.214.236.46:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: W5QRk7OuDjb8bKVSjicJwQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: wmie4yWqGHAZuXA+Uk9Uc9k3G5k=

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
d4daedf970bd8600ed7b8d785cd7b5b2
bfb2658dcc52210254a3fdfe256f7d1ed1cb37d0
9efe5aeebdc8e441e66206da61d04582686e599c6c371494fb7809156cfff145

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Cache-Control: 'max-age=158059'
Date: Sun, 27 Nov 2022 06:04:22 GMT
Server: ECS (dcb/7F3B)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: kZDeGCoJI09__W1NAbbxekkHVxFR3TIEkApzi0xHVOr4BPAaRs5M2g==

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18087
Expires: Sun, 27 Nov 2022 11:05:50 GMT
Date: Sun, 27 Nov 2022 06:04:23 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18087
Expires: Sun, 27 Nov 2022 11:05:50 GMT
Date: Sun, 27 Nov 2022 06:04:23 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg

34.120.237.76

200 OK

8.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.4 kB (8387 bytes)
Hash
4e97baa4851785eac92c719abf481c64
c32a57038d3cdbc514c9081c9938eca6a04fb481
adb59e982648082e5421f58899a5331b2747e9d45be33c495fbe3ab8cc872b22

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcfaef414-0c01-4bb9-800d-29da0ef5607d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8387
x-amzn-requestid: e4ce369f-7654-4c1a-94c2-70c913eb1a01
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFL0tEcqIAMFXHw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637ec01d-37bd969f4cdfe220096b8c1f;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 00:51:41 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: __2hrJIdzCKzhuJ_YfbSSfz-WwyIqnPugk7P6SuYSjn6b2wwm0otCw==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 12:27:20 GMT
age: 63423
etag: "c32a57038d3cdbc514c9081c9938eca6a04fb481"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde03fed4-26de-4471-bc0e-a0c0483636ce.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8254 bytes)
Hash
6ee5071a31d351c552aa651e40b16189
6fca9136030ea6f67be44e428ea39c34ff3e28e7
8d52f14267b8bd47119954796ff6c5d54eb6aa5d23c6e8bbd246108a5b89c1d9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fde03fed4-26de-4471-bc0e-a0c0483636ce.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8254
x-amzn-requestid: e12624ea-58c6-4f39-826c-8a1d87ebc5ba
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cFySQGegIAMF-HA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637efda7-2c5e216a0d8a1502615186a8;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 05:14:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0Ylris3tg94-66p8L5kYl2zgnVZ4mCc04ju96DslaB97Dfr-6nTyfA==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
age: 30129
etag: "6fca9136030ea6f67be44e428ea39c34ff3e28e7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F661e728e-05a1-40d9-ae81-c058443324b3.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.9 kB (9926 bytes)
Hash
892849386662d30042f01ab952a3ec14
3b349ac17a00d68875e64bee110ec85d07cffda2
893797d55f15081d45af7a31af9fefe106ace9ba236e9b113787d07ab416faf9

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F661e728e-05a1-40d9-ae81-c058443324b3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9926
x-amzn-requestid: 4e2c72af-2cce-4740-9962-6a7f9e217272
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b_cVCHwEoAMF3lQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637c7420-51c2e04b4fae5b576a679db5;Sampled=0
x-amzn-remapped-date: Tue, 22 Nov 2022 07:02:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: rZTk5ONMhQB66WF0VWIRmlTOdzEJO-NJVl4TCibzbH2fZXY_9Mx9kQ==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 18:42:19 GMT
age: 40924
etag: "3b349ac17a00d68875e64bee110ec85d07cffda2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaab9de7-1f50-401c-bd84-6bcd72fb53d1.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.3 kB (8335 bytes)
Hash
c52c26038ed572c870cf2119865907b1
b298107232e837ccf8d853e6d2c91f67e74dc2ba
d95471f66cf6404bfb5400c4c707fbb81bcaf4be1518313d3f513c9b2a3da1fd

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fdaab9de7-1f50-401c-bd84-6bcd72fb53d1.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8335
x-amzn-requestid: 265466c8-029d-4738-bdbe-be0a161fb497
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOeD0GwYIAMFYqw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638276e5-1c8225cf00057ce0047f74ba;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 20:28:21 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: TK_kNT9Vcv_lNMbiTqXxAYXCko2Gy64Oy9MGXwuBu9S_3DdqIc67Nw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 01:05:18 GMT
age: 17945
etag: "b298107232e837ccf8d853e6d2c91f67e74dc2ba"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4803 bytes)
Hash
cc0a257323f882caff067adb86d906e4
cedf2f21be7cd366bd46055b62b5513db3011dfc
c16a9296d5e840a468fef7fb2764b9f7d4b3131d7ade2ce4999de1eead5469e0

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F881a33ae-e81b-4603-85d9-a2242b17be66.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4803
x-amzn-requestid: 80f7f1c8-0316-4181-83ac-2787b1ae825f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cOo4iFHoIAMF2-g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63828836-2c0a081b07e0785b4350c10c;Sampled=0
x-amzn-remapped-date: Sat, 26 Nov 2022 21:42:14 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AVwDLlKoy5pc9NNuR_OakMB0ONGAoO-k2AKwV--b2sjiaqYSKAWlZg==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 21:42:14 GMT
etag: "cedf2f21be7cd366bd46055b62b5513db3011dfc"
content-type: image/jpeg
age: 30129
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.4 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F597d0b25-8af2-425a-be32-195ac8e4bc00.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.4 kB (4374 bytes)
Hash
514b4077fad50ba782e4bbb2c95c6852
4770f56d4d9489df43f33952e4bfa84d8e46414e
a97ce7c911625345342731b96cf423ee36182e101e3039694a666d6508a702ef

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F597d0b25-8af2-425a-be32-195ac8e4bc00.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4374
x-amzn-requestid: 16fa9401-4b57-4300-9377-3a7d96de3a38
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cGB7uFWJIAMFfTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637f16b1-3386c7b54d828c3b1393b9ce;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 07:01:05 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 6XMNeYqDwM9yHZf1rkBRhZ6k_iZE92MWKavu0vlQnT2jZ--tswQwWw==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 26 Nov 2022 07:07:08 GMT
age: 82635
etag: "4770f56d4d9489df43f33952e4bfa84d8e46414e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

lnk.clickadsolutions.com/trk/3aaXhDsaBY714mUXMA89pND9?browser=firefox&browserVersion=105&campaignId=6359297&carrier=%3F&connectionType=broadband&cost=0.002240&country=NO&device=desktop&language=en&operatingSystem=windows&osVersion=win10&paid=620612465671283612&rdk=rk3&region=03&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&zoneId=5087048&c2=true&vpw=1280&vph=1024

3.10.244.69

200 OK

10 kB

URL HTTP/2
lnk.clickadsolutions.com/trk/3aaXhDsaBY714mUXMA89pND9?browser=firefox&browserVersion=105&campaignId=6359297&carrier=%3F&connectionType=broadband&cost=0.002240&country=NO&device=desktop&language=en&operatingSystem=windows&osVersion=win10&paid=620612465671283612&rdk=rk3&region=03&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&zoneId=5087048&c2=true&vpw=1280&vph=1024
IP
3.10.244.69:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1019)
Size
10 kB (10203 bytes)
Hash
c1f6f496b6ee53d820543d16d78d18ce
1053757e99b43ceddfc2bb582112f374b203ce58
bd275f56d69193cf7dd48d42aac799c3c82e30f05acb4cb9c5cf5828aa20eb88

HTTP Headers

GET /trk/3aaXhDsaBY714mUXMA89pND9?browser=firefox&browserVersion=105&campaignId=6359297&carrier=%3F&connectionType=broadband&cost=0.002240&country=NO&device=desktop&language=en&operatingSystem=windows&osVersion=win10&paid=620612465671283612&rdk=rk3&region=03&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&zoneId=5087048&c2=true&vpw=1280&vph=1024 HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://bnr.thedataclicks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 27 Nov 2022 06:04:25 GMT
content-type: text/html;charset=UTF-8
set-cookie: v=t; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Mon, 27 Nov 2023 06:04:23 GMT; Secure; SameSite=None
cas=2055:1791:1791:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Mon, 27 Nov 2023 06:04:23 GMT; Secure; SameSite=None
rls=259472:1791:1791:1|186890:1791:1791:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Mon, 27 Nov 2023 06:04:23 GMT; Secure; SameSite=None
com=9451:166:NO:1791:1791:1|1181:37:NO:1791:1791:1; Path=/; Domain=lnk.clickadsolutions.com; Max-Age=31536000; Expires=Mon, 27 Nov 2023 06:04:23 GMT; Secure; SameSite=None
content-language: en-US
X-Firefox-Spdy: h2

lnk.clickadsolutions.com/?bt=fnc.contextwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D1995%2526c%253Dhttps%25253A%25252F%25252Flampegiganten.no%2526b%253D6382fde75c7ea728c30a5fe8-RL-259472&log=false&type=ROTATOR_LINK&linkId=259472&clickId=6382fde75c7ea728c30a5fe8&br=false

3.10.244.69

200 OK

1.6 kB

URL HTTP/2
lnk.clickadsolutions.com/?bt=fnc.contextwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D1995%2526c%253Dhttps%25253A%25252F%25252Flampegiganten.no%2526b%253D6382fde75c7ea728c30a5fe8-RL-259472&log=false&type=ROTATOR_LINK&linkId=259472&clickId=6382fde75c7ea728c30a5fe8&br=false
IP
3.10.244.69:0
ASN
#16509 AMAZON-02

File type
data
Size
1.6 kB (1615 bytes)
Hash
9c53a4429b9b3bf0c9837cf19e7374e9
3ea0b8e6ed0139a25dd77260a5529ca460515920
97cd67900158a241b05c0b095b7b019141aa70984abe8d32949fbca12e056759

HTTP Headers

GET /?bt=fnc.contextwidget.tech&ref=&friend=&u=as.ad4m.at%252Fad%252Ftur%253Fa%253D1995%2526c%253Dhttps%25253A%25252F%25252Flampegiganten.no%2526b%253D6382fde75c7ea728c30a5fe8-RL-259472&log=false&type=ROTATOR_LINK&linkId=259472&clickId=6382fde75c7ea728c30a5fe8&br=false HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/3aaXhDsaBY714mUXMA89pND9?browser=firefox&browserVersion=105&campaignId=6359297&carrier=%3F&connectionType=broadband&cost=0.002240&country=NO&device=desktop&language=en&operatingSystem=windows&osVersion=win10&paid=620612465671283612&rdk=rk3&region=03&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&zoneId=5087048&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=2055:1791:1791:1; rls=259472:1791:1791:1|186890:1791:1791:1; com=9451:166:NO:1791:1791:1|1181:37:NO:1791:1791:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 06:04:25 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 06:04:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 06:04:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 06:04:25 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/collect?v=1&tid=UA-104249065-2&t=pageview&ds=web&aip=1&cs=referral&cm=4220&cn=%28not+set%29&cc=%28not+set%29&dh=www.sparnet.no&dp=%2F&dt=Sparnet.no+%7C+Multifunksjonelle+produkter+med+gratis+frakt%21&dr=lnk.funneldrivers.com%2Fref%2Fhttps%3A%2F%2Fwww.startsiden.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1836336262.1739277817

142.250.74.174

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&tid=UA-104249065-2&t=pageview&ds=web&aip=1&cs=referral&cm=4220&cn=%28not+set%29&cc=%28not+set%29&dh=www.sparnet.no&dp=%2F&dt=Sparnet.no+%7C+Multifunksjonelle+produkter+med+gratis+frakt%21&dr=lnk.funneldrivers.com%2Fref%2Fhttps%3A%2F%2Fwww.startsiden.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1836336262.1739277817
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&tid=UA-104249065-2&t=pageview&ds=web&aip=1&cs=referral&cm=4220&cn=%28not+set%29&cc=%28not+set%29&dh=www.sparnet.no&dp=%2F&dt=Sparnet.no+%7C+Multifunksjonelle+produkter+med+gratis+frakt%21&dr=lnk.funneldrivers.com%2Fref%2Fhttps%3A%2F%2Fwww.startsiden.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1836336262.1739277817 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 27 Nov 2022 02:42:56 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 12089
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/collect?cs=Adcontext&cc=259472&ck=42259&cm=Advanced+Store1&cn=Lampegiganten&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.lampegiganten.no&dp=%2F&dt=Lamper+og+belysning+til+hjemmet+%7C+Lampegiganten.no&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1323349755.1361893933

142.250.74.174

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?cs=Adcontext&cc=259472&ck=42259&cm=Advanced+Store1&cn=Lampegiganten&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.lampegiganten.no&dp=%2F&dt=Lamper+og+belysning+til+hjemmet+%7C+Lampegiganten.no&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1323349755.1361893933
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?cs=Adcontext&cc=259472&ck=42259&cm=Advanced+Store1&cn=Lampegiganten&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.lampegiganten.no&dp=%2F&dt=Lamper+og+belysning+til+hjemmet+%7C+Lampegiganten.no&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1323349755.1361893933 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 27 Nov 2022 02:42:56 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 12089
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/collect?cs=JustClick+Media&cc=186890&ck=42259&cm=Eficads&cn=Sparnet&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.sparnet.no&dp=%2F&dt=Sparnet.no+%7C+Multifunksjonelle+produkter+med+gratis+frakt%21&dr=lnk.funneldrivers.com%2Fref%2Fhttps%3A%2F%2Fwww.startsiden.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1983000566.1396401863

142.250.74.174

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?cs=JustClick+Media&cc=186890&ck=42259&cm=Eficads&cn=Sparnet&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.sparnet.no&dp=%2F&dt=Sparnet.no+%7C+Multifunksjonelle+produkter+med+gratis+frakt%21&dr=lnk.funneldrivers.com%2Fref%2Fhttps%3A%2F%2Fwww.startsiden.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1983000566.1396401863
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?cs=JustClick+Media&cc=186890&ck=42259&cm=Eficads&cn=Sparnet&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.sparnet.no&dp=%2F&dt=Sparnet.no+%7C+Multifunksjonelle+produkter+med+gratis+frakt%21&dr=lnk.funneldrivers.com%2Fref%2Fhttps%3A%2F%2Fwww.startsiden.no%2F&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1983000566.1396401863 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 27 Nov 2022 02:42:56 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 12089
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/collect?v=1&tid=UA-96033256-3&t=pageview&ds=web&aip=1&cs=referral&cm=4251&cn=%28not+set%29&cc=%28not+set%29&dh=www.lampegiganten.no&dp=%2F&dt=Lamper+og+belysning+til+hjemmet+%7C+Lampegiganten.no&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1534634480.181768814

142.250.74.174

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&tid=UA-96033256-3&t=pageview&ds=web&aip=1&cs=referral&cm=4251&cn=%28not+set%29&cc=%28not+set%29&dh=www.lampegiganten.no&dp=%2F&dt=Lamper+og+belysning+til+hjemmet+%7C+Lampegiganten.no&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1534634480.181768814
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&tid=UA-96033256-3&t=pageview&ds=web&aip=1&cs=referral&cm=4251&cn=%28not+set%29&cc=%28not+set%29&dh=www.lampegiganten.no&dp=%2F&dt=Lamper+og+belysning+til+hjemmet+%7C+Lampegiganten.no&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1534634480.181768814 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 27 Nov 2022 02:42:56 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 12089
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
0ee1d1a60ec1770ec3e880a25c257f5d
015b05feff63bdcf8fae4d1a8c0c83c923a2ca67
b6845619444a37f322c044933a44cf3fd283a18a54d03bad4f76a2ed8c2cbaf6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 06:04:26 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.r2m02.amazontrust.com/

54.230.80.227

200 OK

471 B

URL HTTP/1.1
ocsp.r2m02.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
913fc082511c011b431853139c04c155
26774795b3336abc16bab49e7671fa85a53822df
4898f4cc51e025a1eac4afa70b48eed5b1aeb4e421b9f4737382834f03552c17

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=147762
Date: Sun, 27 Nov 2022 06:04:26 GMT
Etag: "63829c1c-1d7"
Expires: Mon, 28 Nov 2022 23:07:08 GMT
Last-Modified: Sat, 26 Nov 2022 23:07:08 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: SHlIpeLK2vWmcTB-dPm2xA7O8Xt8gYsccVHmlUfAine8m18ME4Wieg==

ocsp.r2m02.amazontrust.com/

54.230.80.227

200 OK

471 B

URL HTTP/1.1
ocsp.r2m02.amazontrust.com/
IP
54.230.80.227:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
4b27fe6d43878ad3f33aeab3a80e46c7
054a7918ae8a2345e043182dd5eef6d657321c2e
00995b16138462bd97516e9f386a1a8a1a4bc56708fee1c3aa76235a3fb32952

HTTP Headers

POST / HTTP/1.1
Host: ocsp.r2m02.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=142067
Date: Sun, 27 Nov 2022 06:04:26 GMT
Etag: "638274b1-1d7"
Expires: Mon, 28 Nov 2022 21:32:13 GMT
Last-Modified: Sat, 26 Nov 2022 20:18:57 GMT
Server: ECS (dcb/7F84)
X-Cache: Miss from cloudfront
Via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: McDHVUnphWwNgIeltsmMAfCkpFfza_oq5DpkykxwXIzkJXJYJMV9RA==
Age: 4396

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
6fa0cc0b9efd04e0342d8e1623a96b20
ce3fe61fa792aa845777b4f802280ad71c4bc7b4
2e0f47324e46cf455e08074a4a3f646d1cafb8bf2b42d52499027abc32ae7777

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6452
Cache-Control: max-age=157438
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 06:04:26 GMT
Etag: "6382a8b4-118"
Expires: Tue, 29 Nov 2022 01:48:24 GMT
Last-Modified: Sun, 27 Nov 2022 00:00:52 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

280 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
280 B (280 bytes)
Hash
6fa0cc0b9efd04e0342d8e1623a96b20
ce3fe61fa792aa845777b4f802280ad71c4bc7b4
2e0f47324e46cf455e08074a4a3f646d1cafb8bf2b42d52499027abc32ae7777

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6452
Cache-Control: max-age=157438
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 06:04:26 GMT
Etag: "6382a8b4-118"
Expires: Tue, 29 Nov 2022 01:48:24 GMT
Last-Modified: Sun, 27 Nov 2022 00:00:52 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 280

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
73e80d14de186bc9c97b7d36c4446061
5acf48e1920703e5b1ec4bbf4839a02e7d25ebb2
b540ace8abd015221a41d363d94e6632265fe8c4ad19bf0a67ff980c832ac684

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6077
Cache-Control: max-age=146968
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 06:04:26 GMT
Etag: "63828145-116"
Expires: Mon, 28 Nov 2022 22:53:54 GMT
Last-Modified: Sat, 26 Nov 2022 21:12:37 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 278

ocsp2.globalsign.com/gsalphasha2g2

104.18.21.226

200 OK

1.4 kB

URL HTTP/1.1
ocsp2.globalsign.com/gsalphasha2g2
IP
104.18.21.226:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
1.4 kB (1423 bytes)
Hash
9a600041f2fd0015cf5446ef0ac08d41
2bad653deb1aced43387403beb973b0c66a65668
42b24ac75c5d0be77698a735370c96c98479d0ff04ee15f559119e6f6011f6ea

HTTP Headers

POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 27 Nov 2022 06:04:26 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Thu, 01 Dec 2022 04:20:30 GMT
ETag: "2bad653deb1aced43387403beb973b0c66a65668"
Last-Modified: Sun, 27 Nov 2022 04:20:31 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2237
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7708aa99dc38b50f-OSL

perf.af.funneldrivers.com/ts/i5043812/tsc?typ=r&amc=aff.eficads.373016.506668.CRT4hd3Uaqi&smc1=6382fde75c7ea728c30a5fe8-RL-186890&smc5=lnk.funneldrivers.com%2Fref%2Fwww.startsiden.no%2F

35.187.21.229

302 Found

0 B

URL HTTP/2
perf.af.funneldrivers.com/ts/i5043812/tsc?typ=r&amc=aff.eficads.373016.506668.CRT4hd3Uaqi&smc1=6382fde75c7ea728c30a5fe8-RL-186890&smc5=lnk.funneldrivers.com%2Fref%2Fwww.startsiden.no%2F
IP
35.187.21.229:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ts/i5043812/tsc?typ=r&amc=aff.eficads.373016.506668.CRT4hd3Uaqi&smc1=6382fde75c7ea728c30a5fe8-RL-186890&smc5=lnk.funneldrivers.com%2Fref%2Fwww.startsiden.no%2F HTTP/1.1
Host: perf.af.funneldrivers.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lnk.funneldrivers.com/ref/www.startsiden.no/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site

HTTP/2 302 Found
date: Sun, 27 Nov 2022 06:04:26 GMT
content-length: 0
location: https://clk.tradedoubler.com/click?p=298092&a=3103310&g=24550594&epi=2211270604265620685&f=0
set-cookie: tsc=kk!HrAC5hWEBM0!AQ|CrJA!A!Mw!~Jav6K6eo*2DKV7eIw18J0!DKV7yVWCBM0*2MQZ; Max-Age=31536000; Expires=Mon, 27-Nov-2023 06:04:26 GMT; Domain=af.funneldrivers.com; Path=/
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, private, post-check=0, pre-check=0
pragma: no-cache
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 27 Nov 2022 06:04:26 GMT
x-xss-protection: 0
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7dccb2a3ca71be4e41290db3b21df05c
3216c20039c194bda237ca7fadabf7da7a404759
1495fb7899356aac1537b3b2252831d2b25effbc1203705be745c5dd22ab9020

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1495FB7899356AAC1537B3B2252831D2B25EFFBC1203705BE745C5DD22AB9020"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2338
Expires: Sun, 27 Nov 2022 06:43:24 GMT
Date: Sun, 27 Nov 2022 06:04:26 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
73e80d14de186bc9c97b7d36c4446061
5acf48e1920703e5b1ec4bbf4839a02e7d25ebb2
b540ace8abd015221a41d363d94e6632265fe8c4ad19bf0a67ff980c832ac684

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6077
Cache-Control: max-age=146968
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 06:04:26 GMT
Etag: "63828145-116"
Expires: Mon, 28 Nov 2022 22:53:54 GMT
Last-Modified: Sat, 26 Nov 2022 21:12:37 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 278

clk.tradedoubler.com/click?p=298092&a=3103310&g=24550594&epi=2211270604265620685&f=0

35.186.231.97

302 Found

295 B

URL HTTP/2
clk.tradedoubler.com/click?p=298092&a=3103310&g=24550594&epi=2211270604265620685&f=0
IP
35.186.231.97:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with no line terminators
Size
295 B (295 bytes)
Hash
b11c4e448bf547e23e9e5c6b5814ed5e
cc47fd35bd690ae0defbc3c61c3278fe07ffe427
0b9469b5f8467ba1bcb558334fe964164160e34531d095570b040ff15839ce23

HTTP Headers

GET /click?p=298092&a=3103310&g=24550594&epi=2211270604265620685&f=0 HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.funneldrivers.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
location: https://www.sparnet.no/tradedoubler_redirect_no.php?tduid=e0e982c7c8bcaae4fdc054f6286160e4
set-cookie: EH_0=1z11z1zxIz1ocCxoz1MmCyZrffE3tyEb2_J8mZiq%79Yi6miq8YTLO1im1Lk1M%7aveMHYQ8KuO1T_.ttR8Zb.TZvwsAsTla7x%7aulGmFTN8aXSb2Y5t2pFHI.7;expires=Mon, 27-Nov-2023 06:04:26 GMT;path=/;domain=.tradedoubler.com
GUID=1z11zzxIzBFnS3ze0e982c7c8bcaae4fdc054f6286160e4;expires=Mon, 27-Nov-2023 06:04:26 GMT;path=/;domain=.tradedoubler.com
TradeDoublerGUID=e0e982c7c8bcaae4fdc054f6286160e4;expires=Mon, 27-Nov-2023 06:04:26 GMT;path=/;domain=.tradedoubler.com
server: TXServerHttp
access-control-allow-origin: *
cache-control: private, max-age=0
pragma: no-cache
p3p: policyref="http://tracker.tradedoubler.com/w3c/p3p.xml",CP="NOI DSP COR NID CUR OUR NOR"
referrer-policy: origin
date: Sun, 27 Nov 2022 06:04:26 GMT
content-length: 295
content-type: text/html; charset=ISO-8859-1
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
7dccb2a3ca71be4e41290db3b21df05c
3216c20039c194bda237ca7fadabf7da7a404759
1495fb7899356aac1537b3b2252831d2b25effbc1203705be745c5dd22ab9020

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1495FB7899356AAC1537B3B2252831D2B25EFFBC1203705BE745C5DD22AB9020"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2338
Expires: Sun, 27 Nov 2022 06:43:24 GMT
Date: Sun, 27 Nov 2022 06:04:26 GMT
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

143.204.42.158

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
143.204.42.158:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
e056d532149237e6f240b99e20897d00
93e300cccff0ddf2cc7f16b4c17447b151db6326
0d5e99cb3cb47a46af6c869a69f0f027f168d443fc79869b8feaf2d554d07790

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=117757
Date: Sun, 27 Nov 2022 06:04:26 GMT
Etag: "638217e4-1d7"
Expires: Mon, 28 Nov 2022 14:47:03 GMT
Last-Modified: Sat, 26 Nov 2022 13:43:00 GMT
Server: ECS (dcb/7F39)
X-Cache: Miss from cloudfront
Via: 1.1 f46f7100ad6fc83a021f62212f945830.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: USUVraw_nNxekiCTiYp-0lYMwnq85Dew_c2VIyTDIpfDvOJmH6--xg==
Age: 3843

api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CeZCoKNWhQyhVtpJSZKWwD4td8S9nrngKiFAMnjYYtSfV&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.lampegiganten.no

143.204.55.112

303 See Other

0 B

URL HTTP/2
api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CeZCoKNWhQyhVtpJSZKWwD4td8S9nrngKiFAMnjYYtSfV&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.lampegiganten.no
IP
143.204.55.112:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CeZCoKNWhQyhVtpJSZKWwD4td8S9nrngKiFAMnjYYtSfV&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.lampegiganten.no HTTP/1.1
Host: api.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fnc.contextwidget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 303 See Other
content-length: 0
location: https://www.lampegiganten.no
x-gravitee-transaction-id: e8e2da41-1109-411c-a2da-411109d11cda
x-gravitee-request-id: e8e2da41-1109-411c-a2da-411109d11cda
clickid: 107698149_1669529066924_5483098
accept-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
set-cookie: datadome=5zmSgODYyAlHx3gPDZvWcBu9WnIcOwWDno2XYyE3uJ16BiiFDbR5FCkE0-vqTD9afrQVswuH0ODVKduK6WvvW3j-Yfu1wTh61vrDdxgxQ4iaC-wMLdbKfnXoB5xzwy8X; Max-Age=31536000; Expires=Mon, 27 Nov 2023 06:04:26 GMT; SameSite=Lax; Path=/; Domain=.kelkoo.net; Secure
kelkooID=a4c6295-184b7afddac-19e099; Max-Age=31536000; Expires=Mon, 27 Nov 2023 06:04:26 GMT; SameSite=None; Path=/; Domain=kelkoogroup.net; Secure; HTTPOnly
x-datadome: protected
request-time: PT0.011316S
x-robots-tag: noindex,nofollow
referrer-policy: origin-when-cross-origin
x-frame-options: DENY
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
date: Sun, 27 Nov 2022 06:04:26 GMT
x-cache: Miss from cloudfront
via: 1.1 d4fd24ae65d4d2b97cfdea8d2f0c21a6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: wjxy_vFR5SeS9D7deDUcpANg_9KvGmmSCPyazndnGOZ33KYKkpEllg==
X-Firefox-Spdy: h2

de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.lampegiganten.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidZZ7pCwfBfRPbpT3tzc4cDCZPMF6SJtRfJoneid_6382fde75c7ea728c30a5fe8-RL-259472

35.156.26.226

302 Found

503 B

URL HTTP/2
de.trck.one/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.lampegiganten.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidZZ7pCwfBfRPbpT3tzc4cDCZPMF6SJtRfJoneid_6382fde75c7ea728c30a5fe8-RL-259472
IP
35.156.26.226:0
ASN
#16509 AMAZON-02

File type
data
Size
503 B (503 bytes)
Hash
49a1a1bed4cdc2ef99118fa7870bc396
a00fceb00cf50ff9caec0ec2e57f150dbbbe3838
eac0b313ce1fe3c42db234ec2a12968e4563510064a615b497b3be63b322f24a

HTTP Headers

GET /redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.lampegiganten.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidZZ7pCwfBfRPbpT3tzc4cDCZPMF6SJtRfJoneid_6382fde75c7ea728c30a5fe8-RL-259472 HTTP/1.1
Host: de.trck.one
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://fnc.contextwidget.tech/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Sun, 27 Nov 2022 06:04:26 GMT
content-type: text/html; charset=UTF-8
location: https://api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&custom2=3CeZCoKNWhQyhVtpJSZKWwD4td8S9nrngKiFAMnjYYtSfV&id=e4e2e5c6-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https://www.lampegiganten.no
server: nginx
cache-control: no-cache, private
X-Firefox-Spdy: h2

www.sparnet.no/tradedoubler_redirect_no.php?tduid=e0e982c7c8bcaae4fdc054f6286160e4

109.205.183.31

302 Found

0 B

URL HTTP/2
www.sparnet.no/tradedoubler_redirect_no.php?tduid=e0e982c7c8bcaae4fdc054f6286160e4
IP
109.205.183.31:0
ASN
#51167 Contabo GmbH

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tradedoubler_redirect_no.php?tduid=e0e982c7c8bcaae4fdc054f6286160e4 HTTP/1.1
Host: www.sparnet.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lnk.funneldrivers.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
server: nginx
date: Sun, 27 Nov 2022 06:04:27 GMT
content-type: text/html; charset=UTF-8
content-length: 0
set-cookie: TRADEDOUBLERNO=e0e982c7c8bcaae4fdc054f6286160e4; expires=Mon, 27-Nov-2023 06:04:27 GMT; Max-Age=31536000; path=/; domain=.www.sparnet.no
location: https://www.sparnet.no
vary: User-Agent
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
d8e8d024300aa4ac49c4a83b2380cbfb
650c3244352068ad029d257f41912261aefb9308
6faaa51c052705aec72ad5513a0236d32dc091b70a67d844c16cf9bee2f1f3ce

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=127248
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 06:04:27 GMT
Etag: "63824bfb-116"
Expires: Mon, 28 Nov 2022 17:25:15 GMT
Last-Modified: Sat, 26 Nov 2022 17:25:15 GMT
Server: nginx
Content-Length: 278

ocsp.digicert.com/

93.184.220.29

200 OK

278 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
278 B (278 bytes)
Hash
d8e8d024300aa4ac49c4a83b2380cbfb
650c3244352068ad029d257f41912261aefb9308
6faaa51c052705aec72ad5513a0236d32dc091b70a67d844c16cf9bee2f1f3ce

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1
Cache-Control: max-age=127248
Content-Type: application/ocsp-response
Date: Sun, 27 Nov 2022 06:04:27 GMT
Etag: "63824bfb-116"
Expires: Mon, 28 Nov 2022 17:25:15 GMT
Last-Modified: Sat, 26 Nov 2022 17:25:15 GMT
Server: ECS (ska/F704)
X-Cache: HIT
Content-Length: 278

142.250.74.174

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?v=1&tid=UA-96033256-3&t=pageview&ds=web&aip=1&cs=referral&cm=4251&cn=%28not+set%29&cc=%28not+set%29&dh=www.lampegiganten.no&dp=%2F&dt=Lamper+og+belysning+til+hjemmet+%7C+Lampegiganten.no&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1534634480.181768814
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?v=1&tid=UA-96033256-3&t=pageview&ds=web&aip=1&cs=referral&cm=4251&cn=%28not+set%29&cc=%28not+set%29&dh=www.lampegiganten.no&dp=%2F&dt=Lamper+og+belysning+til+hjemmet+%7C+Lampegiganten.no&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1534634480.181768814 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 27 Nov 2022 02:42:56 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 12091
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

142.250.74.174

200 OK

35 B

URL HTTP/2
www.google-analytics.com/collect?cs=Adcontext&cc=259472&ck=42259&cm=Advanced+Store1&cn=Lampegiganten&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.lampegiganten.no&dp=%2F&dt=Lamper+og+belysning+til+hjemmet+%7C+Lampegiganten.no&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1323349755.1361893933
IP
142.250.74.174:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
35 B (35 bytes)
Hash
28d6814f309ea289f847c69cf91194c6
0f4e929dd5bb2564f7ab9c76338e04e292a42ace
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

HTTP Headers

GET /collect?cs=Adcontext&cc=259472&ck=42259&cm=Advanced+Store1&cn=Lampegiganten&tid=UA-207042490-1&v=1&t=pageview&ds=web&aip=1&dh=www.lampegiganten.no&dp=%2F&dt=Lamper+og+belysning+til+hjemmet+%7C+Lampegiganten.no&dr=&vp=1280x1024&sr=1280x1024&je=0&ul=en-US&cid=1323349755.1361893933 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
pragma: no-cache
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 35
date: Sun, 27 Nov 2022 02:42:56 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
age: 12091
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

as.ad4m.at/ad/tur?a=1995&c=https%3A%2F%2Flampegiganten.no&b=6382fde75c7ea728c30a5fe8-RL-259472

104.26.10.209

307 Temporary Redirect

0 B

URL HTTP/2
as.ad4m.at/ad/tur?a=1995&c=https%3A%2F%2Flampegiganten.no&b=6382fde75c7ea728c30a5fe8-RL-259472
IP
104.26.10.209:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /ad/tur?a=1995&c=https%3A%2F%2Flampegiganten.no&b=6382fde75c7ea728c30a5fe8-RL-259472 HTTP/1.1
Host: as.ad4m.at
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fnc.contextwidget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 307 Temporary Redirect
date: Sun, 27 Nov 2022 06:04:26 GMT
location: https://www.smartredirect.de/redir/clickGate.php?u=RkkuMW4M&m=1&p=Fr5xngjWXe&t=iRhdghTT&url=https%3A%2F%2Fwww.lampegiganten.no&r=https%3A%2F%2Fwww.advancedstore.com&s=oneidZZ7pCwfBfRPbpT3tzc4cDCZPMF6SJtRfJoneid_6382fde75c7ea728c30a5fe8-RL-259472
x-download-options: noopen
cross-origin-opener-policy: unsafe-none
strict-transport-security: max-age=86400; includeSubDomains; preload
vary: accept-encoding
report-to: {"endpoints":[{"url":"/ad/vre"}],"group":"report-endpoint","max_age":86400}
cross-origin-embedder-policy: unsafe-none
nel: {"failure_fraction":"1.0","max_age":86400,"report_to":"report-endpoint","success_fraction":"0.0","include_subdomains":true}
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
referrer-policy: no-referrer-when-downgrade
x-xss-protection: 1; mode=block
expires: 0
surrogate-control: no-store
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7708aa996bb1b505-OSL
X-Firefox-Spdy: h2

www.lampegiganten.no/

104.18.22.160

200 OK

0 B

URL HTTP/2
www.lampegiganten.no/
IP
104.18.22.160:0
ASN
#13335 CLOUDFLARENET

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET / HTTP/1.1
Host: www.lampegiganten.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://fnc.contextwidget.tech/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 27 Nov 2022 06:04:27 GMT
content-type: text/html; charset=UTF-8
p3p: CP="CAO PSA OUR"
x-frame-options: SAMEORIGIN
x-cache-doesi: 1, 1
x-build: 2458
x-content-type-options: : nosniff
x-xss-protection: : 1; mode=block
x-prefresh: 
vary: Accept-Encoding
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: Mon, 31 Mar 2008 10:00:00 GMT
age: 0
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7708aa9db976b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

www.sparnet.no/

109.205.183.31

200 OK

0 B

URL HTTP/2
www.sparnet.no/
IP
109.205.183.31:0
ASN
#51167 Contabo GmbH

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET / HTTP/1.1
Host: www.sparnet.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lnk.funneldrivers.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Sun, 27 Nov 2022 06:04:28 GMT
content-type: text/html; charset=utf-8
content-length: 30101
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
x-frame-options: SAMEORIGIN
set-cookie: zenid=egfh1f4r9h3s7r8lrq5pgku9sr; path=/; domain=.www.sparnet.no; secure; HttpOnly
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-powered-by: PHP/7.4.33, PleskLin
X-Firefox-Spdy: h2

lnk.clickadsolutions.com/?bt=lnk.funneldrivers.com&ref=https%3A%2F%2Fwww.startsiden.no%2F&friend=&u=perf.af.funneldrivers.com%252Fts%252Fi5043812%252Ftsc%253Ftyp%253Dr%2526amc%253Daff.eficads.373016.506668.CRT4hd3Uaqi%2526smc1%253D6382fde75c7ea728c30a5fe8-RL-186890%2526smc5%253Dlnk.funneldrivers.com%25252Fref%25252Fwww.startsiden.no%25252F&log=false&type=ROTATOR_LINK&linkId=186890&clickId=6382fde75c7ea728c30a5fe8&br=false

3.10.244.69

200 OK

0 B

URL HTTP/2
lnk.clickadsolutions.com/?bt=lnk.funneldrivers.com&ref=https%3A%2F%2Fwww.startsiden.no%2F&friend=&u=perf.af.funneldrivers.com%252Fts%252Fi5043812%252Ftsc%253Ftyp%253Dr%2526amc%253Daff.eficads.373016.506668.CRT4hd3Uaqi%2526smc1%253D6382fde75c7ea728c30a5fe8-RL-186890%2526smc5%253Dlnk.funneldrivers.com%25252Fref%25252Fwww.startsiden.no%25252F&log=false&type=ROTATOR_LINK&linkId=186890&clickId=6382fde75c7ea728c30a5fe8&br=false
IP
3.10.244.69:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /?bt=lnk.funneldrivers.com&ref=https%3A%2F%2Fwww.startsiden.no%2F&friend=&u=perf.af.funneldrivers.com%252Fts%252Fi5043812%252Ftsc%253Ftyp%253Dr%2526amc%253Daff.eficads.373016.506668.CRT4hd3Uaqi%2526smc1%253D6382fde75c7ea728c30a5fe8-RL-186890%2526smc5%253Dlnk.funneldrivers.com%25252Fref%25252Fwww.startsiden.no%25252F&log=false&type=ROTATOR_LINK&linkId=186890&clickId=6382fde75c7ea728c30a5fe8&br=false HTTP/1.1
Host: lnk.clickadsolutions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/trk/3aaXhDsaBY714mUXMA89pND9?browser=firefox&browserVersion=105&campaignId=6359297&carrier=%3F&connectionType=broadband&cost=0.002240&country=NO&device=desktop&language=en&operatingSystem=windows&osVersion=win10&paid=620612465671283612&rdk=rk3&region=03&userAgent=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A105.0%29+Gecko%2F20100101+Firefox%2F105.0&zoneId=5087048&c2=true&vpw=1280&vph=1024
Cookie: v=t; cas=2055:1791:1791:1; rls=259472:1791:1791:1|186890:1791:1791:1; com=9451:166:NO:1791:1791:1|1181:37:NO:1791:1791:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Sun, 27 Nov 2022 06:04:25 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2

fnc.contextwidget.tech/

52.202.106.26

200 OK

0 B

URL HTTP/2
fnc.contextwidget.tech/
IP
52.202.106.26:0
ASN
#14618 AMAZON-AES

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

POST / HTTP/1.1
Host: fnc.contextwidget.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 210
Origin: https://lnk.clickadsolutions.com
Connection: keep-alive
Referer: https://lnk.clickadsolutions.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Sun, 27 Nov 2022 06:04:26 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (5)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (62)

URL HTTP/1.1

IP

ASN

File type

Size

Hash

Detections

HTTP Headers

URL HTTP/1.1

IP

ASN

File type

Size

Hash

HTTP Headers

URL HTTP/1.1

IP

ASN

File type