Report - links.xtradenudes.com/c/sPw/L69/ULcSg4YKGhPl5qpvXJFbvy/c/oiY4V/F/3ac3ab28

Report Overview

Submitted URL
links.xtradenudes.com/c/sPw/L69/ULcSg4YKGhPl5qpvXJFbvy/c/oiY4V/F/3ac3ab28
IP
91.199.51.171
ASN
#47544 IQ PL Sp. z o.o.
Submitted
2022-12-01 15:50:40
Access
Website Title
Final URL
Tags
None
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
stats.g.doubleclick.net	96	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.2 kB	1.4 kB	64.233.165.156
links.xtradenudes.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	404 B	702 B	91.199.51.171
r3.o.lencr.org	344	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.4 kB	6.2 kB	23.36.77.32
ocsp.digicert.com	86	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	682 B	1.6 kB	93.184.220.29
ocsp.sca1b.amazontrust.com	1015	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	700 B	2.0 kB	54.230.245.39
touchhh.com	343279	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	729 B	577 B	54.230.111.99
ocsp.pki.goog	175	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	5.5 kB	11 kB	142.250.74.131
static.dating	232879	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	458 B	183 kB	35.227.221.175
api.samlesamtykke.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.4 kB	7.6 kB	35.195.163.35
firefox.settings.services.mozilla.com	867	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	782 B	2.4 kB	34.102.187.140
contile.services.mozilla.com	1114	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	333 B	229 B	34.117.237.239
push.services.mozilla.com	2140	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	606 B	127 B	35.166.172.24
go.trklinkcm.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.3 kB	2.5 kB	172.255.248.105
moartraffic.engine.adglare.net	288459	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	1.1 kB	1.5 kB	85.17.172.82
www.google-analytics.com	40	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.2 kB	22 kB	142.250.74.110
www.kosoghygge.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.5 kB	366 kB	34.149.196.159
samlesamtykke.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	390 B	4.3 kB	35.195.163.35
content-signature-2.cdn.mozilla.net	1152	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	413 B	5.8 kB	34.160.144.191
go.xtradenudes.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	2.5 kB	9.3 kB	64.188.52.46
img-getpocket.cdn.mozilla.net	1631	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	3.8 kB	84 kB	34.120.237.76
sonofasgaard.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	560 B	817 B	52.223.42.168
www.google.com	7	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	800 B	2.4 kB	142.250.74.132
fonts.gstatic.com	unknown	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	948 B	33 kB	142.250.74.163
www.google.no	25607	0001-01-01T00:00:00Z	0001-01-01T00:00:00Z	519 B	694 B	142.250.74.67

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

Scan Date	Severity	Indicator	Alert
2022-12-01	medium	links.xtradenudes.com/c/sPw/L69/ULcSg4YKGhPl5qpvXJFbvy/c/oiY4V/F/3ac3ab28	Phishing
2022-12-01	medium	go.xtradenudes.com/native.history.js	Phishing
2022-12-01	medium	go.xtradenudes.com/go.min.js	Phishing

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

JavaScript (24)

	URL	Size	First Seen	Last Seen
	www.kosoghygge.com/landing6?pi=101670&pt1=pt9cbf127efdcf4d43b08f4fec441ac999&pe=	147 B	2023-03-07	2024-04-15
Pretty URL www.kosoghygge.com/landing6?pi=101670&pt1=pt9cbf127efdcf4d43b08f4fec441ac999&pe= IP 34.149.196.159 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:25 Last Seen2024-04-15 10:45:38 Times Seen881 Hash b85aa80cb826211a36318337793411db e34920a6965fb7b9102be2dcde8ae363e4355686 e4de3377c03566f32b347f14973f5e998466e585c9bbd27f7dc9099ecf77e7a2 Loading...

	www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js	409 kB	2023-03-08	2023-03-17
Pretty URL www.gstatic.com/recaptcha/releases/Km9gKuG06He-isPsP6saG8cn/recaptcha__en.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:22:03 Last Seen2023-03-17 23:14:58 Times Seen1 Hash b2507198388fcc94ca9e94ed4c5561c5 8853fc86f1c616bd20a73e3e24442036fd90fd2f 02c7565a86d6d3a80295b85161d78fc88d8c79a0e314c0c7777570237a365ed0 Loading...

	samlesamtykke.com/cc.js?wId=7NAbiKFF1VQ7gWk99P3mAj&domain=kosoghygge.com&languageCode=nb&languageTerritory=NO&sessionId=6d2d678b67f4426c9c43be8b69f824be	120 kB	2023-03-11	2023-03-11
Pretty URL samlesamtykke.com/cc.js?wId=7NAbiKFF1VQ7gWk99P3mAj&domain=kosoghygge.com&languageCode=nb&languageTerritory=NO&sessionId=6d2d678b67f4426c9c43be8b69f824be IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:40:01 Last Seen2023-03-11 23:40:01 Times Seen1 Hash df7db1dd08cd0bd23a35cb75f4af5889 78bf500e1e3b30ee903fef5e317101a1db7b64e6 239a0562f17ce6a92df27483b863f07a5e55a5c1633a6d2d9da69aa18c382ded Loading...

	www.google-analytics.com/analytics.js	50 kB	2023-03-08	2024-04-18
Pretty URL www.google-analytics.com/analytics.js IP 142.250.74.110 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 05:22:31 Last Seen2024-04-18 18:02:16 Times Seen1511 Hash fda30e8a22c9bcd954fd8d0fadd0e77c ae47cd34cbde081a48d7f92fc80aaf06a1381193 b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719 Loading...

	go.xtradenudes.com/go.min.js	306 B	2023-03-07	2023-12-01
Pretty URL go.xtradenudes.com/go.min.js IP 64.188.52.46 ASN #30602 ISPRIME Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:42:41 Last Seen2023-12-01 22:24:59 Times Seen68 Hash b8891bcb893d3ee2806e7989a3031af3 de5aab743d1bd13e45a864f7413a83b215b2cb1a ccfb01fbbefd9557045ec789bdaadcca96ca9da1b27ba23c6082a58f86b90df0 Loading...

	www.google.com/recaptcha/enterprise.js	940 B	2023-03-08	2023-03-11
Pretty URL www.google.com/recaptcha/enterprise.js IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:44:20 Last Seen2023-03-11 23:49:52 Times Seen1 Hash 75a90b1e912eb5f2ff5d8b1af4582b2f 5202873f4248a39a873376a62e6714a96f1d81aa 2fc343e8c57974b1c39fad7ccf4a5b15af74e862b2006f5d3e6aff8e242c8d46 Loading...

	www.kosoghygge.com/landers/js/landing006.js	75 kB	2023-03-08	2023-03-12
Pretty URL www.kosoghygge.com/landers/js/landing006.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 15:48:26 Last Seen2023-03-12 18:28:12 Times Seen1 Hash 9025bf122d89612ab551964a1cfb56b2 f4c06d63f7ce2724b416b39816f2b967b6cd4d5f c0ed651c5f3bdcd16783b9fd0e9c383e66a4ce4fe944c31bc9963e67c490b23b Loading...

	www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s&co=aHR0cHM6Ly93d3cua29zb2doeWdnZS5jb206NDQz&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=z3k0rfh1p5b2	35 kB	2023-03-11	2023-03-11
Pretty URL www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s&co=aHR0cHM6Ly93d3cua29zb2doeWdnZS5jb206NDQz&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=z3k0rfh1p5b2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:40:01 Last Seen2023-03-11 23:40:01 Times Seen1 Hash d6561d34395ddd6efbc2a3ba704415a2 a8292486c061a41c757ba0d8af0e5de0efbb1e6d a6335849e0737a29f9f82919dc248645c95bb92b9ccc7ed8529c57880b6cbbc6 Loading...

	landers.cdnware.io/media-registry.js	113 kB	2023-03-08	2023-03-11
Pretty URL landers.cdnware.io/media-registry.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:45:44 Last Seen2023-03-11 23:40:01 Times Seen1 Hash 91d38339f17a4d9df1b09b2e1ed322c4 874ecc1d01cb6105ee799e984d586251d0879316 3be2f51f7f4d9db7c98c53fb80571780596c7e6187e9135f3dcd3654cb21a145 Loading...

	www.kosoghygge.com/landing6?pi=101670&pt1=pt9cbf127efdcf4d43b08f4fec441ac999&pe=	6.0 kB	2023-03-11	2023-05-23
Pretty URL www.kosoghygge.com/landing6?pi=101670&pt1=pt9cbf127efdcf4d43b08f4fec441ac999&pe= IP 34.149.196.159 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:40:01 Last Seen2023-05-23 03:21:58 Times Seen3 Hash 96ac99035a8a3c816384f1a6f864bfc9 b5449a29e18a7ccac9a0a25c2ad727f43e9e97f2 6371dffef67c6e65c5e1d43a44860b74a0dbb07b91925c7347113e7cc1ed0be6 Loading...

	www.google.com/recaptcha/enterprise.js?render=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s	974 B	2023-03-08	2023-03-11
Pretty URL www.google.com/recaptcha/enterprise.js?render=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s IP 142.250.74.132 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 14:45:44 Last Seen2023-03-11 23:40:01 Times Seen1 Hash 1a9ee77c852b8a5094d68c80a621e89f e348bbac4d7c63305759b139e305b50599add4ed aef33c40cb2d75df098a90b20ef601bc4192c278afc33466f28f524ba38ca826 Loading...

	www.kosoghygge.com/landing6?pi=101670&pt1=pt9cbf127efdcf4d43b08f4fec441ac999&pe=	103 B	2023-03-07	2024-04-15
Pretty URL www.kosoghygge.com/landing6?pi=101670&pt1=pt9cbf127efdcf4d43b08f4fec441ac999&pe= IP 34.149.196.159 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:25 Last Seen2024-04-15 10:45:38 Times Seen525 Hash b375c74456053411ec5414e21ecf870f 00a6b32dd64dbf1470f439ce9fa89c712500eebc a200a9bc6b415237c4571f14eb0eaa8f0f0fcfcd7eeafa8860441a805e4a144f Loading...

	www.kosoghygge.com/landing6?pi=101670&pt1=pt9cbf127efdcf4d43b08f4fec441ac999&pe=	103 B	2023-03-07	2024-04-15
Pretty URL www.kosoghygge.com/landing6?pi=101670&pt1=pt9cbf127efdcf4d43b08f4fec441ac999&pe= IP 34.149.196.159 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:25 Last Seen2024-04-15 10:45:38 Times Seen405 Hash 7c30234b7bf626af1abf57d402628101 631dbf3c494a82cb7ce1c84de335ec50feff2f38 dc87051dc947ab8cdb9093cc5b02fa705d0ec2453052986be2beaa380a644f2c Loading...

	unknown	0 B	2023-03-07	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:01:59 Last Seen2024-04-18 20:16:45 Times Seen36946844 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s&co=aHR0cHM6Ly93d3cua29zb2doeWdnZS5jb206NDQz&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=z3k0rfh1p5b2	75 B	2023-03-07	2024-04-18
Pretty URL www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s&co=aHR0cHM6Ly93d3cua29zb2doeWdnZS5jb206NDQz&hl=en&v=Km9gKuG06He-isPsP6saG8cn&size=invisible&cb=z3k0rfh1p5b2 IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:15:59 Last Seen2024-04-18 15:32:31 Times Seen10269 Hash dca9d53787fff314e5bd1a123b28906a 1350c858f60bbb03d1b53b05cbad6cea82ff29d1 2475d902b4182bac667d464a44c89ee405e5cfd64156b30f811557cf2b347e2f Loading...

	go.xtradenudes.com/native.history.js	22 kB	2023-03-07	2024-02-07
Pretty URL go.xtradenudes.com/native.history.js IP 64.188.52.46 ASN #30602 ISPRIME Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:06:59 Last Seen2024-02-07 04:52:40 Times Seen95 Hash 4391c3ebd46fb772c788c32d1885afdd 824d318a296d3ae4bc8023f254d61a94818e0866 968c9f4d687c2584b5073a12074aa9d18601af83399d4b6c420b022ecda05f7f Loading...

	go.xtradenudes.com/go.php?t=43140&aid=135765&sid=47291_Zone2014_TemplatemqzEg3z9OC&clickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&hts_id=	860 B	2023-03-11	2023-03-11
Pretty URL go.xtradenudes.com/go.php?t=43140&aid=135765&sid=47291_Zone2014_TemplatemqzEg3z9OC&clickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&hts_id= IP 64.188.52.46 ASN #30602 ISPRIME Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:40:01 Last Seen2023-03-11 23:40:01 Times Seen1 Hash ccfbb4d3a6d06458f70c78e840c7be02 564da0ca1a40d3e6c972a0ae5a2c77da8b51532d a63a60e0f5815e21ef19edb7b59b48c4666bc6bd4b14a64ac8cbb0688da69b38 Loading...

	moartraffic.engine.adglare.net/?832641573=&ag_custom_moaraid=135765&ag_custom_moart=48359&ag_custom_moarsid=47291_Zone2014_TemplatemqzEg3z9OC&ag_custom_moarclickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&ag_custom_moarhtsid=930928a3-2765-4178-b664-01d2331334cd&ag_custom_moarpid=&ag_custom_moaruserid=&ag_custom_moarhx=&xk=6091d015683bbb258bdcae07c4641c1d&bn=38&gu=http%3A%2F%2Fgo.xtradenudes.com%2Fgo.php%3Ft%3D43140%26aid%3D135765%26sid%3D47291_Zone2014_TemplatemqzEg3z9OC%26clickid%3D5fbf2ab17dea6d619c4d8e0c50249ff1-ma%26hts_id%3D930928a3-2765-4178-b664-01d2331334cd&clickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&i18n_country=NO&hts_id=930928a3-2765-4178-b664-01d2331334cd	650 B	2023-03-11	2023-03-11
Pretty URL moartraffic.engine.adglare.net/?832641573=&ag_custom_moaraid=135765&ag_custom_moart=48359&ag_custom_moarsid=47291_Zone2014_TemplatemqzEg3z9OC&ag_custom_moarclickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&ag_custom_moarhtsid=930928a3-2765-4178-b664-01d2331334cd&ag_custom_moarpid=&ag_custom_moaruserid=&ag_custom_moarhx=&xk=6091d015683bbb258bdcae07c4641c1d&bn=38&gu=http%3A%2F%2Fgo.xtradenudes.com%2Fgo.php%3Ft%3D43140%26aid%3D135765%26sid%3D47291_Zone2014_TemplatemqzEg3z9OC%26clickid%3D5fbf2ab17dea6d619c4d8e0c50249ff1-ma%26hts_id%3D930928a3-2765-4178-b664-01d2331334cd&clickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&i18n_country=NO&hts_id=930928a3-2765-4178-b664-01d2331334cd IP 85.17.172.82 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-11 23:40:01 Last Seen2023-03-11 23:40:01 Times Seen1 Hash cd03ba184bcae686c41c76a879188417 9327c58f5aaab3aabaf1659e9578abc13218db2c 5e8171e7ca22c2ab9131bcafbc56a47e088c3cc7d1d6952ef5f58593fed8c1a2 Loading...

	www.kosoghygge.com/landing6?pi=101670&pt1=pt9cbf127efdcf4d43b08f4fec441ac999&pe=	308 B	2023-03-07	2024-04-15
Pretty URL www.kosoghygge.com/landing6?pi=101670&pt1=pt9cbf127efdcf4d43b08f4fec441ac999&pe= IP 34.149.196.159 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:09:25 Last Seen2024-04-15 10:45:38 Times Seen819 Hash 8a81377a647bdea836809865c62d171b dd72dda89aacfe74746d2c73421ea55a23ab313d 9c7aa944eeb31b5765d0c1674cdc445dff6dd572a6fe897f6d5137ce181d44a9 Loading...

		Size	First Seen	Last Seen
	#1 Eval - f7656e08f419dab0921bcffc274655f4	22 B	2023-03-08	2023-03-17
Pretty Observations First Seen2023-03-08 14:22:03 Last Seen2023-03-17 23:14:58 Times Seen1 Hash f7656e08f419dab0921bcffc274655f4 5acf6b5d541b60f71be9ac794938821eb3bfbdcd c4e7ca158015332be1df536c970a209b44cb4744fae720ed1caaefdc87f37f93 Loading...

	#2 Eval - 558876e87f19c3b999905179e0802e2b	17 kB	2023-03-11	2023-03-11
Pretty Observations First Seen2023-03-11 23:40:01 Last Seen2023-03-11 23:40:01 Times Seen1 Hash 558876e87f19c3b999905179e0802e2b d08d2e11a89a4feefab6833d961ac4e3ddb7ab28 68755b73c46b59ec0f3641bb0b177be5790e2ea668dbba53997ae6deef296efb Loading...

	#3 Eval - 806f2d97105b300b4b5c594b860841ff	16 kB	2023-03-08	2023-03-17
Pretty Observations First Seen2023-03-08 14:22:03 Last Seen2023-03-17 23:14:58 Times Seen1 Hash 806f2d97105b300b4b5c594b860841ff d89d7c7eea801d1e1ff172b2cbe554e4e3606ee2 ac67106da7775f013b7cb9730c8cde5cfa186d74c2bff74fe27579bb046366be Loading...

	#4 Eval - ae29ed92f6bcf000b77945d046e689b4	64 B	2023-03-08	2023-03-17
Pretty Observations First Seen2023-03-08 14:22:03 Last Seen2023-03-17 23:14:58 Times Seen1 Hash ae29ed92f6bcf000b77945d046e689b4 a4d4bd1aa2d7a4fae1ef26244a5cb8f40d62ea91 14ed98b8b82987bce49c9e6a0f9b620434ec92ad83e9815037257823fe34071e Loading...

	#5 Eval - e838c48a2ad3ca7b3611c5c2c8b63fe4	22 B	2023-03-08	2023-03-17
Pretty Observations First Seen2023-03-08 14:22:03 Last Seen2023-03-17 23:14:58 Times Seen1 Hash e838c48a2ad3ca7b3611c5c2c8b63fe4 3e54acc073cfa8db68daf806991e34eeef26d115 d8fc182869d21957579c2a09eae263e41ab53e4c30c4ffa96d93584a64eb6f77 Loading...

HTTP Transactions (76)

URL IP Response Size

links.xtradenudes.com/c/sPw/L69/ULcSg4YKGhPl5qpvXJFbvy/c/oiY4V/F/3ac3ab28

91.199.51.171

302 Found

275 B

URL HTTP/1.1
links.xtradenudes.com/c/sPw/L69/ULcSg4YKGhPl5qpvXJFbvy/c/oiY4V/F/3ac3ab28
IP
91.199.51.171:0
ASN
#47544 IQ PL Sp. z o.o.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
275 B (275 bytes)
Hash
22be26fdb446116d2d2e3709fceb2c66
ee1fff8ee8c2e29618964d5fd83e464291893d20
713aeec2f1f256e04e5570a3e770d5c2670a58b8e3301a98819069e0fe56e95b

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /c/sPw/L69/ULcSg4YKGhPl5qpvXJFbvy/c/oiY4V/F/3ac3ab28 HTTP/1.1
Host: links.xtradenudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://go.xtradenudes.com/go.php?t=43140&aid=135765&sid=47291_Zone2014_TemplatemqzEg3z9OC&clickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&hts_id=
Set-Cookie: TEMP_DATA=81f2d9a1-e457-4830-9144-c40adfc7c599; path=/
esg1=sPw/L69/ULcSg4YKGhPl5qpvXJFbvy/c/oiY4V/F/5ff9ba6a; path=/
Date: Thu, 01 Dec 2022 15:50:27 GMT
Content-Length: 275

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
3bbb845b153026fc5332dd4506585b57
3cad200fac28fd00f34ce6ef79373e661e188743
6035871c0de6ff2d120921461207cfa32bc286e1fe78849ce74815ffbb9ff950

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6035871C0DE6FF2D120921461207CFA32BC286E1FE78849CE74815FFBB9FF950"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14728
Expires: Thu, 01 Dec 2022 19:55:55 GMT
Date: Thu, 01 Dec 2022 15:50:27 GMT
Connection: keep-alive

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
0c748388899e8a8d3680355da2ea5020
903c620cd137613daafb0da0508c37b2f4a67212
39eab80e022a9a1732872d9926b0ace80f818ec5c535e36a18b539ea63786fb2

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2324
Cache-Control: max-age=155969
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:27 GMT
Etag: "63888270-1d7"
Expires: Sat, 03 Dec 2022 11:09:56 GMT
Last-Modified: Thu, 01 Dec 2022 10:31:12 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
55b4c61a1e99001307750e3647fe1102
7559f9f6770b7d3f45b723167062096312641e08
39f6bb64420bcfc8f0b010168fd35b67732984cd0698409f04d5ae40410422aa

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "39F6BB64420BCFC8F0B010168FD35B67732984CD0698409F04D5AE40410422AA"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6602
Expires: Thu, 01 Dec 2022 17:40:29 GMT
Date: Thu, 01 Dec 2022 15:50:27 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

34.102.187.140

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
14cd9a0afb6ba9a763651d5112760d1e
75d7b104ab9ab11fbb73c3f348b43b0119b5adfa
4e32a117106be587ffcd63239c16a8117eb7840830d4c9decf6527761967532e

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Alert, Backoff, Content-Length, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 01 Dec 2022 15:19:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1841
alt-svc: clear
X-Firefox-Spdy: h2

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: /0Am0179A9PJY2mLv7tmf6f9bv8IuD0kiNrZ58kVLDP1bPWOqpJ8xP9JFI8VLQKi7KSdJCUy01A=
x-amz-request-id: GHSQ3DQKYQJVH6X9
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 01 Dec 2022 15:46:19 GMT
age: 248
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 01 Dec 2022 15:50:28 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
1278ae60d6b83edbd63faf6f2804cdaa
34fb3b736538311f2d1faaa2350e96e86935ca67
d38e52bc9347faeee66bd7e32f1e4efd92de3f171ded54cea47a5b3cd17b6505

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D38E52BC9347FAEEE66BD7E32F1E4EFD92DE3F171DED54CEA47A5B3CD17B6505"
Last-Modified: Thu, 01 Dec 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13653
Expires: Thu, 01 Dec 2022 19:38:01 GMT
Date: Thu, 01 Dec 2022 15:50:28 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

34.102.187.140

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
34.102.187.140:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, ETag, Alert, Expires, Cache-Control, Backoff, Content-Length, Content-Type, Pragma, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 01 Dec 2022 15:08:56 GMT
cache-control: public,max-age=3600
age: 2492
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.digicert.com/

93.184.220.29

200 OK

471 B

URL HTTP/1.1
ocsp.digicert.com/
IP
93.184.220.29:0
ASN
#15133 EDGECAST

File type
data
Size
471 B (471 bytes)
Hash
1f88399f3fdd89dbb9ca1229cb67143a
325c9dbfd932cf9a6fb9fab2dd8e27083f55a9a3
831ecd45dcd2d5ae2ae86cd63ea5e94ecd85281b7e51054af5df9a6386fb8d79

HTTP Headers

POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2303
Cache-Control: max-age=150884
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:28 GMT
Etag: "63886ea9-1d7"
Expires: Sat, 03 Dec 2022 09:45:12 GMT
Last-Modified: Thu, 01 Dec 2022 09:06:49 GMT
Server: ECS (ska/F707)
X-Cache: HIT
Content-Length: 471

push.services.mozilla.com/

35.166.172.24

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
35.166.172.24:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: wTDviY1YkjpPxJjzM9nDig==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: aMkiDhfkyuP7mJ1ncKAgtXCpNHM=

go.xtradenudes.com/go.php?t=43140&aid=135765&sid=47291_Zone2014_TemplatemqzEg3z9OC&clickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&hts_id=

64.188.52.46

200 OK

609 B

URL HTTP/1.1
go.xtradenudes.com/go.php?t=43140&aid=135765&sid=47291_Zone2014_TemplatemqzEg3z9OC&clickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&hts_id=
IP
64.188.52.46:0
ASN
#30602 ISPRIME

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (698)
Size
609 B (609 bytes)
Hash
69addefa3f23e1649e7c3746360d6962
b068ff93d6038c168480097a7cea55c7ab1ca886
6ce02fbb86296a19b0737d6c83afd5a14a9c179c2d1ad939b47eddcf32f8e76a

HTTP Headers

GET /go.php?t=43140&aid=135765&sid=47291_Zone2014_TemplatemqzEg3z9OC&clickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&hts_id= HTTP/1.1
Host: go.xtradenudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 15:50:28 GMT
server: Apache
set-cookie: bdreff=NONE; expires=Tue, 30-May-2023 15:50:28 GMT; Max-Age=15552000; path=/; domain=.xtradenudes.com
tour=48359; expires=Tue, 30-May-2023 15:50:28 GMT; Max-Age=15552000; path=/; domain=.xtradenudes.com
affsubid=135765-47291_Zone2014_TemplatemqzEg3z9OC; expires=Tue, 30-May-2023 15:50:28 GMT; Max-Age=15552000; path=/; domain=.xtradenudes.com
bdvisit=135765; expires=Fri, 02-Dec-2022 15:50:28 GMT; Max-Age=86400; path=/; domain=.xtradenudes.com
bdcounter=1; expires=Fri, 02-Dec-2022 15:50:28 GMT; Max-Age=86400; path=/; domain=.xtradenudes.com
xk=6091d015683bbb258bdcae07c4641c1d; expires=Tue, 30-May-2023 15:50:28 GMT; Max-Age=15552000; path=/; domain=.xtradenudes.com
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT
x-robots-tag: otherbot: noindex, nofollow, googlebot: noindex, nofollow
vary: Accept-Encoding
content-encoding: gzip
content-length: 609
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff

go.xtradenudes.com/native.history.js

64.188.52.46

200 OK

6.5 kB

URL HTTP/1.1
go.xtradenudes.com/native.history.js
IP
64.188.52.46:0
ASN
#30602 ISPRIME

File type
ASCII text, with very long lines (22102), with no line terminators
Size
6.5 kB (6519 bytes)
Hash
8353bbacfdb868f80448dcdb30c2e2d2
7232562be4f0f7a1aaa403c9d6c5d2ed17345cfd
fd7be3058aae52c67b43703962b3b6039b0ac2709a82a68a150aebae3e19ae38

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /native.history.js HTTP/1.1
Host: go.xtradenudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.xtradenudes.com/go.php?t=43140&aid=135765&sid=47291_Zone2014_TemplatemqzEg3z9OC&clickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&hts_id=
Cookie: bdreff=NONE; tour=48359; affsubid=135765-47291_Zone2014_TemplatemqzEg3z9OC; bdvisit=135765; bdcounter=1; xk=6091d015683bbb258bdcae07c4641c1d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 15:50:29 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
content-length: 6519
x-content-type-options: nosniff

go.xtradenudes.com/go.min.js

64.188.52.46

200 OK

221 B

URL HTTP/1.1
go.xtradenudes.com/go.min.js
IP
64.188.52.46:0
ASN
#30602 ISPRIME

File type
ASCII text, with very long lines (305)
Size
221 B (221 bytes)
Hash
77d3c60f4f2cc6ab7f7c0f9187dfd6fe
7a8ce851238850aeadfb637638c52891aeb53c42
98de9958ac1d81fdeea1f165dfe95f2da4d7e592f452d7c8ca699a1c914e3f2e

Detections

Analyzer	Verdict	Alert
fortinet	Phishing

HTTP Headers

GET /go.min.js HTTP/1.1
Host: go.xtradenudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.xtradenudes.com/go.php?t=43140&aid=135765&sid=47291_Zone2014_TemplatemqzEg3z9OC&clickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&hts_id=
Cookie: bdreff=NONE; tour=48359; affsubid=135765-47291_Zone2014_TemplatemqzEg3z9OC; bdvisit=135765; bdcounter=1; xk=6091d015683bbb258bdcae07c4641c1d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 15:50:29 GMT
server: Apache
vary: Accept-Encoding
content-encoding: gzip
content-type: application/javascript
content-length: 221
x-content-type-options: nosniff

go.xtradenudes.com/favicon.ico

64.188.52.46

200 OK

198 B

URL HTTP/1.1
go.xtradenudes.com/favicon.ico
IP
64.188.52.46:0
ASN
#30602 ISPRIME

File type
MS Windows icon resource - 1 icon, 16x16, 2 colors\012- data
Size
198 B (198 bytes)
Hash
c6acedaff906029fc5455d9ec52c7f42
92cbd806ca421aa2c9ff5e1ff76bbc20913a2f81
9deb629637088856fe61dc868bf40a7d21ed942e4117659f3d6c3408f59b906b

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: go.xtradenudes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.xtradenudes.com/go.php?t=43140&aid=135765&sid=47291_Zone2014_TemplatemqzEg3z9OC&clickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&hts_id=
Cookie: bdreff=NONE; tour=48359; affsubid=135765-47291_Zone2014_TemplatemqzEg3z9OC; bdvisit=135765; bdcounter=1; xk=6091d015683bbb258bdcae07c4641c1d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin

HTTP/1.1 200 OK
date: Thu, 01 Dec 2022 15:50:29 GMT
server: Apache
last-modified: Thu, 01 Dec 2022 13:53:13 GMT
etag: "c6-5eec48ad5efbe"
accept-ranges: bytes
content-length: 198
content-type: image/vnd.microsoft.icon
x-content-type-options: nosniff

go.trklinkcm.com/aff_f?h=zrjkyB&aff_sub5=email&click_id=5fbf2ab17dea6d619c4d8e0c50249ff1-ma|135765_51404_47291_Zone2014_TemplatemqzEg3z9OC

172.255.248.105

302 Found

376 B

URL HTTP/1.1
go.trklinkcm.com/aff_f?h=zrjkyB&aff_sub5=email&click_id=5fbf2ab17dea6d619c4d8e0c50249ff1-ma|135765_51404_47291_Zone2014_TemplatemqzEg3z9OC
IP
172.255.248.105:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with very long lines (376), with no line terminators
Size
376 B (376 bytes)
Hash
6a8bb4cf2caf804f22c0ddb5494b9601
3c50543e45c731e1040ee9fbec20f14f29b9bbd2
7e53a736a28062633f6c0fd9ee77cbaedd0cdbebf19ca3c2fd344351cc151d6a

HTTP Headers

GET /aff_f?h=zrjkyB&aff_sub5=email&click_id=5fbf2ab17dea6d619c4d8e0c50249ff1-ma|135765_51404_47291_Zone2014_TemplatemqzEg3z9OC HTTP/1.1
Host: go.trklinkcm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://moartraffic.engine.adglare.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 01 Dec 2022 15:50:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 376
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: language=en; Domain=go.trklinkcm.com; Path=/; Expires=Sat, 31 Dec 2022 15:50:30 GMT
flow_id=zrjkyB; Domain=go.trklinkcm.com; Path=/; Expires=Sat, 31 Dec 2022 15:50:30 GMT
Location: aff_c?aff_id=36594&offer_id=7460&url_id=0&aff_sub5=email&click_id=5fbf2ab17dea6d619c4d8e0c50249ff1-ma%7C135765_51404_47291_Zone2014_TemplatemqzEg3z9OC
Vary: Accept
Cache-Control: no-store, no-cache

go.trklinkcm.com/aff_c?aff_id=36594&offer_id=7460&url_id=0&aff_sub5=email&click_id=5fbf2ab17dea6d619c4d8e0c50249ff1-ma%7C135765_51404_47291_Zone2014_TemplatemqzEg3z9OC

172.255.248.105

302 Found

274 B

URL HTTP/1.1
go.trklinkcm.com/aff_c?aff_id=36594&offer_id=7460&url_id=0&aff_sub5=email&click_id=5fbf2ab17dea6d619c4d8e0c50249ff1-ma%7C135765_51404_47291_Zone2014_TemplatemqzEg3z9OC
IP
172.255.248.105:0
ASN
#7979 SERVERS-COM

File type
HTML document, ASCII text, with no line terminators
Size
274 B (274 bytes)
Hash
b47e5820ed42d23273ab0a3582a0933f
2a7d461052c10a8185915f3766cd3c3377287b3c
0fa4c4e99dd864ac7a52d6ebafc852b3715a4b41b47c6e6be51dc2b815c2ac2a

HTTP Headers

GET /aff_c?aff_id=36594&offer_id=7460&url_id=0&aff_sub5=email&click_id=5fbf2ab17dea6d619c4d8e0c50249ff1-ma%7C135765_51404_47291_Zone2014_TemplatemqzEg3z9OC HTTP/1.1
Host: go.trklinkcm.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://moartraffic.engine.adglare.net/
Connection: keep-alive
Cookie: language=en; flow_id=zrjkyB
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 01 Dec 2022 15:50:30 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 274
Connection: keep-alive
X-DNS-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Download-Options: noopen
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: language=en; Domain=go.trklinkcm.com; Path=/; Expires=Sat, 31 Dec 2022 15:50:30 GMT
test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
7460=37_36594_7460_110d2ee47781a1e9d7426f3cd2ac3c59; Domain=go.trklinkcm.com; Path=/; Expires=Sat, 31 Dec 2022 15:50:30 GMT
op_7460=0; Domain=go.trklinkcm.com; Path=/; Expires=Sat, 31 Dec 2022 15:50:30 GMT
user_id=73d259c5-e9e9-4bf6-b34e-48bcaead756c_eea4dd5dc6a7fb22e39fd3b2a1c9095f; Domain=go.trklinkcm.com; Path=/; Expires=Tue, 30 Nov 2027 15:50:30 GMT; Secure; SameSite=None
Location: https://sonofasgaard.com/?a=101670&c=111970&s1=36594_&s2=37_36594_7460_110d2ee47781a1e9d7426f3cd2ac3c59
Vary: Accept
Cache-Control: no-store, no-cache

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15050
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 15:50:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15050
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 15:50:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15050
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 15:50:30 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.77.32

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.77.32:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
ecab83d593cc540b02689be5be7abc8a
81cda579b7b9b22332b85266b0126585f3d3f73f
d469c5adb69f261084b016f8e24edf8b69b62d9f930ca2d85cf35375e2303ecc

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D469C5ADB69F261084B016F8E24EDF8B69B62D9F930CA2D85CF35375E2303ECC"
Last-Modified: Thu, 01 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15050
Expires: Thu, 01 Dec 2022 20:01:20 GMT
Date: Thu, 01 Dec 2022 15:50:30 GMT
Connection: keep-alive

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.39:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
09bdd75619a065b8ea8cf123ca58301a
736f40c4982b0cac57c7673d25bdd185ea6a0110
f23f3bfcaf5d537dcf2fefa972a8f9609e3c729752b107f6c1eb482baabebd29

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=121223
Date: Thu, 01 Dec 2022 15:50:30 GMT
Etag: "638803cd-1d7"
Expires: Sat, 03 Dec 2022 01:30:53 GMT
Last-Modified: Thu, 01 Dec 2022 01:30:53 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: J5ZFg4SRW4kxAqn6M0cBTuVXm6vl-aVcWIa7BzAgY8QQ6ftirMjniw==

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg

34.120.237.76

200 OK

8.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.7 kB (8740 bytes)
Hash
26d6dffbf400da4803a2e76e2a8ef2f8
2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8
04c6e31623fe48cbe83dc91635bfa47b337590f18919995b08d5bde27e929e03

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F600016d1-5abb-4a6c-996a-933a8d4bc6df.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8740
x-amzn-requestid: 4823cf63-98eb-40d3-bb8b-e09cd2262f36
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7SqHjYIAMF8xw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830c10-316b213c33ce9bc2355c0900;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:04:48 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: tK4wl-g5kcUhVFE3iZGILhZhZSsaMzQD9JTBHj1JXV95yXs_e3gMGw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 559326ad73233233a9e52cb9e8601ede.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 12:31:43 GMT
age: 11927
etag: "2e62f9ed8f5e7b2f888a73320dd98b0cda9303b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (12898 bytes)
Hash
820cf89fcab8380adff42982c9fb11ed
84241ddddbbfd7de30118307fb1a62800d0a4cb3
0d051495f06ac84de934283b40cbfee7a042d32153a73486dd7c017430e882d8

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F83cd87b8-4041-419b-ab34-9f8e5a326f4b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 12898
x-amzn-requestid: 9b594c3c-6b8c-4589-8fcb-b3d7518b46f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cQZBNFxToAMF_9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63833ba1-767f510d72eef86d0cc892df;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 10:27:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: gsn5uUFEzDZDOMPTvW9UQxtccvRfJKUM4eJ8U99jvUGzNIKkF9SzeA==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:49:20 GMT
age: 64870
etag: "84241ddddbbfd7de30118307fb1a62800d0a4cb3"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

13 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
13 kB (13411 bytes)
Hash
328ce221bcf3442f88d09373193ff594
63bfa2ea925aa2c188c664a7bf7af7b0e5417e60
21d5b5ec267430dba91b17f89a557aca5cd2a21535da18eb02ec69ed0e1b7371

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb53953-3f6b-43ee-95d9-fb65d133745f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 13411
x-amzn-requestid: 17fcc4e1-76c1-4eca-9235-c1a513bca24a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbz80FCQoAMFs1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cd1e-26da4f265d74215f31425eb9;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:37:34 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MttRByNp1C1ZeFFicFVa0w3XRyXJnUycPy2Izk8hzGEgXGdDqD3L3A==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 12a392bc3a7281f8d5d4591bfadc41fc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:48:17 GMT
age: 64933
etag: "63bfa2ea925aa2c188c664a7bf7af7b0e5417e60"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

9.7 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
9.7 kB (9674 bytes)
Hash
5508d05a290b663fd89ead9b58f2efd8
53650399f9a986ba54addd668b4557109d12003b
65704a961410fdd318c491fedf002c8e9b184cd34b76fe1b67026d42ce21be3f

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F966ff24e-ea85-4a2e-aead-22f1a723c59f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 9674
x-amzn-requestid: 7e7d0183-9667-462a-8d44-d125998c1ae3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cYgEoHVAoAMFvAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63867a1d-280ba97e3fe1bf7244cbde35;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 21:31:09 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: qftF-GQkcjKTs30KMGCTDymw2SVSXeAYKGNWUnaMfvIb8HjtfHUx8A==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:44:47 GMT
age: 65143
etag: "53650399f9a986ba54addd668b4557109d12003b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

16 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
16 kB (16038 bytes)
Hash
ffd12f9c423ffc627d9e3b3145944fe4
5cf9a7a784952e1bb0cbe499104f1774b1269d08
a25f1b752d9af599aefd73073c105853130f1759905269de3d582d2eb35fe167

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb0e1339e-3c63-4033-8b5b-e21137509777.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 16038
x-amzn-requestid: 9d34c42b-ba0c-498f-8f99-d4ab527ffa89
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cbzMdHXNIAMFgaw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6387cbe9-376846f31dc9b995797cbd18;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 21:32:25 GMT
x-amz-cf-pop: SEA19-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DngCuOTO9fQAwWe_ip6EtBcgruigZN6Bl1_v5BHM2dsWlhqCXCL3gg==
via: 1.1 efcf7b9d0f917f9ebf314db03e52d9b6.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Wed, 30 Nov 2022 21:45:33 GMT
age: 65097
etag: "5cf9a7a784952e1bb0cbe499104f1774b1269d08"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.8 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.8 kB (4762 bytes)
Hash
d2dd5a4bcfd47db8f38544bf39ce3031
fa2217bae05b7beca2e12597eaad835298276b82
3266004f5e73af5359b71622eea31f1e28abb4bbc443b5f9e481b5a8b2e9249e

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F051e025a-c892-4a7d-8a1d-95f6d77ebb3c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4762
x-amzn-requestid: b7c0e28a-de0d-443d-8bf4-900a964bf110
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cP7uSFcMoAMF2CQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63830cc1-7abade3a670201cf1906b79f;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 07:07:45 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: gZSkafSw8cXo9AChLOTVJW7r_hHLW8kaHlA-ED2_zFJwuUk1uS3VRw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 98aedae6661e3904540676966998ed88.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 13:29:36 GMT
age: 8454
etag: "fa2217bae05b7beca2e12597eaad835298276b82"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ocsp.sca1b.amazontrust.com/

54.230.245.39

200 OK

471 B

URL HTTP/1.1
ocsp.sca1b.amazontrust.com/
IP
54.230.245.39:0
ASN
#16509 AMAZON-02

File type
data
Size
471 B (471 bytes)
Hash
36e5eb63cfa3ce7b9b0ff4b55811b6d5
8793b01ce46434564be02ee9ff4f68706f1915ef
726f132047c91e937925687e295975ffb125ac11d0cf5b31efa9354ea448e9ef

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=132014
Date: Thu, 01 Dec 2022 15:50:30 GMT
Etag: "63882df4-1d7"
Expires: Sat, 03 Dec 2022 04:30:44 GMT
Last-Modified: Thu, 01 Dec 2022 04:30:44 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: tduWMh2qTWojotYTw4b1fPdL4FqVJkshFmBy-1HFuKY6ps2cy2Hf4w==

sonofasgaard.com/?a=101670&c=111970&s1=36594_&s2=37_36594_7460_110d2ee47781a1e9d7426f3cd2ac3c59

52.223.42.168

302 Found

0 B

URL HTTP/2
sonofasgaard.com/?a=101670&c=111970&s1=36594_&s2=37_36594_7460_110d2ee47781a1e9d7426f3cd2ac3c59
IP
52.223.42.168:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?a=101670&c=111970&s1=36594_&s2=37_36594_7460_110d2ee47781a1e9d7426f3cd2ac3c59 HTTP/1.1
Host: sonofasgaard.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://moartraffic.engine.adglare.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 302 Found
date: Thu, 01 Dec 2022 15:50:30 GMT
content-length: 0
location: https://www.kosoghygge.com/landing6?pi=101670&pt1=pt9cbf127efdcf4d43b08f4fec441ac999&pe=
server: nginx/1.18.0
set-cookie: pt30=ffe3275d88874e23a3433c073d956a98; Max-Age=2592000; Expires=Sat, 31-Dec-2022 15:50:30 GMT; Domain=sonofasgaard.com; Path=/; Secure; HttpOnly; SameSite=None
ptc=ffe3275d88874e23a3433c073d956a98; Max-Age=157680000; Expires=Tue, 30-Nov-2027 15:50:30 GMT; Domain=sonofasgaard.com; Path=/; Secure; HttpOnly; SameSite=None
ptbs=ffe3275d88874e23a3433c073d956a98; Domain=sonofasgaard.com; Path=/; Secure; HttpOnly; SameSite=None
ptr=pt9cbf127efdcf4d43b08f4fec441ac999; Max-Age=157680000; Expires=Tue, 30-Nov-2027 15:50:30 GMT; Domain=sonofasgaard.com; Path=/; Secure; HttpOnly; SameSite=None
X-Firefox-Spdy: h2

touchhh.com/touch?type=4&hts_id=930928a3-2765-4178-b664-01d2331334cd&traffic_risk_score=-alpha&zone_id=832641573&campaign_id=379404298&creative_id=614262650&zone_name=Zone2014+Dating+Email+clicks+on+MyHornySingles&campaign_name=Email+Zone2014+Cpamatica+Email+Smartlink+External+Performance+ROW+CATCHALL+on+Dating

54.230.111.99

200 OK

68 B

URL HTTP/2
touchhh.com/touch?type=4&hts_id=930928a3-2765-4178-b664-01d2331334cd&traffic_risk_score=-alpha&zone_id=832641573&campaign_id=379404298&creative_id=614262650&zone_name=Zone2014+Dating+Email+clicks+on+MyHornySingles&campaign_name=Email+Zone2014+Cpamatica+Email+Smartlink+External+Performance+ROW+CATCHALL+on+Dating
IP
54.230.111.99:0
ASN
#16509 AMAZON-02

File type
PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Size
68 B (68 bytes)
Hash
91e42db1c66c0b276abf6234dc50b2eb
c1986af3c26609b8b7d8933f99c51c1a89e9ea6b
63ef318d96b5d0d0ceba6e04a4e622b1158335cdc67c49e27839132c6f655058

HTTP Headers

POST /touch?type=4&hts_id=930928a3-2765-4178-b664-01d2331334cd&traffic_risk_score=-alpha&zone_id=832641573&campaign_id=379404298&creative_id=614262650&zone_name=Zone2014+Dating+Email+clicks+on+MyHornySingles&campaign_name=Email+Zone2014+Cpamatica+Email+Smartlink+External+Performance+ROW+CATCHALL+on+Dating HTTP/1.1
Host: touchhh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://moartraffic.engine.adglare.net
Connection: keep-alive
Referer: https://moartraffic.engine.adglare.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 200 OK
content-type: image/png
content-length: 68
date: Thu, 01 Dec 2022 15:50:30 GMT
x-amzn-requestid: 0154b3c0-54f4-40b2-96c4-a76603f6e353
x-amz-apigw-id: ceUDBGsuoAMFbnA=
cache-control: no-store, max-age=0
x-amzn-trace-id: Root=1-6388cd46-797bbe223b65944e2742bcf7;Sampled=0
x-cache: Miss from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: LDeG0bs6mjk73Ss27Mjng3GMLiqJbUOOTU811E2_tPQO-zQ7XQWVpA==
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/YTAlbojFjIQ

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/YTAlbojFjIQ
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
23ffecad663fdff230cf157878ed8e63
9c4a83ab4e579468da782484a452bb5d40d46b2b
9fc41dfdc483014184c220096e9d3687c8bd19c9ab47961720d66eb873085a56

HTTP Headers

POST /s/gts1d4/YTAlbojFjIQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:30 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.kosoghygge.com/img/logo.png

34.149.196.159

200 OK

4.9 kB

URL HTTP/2
www.kosoghygge.com/img/logo.png
IP
34.149.196.159:0
ASN
#15169 GOOGLE

File type
PNG image data, 300 x 110, 8-bit/color RGBA, non-interlaced\012- data
Size
4.9 kB (4908 bytes)
Hash
c1b75be98c7f9e5d3e02ad75196adace
e1150e306cd385e3a282a3cc6cbbbcb7eacf8969
5b7df3cd104e71cace5988ef0e37584be81142aba4d007b6e45a1770605342de

HTTP Headers

GET /img/logo.png HTTP/1.1
Host: www.kosoghygge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:50:31 GMT
server: Apache/2.4.54 (Ubuntu)
vary: X-Forwarded-Proto
last-modified: Wed, 30 Nov 2022 15:53:51 GMT
etag: "132c-5eeb21c673e37"
accept-ranges: bytes
content-length: 4908
x-ua-compatible: IE=edge,chrome=1
content-type: image/png
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16c3ad4a2bc7f419fb354b37778f8b2f
d193a1336556dcf6b4975a057e7c849037eef0ff
5993deb5a53b2e844b9027a6b6906c718f6e9f69c27388199c4343a80ef067f6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.kosoghygge.com/landers/images/loader/loading.gif

34.149.196.159

200 OK

2.9 kB

URL HTTP/2
www.kosoghygge.com/landers/images/loader/loading.gif
IP
34.149.196.159:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 128 x 15\012- data
Size
2.9 kB (2892 bytes)
Hash
62b08454087f1ef8b27bd2bcda330537
cac1914632f4c859f6176a84078f1017bad069f8
06f91f1bc360e7c486515b416a564445652e40585f94f2d089239b981d6421f6

HTTP Headers

GET /landers/images/loader/loading.gif HTTP/1.1
Host: www.kosoghygge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:44:02 GMT
server: nginx/1.14.2
content-type: image/gif
content-length: 2892
last-modified: Fri, 25 Nov 2022 13:53:24 GMT
etag: "6380c8d4-b4c"
x-cacheable: YES
cache-control: max-age=300
xkey: lander
x-varnish: 46297233 46653388
age: 0
x-cache: HIT
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
16c3ad4a2bc7f419fb354b37778f8b2f
d193a1336556dcf6b4975a057e7c849037eef0ff
5993deb5a53b2e844b9027a6b6906c718f6e9f69c27388199c4343a80ef067f6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.kosoghygge.com/landers/images/general/google-logo.svg

34.149.196.159

200 OK

688 B

URL HTTP/2
www.kosoghygge.com/landers/images/general/google-logo.svg
IP
34.149.196.159:0
ASN
#15169 GOOGLE

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (688), with no line terminators
Size
688 B (688 bytes)
Hash
686f8efa6e3e28e96d1c08399e8d353d
4524589b0dceefb6ae6389f36634441df69152d5
0cf576a5dab9315daac7ffe29d29ed585e0ff9850e59408d0f25f38dc1da037b

HTTP Headers

GET /landers/images/general/google-logo.svg HTTP/1.1
Host: www.kosoghygge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:50:31 GMT
server: nginx/1.14.2
content-type: image/svg+xml
content-length: 688
last-modified: Fri, 25 Nov 2022 13:53:20 GMT
etag: "6380c8d0-2b0"
x-cacheable: YES
cache-control: max-age=300
xkey: lander
x-varnish: 46979115
age: 0
x-cache: MISS
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
X-Firefox-Spdy: h2

www.google.com/recaptcha/enterprise.js?render=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s

142.250.74.132

200 OK

615 B

URL HTTP/2
www.google.com/recaptcha/enterprise.js?render=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (974), with no line terminators
Size
615 B (615 bytes)
Hash
12cf17eb9bc37587c261a8eb9915fdfa
ff41835a2880e29786ccc84f24960a05359ec514
9b889bab60ea9af3a7a3396efe083d5730203b15b62ac3ea3de8a5277045ed06

HTTP Headers

GET /recaptcha/enterprise.js?render=6Lc2aYkcAAAAANp1JsXLqbWbhNIDzi_7RBy95c-s HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Thu, 01 Dec 2022 15:50:31 GMT
date: Thu, 01 Dec 2022 15:50:31 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 615
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google.com/recaptcha/enterprise.js

142.250.74.132

200 OK

584 B

URL HTTP/2
www.google.com/recaptcha/enterprise.js
IP
142.250.74.132:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (940), with no line terminators
Size
584 B (584 bytes)
Hash
e5e9ee886751f4f03357d871b36bae88
ecf4bf78e0470851e88bd35f93f3a8f07404ed5b
a21471c991e1ef0cea3d6aa963994f7891864cdab6df7219af2becc3023bfe42

HTTP Headers

GET /recaptcha/enterprise.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
expires: Thu, 01 Dec 2022 15:50:31 GMT
date: Thu, 01 Dec 2022 15:50:31 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 584
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/YTAlbojFjIQ

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/YTAlbojFjIQ
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
23ffecad663fdff230cf157878ed8e63
9c4a83ab4e579468da782484a452bb5d40d46b2b
9fc41dfdc483014184c220096e9d3687c8bd19c9ab47961720d66eb873085a56

HTTP Headers

POST /s/gts1d4/YTAlbojFjIQ HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:31 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.kosoghygge.com/landers/css/vegas.min.css

34.149.196.159

200 OK

1.8 kB

URL HTTP/2
www.kosoghygge.com/landers/css/vegas.min.css
IP
34.149.196.159:0
ASN
#15169 GOOGLE

File type
data
Size
1.8 kB (1779 bytes)
Hash
77ef89dfd6fec7bff5603b911b325932
d3aedabd2a12970cc67dc705ae6f5fadfd309401
0807e6a8f96108d1817ea2ab38e41bc0f51bbc139b7241cbab22c3e4f1618515

HTTP Headers

GET /landers/css/vegas.min.css HTTP/1.1
Host: www.kosoghygge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:50:31 GMT
server: nginx/1.14.2
content-type: text/css
last-modified: Fri, 25 Nov 2022 13:53:20 GMT
etag: W/"6380c8d0-2e20"
content-encoding: gzip
x-cacheable: YES
cache-control: max-age=300
xkey: lander
vary: Accept-Encoding
x-varnish: 94575328
age: 0
x-cache: MISS
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.kosoghygge.com/landing6?pi=101670&pt1=pt9cbf127efdcf4d43b08f4fec441ac999&pe=

34.149.196.159

200 OK

211 kB

URL HTTP/2
www.kosoghygge.com/landing6?pi=101670&pt1=pt9cbf127efdcf4d43b08f4fec441ac999&pe=
IP
34.149.196.159:0
ASN
#15169 GOOGLE

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (42144)
Size
211 kB (210599 bytes)
Hash
f6c7ed27e3d4f9afdfe97e08f72c46c0
9938519fffc06ae83c67947d2e296880b4d370ba
bd77917d4d191675fbb56a48e546ff3610129d7a347cffb4bf68a49fed91eb9d

HTTP Headers

GET /landing6?pi=101670&pt1=pt9cbf127efdcf4d43b08f4fec441ac999&pe= HTTP/1.1
Host: www.kosoghygge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://moartraffic.engine.adglare.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:50:30 GMT
server: nginx/1.14.2
content-type: text/html;charset=UTF-8
x-powered-by: PHP/7.2.34
x-host: kosoghygge.com
content-encoding: gzip
x-cacheable: YES
cache-control: max-age=300
xkey: lander
vary: Accept-Encoding
x-varnish: 94007531
age: 0
x-cache: MISS
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
980f31229421fd11df958496bea34502
648e03f048e6741beb1d4e10099b1429b79e4f00
887d1a1020b73fa3221c168713525f99474ac02fa10e251b5b23f6c0c519afce

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.kosoghygge.com/landers/css/fontawesome-all.min.css

34.149.196.159

200 OK

123 kB

URL HTTP/2
www.kosoghygge.com/landers/css/fontawesome-all.min.css
IP
34.149.196.159:0
ASN
#15169 GOOGLE

File type
data
Size
123 kB (123355 bytes)
Hash
ad5b6c7252858c410700636a09bf3428
614a2fe9a13e66ad536b42b871b606e666b3b87f
1d75d5554b720f7b368bf45c9eaf4481abda6b3928bb0ab20edf8d2d4abf464b

HTTP Headers

GET /landers/css/fontawesome-all.min.css HTTP/1.1
Host: www.kosoghygge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:44:02 GMT
server: nginx/1.14.2
content-type: text/css
last-modified: Fri, 25 Nov 2022 13:53:20 GMT
etag: W/"6380c8d0-c970"
content-encoding: gzip
x-cacheable: YES
cache-control: max-age=300
xkey: lander
vary: Accept-Encoding
x-varnish: 47192133 46745442
age: 0
x-cache: HIT
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
X-Firefox-Spdy: h2

moartraffic.engine.adglare.net/?832641573=&ag_custom_moaraid=135765&ag_custom_moart=48359&ag_custom_moarsid=47291_Zone2014_TemplatemqzEg3z9OC&ag_custom_moarclickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&ag_custom_moarhtsid=930928a3-2765-4178-b664-01d2331334cd&ag_custom_moarpid=&ag_custom_moaruserid=&ag_custom_moarhx=&xk=6091d015683bbb258bdcae07c4641c1d&bn=38&gu=http%3A%2F%2Fgo.xtradenudes.com%2Fgo.php%3Ft%3D43140%26aid%3D135765%26sid%3D47291_Zone2014_TemplatemqzEg3z9OC%26clickid%3D5fbf2ab17dea6d619c4d8e0c50249ff1-ma%26hts_id%3D930928a3-2765-4178-b664-01d2331334cd&clickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&i18n_country=NO&hts_id=930928a3-2765-4178-b664-01d2331334cd

85.17.172.82

200 OK

943 B

URL HTTP/2
moartraffic.engine.adglare.net/?832641573=&ag_custom_moaraid=135765&ag_custom_moart=48359&ag_custom_moarsid=47291_Zone2014_TemplatemqzEg3z9OC&ag_custom_moarclickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&ag_custom_moarhtsid=930928a3-2765-4178-b664-01d2331334cd&ag_custom_moarpid=&ag_custom_moaruserid=&ag_custom_moarhx=&xk=6091d015683bbb258bdcae07c4641c1d&bn=38&gu=http%3A%2F%2Fgo.xtradenudes.com%2Fgo.php%3Ft%3D43140%26aid%3D135765%26sid%3D47291_Zone2014_TemplatemqzEg3z9OC%26clickid%3D5fbf2ab17dea6d619c4d8e0c50249ff1-ma%26hts_id%3D930928a3-2765-4178-b664-01d2331334cd&clickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&i18n_country=NO&hts_id=930928a3-2765-4178-b664-01d2331334cd
IP
85.17.172.82:0
ASN
#60781 LeaseWeb Netherlands B.V.

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (384)
Size
943 B (943 bytes)
Hash
6b0b7bf4004f603600a73d597fe2f267
8da293bfb1f26cb3ced87f99fc9d73010f938909
d6606698117cf3e90bbb33f47fddbac3370f7b47bf04073674feb0697588f049

HTTP Headers

GET /?832641573=&ag_custom_moaraid=135765&ag_custom_moart=48359&ag_custom_moarsid=47291_Zone2014_TemplatemqzEg3z9OC&ag_custom_moarclickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&ag_custom_moarhtsid=930928a3-2765-4178-b664-01d2331334cd&ag_custom_moarpid=&ag_custom_moaruserid=&ag_custom_moarhx=&xk=6091d015683bbb258bdcae07c4641c1d&bn=38&gu=http%3A%2F%2Fgo.xtradenudes.com%2Fgo.php%3Ft%3D43140%26aid%3D135765%26sid%3D47291_Zone2014_TemplatemqzEg3z9OC%26clickid%3D5fbf2ab17dea6d619c4d8e0c50249ff1-ma%26hts_id%3D930928a3-2765-4178-b664-01d2331334cd&clickid=5fbf2ab17dea6d619c4d8e0c50249ff1-ma&i18n_country=NO&hts_id=930928a3-2765-4178-b664-01d2331334cd HTTP/1.1
Host: moartraffic.engine.adglare.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://go.xtradenudes.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:50:29 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, no-transform, must-revalidate, proxy-revalidate, max-age=0, post-check=0, pre-check=0
pragma: no-store, no-cache
expires: Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-headers: X-Requested-With, Content-Type, CSRFToken, Authorization
link: <//moartraffic.cdn.adglare.net>; rel=dns-prefetch
content-encoding: br
X-Firefox-Spdy: h2

www.kosoghygge.com/landers/css/landing006.css

34.149.196.159

200 OK

17 kB

URL HTTP/2
www.kosoghygge.com/landers/css/landing006.css
IP
34.149.196.159:0
ASN
#15169 GOOGLE

File type
ASCII text
Size
17 kB (17238 bytes)
Hash
c988c0b1da041ccc28477782464d7679
1e3cd491699a5fe33e0f38c6b27bff44361d0187
1d092fc7c203120244697ca5eaf09a17b4719d49171f6bfae603ea3e9d1ade07

HTTP Headers

GET /landers/css/landing006.css HTTP/1.1
Host: www.kosoghygge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:50:31 GMT
server: nginx/1.14.2
content-type: text/css;charset=UTF-8
x-powered-by: PHP/7.2.34
x-host: kosoghygge.com
content-encoding: gzip
x-cacheable: YES
cache-control: max-age=300
xkey: lander
vary: Accept-Encoding
x-varnish: 46528518
age: 0
x-cache: MISS
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/gtzUWa2rNik

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/gtzUWa2rNik
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f1897c07703d484a3f4d8b271a4727a5
23205545004af9dce8ea8ea79e2f6ca253be489b
cedd6d564c703ccf3243e00323fcd36fa555ca47fd03f6f202ff6f450efb5db2

HTTP Headers

POST /s/gts1d4/gtzUWa2rNik HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:31 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

static.dating/lander/translations/nb-no2.json

35.227.221.175

200 OK

182 kB

URL HTTP/2
static.dating/lander/translations/nb-no2.json
IP
35.227.221.175:0
ASN
#15169 GOOGLE

File type
JSON data\012- , Unicode text, UTF-8 text, with very long lines (64546), with no line terminators
Size
182 kB (182278 bytes)
Hash
50ac9286e7e1d6dfb82ef25e87d8cd9d
6f8d8b95724811f438244c3aad4c4aa9ab9d5852
fc5e52e13cbed5d6d1cba354f2ff5aef5eac3a49e66449fe733a76ea2ab08826

HTTP Headers

GET /lander/translations/nb-no2.json HTTP/1.1
Host: static.dating
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Origin: https://www.kosoghygge.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-guploader-uploadid: ADPycduDRpBCb7bWKIMEbDAztJ6GaXtWApBd77XDnvSyHP_Cqt8aPnhhzj4PYtEgjRzuyjeySKNNXjo8p4a2bfOP6bnMtQ
x-goog-generation: 1658411406859850
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 182278
x-goog-hash: crc32c=AxdH/A==, md5=UKyShufh1t+4LvJeh9jNnQ==
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
content-length: 182278
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
server: UploadServer
date: Thu, 01 Dec 2022 15:15:46 GMT
expires: Thu, 01 Dec 2022 16:15:46 GMT
cache-control: public, max-age=3600
age: 2085
last-modified: Thu, 21 Jul 2022 13:50:06 GMT
etag: "50ac9286e7e1d6dfb82ef25e87d8cd9d"
content-type: application/octet-stream
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/s/gts1d4/gtzUWa2rNik

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/s/gts1d4/gtzUWa2rNik
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
f1897c07703d484a3f4d8b271a4727a5
23205545004af9dce8ea8ea79e2f6ca253be489b
cedd6d564c703ccf3243e00323fcd36fa555ca47fd03f6f202ff6f450efb5db2

HTTP Headers

POST /s/gts1d4/gtzUWa2rNik HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:31 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/analytics.js

142.250.74.110

200 OK

20 kB

URL HTTP/2
www.google-analytics.com/analytics.js
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1325)
Size
20 kB (20039 bytes)
Hash
47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e

HTTP Headers

GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Thu, 01 Dec 2022 14:41:08 GMT
expires: Thu, 01 Dec 2022 16:41:08 GMT
cache-control: public, max-age=7200
age: 4163
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
188c50963e7939b1f26a31dbcb8c8200
859416e6148ea6618584e53604efcf072bb989cc
3a313cd3c1693a886bfbf6ffc6fbac78f87e6ded2b9a7749553444ada65ce36e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:31 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google-analytics.com/j/collect?v=1&_v=j98&a=283087019&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kosoghygge.com%2Flanding6%3Fpi%3D101670%26pt1%3Dpt9cbf127efdcf4d43b08f4fec441ac999%26pe%3D&dr=https%3A%2F%2Fmoartraffic.engine.adglare.net%2F&ul=en-us&de=UTF-8&dt=kosoghygge.com&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEDAAEABAAAAACAAI~&jid=2101003855&gjid=1341158807&cid=1032299508.1669909830&tid=UA-132064855-5&_gid=1476289652.1669909830&_r=1&_slc=1&z=62315560

142.250.74.110

200 OK

4 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j98&a=283087019&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kosoghygge.com%2Flanding6%3Fpi%3D101670%26pt1%3Dpt9cbf127efdcf4d43b08f4fec441ac999%26pe%3D&dr=https%3A%2F%2Fmoartraffic.engine.adglare.net%2F&ul=en-us&de=UTF-8&dt=kosoghygge.com&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEDAAEABAAAAACAAI~&jid=2101003855&gjid=1341158807&cid=1032299508.1669909830&tid=UA-132064855-5&_gid=1476289652.1669909830&_r=1&_slc=1&z=62315560
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

HTTP Headers

POST /j/collect?v=1&_v=j98&a=283087019&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kosoghygge.com%2Flanding6%3Fpi%3D101670%26pt1%3Dpt9cbf127efdcf4d43b08f4fec441ac999%26pe%3D&dr=https%3A%2F%2Fmoartraffic.engine.adglare.net%2F&ul=en-us&de=UTF-8&dt=kosoghygge.com&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEDAAEABAAAAACAAI~&jid=2101003855&gjid=1341158807&cid=1032299508.1669909830&tid=UA-132064855-5&_gid=1476289652.1669909830&_r=1&_slc=1&z=62315560 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Content-Type: text/plain
Content-Length: 0
Origin: https://www.kosoghygge.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://www.kosoghygge.com
date: Thu, 01 Dec 2022 15:50:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

www.google-analytics.com/j/collect?v=1&_v=j98&a=283087019&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kosoghygge.com%2Flanding6%3Fpi%3D101670%26pt1%3Dpt9cbf127efdcf4d43b08f4fec441ac999%26pe%3D&dr=https%3A%2F%2Fmoartraffic.engine.adglare.net%2F&ul=en-us&de=UTF-8&dt=kosoghygge.com&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=1395064747&gjid=253620910&cid=1032299508.1669909830&tid=UA-132064855-2&_gid=1476289652.1669909830&_r=1&_slc=1&z=1118115618

142.250.74.110

200 OK

4 B

URL HTTP/2
www.google-analytics.com/j/collect?v=1&_v=j98&a=283087019&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kosoghygge.com%2Flanding6%3Fpi%3D101670%26pt1%3Dpt9cbf127efdcf4d43b08f4fec441ac999%26pe%3D&dr=https%3A%2F%2Fmoartraffic.engine.adglare.net%2F&ul=en-us&de=UTF-8&dt=kosoghygge.com&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=1395064747&gjid=253620910&cid=1032299508.1669909830&tid=UA-132064855-2&_gid=1476289652.1669909830&_r=1&_slc=1&z=1118115618
IP
142.250.74.110:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
9e92e190700c1af4539b40c2171320a9
209bcdb79e6067b51091ce8586d4b977f25b67d8
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

HTTP Headers

POST /j/collect?v=1&_v=j98&a=283087019&t=pageview&_s=1&dl=https%3A%2F%2Fwww.kosoghygge.com%2Flanding6%3Fpi%3D101670%26pt1%3Dpt9cbf127efdcf4d43b08f4fec441ac999%26pe%3D&dr=https%3A%2F%2Fmoartraffic.engine.adglare.net%2F&ul=en-us&de=UTF-8&dt=kosoghygge.com&sd=24-bit&sr=1280x1024&vp=1280x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=1395064747&gjid=253620910&cid=1032299508.1669909830&tid=UA-132064855-2&_gid=1476289652.1669909830&_r=1&_slc=1&z=1118115618 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Content-Type: text/plain
Content-Length: 0
Origin: https://www.kosoghygge.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: https://www.kosoghygge.com
date: Thu, 01 Dec 2022 15:50:31 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.163

200 OK

15 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Size
15 kB (15344 bytes)
Hash
5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

HTTP Headers

GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 26 Nov 2022 12:31:58 GMT
expires: Sun, 26 Nov 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 443914
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

142.250.74.163

200 OK

16 kB

URL HTTP/2
fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15552, version 1.0\012- data
Size
16 kB (15552 bytes)
Hash
285467176f7fe6bb6a9c6873b3dad2cc
ea04e4ff5142ddd69307c183def721a160e0a64e
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

HTTP Headers

GET /s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.google.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15552
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 24 Nov 2022 21:46:16 GMT
expires: Fri, 24 Nov 2023 21:46:16 GMT
cache-control: public, max-age=31536000
age: 583456
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-132064855-5&cid=1032299508.1669909830&jid=2101003855&gjid=1341158807&_gid=1476289652.1669909830&_u=IEDAAEABAAAAACAAI~&z=689499548

64.233.165.156

200 OK

4 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-132064855-5&cid=1032299508.1669909830&jid=2101003855&gjid=1341158807&_gid=1476289652.1669909830&_u=IEDAAEABAAAAACAAI~&z=689499548
IP
64.233.165.156:0
ASN
#15169 GOOGLE

File type
ASCII text, with no line terminators
Size
4 B (4 bytes)
Hash
48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-132064855-5&cid=1032299508.1669909830&jid=2101003855&gjid=1341158807&_gid=1476289652.1669909830&_u=IEDAAEABAAAAACAAI~&z=689499548 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Content-Type: text/plain
Content-Length: 0
Origin: https://www.kosoghygge.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://www.kosoghygge.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 01 Dec 2022 15:50:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-132064855-2&cid=1032299508.1669909830&jid=1395064747&gjid=253620910&_gid=1476289652.1669909830&_u=IEBAAEAAAAAAACAAI~&z=318307719

64.233.165.156

200 OK

1 B

URL HTTP/2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-132064855-2&cid=1032299508.1669909830&jid=1395064747&gjid=253620910&_gid=1476289652.1669909830&_u=IEBAAEAAAAAAACAAI~&z=318307719
IP
64.233.165.156:0
ASN
#15169 GOOGLE

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

HTTP Headers

POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-132064855-2&cid=1032299508.1669909830&jid=1395064747&gjid=253620910&_gid=1476289652.1669909830&_u=IEBAAEAAAAAAACAAI~&z=318307719 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Content-Type: text/plain
Content-Length: 0
Origin: https://www.kosoghygge.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: https://www.kosoghygge.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 01 Dec 2022 15:50:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
51d5484b700426c5612c309bbf14b114
026994960bfaaa4e2604b66cb795b2787fe300a2
e3e30a64f2e4fc59120c46b320d104f1b9d9a8af90106ab78715d14e49e11ae0

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

samlesamtykke.com/cc.css

35.195.163.35

200 OK

3.9 kB

URL HTTP/2
samlesamtykke.com/cc.css
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type
assembler source, ASCII text
Size
3.9 kB (3892 bytes)
Hash
594c3c757e637b29a91f9ded0113b707
2c04f908c419910a88bd5fca0e8e0f70b612834f
98c9c36b6b36127768c2156ffec51625b0f8dea705b02522c9db50ca6073098c

HTTP Headers

GET /cc.css HTTP/1.1
Host: samlesamtykke.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Thu, 01 Dec 2022 15:50:32 GMT
content-type: text/css
content-length: 3892
last-modified: Thu, 15 Oct 2020 08:07:25 GMT
etag: "6073-5b1b123761e40-gzip"
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
81abfd63eeb2fadc85b31541378babb1
09d3223c1a2a4e2cbfcba0381ead2cee5ee0a200
c7665c83165956c11bdbe0509ae03bf6af1b34ca68bf352fbfd629dc3a04b815

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.samlesamtykke.com/consent/collector

35.195.163.35

200 OK

0 B

URL HTTP/2
api.samlesamtykke.com/consent/collector
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /consent/collector HTTP/1.1
Host: api.samlesamtykke.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.kosoghygge.com/
Origin: https://www.kosoghygge.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Thu, 01 Dec 2022 15:50:32 GMT
content-type: application/vnd.api+json
content-length: 0
access-control-allow-origin: https://www.kosoghygge.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-allow-headers: content-type
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-132064855-5&cid=1032299508.1669909830&jid=2101003855&_u=IEDAAEABAAAAACAAI~&z=485383942

142.250.74.67

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-132064855-5&cid=1032299508.1669909830&jid=2101003855&_u=IEDAAEABAAAAACAAI~&z=485383942
IP
142.250.74.67:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-132064855-5&cid=1032299508.1669909830&jid=2101003855&_u=IEDAAEABAAAAACAAI~&z=485383942 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 01 Dec 2022 15:50:32 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2

api.samlesamtykke.com/consent/collector

35.195.163.35

200 OK

4.4 kB

URL HTTP/2
api.samlesamtykke.com/consent/collector
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (4373), with no line terminators
Size
4.4 kB (4373 bytes)
Hash
b1bb419d339c3ba5fc01cbafcb3a4a21
ab6b73f9d2845be41a10b6b181db9907552368f5
324f8f488509a21a625d9f4a125c2004f3cbbbb03b1cd3a20748976dcc0231d5

HTTP Headers

POST /consent/collector HTTP/1.1
Host: api.samlesamtykke.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Content-Type: application/json
Content-Length: 169
Origin: https://www.kosoghygge.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Thu, 01 Dec 2022 15:50:32 GMT
content-type: application/vnd.api+json
content-length: 4373
access-control-allow-origin: https://www.kosoghygge.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.131

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
81abfd63eeb2fadc85b31541378babb1
09d3223c1a2a4e2cbfcba0381ead2cee5ee0a200
c7665c83165956c11bdbe0509ae03bf6af1b34ca68bf352fbfd629dc3a04b815

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 01 Dec 2022 15:50:32 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.samlesamtykke.com/consent/loadSegment

35.195.163.35

200 OK

0 B

URL HTTP/2
api.samlesamtykke.com/consent/loadSegment
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /consent/loadSegment HTTP/1.1
Host: api.samlesamtykke.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.kosoghygge.com/
Origin: https://www.kosoghygge.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Thu, 01 Dec 2022 15:50:32 GMT
content-type: application/vnd.api+json
content-length: 0
access-control-allow-origin: https://www.kosoghygge.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-allow-headers: content-type
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

api.samlesamtykke.com/consent/loadSegment

35.195.163.35

200 OK

284 B

URL HTTP/2
api.samlesamtykke.com/consent/loadSegment
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type
JSON data\012- HTML document, Unicode text, UTF-8 text, with no line terminators
Size
284 B (284 bytes)
Hash
3b5b46131cac937efb3f56e11e0412a9
58ce0cff3be7080200e85206df18f1cd5d6c4841
4927caed672e4a6ab0dec07adfb90e5c15213e562a6873e0943699d82cca467e

HTTP Headers

POST /consent/loadSegment HTTP/1.1
Host: api.samlesamtykke.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Content-Type: application/json
Content-Length: 224
Origin: https://www.kosoghygge.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Thu, 01 Dec 2022 15:50:32 GMT
content-type: application/vnd.api+json
content-length: 284
access-control-allow-origin: https://www.kosoghygge.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

api.samlesamtykke.com/consent/loadSegment

35.195.163.35

200 OK

360 B

URL HTTP/2
api.samlesamtykke.com/consent/loadSegment
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type
JSON data\012- HTML document, Unicode text, UTF-8 text, with very long lines (357), with no line terminators
Size
360 B (360 bytes)
Hash
b81ec878e5adcd0863faef7e7e6fe44a
faed2737ec33732d35c72dd8032da0c3a925ea0d
d4e02dfa1bd03cd275a801d83acadb1c3fdaced7f6ff26abdf36addaeda5d714

HTTP Headers

POST /consent/loadSegment HTTP/1.1
Host: api.samlesamtykke.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Content-Type: application/json
Content-Length: 225
Origin: https://www.kosoghygge.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Thu, 01 Dec 2022 15:50:32 GMT
content-type: application/vnd.api+json
content-length: 360
access-control-allow-origin: https://www.kosoghygge.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

api.samlesamtykke.com/consent/confirmExplicit

35.195.163.35

200 OK

0 B

URL HTTP/2
api.samlesamtykke.com/consent/confirmExplicit
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

OPTIONS /consent/confirmExplicit HTTP/1.1
Host: api.samlesamtykke.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://www.kosoghygge.com/
Origin: https://www.kosoghygge.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Thu, 01 Dec 2022 15:50:32 GMT
content-type: application/vnd.api+json
content-length: 0
access-control-allow-origin: https://www.kosoghygge.com
access-control-allow-credentials: true
access-control-allow-methods: POST
access-control-allow-headers: content-type
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

api.samlesamtykke.com/consent/confirmExplicit

35.195.163.35

200 OK

0 B

URL HTTP/2
api.samlesamtykke.com/consent/confirmExplicit
IP
35.195.163.35:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /consent/confirmExplicit HTTP/1.1
Host: api.samlesamtykke.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Content-Type: application/json
Content-Length: 571
Origin: https://www.kosoghygge.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx/1.10.3 (Ubuntu)
date: Thu, 01 Dec 2022 15:50:32 GMT
content-type: application/vnd.api+json
content-length: 0
access-control-allow-origin: https://www.kosoghygge.com
access-control-allow-credentials: true
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02cf22ee-ded9-4b9d-b5d8-ee6690ac9f45.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (10985 bytes)
Hash
f07f254d44ff2fb86ee22cee39ef3eb0
0660a548a491d4a58ca2246f094f0553437c3f61
859b2416d638b1dc91ff563800517124b38d45b4c5db99e21539c1700829dbe4

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F02cf22ee-ded9-4b9d-b5d8-ee6690ac9f45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 10985
x-amzn-requestid: ef9e5eb9-b7b3-41e9-9837-a5979ab35d94
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cV91OFzsoAMFcew=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63857687-53b152c0027d26e52383e27e;Sampled=0
x-amzn-remapped-date: Tue, 29 Nov 2022 03:03:35 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: JGFRksMQ_LxceeV_368Xt-gjhd67bMn7D_s0X1V1fAiR6npuqCHayw==
via: 1.1 4dde8ec6d6c12741888c2d3a059d4a2e.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Thu, 01 Dec 2022 03:10:11 GMT
age: 45625
etag: "0660a548a491d4a58ca2246f094f0553437c3f61"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

www.kosoghygge.com/landers/css/theme/pornhub.css

34.149.196.159

200 OK

0 B

URL HTTP/2
www.kosoghygge.com/landers/css/theme/pornhub.css
IP
34.149.196.159:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash

HTTP Headers

GET /landers/css/theme/pornhub.css HTTP/1.1
Host: www.kosoghygge.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.kosoghygge.com/
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

HTTP/2 200 OK
date: Thu, 01 Dec 2022 15:44:02 GMT
server: nginx/1.14.2
content-type: text/css;charset=UTF-8
x-powered-by: PHP/7.2.34
x-host: kosoghygge.com
content-encoding: gzip
x-cacheable: YES
cache-control: max-age=300
xkey: lander
vary: Accept-Encoding
x-varnish: 46777898 47188059
age: 0
x-cache: HIT
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000, h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
via: 1.1 varnish (Varnish/6.0), 1.1 google, 1.1 google
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

JavaScript (24)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations