Report - aapks.com/apk/valida-mais/version/52827122/

Report Overview

Submitted URL
aapks.com/apk/valida-mais/version/52827122/
IP
104.21.67.2
ASN
#13335 CLOUDFLARENET
Submitted
2024-04-18 13:51:41
Access
public
Website Title
Mobiltilbehør | iPhone, iPad, iPod, HTC, Samsung, Nokia, deksel
Final URL
www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
74

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cameesse.net	unknown	2023-10-18	2023-10-18	2024-04-08	3.8 kB	178 kB	139.45.197.242
my.rtmark.net	9054	2014-10-29	2015-02-04	2024-04-17	1.0 kB	1.5 kB	139.45.195.8
veepteero.com	unknown	2023-05-08	2023-05-09	2024-03-25	2.0 kB	7.7 kB	139.45.197.242
my.profitmetrics.io	502343	2018-08-01	2019-03-18	2024-04-18	597 B	429 B	167.235.182.60
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2024-04-18	1.0 kB	33 kB	142.250.74.131
code.jquery.com	634	2005-12-10	2012-05-21	2024-04-18	432 B	25 kB	151.101.194.137
moonoafy.net	unknown	2024-01-09	2024-01-09	2024-04-02	4.8 kB	104 kB	139.45.197.250
gishejuy.com	unknown	2023-10-25	2023-10-25	2024-03-30	6.1 kB	90 kB	139.45.197.242
cdn.jsdelivr.net	439	2012-05-16	2012-09-30	2024-04-17	420 B	10 kB	151.101.65.229
aapks.com	413264	2018-03-26	2018-12-21	2024-03-12	5.7 kB	114 kB	172.67.210.173
amunfezanttor.com	unknown	2023-03-31	2023-03-31	2024-04-18	2.0 kB	2.2 kB	139.45.197.250
fleraprt.com	unknown	2022-01-14	2022-01-14	2024-04-10	557 B	477 B	139.45.195.254
interbuzznews.com	237501	2018-07-24	2018-08-10	2024-03-27	6.1 kB	104 kB	139.45.197.154
widget.trustpilot.com	6018	2007-06-30	2017-02-01	2024-04-17	2.8 kB	27 kB	143.204.55.110
bi.heyloyalty.com	unknown	2014-01-21	2017-05-09	2024-04-17	409 B	10 kB	46.36.214.64
tracking.heycommerce.dk	unknown	2018-02-06	2019-07-08	2024-04-13	804 B	1.1 kB	46.36.214.64
aistekso.net	unknown	2023-10-16	2023-10-16	2024-03-26	3.6 kB	93 kB	139.45.197.244
tzegilo.com	unknown	2022-01-14	2022-01-14	2024-04-03	390 B	8.3 kB	172.67.193.52
vht.tradedoubler.com	99799	1999-10-10	2014-10-10	2024-04-18	473 B	9.4 kB	54.230.111.4
www.mytrendyphone.no	819668	2020-03-26	2012-07-21	2024-04-14	34 kB	459 kB	94.143.8.110
cdn1.profitmetrics.io	unknown	2018-08-01	2022-05-02	2024-04-16	427 B	9.9 kB	104.21.65.221
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2024-04-18	2.0 kB	882 B	216.239.32.36
s.pinimg.com	732	2010-05-29	2017-01-13	2024-04-18	831 B	23 kB	151.101.236.84
alwingulla.com	unknown	2023-05-22	2023-05-22	2024-03-30	396 B	26 kB	188.114.96.1
s3.amazonaws.com	unknown	2005-08-18	2020-05-13	2024-03-23	434 B	3.1 kB	52.217.122.224
offerimage.com	304078	2019-06-10	2019-06-10	2024-04-03	2.7 kB	75 kB	104.22.33.172
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2024-04-18	417 B	1.9 kB	142.250.74.106
www.googletagmanager.com	75	2011-11-11	2013-05-22	2024-04-18	4.5 kB	867 kB	142.250.74.168
metrics.mytrendyphone.no	unknown	2020-03-26	2022-12-20	2024-03-19	1.5 kB	412 B	172.217.21.179
ct.pinterest.com	852	2009-11-26	2015-03-12	2024-04-18	2.0 kB	2.5 kB	151.101.64.84
i0.wp.com	3021	1997-03-28	2013-09-17	2024-04-17	1.4 kB	10 kB	192.0.77.2
clk.tradedoubler.com	65246	1999-10-10	2012-05-21	2024-04-17	1.9 kB	6.0 kB	54.93.147.132
cdn-4.convertexperiments.com	unknown	2012-06-05	2022-10-27	2024-04-18	431 B	71 kB	184.86.224.76
www.google.no	25607	2001-02-26	2016-04-05	2024-04-18	584 B	578 B	142.250.74.35
www.artfut.com	22145	2018-04-06	2018-05-03	2024-04-18	897 B	18 kB	104.26.1.109
i1.wp.com	6037	1997-03-28	2012-09-27	2024-04-16	16 kB	70 kB	192.0.77.2

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-04-18	medium	alwingulla.com	Sinkholed
2024-04-18	medium	moonoafy.net	Sinkholed
2024-04-18	medium	cameesse.net	Sinkholed
2024-04-18	medium	aistekso.net	Sinkholed
2024-04-18	medium	moonoafy.net	Sinkholed
2024-04-18	medium	moonoafy.net	Sinkholed
2024-04-18	medium	moonoafy.net	Sinkholed
2024-04-18	medium	moonoafy.net	Sinkholed
2024-04-18	medium	cameesse.net	Sinkholed
2024-04-18	medium	amunfezanttor.com	Sinkholed
2024-04-18	medium	moonoafy.net	Sinkholed
2024-04-18	medium	aistekso.net	Sinkholed
2024-04-18	medium	amunfezanttor.com	Sinkholed
2024-04-18	medium	fleraprt.com	Sinkholed
2024-04-18	medium	cameesse.net	Sinkholed
2024-04-18	medium	gishejuy.com	Sinkholed
2024-04-18	medium	cameesse.net	Sinkholed
2024-04-18	medium	amunfezanttor.com	Sinkholed
2024-04-18	medium	amunfezanttor.com	Sinkholed
2024-04-18	medium	moonoafy.net	Sinkholed
2024-04-18	medium	moonoafy.net	Sinkholed
2024-04-18	medium	gishejuy.com	Sinkholed
2024-04-18	medium	tzegilo.com	Sinkholed
2024-04-18	medium	aistekso.net	Sinkholed
2024-04-18	medium	gishejuy.com	Sinkholed
2024-04-18	medium	gishejuy.com	Sinkholed
2024-04-18	medium	aistekso.net	Sinkholed
2024-04-18	medium	gishejuy.com	Sinkholed
2024-04-18	medium	veepteero.com	Sinkholed
2024-04-18	medium	gishejuy.com	Sinkholed
2024-04-18	medium	cameesse.net	Sinkholed
2024-04-18	medium	moonoafy.net	Sinkholed
2024-04-18	medium	aistekso.net	Sinkholed
2024-04-18	medium	veepteero.com	Sinkholed
2024-04-18	medium	veepteero.com	Sinkholed
2024-04-18	medium	gishejuy.com	Sinkholed
2024-04-18	medium	moonoafy.net	Sinkholed

ThreatFox

No alerts detected

JavaScript (26)

	URL	Size	First Seen	Last Seen
	unknown	247 B	2024-04-18	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 15:51:44 Last Seen2024-04-18 15:51:44 Times Seen1 Hash c54bd690cbbe1a934313850b76395499 0a06ad4ad61a81700906335c401d3f23976c32e3 a390935b3e8192cf9179417429049f49b77671573d5cdd76972f425ada1d8c8a Loading...

	unknown	26 kB	2023-03-07	2024-04-30
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:18:51 Last Seen2024-04-30 10:10:40 Times Seen2078 Hash a912e7afe74b51fdd03b28bf67e7d409 85004dfe087af5a730261c85262661d89b3d2516 706b3882753d8f81cfcf35aa2623303b1b380c8106686a4ad12a1fae23cf4650 Loading...

	aapks.com/apk/valida-mais/version/52827122/	57 B	2023-03-07	2024-05-01
Pretty URL aapks.com/apk/valida-mais/version/52827122/ IP 172.67.210.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:06:59 Last Seen2024-05-01 17:30:00 Times Seen10904 Hash 2a2781f9bb6302c2f96df0d1e96ef524 796bb90146495848c0c479533c367edadb94f1a9 1b60af0ce49d65e8b1006457c16883d60e53a0054bb157c57c3b03a82ee9964d Loading...

	aapks.com/js/lazysizes.min.js	7.1 kB	2023-03-07	2024-04-18
Pretty URL aapks.com/js/lazysizes.min.js IP 172.67.210.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 12:23:02 Last Seen2024-04-18 15:51:44 Times Seen316 Hash 149ff45fc6c2f13e892e438a58abb77f 460d0fc31226c9865b16d23b60200ddcd1c3feb4 06821251a29e71f8fd4f60349667c54d163b16d7bc8b1d47144c7f5042683eef Loading...

	unknown	89 kB	2024-04-16	2024-04-18
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-16 19:37:53 Last Seen2024-04-18 23:07:07 Times Seen8 Hash ae39c3b813cd5628cd762afe685645c2 c36f81d4d586ed9167c82c78252025d7d11b8160 768091d550fd79fa04719300ba9da6b8db4e782ef1d2f318696e723492459e90 Loading...

	interbuzznews.com/?l=FjRUkS19wUvwzxr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D709300561%26z%3D6395364%26b%3D20554763%26c%3D8014413%26var%3D%26varid%3D0%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D2265%2526key%253Dae7c6e37acb2af365375447fdcbca2a0%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfGOGaerXqmyO6F89iyfQXGWDYgPF7Qvc1gEvinsR1DlT4PKW9gAkE-mEqxo7zRlp4W4iFQCD70-zAeRpOrt3GHA1-Vcb0Jc3RZIOQyc8Qo6eOcianNyfL0_vbQB78gyPG7RjtF2psWKdB1Ajgee1uDQWMedLdRB7Wz6Dj5r5kEL76aIYyMb1h3JQwisjq-AqFzT_S84H_ARl88gMIWEoSLsBMgNXQzs9BQfGHhm-E0tCf2KYLkqVQ4jQPSomA8k0bUo6hh2FtTddb0oIrWdNQwb6MeCeQCBrkO1N6Bwz5DsBSBpmG1ln02t2MEtUMv4w4uHgbBqC119e8YHIK62a78oe12bgwiic1PCVkJxvj0nRxuaV8rjnGsd45BdMj2QNOd_RnJ27GmkweF3dXVvq2Qc4ON29MxClRBaxmeTHS0ZfeWP2eyYgb6kdwZHgU2P_ABawuJaM0GElkiMgJHid3kgdIBO8L6rCMsnV9FqvFZC4456rrvxiutIjt0JM1puH2NGolJKkwlV621TcTALmsvUdDq1DSkG0DyEQ7XqE9cWP14aDD7tQ6JumEk_U_7FgeyXSyHf2zLBLm4uzZ2L2QiCszx1xu6Zo8TtjcpJhqe8GhMtiPvihQVNfYN39hySC3fjluuZ0Mr2bHgzWmYCO_jzJywKFbBrzErJPJLL6O32JYaVnPOGEuQ7rkJJAkN3AMiALp4AxscY6E80Jl8WtLlpAu46uFkr4GtnzsA%3D%3D%26bag%3DXC_NdiERrzCB43Jo38Cu1w%3D%3D%26ruid%3D928a0f33-1a87-4de5-8430-8da79264a4bc%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Faapks.com%252Fapk%252Fvalida-mais%252Fversion%252F52827122%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D1%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1	0 B	2023-03-07	2024-05-01
Pretty URL interbuzznews.com/?l=FjRUkS19wUvwzxr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D709300561%26z%3D6395364%26b%3D20554763%26c%3D8014413%26var%3D%26varid%3D0%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D2265%2526key%253Dae7c6e37acb2af365375447fdcbca2a0%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfGOGaerXqmyO6F89iyfQXGWDYgPF7Qvc1gEvinsR1DlT4PKW9gAkE-mEqxo7zRlp4W4iFQCD70-zAeRpOrt3GHA1-Vcb0Jc3RZIOQyc8Qo6eOcianNyfL0_vbQB78gyPG7RjtF2psWKdB1Ajgee1uDQWMedLdRB7Wz6Dj5r5kEL76aIYyMb1h3JQwisjq-AqFzT_S84H_ARl88gMIWEoSLsBMgNXQzs9BQfGHhm-E0tCf2KYLkqVQ4jQPSomA8k0bUo6hh2FtTddb0oIrWdNQwb6MeCeQCBrkO1N6Bwz5DsBSBpmG1ln02t2MEtUMv4w4uHgbBqC119e8YHIK62a78oe12bgwiic1PCVkJxvj0nRxuaV8rjnGsd45BdMj2QNOd_RnJ27GmkweF3dXVvq2Qc4ON29MxClRBaxmeTHS0ZfeWP2eyYgb6kdwZHgU2P_ABawuJaM0GElkiMgJHid3kgdIBO8L6rCMsnV9FqvFZC4456rrvxiutIjt0JM1puH2NGolJKkwlV621TcTALmsvUdDq1DSkG0DyEQ7XqE9cWP14aDD7tQ6JumEk_U_7FgeyXSyHf2zLBLm4uzZ2L2QiCszx1xu6Zo8TtjcpJhqe8GhMtiPvihQVNfYN39hySC3fjluuZ0Mr2bHgzWmYCO_jzJywKFbBrzErJPJLL6O32JYaVnPOGEuQ7rkJJAkN3AMiALp4AxscY6E80Jl8WtLlpAu46uFkr4GtnzsA%3D%3D%26bag%3DXC_NdiERrzCB43Jo38Cu1w%3D%3D%26ruid%3D928a0f33-1a87-4de5-8430-8da79264a4bc%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Faapks.com%252Fapk%252Fvalida-mais%252Fversion%252F52827122%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D1%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1 IP 139.45.197.154 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:01:59 Last Seen2024-05-01 18:31:27 Times Seen37250940 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	aapks.com/apk/valida-mais/version/52827122/	605 B	2023-03-07	2024-04-18
Pretty URL aapks.com/apk/valida-mais/version/52827122/ IP 172.67.210.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 21:18:42 Last Seen2024-04-18 15:51:44 Times Seen24 Hash 0191e369eac638347400f0c44ec9bdd7 0024e1179c1e3371092bc54fac4d485c49beb788 1351620a726b76bdfa4e340086d781af9f99435dc1f4801edc7261e50c9aa0dd Loading...

	aapks.com/apk/valida-mais/version/52827122/	365 B	2023-10-06	2024-04-18
Pretty URL aapks.com/apk/valida-mais/version/52827122/ IP 172.67.210.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-10-06 02:11:23 Last Seen2024-04-18 15:51:44 Times Seen31 Hash 00a47bc6b920232d24561b8dbb12439c 386ab6098dbf188ce5d236c8ccc24dd37f471e29 6eeef3f558002d14223f1f169945f445e5d5e3782fc60433b06c55ce22c21b23 Loading...

	aistekso.net/401/6395365	88 kB	2024-04-18	2024-04-18
Pretty URL aistekso.net/401/6395365 IP 139.45.197.244 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 15:51:44 Last Seen2024-04-18 15:51:47 Times Seen2 Hash 02e7f4d17d39402ab8070088b2a7aa64 6d46f10a7e2cac62affd5ee90dc24af0af26a0a0 5eb9688779fca619511197b7c73d9318e7a52de051d1589bb0905c3f6a715020 Loading...

	cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a	413 kB	2024-04-11	2024-05-01
Pretty URL cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-11 13:26:00 Last Seen2024-05-01 12:26:53 Times Seen86 Hash 297cc248309ba835cf13a1f82fd3f938 1e6f51ce257a0ee53e25280dd44092ed33339847 b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7 Loading...

	aapks.com/apk/valida-mais/version/52827122/sandbox%20eval%20code	128 B	2023-05-06	2024-05-01
Pretty URL aapks.com/apk/valida-mais/version/52827122/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-05-01 16:56:14 Times Seen21307 Hash 23c336606ee3a6d444b305153fa0e2e2 473a2111970ae2a94b373e656d20c4bd4184d703 305375d5052f6a14434d2d338f852f0f4f04fb26495f88a5d62b6afde2e2cc60 Loading...

	pagead2.googlesyndication.com/pagead/js/adsbygoogle.js	1.6 kB	2023-05-06	2024-05-01
Pretty URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-05-06 01:21:43 Last Seen2024-05-01 16:56:14 Times Seen21170 Hash 2e9e391ad98fbe1b2de0b7b4fa9ca904 21d7771223e8286a06ad878af425094a40de32b5 1468d954f25ab75355f3c0f42cd9c84efd64a67922c47d3b69bdb6d0eb399e69 Loading...

	cdn.jsdelivr.net/npm/ga-lite@2/dist/ga-lite.min.js	9.6 kB	2023-03-07	2024-04-18
Pretty URL cdn.jsdelivr.net/npm/ga-lite@2/dist/ga-lite.min.js IP 151.101.65.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:18:42 Last Seen2024-04-18 15:51:44 Times Seen84 Hash 3396e3b0d346ec955bb392af5c41119f 43c7adc394cd5544087533bf3a018f056a9b4bc0 1cbd41cf1eba7fc877931bdd529e0b4003d07217650b101b389b82384e2090a6 Loading...

	aapks.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	7.8 kB	2024-04-18	2024-04-18
Pretty URL aapks.com/cdn-cgi/challenge-platform/scripts/jsd/main.js IP 172.67.210.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 15:50:44 Last Seen2024-04-18 15:51:47 Times Seen4 Hash 8a2550dcf1285b29e4d763f8a5432321 1edde3a8c59ef34b6578c55598a7157b48269310 44f44689282b6fa5d0a2e129a4575c877853c43340b055c75ecee22827eef03a Loading...

	gishejuy.com/400/6395363	81 kB	2024-04-18	2024-04-18
Pretty URL gishejuy.com/400/6395363 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 15:51:44 Last Seen2024-04-18 15:51:47 Times Seen2 Hash 786e40bd9c294a001e81fb5fe8cffff8 eb2a2e7ec2dba381db6e49a94d7b2d50a02b1ff2 c7fb680b3632dd8746765e8cae185674059836f1bfd746e758e30a591d275120 Loading...

	aapks.com/cdn-cgi/apps/body/TIRIJHwucGVk4WGhfqp5oW7kEFo.js	6.3 kB	2023-03-07	2024-04-18
Pretty URL aapks.com/cdn-cgi/apps/body/TIRIJHwucGVk4WGhfqp5oW7kEFo.js IP 172.67.210.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:18:42 Last Seen2024-04-18 15:51:44 Times Seen45 Hash 927a981a5dcf172ef20f7b087e9b0f45 d41cc236e20f5befead9b852051c047e8664d495 f5d329442e985db33dfb04ecf0aaa2f1bd51dfd72536604558f8f56d8cb9ec0b Loading...

	moonoafy.net/pfe/current/tag.min.js?z=6395366	15 kB	2024-04-18	2024-04-19
Pretty URL moonoafy.net/pfe/current/tag.min.js?z=6395366 IP 139.45.197.250 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 15:51:44 Last Seen2024-04-19 07:24:39 Times Seen2 Hash f486f8fc533bb93f6f0d32a24418648f bd1bc26f5f29d185cdbfac65310e89fe293018d0 ec76f474ec92f696d92cd182692c264a24feb37d77a456aa66654a388ba56320 Loading...

	tzegilo.com/stattag.js	19 kB	2024-02-10	2024-05-01
Pretty URL tzegilo.com/stattag.js IP 172.67.193.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-02-10 03:00:18 Last Seen2024-05-01 17:04:13 Times Seen1287 Hash 70ebd404c2e1e7bad13998538b56887c 86e57af8ba3cfc2c004da3311835f6b54ba6d848 d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f Loading...

	aapks.com/cdn-cgi/apps/head/H0Ad4u_2_X7zR3EInUqhncQH0lQ.js	5.3 kB	2023-03-07	2024-04-18
Pretty URL aapks.com/cdn-cgi/apps/head/H0Ad4u_2_X7zR3EInUqhncQH0lQ.js IP 172.67.210.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 21:18:42 Last Seen2024-04-18 15:51:44 Times Seen45 Hash 1e893352093b31e435f20c2f9ebfeca3 c979c4bbc26df9f3b77a756807636fe303b55fe6 3b8adb7e01296d5cdd49780209a7206fdad9860ac1ce93c0f34d18b5c02bef99 Loading...

	cameesse.net/1?z=6395364	42 kB	2024-04-18	2024-04-18
Pretty URL cameesse.net/1?z=6395364 IP 139.45.197.242 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 15:51:44 Last Seen2024-04-18 15:51:47 Times Seen2 Hash a2d4f9ca3216004f82e878fded2371df 2c3aa94eba0f146a0a681e23b40073d83141ccad d83961711f0864b90745352edf54bbc59abffa958d4a4ca16b7db09e422b90b7 Loading...

	aapks.com/apk/valida-mais/version/52827122/	1.1 kB	2024-04-18	2024-04-18
Pretty URL aapks.com/apk/valida-mais/version/52827122/ IP 172.67.210.173 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-18 15:51:44 Last Seen2024-04-18 15:51:44 Times Seen1 Hash e2cb7ad5f02d4b0609d8f8ebf494c993 98d508dc8ab3b7b39344243794bbd7b1a211256a 5a97970635ca44fee393eb92eb7ee6dbb4558bc2d2ff370f083b80f300d4f7de Loading...

	alwingulla.com/88/tag.min.js	72 kB	2024-04-18	2024-04-18
Pretty URL alwingulla.com/88/tag.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2024-04-18 07:58:46 Last Seen2024-04-18 15:51:45 Times Seen6 Hash f3756405a84a91cc19b1a3770cd8a0cf f090f5d1514739b37e820e1edb3a6236454269fb 72cb15ffa410bb590deb432726fc35009ebac1f55500b5f4e64fda7dba22c267 Loading...

	code.jquery.com/jquery-3.5.1.slim.min.js	72 kB	2023-03-07	2024-04-30
Pretty URL code.jquery.com/jquery-3.5.1.slim.min.js IP 151.101.194.137 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03:10 Last Seen2024-04-30 23:14:50 Times Seen3261 Hash fb8409a092adc6e8be17e87d59e0595e cf8d9821552d51bb50ce572e696aba1309065800 e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db Loading...

		Size	First Seen	Last Seen
	#1 Eval - fe1cdacbc6018cd8321f6de98d4d74b4	146 B	2023-09-13	2024-04-19
Pretty Observations First Seen2023-09-13 16:02:15 Last Seen2024-04-19 06:29:15 Times Seen219 Hash fe1cdacbc6018cd8321f6de98d4d74b4 71029ea1ae5d4d382e643f045884e6ae568f5541 9a56e18319cc678f7d0a9a94529e32edff199d52645cf558bac74a597d8994e5 Loading...

	#2 Eval - f9fc68b7a6a6642177200a4a3118fb45	48 B	2023-03-13	2024-04-19
Pretty Observations First Seen2023-03-13 14:30:11 Last Seen2024-04-19 06:29:15 Times Seen265 Hash f9fc68b7a6a6642177200a4a3118fb45 302228d400a2b034122a43b8f199c9ab845662b1 17c41b4f741b2598d14d20eade452d1337cabe14cf070c7459fae924a09e88c8 Loading...

		Size	First Seen	Last Seen
	#1 Write - a84bc8f0b5127799e71aae3186964e37	51 kB	2023-10-06	2024-04-18
Pretty Observations First Seen2023-10-06 02:11:23 Last Seen2024-04-18 15:51:44 Times Seen23 Hash a84bc8f0b5127799e71aae3186964e37 69a7f5ba1fbb3d718016c10ee31dc9f83428f450 1d767758cf2520cbdbe779de98f9d72328f8b20b2363308ade8f0e3b5220da3d Loading...

HTTP Transactions (183)

URL IP Response Size

aapks.com/header.png?1=1

172.67.210.173

200 OK

6.4 kB

URL GET HTTP/3
aapks.com/header.png?1=1
IP
172.67.210.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaapks.com
FingerprintE3:08:E5:D9:EF:E4:31:FA:7D:EC:6B:5E:DE:B6:E0:E6:3E:E5:0E:05
ValidityWed, 03 Apr 2024 04:20:20 GMT - Tue, 02 Jul 2024 04:20:19 GMT

File type
PNG image data, 350 x 60, 8-bit/color RGBA, non-interlaced
Size
6.4 kB (6411 bytes)
Hash
015be6316aa32f7ba19ae18588a084a9
cd5029fd0f3df4c320bee67352aa65b095b8a7e2
b9241f015b07977ed4370cbdfb98575f967cb66555212e72a1971e6007e73d85

HTTP Headers

GET /header.png?1=1 HTTP/1.1
Host: aapks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/apk/valida-mais/version/52827122/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: image/png
content-length: 6411
last-modified: Mon, 26 Aug 2019 09:49:14 GMT
cache-control: max-age=31536000
expires: Fri, 18 Apr 2025 12:58:25 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fx1y2iDJbsFzWJBe3vVr6HUKpaMwrgZTo%2FybsLXnRdNbTyWbjMcbCsQe6gIvSQa6xOaU374UqOTnw86TwIY06zdp8tmudkki8cSxvY1k%2Bzp4j3c9RNDupamaU0Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876520e39b46712f-OSL
alt-svc: h3=":443"; ma=86400

i0.wp.com/img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png?w=120

192.0.77.2

200 OK

3.3 kB

URL GET HTTP/2
i0.wp.com/img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png?w=120
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
3.3 kB (3260 bytes)
Hash
a20fb95cc1db38da38b9e1c5eabbbe6f
7ce4f0063374eba1ef2a111418b07b8f6b34970c
1ca07bfa0fcf762e02fc54f040eeed77ab510d4f80fcd9c4af53c249baacda0a

HTTP Headers

GET /img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png?w=120 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: image/webp
content-length: 3260
last-modified: Thu, 18 Apr 2024 13:51:14 GMT
expires: Sun, 19 Apr 2026 01:51:14 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "afe7f94e739799bf"
vary: Accept
x-nc: MISS arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.5.1.slim.min.js

151.101.194.137

200 OK

25 kB

URL GET HTTP/2
code.jquery.com/jquery-3.5.1.slim.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
JavaScript source, ASCII text, with very long lines (65245)
Size
25 kB (24606 bytes)
Hash
fb8409a092adc6e8be17e87d59e0595e
cf8d9821552d51bb50ce572e696aba1309065800
e3e5f35d586c0e6a9a9d7187687be087580c40a5f8d0e52f0c4053bbc25c98db

HTTP Headers

GET /jquery-3.5.1.slim.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-11abc"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 18 Apr 2024 13:51:14 GMT
age: 5366770
x-served-by: cache-lga21954-LGA, cache-hel1410024-HEL
x-cache: HIT, HIT
x-cache-hits: 22, 11233
x-timer: S1713448275.605760,VS0,VE0
vary: Accept-Encoding
content-length: 24606
X-Firefox-Spdy: h2

aapks.com/cdn-cgi/apps/body/TIRIJHwucGVk4WGhfqp5oW7kEFo.js

172.67.210.173

200 OK

5.4 kB

URL GET HTTP/3
aapks.com/cdn-cgi/apps/body/TIRIJHwucGVk4WGhfqp5oW7kEFo.js
IP
172.67.210.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaapks.com
FingerprintE3:08:E5:D9:EF:E4:31:FA:7D:EC:6B:5E:DE:B6:E0:E6:3E:E5:0E:05
ValidityWed, 03 Apr 2024 04:20:20 GMT - Tue, 02 Jul 2024 04:20:19 GMT

File type
JavaScript source, ASCII text, with very long lines (1652)
Size
5.4 kB (5449 bytes)
Hash
927a981a5dcf172ef20f7b087e9b0f45
d41cc236e20f5befead9b852051c047e8664d495
f5d329442e985db33dfb04ecf0aaa2f1bd51dfd72536604558f8f56d8cb9ec0b

HTTP Headers

GET /cdn-cgi/apps/body/TIRIJHwucGVk4WGhfqp5oW7kEFo.js HTTP/1.1
Host: aapks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/apk/valida-mais/version/52827122/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: OrvYNcvCWnR1bZHl+HMmJlw+a0O8kbayUdJn6tqKJ4cX+EbvIMm8678FTNI7lb8DjbvuRHPlUyw=
x-amz-request-id: G0NEFAJWV2JP8BWX
cache-control: public, max-age=31536000
last-modified: Wed, 13 May 2020 16:06:07 GMT
x-amz-version-id: 4vu2_DDQxFizMKUekhnzVKBztQf8e03N
etag: W/"b29ccc1ac66187a9d5b22aca8f11b0b1"
cf-cache-status: HIT
age: 703
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g8qX5St%2FIUJbL1ilrsx0GuDLEL9GP6xUVFLKmS41cRnk0EpHA3R1bQi7Gp9AMpJ3hm2CtNuhHE6v90M3%2BBn8H2%2BZVjRNtBpeKAOCefpH3CufFAz%2By17duXYpuZ4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876520e3cb94712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aapks.com/cdn-cgi/challenge-platform/scripts/jsd/main.js

172.67.210.173

302 Found

0 B

URL GET HTTP/3
aapks.com/cdn-cgi/challenge-platform/scripts/jsd/main.js
IP
172.67.210.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaapks.com
FingerprintE3:08:E5:D9:EF:E4:31:FA:7D:EC:6B:5E:DE:B6:E0:E6:3E:E5:0E:05
ValidityWed, 03 Apr 2024 04:20:20 GMT - Tue, 02 Jul 2024 04:20:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1
Host: aapks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 302 Found
date: Thu, 18 Apr 2024 13:51:14 GMT
content-length: 0
location: /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
access-control-allow-origin: *
cache-control: max-age=300, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sHtjM0JNAz6qXSiVLkhVzZlKjlNYNyTteN85JcHkDQy0HB8dfLk2hY99PY6DfWJNtJi9wXZ0mRe6nFUJYDnjwMTLwra39dsmv8FZiWShrzaSzqRdp85AY8nTSh8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876520e4fd51712f-OSL
alt-svc: h3=":443"; ma=86400

aapks.com/fa.woff

172.67.210.173

200 OK

4.8 kB

URL GET HTTP/3
aapks.com/fa.woff
IP
172.67.210.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaapks.com
FingerprintE3:08:E5:D9:EF:E4:31:FA:7D:EC:6B:5E:DE:B6:E0:E6:3E:E5:0E:05
ValidityWed, 03 Apr 2024 04:20:20 GMT - Tue, 02 Jul 2024 04:20:19 GMT

File type
Web Open Font Format, TrueType, length 4780, version 1.0
Size
4.8 kB (4780 bytes)
Hash
f5d40395309a1d437631bf61649695c1
fa6a74c890d77b48add3632ba7909fbc4f077e92
b830be6bfbdf59e07cc870f27d9fce01678cc9d6f87b6f7fdaae86be10f1c3f6

HTTP Headers

GET /fa.woff HTTP/1.1
Host: aapks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/style.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: font/woff
content-length: 4780
last-modified: Fri, 28 Sep 2018 09:01:44 GMT
cache-control: max-age=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cshZcZDRM450WI6yjM3DHHKSFgV7vJwH5k%2FpoKuKE7d5jFWaJ4Swf7aKsZwMjWOqbgI3sAY0VhfR%2Fs4SqsXSjlro9SRN%2FeWqNW1%2BnKO%2FEAc%2FzZ1COzBgFyG3AQU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876520e4fd52712f-OSL
alt-svc: h3=":443"; ma=86400

i1.wp.com/img.aapks.com/imgs/3/a/3/3a358df023050199d97d4ee04ca27f00_icon.png?h=32

192.0.77.2

200 OK

216 B

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/3/a/3/3a358df023050199d97d4ee04ca27f00_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
216 B (216 bytes)
Hash
835bf3a1086e79d7ac543371f9e4f350
f5a1f2f23b27e11e9c06608e9c1f9363ed0b9f14
aa58f1a57fb22da5d6003d85802978a2800c0ec5d549f87a6b67b323c9f9849b

HTTP Headers

GET /img.aapks.com/imgs/3/a/3/3a358df023050199d97d4ee04ca27f00_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: image/webp
content-length: 216
last-modified: Sun, 18 Feb 2024 16:03:12 GMT
expires: Wed, 18 Feb 2026 04:03:12 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/3/a/3/3a358df023050199d97d4ee04ca27f00_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0c362b7bd0f1d17e"
vary: Accept
x-nc: HIT arn 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/0/8/d/08db5492269601fc55ad99d881fea933_icon.png?h=32

192.0.77.2

200 OK

336 B

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/0/8/d/08db5492269601fc55ad99d881fea933_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
336 B (336 bytes)
Hash
2ad2e2a8f202ba7b3246da505100fc8b
016f0b1277bf1da2f575e9691a5e1eeb33d227f1
de13cc085722f9d233027cb55ff90210511d8bac313a3f23000a121769e07fa4

HTTP Headers

GET /img.aapks.com/imgs/0/8/d/08db5492269601fc55ad99d881fea933_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: image/webp
content-length: 336
last-modified: Sun, 03 Mar 2024 15:25:13 GMT
expires: Wed, 04 Mar 2026 03:25:13 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/0/8/d/08db5492269601fc55ad99d881fea933_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0469f85976bfc9f5"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

alwingulla.com/88/tag.min.js

188.114.96.1

200 OK

25 kB

URL GET HTTP/2
alwingulla.com/88/tag.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerGoogle Trust Services LLC
Subjectalwingulla.com
FingerprintB6:A3:BD:4F:5E:0D:58:50:07:9D:17:E0:30:97:67:97:9E:23:1A:1C
ValidityTue, 12 Mar 2024 16:48:22 GMT - Mon, 10 Jun 2024 16:48:21 GMT

File type
JavaScript source, ASCII text, with very long lines (65494)
Size
25 kB (24633 bytes)
Hash
f3756405a84a91cc19b1a3770cd8a0cf
f090f5d1514739b37e820e1edb3a6236454269fb
72cb15ffa410bb590deb432726fc35009ebac1f55500b5f4e64fda7dba22c267

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /88/tag.min.js HTTP/1.1
Host: alwingulla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: b713d4999404cda2899584d9177145be
cache-control: max-age=86400
last-modified: Wed, 17 Apr 2024 13:29:21 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Thu, 18 Apr 2024 18:07:36 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 71018
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vMuG7hGBjRS841gjM%2Bb0FCjkTUGsAxVhsQ7iTKYoi7fIEZ6PQPuYUGeWiT9V2pxiQ%2B%2FocPzl8muNqmkmOn7HlN4sLnbqRoMOOPvdY1Y30IQjMyLeVC7%2FN9SJ85cFAXZMSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876520e3ec1f56a9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i1.wp.com/img.aapks.com/imgs/3/c/0/3c0b5296e29c391d50a7580b3e949a34_icon.png?h=32

192.0.77.2

200 OK

1.6 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/3/c/0/3c0b5296e29c391d50a7580b3e949a34_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.6 kB (1556 bytes)
Hash
4d41e846f0b8763bd663a4068b30eb5f
d4142a1b7cd1034eec5a4234a83c822aafe74160
c359912d35a41cf2b69aaa64332da50c2cb966d1271602c97c8f5a0373769ea0

HTTP Headers

GET /img.aapks.com/imgs/3/c/0/3c0b5296e29c391d50a7580b3e949a34_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: image/webp
content-length: 1556
last-modified: Mon, 01 Apr 2024 17:39:04 GMT
expires: Thu, 02 Apr 2026 05:39:04 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/3/c/0/3c0b5296e29c391d50a7580b3e949a34_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "94ecf068be67f48b"
vary: Accept
x-nc: HIT arn 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/6/e/2/6e25a097a6d0f270c00a306284c554e5_icon.png?h=32

192.0.77.2

200 OK

1.6 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/6/e/2/6e25a097a6d0f270c00a306284c554e5_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.6 kB (1642 bytes)
Hash
cc646bc4b53b46fea7d97736d6edaaaf
bc2124a7ee11c061c20aa8c9bcb1461f336833fe
38e3715c55aaf987720810db71d757e8bb2d3cee2ef5f3ff9970754786b2d1ae

HTTP Headers

GET /img.aapks.com/imgs/6/e/2/6e25a097a6d0f270c00a306284c554e5_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: image/webp
content-length: 1642
last-modified: Thu, 18 Apr 2024 13:45:56 GMT
expires: Sun, 19 Apr 2026 01:45:56 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/6/e/2/6e25a097a6d0f270c00a306284c554e5_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "4ad6c078aa7f1d5c"
vary: Accept
x-nc: MISS arn 4
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/b/8/0/b805b87211271695ab77b29388eadc01_icon.png?h=32

192.0.77.2

200 OK

2.8 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/b/8/0/b805b87211271695ab77b29388eadc01_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.8 kB (2752 bytes)
Hash
2725a3c397e094e62a4ba6e27983df96
0d18c8bfd0aed903c2fc2f0b0f896b1785f6a2cd
03f9592e2174ea59999a2cc63fa3033d3a9d90039a9cf332c76b62f29ffec58e

HTTP Headers

GET /img.aapks.com/imgs/b/8/0/b805b87211271695ab77b29388eadc01_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: image/webp
content-length: 2752
last-modified: Thu, 18 Apr 2024 13:47:32 GMT
expires: Sun, 19 Apr 2026 01:47:32 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/b/8/0/b805b87211271695ab77b29388eadc01_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "4c32cebb9ebb6a07"
vary: Accept
x-nc: MISS arn 4
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

aapks.com/style.css

172.67.210.173

200 OK

4.6 kB

URL GET HTTP/3
aapks.com/style.css
IP
172.67.210.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaapks.com
FingerprintE3:08:E5:D9:EF:E4:31:FA:7D:EC:6B:5E:DE:B6:E0:E6:3E:E5:0E:05
ValidityWed, 03 Apr 2024 04:20:20 GMT - Tue, 02 Jul 2024 04:20:19 GMT

File type
ASCII text, with very long lines (7456), with no line terminators
Size
4.6 kB (4553 bytes)
Hash
8f285e93a6ab4947103f9e5c6a5cbccc
0d1e6bd664db6c4bb8c8136d517fcf1c1070b17b
ef65136c0bc2acf139c19939138593d5ce838494e82e9af164dd9e24dde3c934

HTTP Headers

GET /style.css HTTP/1.1
Host: aapks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/apk/valida-mais/version/52827122/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: text/css
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=8304
expires: Sat, 18 May 2024 12:41:33 GMT
last-modified: Mon, 25 May 2020 09:11:05 GMT
cf-cache-status: HIT
age: 514
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MFNR%2BhKNqyLCVF1WCSk4fDKdjpUzla2swDXNGIICCqION40fo6dDF7si0mm479RlpvVzKPYkPmBgNXxUuJd1nZnQDd%2FjRtsKuFM1jW4ciT9XulbWDijE0jgLH3U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876520e3dba9712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aapks.com/bootstrap.css

172.67.210.173

200 OK

21 kB

URL GET HTTP/3
aapks.com/bootstrap.css
IP
172.67.210.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaapks.com
FingerprintE3:08:E5:D9:EF:E4:31:FA:7D:EC:6B:5E:DE:B6:E0:E6:3E:E5:0E:05
ValidityWed, 03 Apr 2024 04:20:20 GMT - Tue, 02 Jul 2024 04:20:19 GMT

File type
ASCII text, with very long lines (65536), with no line terminators
Size
21 kB (21404 bytes)
Hash
bdea28e9f280afcd07b198168361bc51
eb759c31178eafb1499a8f4295300856155125f3
e952efb3644c9c9b08397da6747fa3163e7c1288348e250bb157659f918087b1

HTTP Headers

GET /bootstrap.css HTTP/1.1
Host: aapks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/apk/valida-mais/version/52827122/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: text/css
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=120865
expires: Sat, 18 May 2024 12:49:52 GMT
last-modified: Fri, 28 Sep 2018 08:46:56 GMT
cf-cache-status: HIT
age: 514
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SDjCBEpqCk4XLWjGV1U3DMf6k2ywKFJAlan1rOQEMqbDmpZQ9%2BLsS2%2BPZycCENwcP5v0zoR0UP59ikx4HaB%2BqLBiZNnSN8ihu6KC8TvVXH%2BevImzEBd47afRt9Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876520e3dbaf712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i1.wp.com/img.aapks.com/imgs/d/d/a/dda332ed0b6bcea88bbacb85dbb74626_icon.png?h=32

192.0.77.2

200 OK

1.2 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/d/d/a/dda332ed0b6bcea88bbacb85dbb74626_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.2 kB (1214 bytes)
Hash
867896ebd881bcf84ba7919302bb2a2a
ac97507701b09e935df3571b4eba3784bda9275a
4e454aa73359c23cfd2f15b943d05a40c28b8f3b244abb08645207792857b777

HTTP Headers

GET /img.aapks.com/imgs/d/d/a/dda332ed0b6bcea88bbacb85dbb74626_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: image/webp
content-length: 1214
last-modified: Thu, 18 Apr 2024 13:47:35 GMT
expires: Sun, 19 Apr 2026 01:47:35 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/d/d/a/dda332ed0b6bcea88bbacb85dbb74626_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "6741364c16bde6b8"
vary: Accept
x-nc: MISS arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/5/8/7/587f2caf988dcfae4ed4dd5b820dcc81_icon.png?h=32

192.0.77.2

200 OK

654 B

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/5/8/7/587f2caf988dcfae4ed4dd5b820dcc81_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
654 B (654 bytes)
Hash
0fd707dcf50bb983446072823c9e8d11
9d098570e3661ab0e38dc471e31c12def49126eb
01afa42a7fee3f3d37712b51ae13658db5cb1798509855d2ccfb5becec33e62b

HTTP Headers

GET /img.aapks.com/imgs/5/8/7/587f2caf988dcfae4ed4dd5b820dcc81_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: image/webp
content-length: 654
last-modified: Thu, 18 Apr 2024 13:45:56 GMT
expires: Sun, 19 Apr 2026 01:45:56 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/5/8/7/587f2caf988dcfae4ed4dd5b820dcc81_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "02d5be9d65dce2dc"
vary: Accept
x-nc: MISS arn 4
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i0.wp.com/img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png?w=16

192.0.77.2

200 OK

258 B

URL GET HTTP/3
i0.wp.com/img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png?w=16
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
258 B (258 bytes)
Hash
c44ed441d4b6bf5e4077e1e79f783ba4
7791d965cd1468d7f8ee024cb56f454764036a89
e22117cd00e4c904165f5de1a317c8c822c8553c5901f7d92a40e6997f741e1e

HTTP Headers

GET /img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png?w=16 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: image/webp
content-length: 258
last-modified: Thu, 18 Apr 2024 13:51:14 GMT
expires: Sun, 19 Apr 2026 01:51:14 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "2811929b91e1605f"
vary: Accept
x-nc: MISS arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

aapks.com/cdn-cgi/challenge-platform/h/g/jsd/r/876520dd3d53b509

172.67.210.173

200 OK

0 B

URL POST HTTP/3
aapks.com/cdn-cgi/challenge-platform/h/g/jsd/r/876520dd3d53b509
IP
172.67.210.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaapks.com
FingerprintE3:08:E5:D9:EF:E4:31:FA:7D:EC:6B:5E:DE:B6:E0:E6:3E:E5:0E:05
ValidityWed, 03 Apr 2024 04:20:20 GMT - Tue, 02 Jul 2024 04:20:19 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /cdn-cgi/challenge-platform/h/g/jsd/r/876520dd3d53b509 HTTP/1.1
Host: aapks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 12172
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/apk/valida-mais/version/52827122/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
set-cookie: cf_clearance=7VM8l_YC4M5KAPCVMD3NgDkRh_YC6FZhKw3jpnFddnc-1713448274-1.0.1.1-pkvgg9Z9jfMyOD9gJGG4WRTkCfWKaUTg.MhxL0vtcAjjCbUkwu0nj8SMN_HXKloZ8csn.nXRwJTbW71ihU660A; path=/; expires=Fri, 18-Apr-25 13:51:14 GMT; domain=.aapks.com; HttpOnly; Secure; SameSite=None
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ztSTqqfbPO3Zx1THobO3g6oAy1F4n%2F%2B1STAp%2BA%2BM17bI6X6NJCOEJm%2FqX4qXCzyGKUkRfwXVIrlfOjJ7Hv3Qbfhx7bzhHP%2BDe5U3%2FRIHT3yR%2BeD9as5NzNgkWrQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876520e66f41712f-OSL
alt-svc: h3=":443"; ma=86400

i0.wp.com/img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png?w=192

192.0.77.2

200 OK

5.1 kB

URL GET HTTP/3
i0.wp.com/img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png?w=192
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
5.1 kB (5084 bytes)
Hash
7028c83fff8e9eaa4644e2f71875133d
c5f1b6da7b5e5d9fab16d87362c70c65d9e24d13
b78c91cff292a51c6e4c9e995a2d3fc29fdf91b0c940e7a9eec229729cd8c757

HTTP Headers

GET /img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png?w=192 HTTP/1.1
Host: i0.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: image/webp
content-length: 5084
last-modified: Thu, 18 Apr 2024 13:51:14 GMT
expires: Sun, 19 Apr 2026 01:51:14 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "558ba365d08cdc7a"
vary: Accept
x-nc: MISS arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/1/0/8/108123eea53499633642c1b9b4f93494_icon.png?h=32

192.0.77.2

200 OK

1.0 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/1/0/8/108123eea53499633642c1b9b4f93494_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.0 kB (1042 bytes)
Hash
1cbf3123d18ab0f16a0bff93fc666212
75e4477dee4626116c4b4a0fb593b148fb10dcf7
8c675caa8956ee22c0118fd78913a1b81cc9fbf9692c3b460e5524fa340824b9

HTTP Headers

GET /img.aapks.com/imgs/1/0/8/108123eea53499633642c1b9b4f93494_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: image/webp
content-length: 1042
last-modified: Sat, 11 Nov 2023 09:02:52 GMT
expires: Mon, 10 Nov 2025 21:02:52 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/1/0/8/108123eea53499633642c1b9b4f93494_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "a101ee1732bac399"
vary: Accept
x-nc: HIT arn 4
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

my.rtmark.net/gid.js?userId=0080422411ec4da3eae37b21f1057fb7

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?userId=0080422411ec4da3eae37b21f1057fb7
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
078234a059dfae01da920db996d22468
cd0c75328718f6049840af2ffe2014d82b6f17a2
77b0b660d4268826fa251eeb9c25dd3759d4fe5312a21a688581c78e1771b183

HTTP Headers

GET /gid.js?userId=0080422411ec4da3eae37b21f1057fb7 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://aapks.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080422411ec4da3eae37b21f1057fb7; expires=Fri, 18 Apr 2025 13:51:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/tag.min.js?z=6395366

139.45.197.250

200 OK

7.1 kB

URL GET HTTP/2
moonoafy.net/pfe/current/tag.min.js?z=6395366
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
gzip compressed data, max speed, from Unix
Size
7.1 kB (7113 bytes)
Hash
1de6a19b55695b2469334cf20f5b1a6a
fd323d754ec3dcd102b647ed90d74c079e4379af
1bbd7d47a8ee9ba0a0a3c2a26abff746d1960e14c749c5b06d5316fe58423f23

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/tag.min.js?z=6395366 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 15:56:40 GMT
etag: W/"661e9fb8-3914"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

i1.wp.com/img.aapks.com/imgs/d/0/a/d0a7792830003e4e7937ff2bf0974e85_icon.png?h=32

192.0.77.2

200 OK

1.1 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/d/0/a/d0a7792830003e4e7937ff2bf0974e85_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.1 kB (1130 bytes)
Hash
e6040189cb7a6cf7dcdf2e02673fdf8c
20c987bf81a9b6bec55c6df0d885a83b2e299f82
5538a74bf2b2f99843edc25bde3a68f867b06e0ef5f827e8238916d8bf7abb10

HTTP Headers

GET /img.aapks.com/imgs/d/0/a/d0a7792830003e4e7937ff2bf0974e85_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: image/webp
content-length: 1130
last-modified: Sat, 11 Nov 2023 09:42:19 GMT
expires: Mon, 10 Nov 2025 21:42:19 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/d/0/a/d0a7792830003e4e7937ff2bf0974e85_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "1293c0897f483253"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/b/e/5/be5969b35a33f5b28bad9cc02e90191e_icon.png?h=32

192.0.77.2

200 OK

1.1 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/b/e/5/be5969b35a33f5b28bad9cc02e90191e_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.1 kB (1104 bytes)
Hash
467025e6f9a4a3d2c83f2f0cb507ab27
34b715a376a818f65fa197d86dfcbc001cdc6552
b1623aa6914fddd256d4df14bd7148e863e0dabcd6f102a267d4c2d32bda74e1

HTTP Headers

GET /img.aapks.com/imgs/b/e/5/be5969b35a33f5b28bad9cc02e90191e_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: image/webp
content-length: 1104
last-modified: Sat, 11 Nov 2023 09:03:37 GMT
expires: Mon, 10 Nov 2025 21:03:37 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/b/e/5/be5969b35a33f5b28bad9cc02e90191e_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "2e89fc2d2fc6dfcc"
vary: Accept
x-nc: HIT arn 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/3/6/f/36fd982c1e64b24b1a7e8238515cc419_icon.png?h=32

192.0.77.2

200 OK

1.2 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/3/6/f/36fd982c1e64b24b1a7e8238515cc419_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.2 kB (1174 bytes)
Hash
ff45557f6b6ffe5b6155f936b331ea0c
1520e9e07608f2636deb9de1a882bc9aab16a487
70bb821e1cf87bf377d8513bb1d6fcdfcce1427c8f4c96e6a74116f4cab95232

HTTP Headers

GET /img.aapks.com/imgs/3/6/f/36fd982c1e64b24b1a7e8238515cc419_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: image/webp
content-length: 1174
last-modified: Tue, 14 Jun 2022 07:20:46 GMT
expires: Thu, 13 Jun 2024 19:20:46 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/3/6/f/36fd982c1e64b24b1a7e8238515cc419_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "3641359283abc875"
vary: Accept
x-nc: HIT arn 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/2/a/5/2a5adbb632f061237b7e60cdb8bb415b_icon.png?h=32

192.0.77.2

200 OK

962 B

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/2/a/5/2a5adbb632f061237b7e60cdb8bb415b_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
962 B (962 bytes)
Hash
21d647faa6bd630768f7f82ccd446a24
4adda8f0a52d258e30c84081d420157ea748276a
b59c1b28333ebb492a54606eaaf1be591388dc78c892c612b7a6f086333ea86a

HTTP Headers

GET /img.aapks.com/imgs/2/a/5/2a5adbb632f061237b7e60cdb8bb415b_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: image/webp
content-length: 962
last-modified: Sat, 11 Nov 2023 09:00:50 GMT
expires: Mon, 10 Nov 2025 21:00:50 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/2/a/5/2a5adbb632f061237b7e60cdb8bb415b_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "d278fa317db15369"
vary: Accept
x-nc: HIT arn 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/c/5/2/c52703582397b5c093d7a0133d445659_icon.png?h=32

192.0.77.2

200 OK

2.9 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/c/5/2/c52703582397b5c093d7a0133d445659_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.9 kB (2884 bytes)
Hash
12a25c274752c70b1804a1c7e6d57233
8077f1cebfaede81b5d357d29f8cd134c0c7b1b2
43c89988f68b0ebdf43ccada13f4ba15e0f6a923c685dbb264ff81353233bdff

HTTP Headers

GET /img.aapks.com/imgs/c/5/2/c52703582397b5c093d7a0133d445659_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: image/webp
content-length: 2884
last-modified: Sat, 11 Nov 2023 09:00:50 GMT
expires: Mon, 10 Nov 2025 21:00:50 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/c/5/2/c52703582397b5c093d7a0133d445659_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "5f3771af357fb1fa"
vary: Accept
x-nc: HIT arn 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/c/0/b/c0b5b0a8d7d57032c4ca468d50a832f2_icon.png?h=32

192.0.77.2

200 OK

722 B

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/c/0/b/c0b5b0a8d7d57032c4ca468d50a832f2_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
722 B (722 bytes)
Hash
38f2fb944f337d8a3e61698ba600b475
5f991f25b6c7123b8c8852dd8ad8ac046316acbe
1992f8fa4acb11eb0d373d0ce42ce69ee5cc01da658b9a05fe9a0e87a7b3cc72

HTTP Headers

GET /img.aapks.com/imgs/c/0/b/c0b5b0a8d7d57032c4ca468d50a832f2_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: image/webp
content-length: 722
last-modified: Tue, 14 Jun 2022 07:03:50 GMT
expires: Thu, 13 Jun 2024 19:03:50 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/c/0/b/c0b5b0a8d7d57032c4ca468d50a832f2_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "1e75d6b6ef397a03"
vary: Accept
x-nc: HIT arn 8
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/1/9/0/190017422d243e0bbfd0da3ca133f676_icon.png?h=32

192.0.77.2

200 OK

572 B

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/1/9/0/190017422d243e0bbfd0da3ca133f676_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
572 B (572 bytes)
Hash
a66c6316070ebccbd2629bd03a675a66
148d5728ca5e9ca92209b0c19b648b9983c931bd
2751a9b82a25a12c500f7f408a1ededd1b7a064d950b33c86cffaa464a94d7ea

HTTP Headers

GET /img.aapks.com/imgs/1/9/0/190017422d243e0bbfd0da3ca133f676_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: image/webp
content-length: 572
last-modified: Wed, 17 Aug 2022 13:18:08 GMT
expires: Sat, 17 Aug 2024 01:18:08 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/1/9/0/190017422d243e0bbfd0da3ca133f676_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "22a09a816dae7a10"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/1/7/c/17c65f9387735e0ca942de049fc7a561_icon.png?h=32

192.0.77.2

200 OK

832 B

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/1/7/c/17c65f9387735e0ca942de049fc7a561_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
832 B (832 bytes)
Hash
4be22edbb13e14f389152a1d91dd939b
5c9d427b1f5084eba5510df5b02ce2d026c342b3
4e25e61c5b5dd074daf679eb1701e309804407f44d852171c5f183350298e6d0

HTTP Headers

GET /img.aapks.com/imgs/1/7/c/17c65f9387735e0ca942de049fc7a561_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: image/webp
content-length: 832
last-modified: Sat, 20 Aug 2022 17:43:15 GMT
expires: Tue, 20 Aug 2024 05:43:15 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/1/7/c/17c65f9387735e0ca942de049fc7a561_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "5086ee1929bd987e"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

cameesse.net/1?z=6395364&oo=1&oaid=0080422411ec4da3eae37b21f1057fb7

139.45.197.242

200 OK

967 B

URL GET HTTP/2
cameesse.net/1?z=6395364&oo=1&oaid=0080422411ec4da3eae37b21f1057fb7
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JSON text data
Size
967 B (967 bytes)
Hash
87066db51320ebcc25b7b2b4970d9ca2
0e660219b516fa6df762c008cf4a65201bcdf5b6
ff4052934a3cfe621f995e8dd58d7561c2a28da4cf6bbaacd6748473472321f0

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=6395364&oo=1&oaid=0080422411ec4da3eae37b21f1057fb7 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Cookie: scm=1; OAID=040042bd138f458efd3b9f2a23647a90; oaidts=1713448275
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/json
content-length: 967
access-control-allow-credentials: true
access-control-allow-origin: https://aapks.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 43bd8ddacf5e2dadba18b6012a6c3cce
access-control-expose-headers: X-Sc
set-cookie: OAID=0080422411ec4da3eae37b21f1057fb7; expires=Fri, 18 Apr 2025 13:51:15 GMT; secure; SameSite=None
oaidts=1713448275; expires=Fri, 18 Apr 2025 13:51:15 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

aistekso.net/401/6395365?oo=1&oaid=0080422411ec4da3eae37b21f1057fb7&sw_version=v1.335.0

139.45.197.244

200 OK

1.6 kB

URL GET HTTP/2
aistekso.net/401/6395365?oo=1&oaid=0080422411ec4da3eae37b21f1057fb7&sw_version=v1.335.0
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT

File type
gzip compressed data, max speed, from Unix
Size
1.6 kB (1581 bytes)
Hash
8cdbc2fc82d022968a604543ed828d61
ddec81384b3a1fbbae8298167755ca7e8b32fd17
dba15ce1495d76ae6d31f830b14a2b73f0370d2ee8fb2817fe33de61fd8e8d63

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /401/6395365?oo=1&oaid=0080422411ec4da3eae37b21f1057fb7&sw_version=v1.335.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Cookie: OAID=030042602ba94b88f19785d84f6f452c
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/json
x-trace-id: d88322da5a7a12e275ed9240faac92f4
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://aapks.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=0080422411ec4da3eae37b21f1057fb7; expires=Fri, 18 Apr 2025 13:51:15 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

i1.wp.com/img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png?h=48

192.0.77.2

200 OK

1.2 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png?h=48
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.2 kB (1200 bytes)
Hash
7033c1c2f08a628c80e0556ef3a17fb4
bce8d6377e86c8c322470e8dc22bf5a98b4e7fe6
10e0c83a869936f6e8524614fb60f1f43feda924bbf482d317fc7d9e61cd66f5

HTTP Headers

GET /img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png?h=48 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: image/webp
content-length: 1200
last-modified: Wed, 10 Apr 2024 21:26:03 GMT
expires: Sat, 11 Apr 2026 09:26:03 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/2/0/e/20e395f16cbc389aa71a03f9dbcff6c1_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "e5d167ff86e799ef"
vary: Accept
x-nc: MISS arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aapks.com/
Content-Type: application/json
Content-Length: 388
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: b30ccb8669a77bcfcff367dcbb18ebfd
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

39 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
39 B (39 bytes)
Hash
058b158c2be925f556454ef762d93538
cc6fc563b4b6baee880fdbc7fcfaa134978e33c9
ff752c1c79bb2c0347c5a8b7f069fa2772047324dbbadf77d21cec4b26ee3881

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aapks.com/
Content-Type: application/json
Content-Length: 769
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/json; charset=utf-8
content-length: 39
x-trace-id: fae2244b7be2e97119469bce116393d0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

i1.wp.com/img.aapks.com/imgs/4/b/f/4bfb2cb58710df8c5dfd14c98ce1c3a9_icon.png?h=32

192.0.77.2

200 OK

2.3 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/4/b/f/4bfb2cb58710df8c5dfd14c98ce1c3a9_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.3 kB (2288 bytes)
Hash
ee7e211e834fd1b25793795e860741b0
0d5f2e25c338b7c5a32ea33cdc4c91d7d6d342c2
87abf6dd322d320a2ba6c2cd344408425119dba54a96fe9b557ad3fa5f9201db

HTTP Headers

GET /img.aapks.com/imgs/4/b/f/4bfb2cb58710df8c5dfd14c98ce1c3a9_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: image/webp
content-length: 2288
last-modified: Tue, 16 Apr 2024 11:05:28 GMT
expires: Thu, 16 Apr 2026 23:05:28 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/4/b/f/4bfb2cb58710df8c5dfd14c98ce1c3a9_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "d1119f5e20719581"
vary: Accept
x-nc: HIT arn 4
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a

139.45.197.242

200 OK

131 kB

URL GET HTTP/2
cameesse.net/27/7552beb94fc0bdff7bbb33cad3d1ab0a
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JavaScript source, ASCII text, with very long lines (65523)
Size
131 kB (130581 bytes)
Hash
297cc248309ba835cf13a1f82fd3f938
1e6f51ce257a0ee53e25280dd44092ed33339847
b2ba9d8b2216d22f8f31a594bc22ee21f60e2b539474a650be1e87dea87d5ed7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /27/7552beb94fc0bdff7bbb33cad3d1ab0a HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Cookie: scm=1; OAID=0080422411ec4da3eae37b21f1057fb7; oaidts=1713448275
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 53bf075f88aeb35274ff9df3e2bcc930
cache-control: max-age:290304000, public
last-modified: Tue, 09 Apr 2024 03:16:58 GMT
expires: Tue, 09 May 2084 03:16:58 GMT
access-control-expose-headers: X-Sc
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

moonoafy.net/event

139.45.197.250

200 OK

94 B

URL OPTIONS HTTP/2
moonoafy.net/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
553b8dde4075ea377361aa232431c8ec
c3803dfeec22cb01565ed73f14ce68a965b5bad9
e7eabdecbd9bd309edee62bbe7cffbdccef9830fe8d5618fa30b99b0fccc7893

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aapks.com/
Content-Type: application/json
Content-Length: 1773
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

aistekso.net/500/6395365?excludes=&oaid=0080422411ec4da3eae37b21f1057fb7&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0

139.45.197.244

200 OK

0 B

URL OPTIONS HTTP/2
aistekso.net/500/6395365?excludes=&oaid=0080422411ec4da3eae37b21f1057fb7&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6395365?excludes=&oaid=0080422411ec4da3eae37b21f1057fb7&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://aapks.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
84712cda15a814d6c8a294d4b15bedd3
4142ed40ca25b5089f1a28d277e705ae07f339fa
b24e84411d5efc223ffc98311ec9651898b193241e6d0cfd09bf60e445e0498a

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aapks.com/
Content-Type: application/json
Content-Length: 527
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=df2af37f-c8df-4c63-9085-fa817d2330c6

139.45.195.254

200 OK

12 B

URL POST HTTP/1.1
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=df2af37f-c8df-4c63-9085-fa817d2330c6
IP
139.45.195.254:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subjectfleraprt.com
Fingerprint32:DB:C5:24:21:ED:1D:C3:40:C3:46:9F:CF:EE:98:4D:72:29:4C:3C
ValidityTue, 09 Jan 2024 00:00:00 GMT - Mon, 13 Jan 2025 23:59:59 GMT

File type
JSON text data
Size
12 B (12 bytes)
Hash
adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f&ruid=df2af37f-c8df-4c63-9085-fa817d2330c6 HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1764
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Thu, 18 Apr 2024 13:51:15 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://aapks.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true

cameesse.net/9?z=6395364&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&oaid=0080422411ec4da3eae37b21f1057fb7

139.45.197.242

200 OK

0 B

URL POST HTTP/2
cameesse.net/9?z=6395364&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&oaid=0080422411ec4da3eae37b21f1057fb7
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /9?z=6395364&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&oaid=0080422411ec4da3eae37b21f1057fb7 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://aapks.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

gishejuy.com/500/6395363?excludes=&oaid=0080422411ec4da3eae37b21f1057fb7&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0

139.45.197.242

200 OK

0 B

URL GET HTTP/2
gishejuy.com/500/6395363?excludes=&oaid=0080422411ec4da3eae37b21f1057fb7&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6395363?excludes=&oaid=0080422411ec4da3eae37b21f1057fb7&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://aapks.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

my.rtmark.net/gid.js?pub=0&userId=2ef819bfb202473a892578fa5e7aea14&zoneId=6395366&checkDuplicate=true&ymid=&var=

139.45.195.8

200 OK

65 B

URL GET HTTP/2
my.rtmark.net/gid.js?pub=0&userId=2ef819bfb202473a892578fa5e7aea14&zoneId=6395366&checkDuplicate=true&ymid=&var=
IP
139.45.195.8:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectrtmark.net
FingerprintDB:C0:8B:64:1C:E3:2A:9C:B9:04:0D:F3:6F:5A:E0:35:F4:C7:75:CC
ValiditySat, 02 Mar 2024 21:53:43 GMT - Fri, 31 May 2024 21:53:42 GMT

File type
JSON text data
Size
65 B (65 bytes)
Hash
078234a059dfae01da920db996d22468
cd0c75328718f6049840af2ffe2014d82b6f17a2
77b0b660d4268826fa251eeb9c25dd3759d4fe5312a21a688581c78e1771b183

HTTP Headers

GET /gid.js?pub=0&userId=2ef819bfb202473a892578fa5e7aea14&zoneId=6395366&checkDuplicate=true&ymid=&var= HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Cookie: ID=0080422411ec4da3eae37b21f1057fb7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://aapks.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=0080422411ec4da3eae37b21f1057fb7; expires=Fri, 18 Apr 2025 13:51:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

cameesse.net/11?rnd=2628024177&z=6395364&b=20554763&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=fGOGaerXqmyO6F89iyfQXGWDYgPF7Qvc1gEvinsR1DlT4PKW9gAkE-mEqxo7zRlp4W4iFQCD70-zAeRpOrt3GHA1-Vcb0Jc3RZIOQyc8Qo6eOcianNyfL0_vbQB78gyPG7RjtF2psWKdB1Ajgee1uDQWMedLdRB7Wz6Dj5r5kEL76aIYyMb1h3JQwisjq-AqFzT_S84H_ARl88gMIWEoSLsBMgNXQzs9BQfGHhm-E0tCf2KYLkqVQ4jQPSomA8k0bUo6hh2FtTddb0oIrWdNQwb6MeCeQCBrkO1N6Bwz5DsBSBpmG1ln02t2MEtUMv4w4uHgbBqC119e8YHIK62a78oe12bgwiic1PCVkJxvj0nRxuaV8rjnGsd45BdMj2QNOd_RnJ27GmkweF3dXVvq2Qc4ON29MxClRBaxmeTHS0ZfeWP2eyYgb6kdwZHgU2P_ABawuJaM0GElkiMgJHid3kgdIBO8L6rCMsnV9FqvFZC4456rrvxiutIjt0JM1puH2NGolJKkwlV621TcTALmsvUdDq1DSkG0DyEQ7XqE9cWP14aDD7tQ6JumEk_U_7FgeyXSyHf2zLBLm4uzZ2L2QiCszx1xu6Zo8TtjcpJhqe8GhMtiPvihQVNfYN39hySC3fjluuZ0Mr2bHgzWmYCO_jzJywKFbBrzErJPJLL6O32JYaVnPOGEuQ7rkJJAkN3AMiALp4AxscY6E80Jl8WtLlpAu46uFkr4GtnzsA==&ruid=928a0f33-1a87-4de5-8430-8da79264a4bc&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ot=78

139.45.197.242

200 OK

0 B

URL GET HTTP/2
cameesse.net/11?rnd=2628024177&z=6395364&b=20554763&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=fGOGaerXqmyO6F89iyfQXGWDYgPF7Qvc1gEvinsR1DlT4PKW9gAkE-mEqxo7zRlp4W4iFQCD70-zAeRpOrt3GHA1-Vcb0Jc3RZIOQyc8Qo6eOcianNyfL0_vbQB78gyPG7RjtF2psWKdB1Ajgee1uDQWMedLdRB7Wz6Dj5r5kEL76aIYyMb1h3JQwisjq-AqFzT_S84H_ARl88gMIWEoSLsBMgNXQzs9BQfGHhm-E0tCf2KYLkqVQ4jQPSomA8k0bUo6hh2FtTddb0oIrWdNQwb6MeCeQCBrkO1N6Bwz5DsBSBpmG1ln02t2MEtUMv4w4uHgbBqC119e8YHIK62a78oe12bgwiic1PCVkJxvj0nRxuaV8rjnGsd45BdMj2QNOd_RnJ27GmkweF3dXVvq2Qc4ON29MxClRBaxmeTHS0ZfeWP2eyYgb6kdwZHgU2P_ABawuJaM0GElkiMgJHid3kgdIBO8L6rCMsnV9FqvFZC4456rrvxiutIjt0JM1puH2NGolJKkwlV621TcTALmsvUdDq1DSkG0DyEQ7XqE9cWP14aDD7tQ6JumEk_U_7FgeyXSyHf2zLBLm4uzZ2L2QiCszx1xu6Zo8TtjcpJhqe8GhMtiPvihQVNfYN39hySC3fjluuZ0Mr2bHgzWmYCO_jzJywKFbBrzErJPJLL6O32JYaVnPOGEuQ7rkJJAkN3AMiALp4AxscY6E80Jl8WtLlpAu46uFkr4GtnzsA==&ruid=928a0f33-1a87-4de5-8430-8da79264a4bc&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ot=78
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /11?rnd=2628024177&z=6395364&b=20554763&var=&varid=0&rqtdbc=1&rcvdbc=1&btp=7&rb=fGOGaerXqmyO6F89iyfQXGWDYgPF7Qvc1gEvinsR1DlT4PKW9gAkE-mEqxo7zRlp4W4iFQCD70-zAeRpOrt3GHA1-Vcb0Jc3RZIOQyc8Qo6eOcianNyfL0_vbQB78gyPG7RjtF2psWKdB1Ajgee1uDQWMedLdRB7Wz6Dj5r5kEL76aIYyMb1h3JQwisjq-AqFzT_S84H_ARl88gMIWEoSLsBMgNXQzs9BQfGHhm-E0tCf2KYLkqVQ4jQPSomA8k0bUo6hh2FtTddb0oIrWdNQwb6MeCeQCBrkO1N6Bwz5DsBSBpmG1ln02t2MEtUMv4w4uHgbBqC119e8YHIK62a78oe12bgwiic1PCVkJxvj0nRxuaV8rjnGsd45BdMj2QNOd_RnJ27GmkweF3dXVvq2Qc4ON29MxClRBaxmeTHS0ZfeWP2eyYgb6kdwZHgU2P_ABawuJaM0GElkiMgJHid3kgdIBO8L6rCMsnV9FqvFZC4456rrvxiutIjt0JM1puH2NGolJKkwlV621TcTALmsvUdDq1DSkG0DyEQ7XqE9cWP14aDD7tQ6JumEk_U_7FgeyXSyHf2zLBLm4uzZ2L2QiCszx1xu6Zo8TtjcpJhqe8GhMtiPvihQVNfYN39hySC3fjluuZ0Mr2bHgzWmYCO_jzJywKFbBrzErJPJLL6O32JYaVnPOGEuQ7rkJJAkN3AMiALp4AxscY6E80Jl8WtLlpAu46uFkr4GtnzsA==&ruid=928a0f33-1a87-4de5-8430-8da79264a4bc&ng=0&ix=0&pt=0&np=0&gp=5&bp=4&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&wy=0&wx=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=1&sah=1024&drf=&hil=1&ist=0&ot=78 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Cookie: scm=1; OAID=0080422411ec4da3eae37b21f1057fb7; oaidts=1713448275
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: image/jpeg
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://aapks.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 7d381617762098c9ca8e86c445f99619
access-control-expose-headers: X-Sc
set-cookie: OAID=0080422411ec4da3eae37b21f1057fb7; expires=Fri, 18 Apr 2025 13:51:15 GMT; secure; SameSite=None
oaidts=1713448275; expires=Fri, 18 Apr 2025 13:51:15 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

0 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

offerimage.com/www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg

104.22.33.172

200 OK

12 kB

URL GET HTTP/2
offerimage.com/www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
12 kB (11455 bytes)
Hash
59d005e99dabed8d7a753617b9dfe4d6
5b4b05e20f8496be4f1f8d9e93adc1e1ccfbe383
d09719c31f8376e40f2a23e1e9833214527ec837e61e2e715752d58a1154bd31

HTTP Headers

GET /www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: image/jpeg
content-length: 11455
cache-control: max-age=86400
cf-bgj: h2pri
etag: "631844d9-2cbf"
expires: Thu, 18 Apr 2024 17:39:09 GMT
last-modified: Wed, 07 Sep 2022 07:14:33 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 72726
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 876520ebbe2692b5-CPH
X-Firefox-Spdy: h2

amunfezanttor.com/event

139.45.197.250

200 OK

94 B

URL POST HTTP/2
amunfezanttor.com/event
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectamunfezanttor.com
FingerprintAB:2C:60:54:FF:D7:D6:23:0E:87:1A:98:EC:94:B3:9B:29:1A:F3:AA
ValidityWed, 10 Apr 2024 19:04:12 GMT - Tue, 09 Jul 2024 19:04:11 GMT

File type
JSON text data
Size
94 B (94 bytes)
Hash
5ec4e8eec299ccb80c7a837b1de46535
039032177fc74ae49a3abc9820a3a1c279547022
505176b4a6cb5b881cd3e2106094a5b6607031dd013f677f37ea3236f9dfacc4

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /event HTTP/1.1
Host: amunfezanttor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aapks.com/
Content-Type: application/json
Content-Length: 527
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/json; charset=utf-8
content-length: 94
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

moonoafy.net/custom

139.45.197.250

200 OK

0 B

URL OPTIONS HTTP/2
moonoafy.net/custom
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /custom HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2

moonoafy.net/pfe/current/universal.min.js?v=3.1.500

139.45.197.250

200 OK

34 kB

URL GET HTTP/2
moonoafy.net/pfe/current/universal.min.js?v=3.1.500
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
gzip compressed data, max speed, from Unix
Size
34 kB (33750 bytes)
Hash
f0795cb8cb5633ecaf5c3140b629d917
2d1f20ce5f41a2d9981a183d290b3231b24a903c
e99245a8119076aabd1b94e6659a89602abf5bc7f6307d344ebdaeb3cfa31441

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/universal.min.js?v=3.1.500 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 15:56:42 GMT
etag: W/"661e9fba-15c93"
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

interbuzznews.com/?l=FjRUkS19wUvwzxr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D709300561%26z%3D6395364%26b%3D20554763%26c%3D8014413%26var%3D%26varid%3D0%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D2265%2526key%253Dae7c6e37acb2af365375447fdcbca2a0%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfGOGaerXqmyO6F89iyfQXGWDYgPF7Qvc1gEvinsR1DlT4PKW9gAkE-mEqxo7zRlp4W4iFQCD70-zAeRpOrt3GHA1-Vcb0Jc3RZIOQyc8Qo6eOcianNyfL0_vbQB78gyPG7RjtF2psWKdB1Ajgee1uDQWMedLdRB7Wz6Dj5r5kEL76aIYyMb1h3JQwisjq-AqFzT_S84H_ARl88gMIWEoSLsBMgNXQzs9BQfGHhm-E0tCf2KYLkqVQ4jQPSomA8k0bUo6hh2FtTddb0oIrWdNQwb6MeCeQCBrkO1N6Bwz5DsBSBpmG1ln02t2MEtUMv4w4uHgbBqC119e8YHIK62a78oe12bgwiic1PCVkJxvj0nRxuaV8rjnGsd45BdMj2QNOd_RnJ27GmkweF3dXVvq2Qc4ON29MxClRBaxmeTHS0ZfeWP2eyYgb6kdwZHgU2P_ABawuJaM0GElkiMgJHid3kgdIBO8L6rCMsnV9FqvFZC4456rrvxiutIjt0JM1puH2NGolJKkwlV621TcTALmsvUdDq1DSkG0DyEQ7XqE9cWP14aDD7tQ6JumEk_U_7FgeyXSyHf2zLBLm4uzZ2L2QiCszx1xu6Zo8TtjcpJhqe8GhMtiPvihQVNfYN39hySC3fjluuZ0Mr2bHgzWmYCO_jzJywKFbBrzErJPJLL6O32JYaVnPOGEuQ7rkJJAkN3AMiALp4AxscY6E80Jl8WtLlpAu46uFkr4GtnzsA%3D%3D%26bag%3DXC_NdiERrzCB43Jo38Cu1w%3D%3D%26ruid%3D928a0f33-1a87-4de5-8430-8da79264a4bc%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Faapks.com%252Fapk%252Fvalida-mais%252Fversion%252F52827122%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D1%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1

139.45.197.154

200 OK

25 kB

URL GET HTTP/2
interbuzznews.com/?l=FjRUkS19wUvwzxr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D709300561%26z%3D6395364%26b%3D20554763%26c%3D8014413%26var%3D%26varid%3D0%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D2265%2526key%253Dae7c6e37acb2af365375447fdcbca2a0%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfGOGaerXqmyO6F89iyfQXGWDYgPF7Qvc1gEvinsR1DlT4PKW9gAkE-mEqxo7zRlp4W4iFQCD70-zAeRpOrt3GHA1-Vcb0Jc3RZIOQyc8Qo6eOcianNyfL0_vbQB78gyPG7RjtF2psWKdB1Ajgee1uDQWMedLdRB7Wz6Dj5r5kEL76aIYyMb1h3JQwisjq-AqFzT_S84H_ARl88gMIWEoSLsBMgNXQzs9BQfGHhm-E0tCf2KYLkqVQ4jQPSomA8k0bUo6hh2FtTddb0oIrWdNQwb6MeCeQCBrkO1N6Bwz5DsBSBpmG1ln02t2MEtUMv4w4uHgbBqC119e8YHIK62a78oe12bgwiic1PCVkJxvj0nRxuaV8rjnGsd45BdMj2QNOd_RnJ27GmkweF3dXVvq2Qc4ON29MxClRBaxmeTHS0ZfeWP2eyYgb6kdwZHgU2P_ABawuJaM0GElkiMgJHid3kgdIBO8L6rCMsnV9FqvFZC4456rrvxiutIjt0JM1puH2NGolJKkwlV621TcTALmsvUdDq1DSkG0DyEQ7XqE9cWP14aDD7tQ6JumEk_U_7FgeyXSyHf2zLBLm4uzZ2L2QiCszx1xu6Zo8TtjcpJhqe8GhMtiPvihQVNfYN39hySC3fjluuZ0Mr2bHgzWmYCO_jzJywKFbBrzErJPJLL6O32JYaVnPOGEuQ7rkJJAkN3AMiALp4AxscY6E80Jl8WtLlpAu46uFkr4GtnzsA%3D%3D%26bag%3DXC_NdiERrzCB43Jo38Cu1w%3D%3D%26ruid%3D928a0f33-1a87-4de5-8430-8da79264a4bc%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Faapks.com%252Fapk%252Fvalida-mais%252Fversion%252F52827122%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D1%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
IP
139.45.197.154:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectinterbuzznews.com
Fingerprint68:C3:B4:C2:C5:45:68:EC:5F:B6:2A:10:57:7A:F8:2B:94:11:B7:F0
ValidityThu, 29 Feb 2024 05:14:58 GMT - Wed, 29 May 2024 05:14:57 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1554)
Size
25 kB (24700 bytes)
Hash
71813adaa743fd51cc76f4a87c4a5a32
1c6c4c9f07a279dd87c4936d945755f9a14a7d39
97d524e0f4294acdd6e18004fb89fc02cf44686c041724c7782005711efa0f41

HTTP Headers

GET /?l=FjRUkS19wUvwzxr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D709300561%26z%3D6395364%26b%3D20554763%26c%3D8014413%26var%3D%26varid%3D0%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D2265%2526key%253Dae7c6e37acb2af365375447fdcbca2a0%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfGOGaerXqmyO6F89iyfQXGWDYgPF7Qvc1gEvinsR1DlT4PKW9gAkE-mEqxo7zRlp4W4iFQCD70-zAeRpOrt3GHA1-Vcb0Jc3RZIOQyc8Qo6eOcianNyfL0_vbQB78gyPG7RjtF2psWKdB1Ajgee1uDQWMedLdRB7Wz6Dj5r5kEL76aIYyMb1h3JQwisjq-AqFzT_S84H_ARl88gMIWEoSLsBMgNXQzs9BQfGHhm-E0tCf2KYLkqVQ4jQPSomA8k0bUo6hh2FtTddb0oIrWdNQwb6MeCeQCBrkO1N6Bwz5DsBSBpmG1ln02t2MEtUMv4w4uHgbBqC119e8YHIK62a78oe12bgwiic1PCVkJxvj0nRxuaV8rjnGsd45BdMj2QNOd_RnJ27GmkweF3dXVvq2Qc4ON29MxClRBaxmeTHS0ZfeWP2eyYgb6kdwZHgU2P_ABawuJaM0GElkiMgJHid3kgdIBO8L6rCMsnV9FqvFZC4456rrvxiutIjt0JM1puH2NGolJKkwlV621TcTALmsvUdDq1DSkG0DyEQ7XqE9cWP14aDD7tQ6JumEk_U_7FgeyXSyHf2zLBLm4uzZ2L2QiCszx1xu6Zo8TtjcpJhqe8GhMtiPvihQVNfYN39hySC3fjluuZ0Mr2bHgzWmYCO_jzJywKFbBrzErJPJLL6O32JYaVnPOGEuQ7rkJJAkN3AMiALp4AxscY6E80Jl8WtLlpAu46uFkr4GtnzsA%3D%3D%26bag%3DXC_NdiERrzCB43Jo38Cu1w%3D%3D%26ruid%3D928a0f33-1a87-4de5-8430-8da79264a4bc%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Faapks.com%252Fapk%252Fvalida-mais%252Fversion%252F52827122%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D1%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1 HTTP/1.1
Host: interbuzznews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=9KOGW_d3UqkyWLXYtbA7nuTvfbnlJpLB0L9zK57rjg8; expires=Thu, 18-Apr-2024 14:51:15 GMT; Max-Age=3600; path=/
OAID=8393a8cd3b80a6d99514f162ee03783d; expires=Sat, 05-Aug-2079 03:42:30 GMT; Max-Age=1744984275; path=/
oaidts=1713448275; expires=Sat, 05-Aug-2079 03:42:30 GMT; Max-Age=1744984275; path=/
syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br
X-Firefox-Spdy: h2

interbuzznews.com/contents/s/f3/8b/e0/b625632c35fc2301ef77e261c4/0771829532841.jpeg

139.45.197.154

200 OK

55 kB

URL GET HTTP/2
interbuzznews.com/contents/s/f3/8b/e0/b625632c35fc2301ef77e261c4/0771829532841.jpeg
IP
139.45.197.154:443
ASN
#9002 RETN Limited

Requested by
https://interbuzznews.com/?l=FjRUkS19wUvwzxr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D709300561%26z%3D6395364%26b%3D20554763%26c%3D8014413%26var%3D%26varid%3D0%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D2265%2526key%253Dae7c6e37acb2af365375447fdcbca2a0%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfGOGaerXqmyO6F89iyfQXGWDYgPF7Qvc1gEvinsR1DlT4PKW9gAkE-mEqxo7zRlp4W4iFQCD70-zAeRpOrt3GHA1-Vcb0Jc3RZIOQyc8Qo6eOcianNyfL0_vbQB78gyPG7RjtF2psWKdB1Ajgee1uDQWMedLdRB7Wz6Dj5r5kEL76aIYyMb1h3JQwisjq-AqFzT_S84H_ARl88gMIWEoSLsBMgNXQzs9BQfGHhm-E0tCf2KYLkqVQ4jQPSomA8k0bUo6hh2FtTddb0oIrWdNQwb6MeCeQCBrkO1N6Bwz5DsBSBpmG1ln02t2MEtUMv4w4uHgbBqC119e8YHIK62a78oe12bgwiic1PCVkJxvj0nRxuaV8rjnGsd45BdMj2QNOd_RnJ27GmkweF3dXVvq2Qc4ON29MxClRBaxmeTHS0ZfeWP2eyYgb6kdwZHgU2P_ABawuJaM0GElkiMgJHid3kgdIBO8L6rCMsnV9FqvFZC4456rrvxiutIjt0JM1puH2NGolJKkwlV621TcTALmsvUdDq1DSkG0DyEQ7XqE9cWP14aDD7tQ6JumEk_U_7FgeyXSyHf2zLBLm4uzZ2L2QiCszx1xu6Zo8TtjcpJhqe8GhMtiPvihQVNfYN39hySC3fjluuZ0Mr2bHgzWmYCO_jzJywKFbBrzErJPJLL6O32JYaVnPOGEuQ7rkJJAkN3AMiALp4AxscY6E80Jl8WtLlpAu46uFkr4GtnzsA%3D%3D%26bag%3DXC_NdiERrzCB43Jo38Cu1w%3D%3D%26ruid%3D928a0f33-1a87-4de5-8430-8da79264a4bc%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Faapks.com%252Fapk%252Fvalida-mais%252Fversion%252F52827122%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D1%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
Certificate
IssuerLet's Encrypt
Subjectinterbuzznews.com
Fingerprint68:C3:B4:C2:C5:45:68:EC:5F:B6:2A:10:57:7A:F8:2B:94:11:B7:F0
ValidityThu, 29 Feb 2024 05:14:58 GMT - Wed, 29 May 2024 05:14:57 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 492x328, components 3
Size
55 kB (54692 bytes)
Hash
f38be0b625632c35fc2301ef77e261c4
41b93bf3cc7e30bb6283688a4b6336448cae8249
a98789c1832dc0616972f2cac4dc0f44001bea5020bab4087b457125ef758c60

HTTP Headers

GET /contents/s/f3/8b/e0/b625632c35fc2301ef77e261c4/0771829532841.jpeg HTTP/1.1
Host: interbuzznews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbuzznews.com/?l=FjRUkS19wUvwzxr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D709300561%26z%3D6395364%26b%3D20554763%26c%3D8014413%26var%3D%26varid%3D0%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D2265%2526key%253Dae7c6e37acb2af365375447fdcbca2a0%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfGOGaerXqmyO6F89iyfQXGWDYgPF7Qvc1gEvinsR1DlT4PKW9gAkE-mEqxo7zRlp4W4iFQCD70-zAeRpOrt3GHA1-Vcb0Jc3RZIOQyc8Qo6eOcianNyfL0_vbQB78gyPG7RjtF2psWKdB1Ajgee1uDQWMedLdRB7Wz6Dj5r5kEL76aIYyMb1h3JQwisjq-AqFzT_S84H_ARl88gMIWEoSLsBMgNXQzs9BQfGHhm-E0tCf2KYLkqVQ4jQPSomA8k0bUo6hh2FtTddb0oIrWdNQwb6MeCeQCBrkO1N6Bwz5DsBSBpmG1ln02t2MEtUMv4w4uHgbBqC119e8YHIK62a78oe12bgwiic1PCVkJxvj0nRxuaV8rjnGsd45BdMj2QNOd_RnJ27GmkweF3dXVvq2Qc4ON29MxClRBaxmeTHS0ZfeWP2eyYgb6kdwZHgU2P_ABawuJaM0GElkiMgJHid3kgdIBO8L6rCMsnV9FqvFZC4456rrvxiutIjt0JM1puH2NGolJKkwlV621TcTALmsvUdDq1DSkG0DyEQ7XqE9cWP14aDD7tQ6JumEk_U_7FgeyXSyHf2zLBLm4uzZ2L2QiCszx1xu6Zo8TtjcpJhqe8GhMtiPvihQVNfYN39hySC3fjluuZ0Mr2bHgzWmYCO_jzJywKFbBrzErJPJLL6O32JYaVnPOGEuQ7rkJJAkN3AMiALp4AxscY6E80Jl8WtLlpAu46uFkr4GtnzsA%3D%3D%26bag%3DXC_NdiERrzCB43Jo38Cu1w%3D%3D%26ruid%3D928a0f33-1a87-4de5-8430-8da79264a4bc%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Faapks.com%252Fapk%252Fvalida-mais%252Fversion%252F52827122%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D1%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:16 GMT
content-type: image/jpeg
content-length: 54692
last-modified: Fri, 24 Jun 2022 08:16:52 GMT
vary: Accept-Encoding
etag: "62b572f4-d5a4"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

i1.wp.com/img.aapks.com/imgs/a/2/5/a25c0a49dd7ac50eb88cc82802ed7885_icon.jpg?h=32

192.0.77.2

200 OK

418 B

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/a/2/5/a25c0a49dd7ac50eb88cc82802ed7885_icon.jpg?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 32x32, Scaling: [none]x[none], YUV color, decoders should clamp
Size
418 B (418 bytes)
Hash
1180604dc625f4b8aca3251804aabd85
32e5121e6253952dd3a818fcac16c41a4f7c8c42
41cd587d9a6fb4bc6bb5a5aecd7f2f889ff9a57a4c4235f6186ad80d1e61ecb6

HTTP Headers

GET /img.aapks.com/imgs/a/2/5/a25c0a49dd7ac50eb88cc82802ed7885_icon.jpg?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:16 GMT
content-type: image/webp
content-length: 418
last-modified: Tue, 16 Apr 2024 11:06:48 GMT
expires: Thu, 16 Apr 2026 23:06:48 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/a/2/5/a25c0a49dd7ac50eb88cc82802ed7885_icon.jpg>; rel="canonical"
x-content-type-options: nosniff
etag: "b0bff2294d27e7d4"
vary: Accept
x-nc: HIT arn 6
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/9/e/3/9e314525024e8fef3ff4bc5a8d5cc00a_icon.png?h=32

192.0.77.2

200 OK

1.6 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/9/e/3/9e314525024e8fef3ff4bc5a8d5cc00a_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.6 kB (1556 bytes)
Hash
94491411fcb7046c396083720d8f5cd1
ed9c407a889d29b0fea05424da7ca48caf1e75d6
f8c898194135ddd9ea5a691586752f6bb13e46d408d911a1133d014d17a14cb1

HTTP Headers

GET /img.aapks.com/imgs/9/e/3/9e314525024e8fef3ff4bc5a8d5cc00a_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:16 GMT
content-type: image/webp
content-length: 1556
last-modified: Tue, 16 Apr 2024 10:08:55 GMT
expires: Thu, 16 Apr 2026 22:08:55 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/9/e/3/9e314525024e8fef3ff4bc5a8d5cc00a_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "0c0f90f58ab21efe"
vary: Accept
x-nc: HIT arn 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/2/9/d/29d5e3e1e078815105d212c8b737ef77_icon.png?h=32

192.0.77.2

200 OK

2.0 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/2/9/d/29d5e3e1e078815105d212c8b737ef77_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.0 kB (2030 bytes)
Hash
8f4ff2de08df146b80b5a1d64f5e03a4
d933352648c67229516014bf462e9a87218a5812
081be52bea24e33a92428180bd57ff2eeedf9a69d5afbe0ff92a2f18a3bf6ba3

HTTP Headers

GET /img.aapks.com/imgs/2/9/d/29d5e3e1e078815105d212c8b737ef77_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:16 GMT
content-type: image/webp
content-length: 2030
last-modified: Tue, 16 Apr 2024 10:08:55 GMT
expires: Thu, 16 Apr 2026 22:08:55 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/2/9/d/29d5e3e1e078815105d212c8b737ef77_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "7a7259309e1b7590"
vary: Accept
x-nc: HIT arn 4
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/installer-modded-google-play/6/6/e/66e8a871a4ce2b7955bfc29955f896c1_icon.png?h=32

192.0.77.2

404 Not Found

3.8 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/installer-modded-google-play/6/6/e/66e8a871a4ce2b7955bfc29955f896c1_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
data
Size
3.8 kB (3797 bytes)
Hash
27446c4de0a647f99bdac86809dbcb60
90b5d41c6a5a4dc0a0f0532df4fe2620474af7a5
86d48d7bb552c22d4009889ae73825f6a0fa386551435cf6e4a5aef1b28b6f1a

HTTP Headers

GET /img.aapks.com/installer-modded-google-play/6/6/e/66e8a871a4ce2b7955bfc29955f896c1_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 404 Not Found
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: text/html; charset=utf-8
x-nc: EXPIRED arn 5
alt-svc: h3=":443"; ma=86400

i1.wp.com/img.aapks.com/imgs/6/2/f/62f021fcf4115f9012ac9f89a19d3e9f_icon.png?h=48

192.0.77.2

200 OK

2.2 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/6/2/f/62f021fcf4115f9012ac9f89a19d3e9f_icon.png?h=48
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.2 kB (2218 bytes)
Hash
1de426ea702c04933706b5dfa06f8823
1cac7dac89cfb54593673abed57354b40e5f6a2c
2cfb377c2afaabb087bdcdba183803f3205a8e178ff7808bf6e8ce8934814209

HTTP Headers

GET /img.aapks.com/imgs/6/2/f/62f021fcf4115f9012ac9f89a19d3e9f_icon.png?h=48 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:16 GMT
content-type: image/webp
content-length: 2218
last-modified: Sun, 18 Feb 2024 13:46:18 GMT
expires: Wed, 18 Feb 2026 01:46:18 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/6/2/f/62f021fcf4115f9012ac9f89a19d3e9f_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "5a0f4d6750618594"
vary: Accept
x-nc: MISS arn 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/c/2/3/c231bfbed1e6e2d36dfdfd6a93f35d7d_icon.png?h=48

192.0.77.2

200 OK

3.6 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/c/2/3/c231bfbed1e6e2d36dfdfd6a93f35d7d_icon.png?h=48
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
3.6 kB (3560 bytes)
Hash
7f9872caee27eda3a77e3e67251faa53
904004269f33b8b8de98f55c98527e12b19529b0
962301bafebb28b9711d69f8eba7e8904fd9baec8a7e3258ed9731c18c259bb3

HTTP Headers

GET /img.aapks.com/imgs/c/2/3/c231bfbed1e6e2d36dfdfd6a93f35d7d_icon.png?h=48 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:16 GMT
content-type: image/webp
content-length: 3560
last-modified: Thu, 18 Apr 2024 13:51:16 GMT
expires: Sun, 19 Apr 2026 01:51:16 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/c/2/3/c231bfbed1e6e2d36dfdfd6a93f35d7d_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "6a648e36693efdb0"
vary: Accept
x-nc: MISS arn 5
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/9/0/4/904c89a4b91a292327daa1c4c5157153_icon.png?h=48

192.0.77.2

200 OK

1.7 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/9/0/4/904c89a4b91a292327daa1c4c5157153_icon.png?h=48
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.7 kB (1658 bytes)
Hash
cfe8428fbb8ed541cee25aca55df7b93
8065bd0520519894e843dfd71e4abf2196ba22bc
592dedfb17c8215801234df0b3197a3578a07ac8c83c307011af0a00d58af9dd

HTTP Headers

GET /img.aapks.com/imgs/9/0/4/904c89a4b91a292327daa1c4c5157153_icon.png?h=48 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:16 GMT
content-type: image/webp
content-length: 1658
last-modified: Thu, 18 Apr 2024 13:51:16 GMT
expires: Sun, 19 Apr 2026 01:51:16 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/9/0/4/904c89a4b91a292327daa1c4c5157153_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "aa0134ea2157c0ea"
vary: Accept
x-nc: MISS arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

gishejuy.com/400/6395363?oo=1&oaid=0080422411ec4da3eae37b21f1057fb7&sw_version=v1.335.0

139.45.197.242

200 OK

3.0 kB

URL GET HTTP/2
gishejuy.com/400/6395363?oo=1&oaid=0080422411ec4da3eae37b21f1057fb7&sw_version=v1.335.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
gzip compressed data, max speed, from Unix
Size
3.0 kB (2962 bytes)
Hash
8a98b14dea599a269b638e88dcab01fc
b1093d20c5c9d59cc6314d0aa5fec74fa297f67a
380904dab6a302eb406561d2b0b785b93de2321123f02b840cd563472a165a73

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/6395363?oo=1&oaid=0080422411ec4da3eae37b21f1057fb7&sw_version=v1.335.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Cookie: OAID=03004292c544449aed3fc3e7dd53dbd8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/json
x-trace-id: 4011a785968223fe04762a6f5d2cc225
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://aapks.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=0080422411ec4da3eae37b21f1057fb7; expires=Fri, 18 Apr 2025 13:51:15 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

i1.wp.com/img.aapks.com/imgs/7/7/b/77bf89d910baf0c47d52de8a10b1eafd_icon.png?h=32

192.0.77.2

200 OK

2.3 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/7/7/b/77bf89d910baf0c47d52de8a10b1eafd_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.3 kB (2278 bytes)
Hash
31c9792a7064f4569843f75469f1586d
6eb360296e4853e6ccaade1d93de58f02ad0ce57
153d2b9f9d7fb6f837fe16bf3ec1d681dab598e1a348a31497d89d1e1a4365b5

HTTP Headers

GET /img.aapks.com/imgs/7/7/b/77bf89d910baf0c47d52de8a10b1eafd_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:16 GMT
content-type: image/webp
content-length: 2278
last-modified: Tue, 16 Apr 2024 10:08:56 GMT
expires: Thu, 16 Apr 2026 22:08:56 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/7/7/b/77bf89d910baf0c47d52de8a10b1eafd_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "c7e24ec03399b67a"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/6/f/3/6f3c175c1270a3cc32cd6307b20d5994_icon.png?h=32

192.0.77.2

200 OK

958 B

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/6/f/3/6f3c175c1270a3cc32cd6307b20d5994_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
958 B (958 bytes)
Hash
e5e364f4c3d858526b02cf9f4150bcaa
2ef2c72f5822e0ea63ee727df6e877acfdc73720
cd9d32b305fa9710ece7f070ffa67c5ae064934d5c94c6eceb0e7668a242210d

HTTP Headers

GET /img.aapks.com/imgs/6/f/3/6f3c175c1270a3cc32cd6307b20d5994_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:16 GMT
content-type: image/webp
content-length: 958
last-modified: Tue, 16 Apr 2024 09:44:53 GMT
expires: Thu, 16 Apr 2026 21:44:53 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/6/f/3/6f3c175c1270a3cc32cd6307b20d5994_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "9ff6d2ed9b99875f"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

tzegilo.com/stattag.js

172.67.193.52

200 OK

7.5 kB

URL GET HTTP/2
tzegilo.com/stattag.js
IP
172.67.193.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerGoogle Trust Services LLC
Subjecttzegilo.com
Fingerprint28:2E:D0:DF:04:78:60:5A:D2:5B:1F:EA:59:80:9C:2F:89:C1:9D:D1
ValiditySat, 30 Mar 2024 15:54:48 GMT - Fri, 28 Jun 2024 15:54:47 GMT

File type
JavaScript source, ASCII text, with very long lines (18486)
Size
7.5 kB (7482 bytes)
Hash
70ebd404c2e1e7bad13998538b56887c
86e57af8ba3cfc2c004da3311835f6b54ba6d848
d71ea61938136a384e4c53c5a7a3c36e68fcc70a68bae691e270987d5d2eb11f

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/javascript
last-modified: Wed, 07 Feb 2024 12:51:13 GMT
etag: W/"65c37cc1-4ac0"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 6224
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=32izYcGvZY0SWWCqqzoU%2FVS3c3%2FVvwt1WZkHNl8PSwrCevQt7%2FvTbEEikkNm%2Fym6cK60AbtzA43yEyY7Xq5VyX6yrUTu5eNCIGusdMp4F5yGiuwPIfJuvW4RYxAEyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876520e9390f56b1-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

aistekso.net/impression/qxZaOSsqxnsqnM6lQ2x9BuqeheLIjeT27y1X4PyqxhE_Et_C4LABz-VHlYUuGwPxUSphPcZ8v76CUe5daD1fln1toUO5z1RhQzk5g2HkjJVsbCDuUqyr049Sf5kQWcf0NsgUse5DlvdLIoMmcjBNWTNujA_MNHgcFvCKVbGBf3ydsNEIpCa74V1zjKzNbZYWcZ0qyhw5BeZB9RFfutB2wUESpz85BIpm-rCwLp9dP1xNeFbfX4F--sVjqBqirxEtHq4lW2GQ3_Fy08GuR2rrsgQWDx8gyHHkqP4WTzsJFsT-59W88T_hKYWRITgKgKTHmdstcXKOPtchC4LwOvgS4hmGVY0ChiR3zXyjhKKr1zvLQ6OcNdewiAjWnPwqhxILnCqoJ-3Wy1LYxE7pgoBCE_NjQbnFMsCDli9ehtT0aD6ZO2JS75Lnv7bEfXxCb7c25J9_7PFpm9sIeS8cZnluInxCNgj5v5Ww7C3R6XPByl_Gq-kdcnE-I6fdSsKrUMWItPqzeUfCumWimxiLa6p29R82U_xRKQWPOOOKDnnxeWIrj3kAewvEJ1kKLW7anaQdx8I7QR0N2Ja3c9lrwSamwg==?_z=6395365&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0

139.45.197.244

200 OK

43 B

URL GET HTTP/2
aistekso.net/impression/qxZaOSsqxnsqnM6lQ2x9BuqeheLIjeT27y1X4PyqxhE_Et_C4LABz-VHlYUuGwPxUSphPcZ8v76CUe5daD1fln1toUO5z1RhQzk5g2HkjJVsbCDuUqyr049Sf5kQWcf0NsgUse5DlvdLIoMmcjBNWTNujA_MNHgcFvCKVbGBf3ydsNEIpCa74V1zjKzNbZYWcZ0qyhw5BeZB9RFfutB2wUESpz85BIpm-rCwLp9dP1xNeFbfX4F--sVjqBqirxEtHq4lW2GQ3_Fy08GuR2rrsgQWDx8gyHHkqP4WTzsJFsT-59W88T_hKYWRITgKgKTHmdstcXKOPtchC4LwOvgS4hmGVY0ChiR3zXyjhKKr1zvLQ6OcNdewiAjWnPwqhxILnCqoJ-3Wy1LYxE7pgoBCE_NjQbnFMsCDli9ehtT0aD6ZO2JS75Lnv7bEfXxCb7c25J9_7PFpm9sIeS8cZnluInxCNgj5v5Ww7C3R6XPByl_Gq-kdcnE-I6fdSsKrUMWItPqzeUfCumWimxiLa6p29R82U_xRKQWPOOOKDnnxeWIrj3kAewvEJ1kKLW7anaQdx8I7QR0N2Ja3c9lrwSamwg==?_z=6395365&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/qxZaOSsqxnsqnM6lQ2x9BuqeheLIjeT27y1X4PyqxhE_Et_C4LABz-VHlYUuGwPxUSphPcZ8v76CUe5daD1fln1toUO5z1RhQzk5g2HkjJVsbCDuUqyr049Sf5kQWcf0NsgUse5DlvdLIoMmcjBNWTNujA_MNHgcFvCKVbGBf3ydsNEIpCa74V1zjKzNbZYWcZ0qyhw5BeZB9RFfutB2wUESpz85BIpm-rCwLp9dP1xNeFbfX4F--sVjqBqirxEtHq4lW2GQ3_Fy08GuR2rrsgQWDx8gyHHkqP4WTzsJFsT-59W88T_hKYWRITgKgKTHmdstcXKOPtchC4LwOvgS4hmGVY0ChiR3zXyjhKKr1zvLQ6OcNdewiAjWnPwqhxILnCqoJ-3Wy1LYxE7pgoBCE_NjQbnFMsCDli9ehtT0aD6ZO2JS75Lnv7bEfXxCb7c25J9_7PFpm9sIeS8cZnluInxCNgj5v5Ww7C3R6XPByl_Gq-kdcnE-I6fdSsKrUMWItPqzeUfCumWimxiLa6p29R82U_xRKQWPOOOKDnnxeWIrj3kAewvEJ1kKLW7anaQdx8I7QR0N2Ja3c9lrwSamwg==?_z=6395365&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Cookie: OAID=0080422411ec4da3eae37b21f1057fb7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:20 GMT
content-type: image/gif
content-length: 43
x-trace-id: a231b982b002892dafb925903519b1da
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg

104.22.33.172

200 OK

12 kB

URL GET HTTP/2
offerimage.com/www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
12 kB (11455 bytes)
Hash
59d005e99dabed8d7a753617b9dfe4d6
5b4b05e20f8496be4f1f8d9e93adc1e1ccfbe383
d09719c31f8376e40f2a23e1e9833214527ec837e61e2e715752d58a1154bd31

HTTP Headers

GET /www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:51:20 GMT
content-type: image/jpeg
content-length: 11455
cache-control: max-age=86400
cf-bgj: h2pri
etag: "631844d9-2cbf"
expires: Thu, 18 Apr 2024 17:39:09 GMT
last-modified: Wed, 07 Sep 2022 07:14:33 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 72731
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 87652108fc0992b5-CPH
X-Firefox-Spdy: h2

gishejuy.com/500/6395363?excludes=20790124&oaid=0080422411ec4da3eae37b21f1057fb7&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=5&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0

139.45.197.242

200 OK

0 B

URL GET HTTP/2
gishejuy.com/500/6395363?excludes=20790124&oaid=0080422411ec4da3eae37b21f1057fb7&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=5&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

OPTIONS /500/6395363?excludes=20790124&oaid=0080422411ec4da3eae37b21f1057fb7&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=5&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:20 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://aapks.com
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-allow-credentials: true
access-control-max-age: 600
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2

offerimage.com/www/images/e420857568d766ae5020f8754c37b7b1.jpg

104.22.33.172

200 OK

13 kB

URL GET HTTP/2
offerimage.com/www/images/e420857568d766ae5020f8754c37b7b1.jpg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
13 kB (13333 bytes)
Hash
e420857568d766ae5020f8754c37b7b1
b187b2b44dd0150756d50c3e2f1c2c448a91f203
f33c69b519036a5f65ea4dfa959e89ccd9d9147e2a9bfe07794f469b4134cbec

HTTP Headers

GET /www/images/e420857568d766ae5020f8754c37b7b1.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:51:20 GMT
content-type: image/jpeg
content-length: 13333
cache-control: max-age=86400
cf-bgj: h2pri
etag: "654b950f-3415"
expires: Fri, 19 Apr 2024 12:25:28 GMT
last-modified: Wed, 08 Nov 2023 14:02:55 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 5152
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765210a0dd992b5-CPH
X-Firefox-Spdy: h2

offerimage.com/www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg

104.22.33.172

200 OK

12 kB

URL GET HTTP/2
offerimage.com/www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
12 kB (11455 bytes)
Hash
59d005e99dabed8d7a753617b9dfe4d6
5b4b05e20f8496be4f1f8d9e93adc1e1ccfbe383
d09719c31f8376e40f2a23e1e9833214527ec837e61e2e715752d58a1154bd31

HTTP Headers

GET /www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:51:20 GMT
content-type: image/jpeg
content-length: 11455
cache-control: max-age=86400
cf-bgj: h2pri
etag: "631844d9-2cbf"
expires: Thu, 18 Apr 2024 17:39:09 GMT
last-modified: Wed, 07 Sep 2022 07:14:33 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 72731
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765210b581692b5-CPH
X-Firefox-Spdy: h2

fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700

142.250.74.106

1.3 kB

URL
fonts.googleapis.com/css2?family=Roboto:wght@100;300;400;500;700
IP
142.250.74.106:0
ASN
#15169 GOOGLE

File type
gzip compressed data, max compression
Size
1.3 kB (1292 bytes)
Hash
222895db907ceab415edbee2f1f0250e
3fdb8783ccffe6aa96c2ae3cdad1688380f21d76
a1a21e8028a8539faf75b3e2fe7d759e8e45d08694e7a2072e3b2f530fe377b8

HTTP Headers

GET /css2?family=Roboto:wght@100;300;400;500;700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 18 Apr 2024 13:51:20 GMT
date: Thu, 18 Apr 2024 13:51:20 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

142.250.74.131

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15860, version 1.0
Size
16 kB (15860 bytes)
Hash
e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

HTTP Headers

GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 16 Apr 2024 10:46:32 GMT
expires: Wed, 16 Apr 2025 10:46:32 GMT
cache-control: public, max-age=31536000
age: 183889
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

142.250.74.131

16 kB

URL
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP
142.250.74.131:0
ASN
#15169 GOOGLE

File type
Web Open Font Format (Version 2), TrueType, length 15744, version 1.0
Size
16 kB (15744 bytes)
Hash
15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

HTTP Headers

GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 18 Apr 2024 02:37:01 GMT
expires: Fri, 18 Apr 2025 02:37:01 GMT
cache-control: public, max-age=31536000
age: 40460
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

139.45.197.242

200 OK

1.0 kB

URL GET HTTP/2
gishejuy.com/500/6395363?excludes=20790124&oaid=0080422411ec4da3eae37b21f1057fb7&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=5&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
JSON text data
Size
1.0 kB (1037 bytes)
Hash
a8d222e7f757071f6cab082fb78b861e
574336ee7a069ee4a5149000dc9d59ee9c72c71f
cb0711e0ea8d41be0cf418548d138ef764e36cebb065e94b900472df84d025b8

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /500/6395363?excludes=20790124&oaid=0080422411ec4da3eae37b21f1057fb7&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=5&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Cookie: OAID=0080422411ec4da3eae37b21f1057fb7
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:20 GMT
content-type: application/javascript
x-trace-id: e91df78b4b25fcf4d99ef02432befeca
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://aapks.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=0080422411ec4da3eae37b21f1057fb7; expires=Fri, 18 Apr 2025 13:51:20 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

aistekso.net/801/

139.45.197.244

200 OK

0 B

URL OPTIONS HTTP/2
aistekso.net/801/
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

POST /801/ HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 164
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:22 GMT
content-length: 0
x-trace-id: dc71029f4cc445160af1bd86bed31979
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
vary: Origin
access-control-allow-origin: https://aapks.com
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

gishejuy.com/impression/EeXOF7jAxYf7M21B8MpsYaBZAbkEd38Twxz5reSelkqOC1foRDw_EYihRHRgq9IoHfMHn9E6Vt53TbceTLvNv5sCPISR5En5PlfE7QQpY-TLZLW6g6FCCZ7BGVEWGr6MHozrBmLBfRwEcUtvmpbv3CDk02lyVNsEEyGYHyr4H2bG8fUu7xWQfLmTF2pGVSmo4XHEZR8hGKY-PCsZ5Aye8iA9CWsK1WRr3cn2qWlwrj60yLNmlrtODBCzKs4ZZcf74Si8vr9vRvodxc4mTogdLm85a3jQq0W8xFJu-qOlPQt_DH3v_fN8UKASJCKOI1up8UxXSHyh2GTZNPaAJngrYAWOU6lSfsMKS515jRHqhW7d3guL5UXJTfwPD-Rm1V44Ictgnv60zJMNE1lpR68So9SFEBaAZrzD7NtVFIs-PSjrXoROTF2DQ1KliRmo7VL7dvwXMqEd_UUmjYYI9663ljWZay-9v_Y2v_fMNneRhnFO0OCD4QdYCIigpSV0uQ6G45R0zxSeUY57rnJ7uSH97nhZqIVvfGfXIiv1NoAbevtmbqA3zR8wRi4d0mIRz-wmp-BhcC_xiW34BRyrE6sqsA==?_z=6395363&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/EeXOF7jAxYf7M21B8MpsYaBZAbkEd38Twxz5reSelkqOC1foRDw_EYihRHRgq9IoHfMHn9E6Vt53TbceTLvNv5sCPISR5En5PlfE7QQpY-TLZLW6g6FCCZ7BGVEWGr6MHozrBmLBfRwEcUtvmpbv3CDk02lyVNsEEyGYHyr4H2bG8fUu7xWQfLmTF2pGVSmo4XHEZR8hGKY-PCsZ5Aye8iA9CWsK1WRr3cn2qWlwrj60yLNmlrtODBCzKs4ZZcf74Si8vr9vRvodxc4mTogdLm85a3jQq0W8xFJu-qOlPQt_DH3v_fN8UKASJCKOI1up8UxXSHyh2GTZNPaAJngrYAWOU6lSfsMKS515jRHqhW7d3guL5UXJTfwPD-Rm1V44Ictgnv60zJMNE1lpR68So9SFEBaAZrzD7NtVFIs-PSjrXoROTF2DQ1KliRmo7VL7dvwXMqEd_UUmjYYI9663ljWZay-9v_Y2v_fMNneRhnFO0OCD4QdYCIigpSV0uQ6G45R0zxSeUY57rnJ7uSH97nhZqIVvfGfXIiv1NoAbevtmbqA3zR8wRi4d0mIRz-wmp-BhcC_xiW34BRyrE6sqsA==?_z=6395363&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/EeXOF7jAxYf7M21B8MpsYaBZAbkEd38Twxz5reSelkqOC1foRDw_EYihRHRgq9IoHfMHn9E6Vt53TbceTLvNv5sCPISR5En5PlfE7QQpY-TLZLW6g6FCCZ7BGVEWGr6MHozrBmLBfRwEcUtvmpbv3CDk02lyVNsEEyGYHyr4H2bG8fUu7xWQfLmTF2pGVSmo4XHEZR8hGKY-PCsZ5Aye8iA9CWsK1WRr3cn2qWlwrj60yLNmlrtODBCzKs4ZZcf74Si8vr9vRvodxc4mTogdLm85a3jQq0W8xFJu-qOlPQt_DH3v_fN8UKASJCKOI1up8UxXSHyh2GTZNPaAJngrYAWOU6lSfsMKS515jRHqhW7d3guL5UXJTfwPD-Rm1V44Ictgnv60zJMNE1lpR68So9SFEBaAZrzD7NtVFIs-PSjrXoROTF2DQ1KliRmo7VL7dvwXMqEd_UUmjYYI9663ljWZay-9v_Y2v_fMNneRhnFO0OCD4QdYCIigpSV0uQ6G45R0zxSeUY57rnJ7uSH97nhZqIVvfGfXIiv1NoAbevtmbqA3zR8wRi4d0mIRz-wmp-BhcC_xiW34BRyrE6sqsA==?_z=6395363&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=4&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Cookie: OAID=0080422411ec4da3eae37b21f1057fb7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:23 GMT
content-type: image/gif
content-length: 43
x-trace-id: d194569096f365d9812c259a65353b16
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

offerimage.com/www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg

104.22.33.172

200 OK

12 kB

URL GET HTTP/2
offerimage.com/www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
12 kB (11455 bytes)
Hash
59d005e99dabed8d7a753617b9dfe4d6
5b4b05e20f8496be4f1f8d9e93adc1e1ccfbe383
d09719c31f8376e40f2a23e1e9833214527ec837e61e2e715752d58a1154bd31

HTTP Headers

GET /www/images/59d005e99dabed8d7a753617b9dfe4d6.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:51:23 GMT
content-type: image/jpeg
content-length: 11455
cache-control: max-age=86400
cf-bgj: h2pri
etag: "631844d9-2cbf"
expires: Thu, 18 Apr 2024 17:39:09 GMT
last-modified: Wed, 07 Sep 2022 07:14:33 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 72734
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765211eabdb92b5-CPH
X-Firefox-Spdy: h2

offerimage.com/www/images/e420857568d766ae5020f8754c37b7b1.jpg

104.22.33.172

200 OK

13 kB

URL GET HTTP/2
offerimage.com/www/images/e420857568d766ae5020f8754c37b7b1.jpg
IP
104.22.33.172:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerGoogle Trust Services LLC
Subjectofferimage.com
Fingerprint5C:87:DE:3A:1B:66:15:11:B1:75:B6:AC:AF:F9:A6:EF:5E:7F:80:72
ValidityFri, 05 Apr 2024 23:50:04 GMT - Thu, 04 Jul 2024 23:50:03 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3
Size
13 kB (13333 bytes)
Hash
e420857568d766ae5020f8754c37b7b1
b187b2b44dd0150756d50c3e2f1c2c448a91f203
f33c69b519036a5f65ea4dfa959e89ccd9d9147e2a9bfe07794f469b4134cbec

HTTP Headers

GET /www/images/e420857568d766ae5020f8754c37b7b1.jpg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:51:23 GMT
content-type: image/jpeg
content-length: 13333
cache-control: max-age=86400
cf-bgj: h2pri
etag: "654b950f-3415"
expires: Fri, 19 Apr 2024 12:25:28 GMT
last-modified: Wed, 08 Nov 2023 14:02:55 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 5155
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765211eabe892b5-CPH
X-Firefox-Spdy: h2

veepteero.com/favicon.ico

139.45.197.242

0 B

URL
veepteero.com/favicon.ico
IP
139.45.197.242:0
ASN
#9002 RETN Limited

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=0080422411ec4da3eae37b21f1057fb7; oaidts=1713448285; syncedCookie=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
server: nginx
date: Thu, 18 Apr 2024 13:51:26 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
pragma: public
cache-control: max-age=315360000, public, must-revalidate, proxy-revalidate
X-Firefox-Spdy: h2

clk.tradedoubler.com/click?p=213984&a=2894007&epi=CPA&epi2=804823043116634539&publisherCommission=${PAYOUT}

54.93.147.132

3.8 kB

URL
clk.tradedoubler.com/click?p=213984&a=2894007&epi=CPA&epi2=804823043116634539&publisherCommission=${PAYOUT}
IP
54.93.147.132:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (490)
Size
3.8 kB (3798 bytes)
Hash
56af1d767c7d84c8aa9efce468b07e19
7a960790709d9c1b5a8cffcdf9ada4490e42c61c
8798c48dc3818af57592511e56cfc97c8ae3fe469f9d7b32c7ae673a92bd867a

HTTP Headers

GET /click?p=213984&a=2894007&epi=CPA&epi2=804823043116634539&publisherCommission=${PAYOUT} HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:51:26 GMT
content-type: text/html; charset=ISO-8859-1
content-length: 3798
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Form-Factor, Sec-CH-UA-Model, Sec-CH-UA-WoW64
set-cookie: GUID=1z11zz16cz1PeuKGz6e23c5c4ba60534288a24ad2f6b3683f;expires=Fri, 18-Apr-2025 13:51:26 GMT;path=/;domain=.tradedoubler.com
server: TXServerHttp
access-control-allow-origin: *
access-control-allow-credentials: true
vary: Origin
cache-control: private, max-age=0
pragma: no-cache
referrer-policy: origin
X-Firefox-Spdy: h2

vht.tradedoubler.com/fp/fpjs.js

54.230.111.4

8.7 kB

URL
vht.tradedoubler.com/fp/fpjs.js
IP
54.230.111.4:0
ASN
#16509 AMAZON-02

File type
JavaScript source, ASCII text, with very long lines (23071)
Size
8.7 kB (8745 bytes)
Hash
7071a24cf5aa736f41daf866f21a20eb
cdef76e0815e39cfef67d22127e6c01062ee02b4
5b036ab5052dc73813aa4a472e3046a0fe217f5787d0c322d755a42201050d5f

HTTP Headers

GET /fp/fpjs.js HTTP/1.1
Host: vht.tradedoubler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
DNT: 1
Connection: keep-alive
Cookie: GUID=1z11zz16cz1PeuKGz6e23c5c4ba60534288a24ad2f6b3683f
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 8745
Connection: keep-alive
Server: Apache
Strict-Transport-Security: max-age=31536000
Last-Modified: Tue, 12 Mar 2024 11:04:52 GMT
Accept-Ranges: bytes
Content-Encoding: gzip
Date: Thu, 18 Apr 2024 04:44:53 GMT
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: gXVg_5w7t8gcPNODgo670YNwD4luOpPOE_4KrRTfdBR2tzIUyRw_9w==
Age: 32793
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff

clk.tradedoubler.com/favicon.ico

54.93.147.132

193 B

URL
clk.tradedoubler.com/favicon.ico
IP
54.93.147.132:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with no line terminators
Size
193 B (193 bytes)
Hash
523cbcb278f348bbe64563fe4cc9f435
5a436481b66ccb6dff53c5e1a14c08ef0b4a8e4b
37b6ca25983f4126bd10c135684bc8f421c8b48a5bdb75b5ad69c849035a84f4

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
DNT: 1
Connection: keep-alive
Cookie: GUID=1z11zz16cz1PeuKGz6e23c5c4ba60534288a24ad2f6b3683f
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Thu, 18 Apr 2024 13:51:26 GMT
content-type: text/html; charset=ISO-8859-1
content-length: 193
X-Firefox-Spdy: h2

clk.tradedoubler.com/click?p=213984&a=2894007&epi=CPA&epi2=804823043116634539&publisherCommission=${PAYOUT}

54.93.147.132

358 B

URL
clk.tradedoubler.com/click?p=213984&a=2894007&epi=CPA&epi2=804823043116634539&publisherCommission=${PAYOUT}
IP
54.93.147.132:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (358), with no line terminators
Size
358 B (358 bytes)
Hash
9b14f3e00a6966f8f0d94d61fcd96aee
9a632092951119c074c2d46ac82583b97b90635b
cc6eb0287506ad54bf5933110917f5789d36fded54cabdd28fe09f1beed7c8c8

HTTP Headers

POST /click?p=213984&a=2894007&epi=CPA&epi2=804823043116634539&publisherCommission=${PAYOUT} HTTP/1.1
Host: clk.tradedoubler.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
Origin: https://clk.tradedoubler.com
DNT: 1
Connection: keep-alive
Cookie: GUID=1z11zz16cz1PeuKGz6e23c5c4ba60534288a24ad2f6b3683f
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
date: Thu, 18 Apr 2024 13:51:26 GMT
content-type: text/html; charset=ISO-8859-1
content-length: 358
location: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
set-cookie: EH_0=1z11z1z16czKnDPFzxQOyaoAUvJpyFi3Djt4B9rwek0Cf26_sRY9U3Ao728ekw8FJLrY%79UeM%79fMs03uX9Lol.wQmOmEA7w4toJARqc7QtttkJi.uD2M80;expires=Fri, 18-Apr-2025 13:51:26 GMT;path=/;domain=.tradedoubler.com
GUID=1z11zz16cz1PeuKGz6e23c5c4ba60534288a24ad2f6b3683f;expires=Fri, 18-Apr-2025 13:51:26 GMT;path=/;domain=.tradedoubler.com
server: TXServerHttp
access-control-allow-origin: https://clk.tradedoubler.com
access-control-allow-credentials: true
vary: Origin
cache-control: private, max-age=0
pragma: no-cache
referrer-policy: origin
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/mytrendyphone-logo.svg

94.143.8.110

2.2 kB

URL
www.mytrendyphone.no/images/skins/Bewise/images/mytrendyphone-logo.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
2.2 kB (2199 bytes)
Hash
956149f2d572a30a85eb77673e7cb26f
857265ea45be893b0b00dca30a1b77d0f3ca6378
0df623c4b56e3b7dd920b7da0f41f23a1ded03ea27da3c3c0e1621a850cef0b6

HTTP Headers

GET /images/skins/Bewise/images/mytrendyphone-logo.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 2199
cache-control: max-age=31536000
last-modified: Tue, 05 Jul 2022 06:24:24 GMT
x-backendserver: c101web3_live_ws8_dandomain_dk
etag: W/"ab427df3790d81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/css/main.v42.css?v=46

94.143.8.110

37 kB

URL
www.mytrendyphone.no/images/skins/Bewise/css/main.v42.css?v=46
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
assembler source, ASCII text, with very long lines (402)
Size
37 kB (36550 bytes)
Hash
59b80afba7ec7b27028ee88b687e1275
b4fdb24f205f4c3d79d227fb88cb5ba7717771f2
0a9c4964d2bd54239e1d1db298fa40487322fc08675f0dca5e3e8e213576c090

HTTP Headers

GET /images/skins/Bewise/css/main.v42.css?v=46 HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: text/css
content-length: 36550
cache-control: max-age=31536000
etag: "4e61999b688bda1:0"
content-encoding: gzip
last-modified: Wed, 10 Apr 2024 17:00:36 GMT
vary: Accept-Encoding
x-backendserver: c101web4_live_ws8_dandomain_dk
age: 1070
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/css/cookiepopup.css?v=1

94.143.8.110

1.7 kB

URL
www.mytrendyphone.no/images/skins/Bewise/css/cookiepopup.css?v=1
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
ASCII text, with CRLF line terminators
Size
1.7 kB (1744 bytes)
Hash
50db739f003dc0e53ca5b35519f3fdef
ba91310f43c1a631626c8fd574f83fec211f0922
5476bae45de15fccf78285d3c3533ece1be81576c4c8d380c13f389009aecea4

HTTP Headers

GET /images/skins/Bewise/css/cookiepopup.css?v=1 HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: text/css
content-length: 1744
cache-control: max-age=31536000
etag: "4c1d1b275944da1:0"
content-encoding: gzip
last-modified: Thu, 11 Jan 2024 06:41:05 GMT
vary: Accept-Encoding
x-backendserver: c101web3_live_ws8_dandomain_dk
age: 1051
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/pages/Milos/dk/css/global.css?v=1

94.143.8.110

578 B

URL
www.mytrendyphone.no/pages/Milos/dk/css/global.css?v=1
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
ASCII text
Size
578 B (578 bytes)
Hash
89971c2fd13a7b65d13a977eebe43fc4
da58ba3e918c561489e336b27e6dafcd5f452681
1dc1553279ffe4871e189dfc4cf88fa035d255e0b3d2ed871f3f428eb5623e9e

HTTP Headers

GET /pages/Milos/dk/css/global.css?v=1 HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: text/css
content-length: 578
cache-control: max-age=31536000
etag: "7e633cb4945da1:0"
content-encoding: gzip
last-modified: Fri, 12 Jan 2024 11:23:40 GMT
vary: Accept-Encoding
x-backendserver: c101web5_live_ws8_dandomain_dk
age: 1042
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/js/head.v2.js?v=2

94.143.8.110

25 kB

URL
www.mytrendyphone.no/images/skins/Bewise/js/head.v2.js?v=2
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
JavaScript source, ASCII text, with very long lines (42864), with CRLF line terminators
Size
25 kB (24768 bytes)
Hash
573470ba3a1775928aa76f5ae659886d
dabb00ad2af8d636acb6a04fa0b0722e48dd10a1
34821adab3ca2fcb7c003fff520890c10578e45842cb848c91c7ac8c22f236aa

HTTP Headers

GET /images/skins/Bewise/js/head.v2.js?v=2 HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: application/javascript
content-length: 24768
cache-control: max-age=31536000
etag: "6ce2291e567cda1:0"
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 12:40:27 GMT
vary: Accept-Encoding
x-backendserver: c101web5_live_ws8_dandomain_dk
age: 1052
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/js/language.js?va=9

94.143.8.110

7.3 kB

URL
www.mytrendyphone.no/images/skins/Bewise/js/language.js?va=9
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
Unicode text, UTF-8 text, with very long lines (335)
Size
7.3 kB (7264 bytes)
Hash
958f8e2987aa1b83ad3331ac1b722a4e
81d1ea4e2edf79d91793a4a9a9506c9fdbaaa17d
a2a341d3d3d6b37674e7f3be96e0b8eb863048b163da94337bb07b702442635b

HTTP Headers

GET /images/skins/Bewise/js/language.js?va=9 HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: application/javascript
content-length: 7264
cache-control: max-age=31536000
etag: "d1e2d2cacb7ada1:0"
content-encoding: gzip
last-modified: Wed, 20 Mar 2024 13:37:46 GMT
vary: Accept-Encoding
x-backendserver: c101web6_live_ws8_dandomain_dk
age: 1051
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-2419701-3

142.250.74.168

72 kB

URL
www.googletagmanager.com/gtag/js?id=UA-2419701-3
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
72 kB (72054 bytes)
Hash
1a3fb84b30dc4c5bc2b32ee197303287
cffadf099904ed95d82fe4024c054fa445e37a71
473dfea6c814e11e74d8de5392bf21bc36a6d11b666e3fdfa9e550c7b4b2d637

HTTP Headers

GET /gtag/js?id=UA-2419701-3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 13:51:27 GMT
expires: Thu, 18 Apr 2024 13:51:27 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72054
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.mytrendyphone.no/shop/frontend/public/js/webshop.bundle.core.min.js?v=8.105.1951

94.143.8.110

12 kB

URL
www.mytrendyphone.no/shop/frontend/public/js/webshop.bundle.core.min.js?v=8.105.1951
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
JavaScript source, ASCII text, with very long lines (34387), with no line terminators
Size
12 kB (11809 bytes)
Hash
5b8cb5f0f3995f652a63a1f24d781d3e
9a010e357e67a6bf86250477b4a997564ffcd852
0b52440ad4b6b2cb4b1382ac8fb8a4bbe8c8364f44cd3ee511d64151b9ece56f

HTTP Headers

GET /shop/frontend/public/js/webshop.bundle.core.min.js?v=8.105.1951 HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: SharedSessionId=286FD0B9%2D6400%2D41A3%2DB235%2DC1FB11D4C39D; ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: application/javascript
content-length: 11809
cache-control: max-age=31536000
etag: "0541d31c16da1:0"
x-frame-options: SAMEORIGIN
content-encoding: gzip
last-modified: Mon, 13 Nov 2023 10:33:22 GMT
vary: Accept-Encoding
x-backendserver: c101web7_live_ws8_dandomain_dk
age: 1051
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/shop/frontend/public/js/webshop.bundle.nivoslider.min.js?v=8.105.1951

94.143.8.110

3.7 kB

URL
www.mytrendyphone.no/shop/frontend/public/js/webshop.bundle.nivoslider.min.js?v=8.105.1951
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
JavaScript source, ASCII text, with very long lines (11509), with no line terminators
Size
3.7 kB (3733 bytes)
Hash
9aedf77a5654450185182350615d0dc5
f0dd2280a0aaaf9ac4cd1fee945c4804e8380627
62314259998ea4ef66408e76aa3678cef3bfa195057bedb3c5da7eb21fe138df

HTTP Headers

GET /shop/frontend/public/js/webshop.bundle.nivoslider.min.js?v=8.105.1951 HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: SharedSessionId=286FD0B9%2D6400%2D41A3%2DB235%2DC1FB11D4C39D; ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: application/javascript
content-length: 3733
cache-control: max-age=31536000
etag: "0541d31c16da1:0"
x-frame-options: SAMEORIGIN
content-encoding: gzip
last-modified: Mon, 13 Nov 2023 10:33:22 GMT
vary: Accept-Encoding
x-backendserver: c101web6_live_ws8_dandomain_dk
age: 1051
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/js/cookiepopup.js

94.143.8.110

4.5 kB

URL
www.mytrendyphone.no/images/skins/Bewise/js/cookiepopup.js
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (835), with CRLF line terminators
Size
4.5 kB (4463 bytes)
Hash
e5c70ad3ef17af417626484c8264271e
a3eabd335f49ce50e5977e3489cfc4d3b409aa26
f776f1394e94acd76a596cf4fa77fa4cf6d82e49a6b5e67605d45109af24179a

HTTP Headers

GET /images/skins/Bewise/js/cookiepopup.js HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: application/javascript
content-length: 4463
cache-control: max-age=31536000
etag: "fcad64a36fda1:0"
content-encoding: gzip
last-modified: Wed, 06 Mar 2024 08:50:52 GMT
vary: Accept-Encoding
x-backendserver: c101web8_live_ws8_dandomain_dk
age: 1051
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/icon-orders-white.svg

94.143.8.110

392 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/icon-orders-white.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
392 B (392 bytes)
Hash
e4684071d953c6e24c27cac9aa50315d
cc51a5d480b88f88dfc549124d93dad057ad0e04
ae63afc18b08f932b6d3ce6f13f86a7c0d0c3feb8d9167fee949cd78fd9e7b05

HTTP Headers

GET /images/skins/Bewise/images/icon-orders-white.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 392
cache-control: max-age=31536000
last-modified: Tue, 08 Mar 2022 07:11:29 GMT
x-backendserver: c101web5_live_ws8_dandomain_dk
etag: W/"f09d95bbbb32d81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js

143.204.55.110

6.8 kB

URL
widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (21924)
Size
6.8 kB (6759 bytes)
Hash
4885a8b933bd00e9bca87f36668f40d3
ceda22bbb7e6b5c55fa28287d61cdfc448c05ad3
36080a0966a7e1efc753fc067ea97fa1a868af6d60c4108a410341367a8e1b44

HTTP Headers

GET /bootstrap/v5/tp.widget.bootstrap.min.js HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/x-javascript
content-length: 6759
last-modified: Thu, 26 Oct 2023 12:27:20 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
date: Thu, 18 Apr 2024 01:27:22 GMT
cache-control: max-age=86400
etag: "15864ce88fa79a3e954417d0c3396798"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: E-6Ztt8f69G9weG2nIMsrG32yJXdFQ587pEFMOgDym3Ib1UyX-wYKw==
age: 44645
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/icon-lock-white.svg

94.143.8.110

552 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/icon-lock-white.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
552 B (552 bytes)
Hash
7501743e2be5bb88c843b7832d00ca7a
bf29f479b0a9aa863071a62946705cec922e2e51
863f31c43384e0a86a1457838389ab734b0648a7ab940f86836b243b13b6c465

HTTP Headers

GET /images/skins/Bewise/images/icon-lock-white.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 552
cache-control: max-age=31536000
last-modified: Sun, 30 Jan 2022 06:08:50 GMT
x-backendserver: c101web6_live_ws8_dandomain_dk
etag: W/"6e53f6d99f15d81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/icon-menu-black.svg

94.143.8.110

399 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/icon-menu-black.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
399 B (399 bytes)
Hash
adf533ad8c55d695a6706988c0b6f367
c4703c0ace7dcb32aa5440e0206110fdf4331bfa
11a5b6f4144cb9890077256de800bdb5d93768a3da393ce1287f4edda27c00ae

HTTP Headers

GET /images/skins/Bewise/images/icon-menu-black.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 399
cache-control: max-age=31536000
last-modified: Thu, 03 Mar 2022 07:34:07 GMT
x-backendserver: c101web4_live_ws8_dandomain_dk
etag: W/"7bfe3d11d12ed81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/icon-search-black.svg

94.143.8.110

378 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/icon-search-black.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
378 B (378 bytes)
Hash
62031a28707207774a52c28cb67c3591
6b80b81d3e28a21ce81c70f610c5506cc3fd83a7
a16aaf39bd797d3fcfec20dcfed0dbeeab43f7ffab44cd7aa893d93307f29b24

HTTP Headers

GET /images/skins/Bewise/images/icon-search-black.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 378
cache-control: max-age=31536000
last-modified: Wed, 26 Jan 2022 12:59:13 GMT
x-backendserver: c101web8_live_ws8_dandomain_dk
etag: W/"5b164c84b412d81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/icon-home-black.svg

94.143.8.110

227 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/icon-home-black.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
227 B (227 bytes)
Hash
aeb7a7458e692343b1e474e136ce9536
df768b84e7bb259427ca0d40c3f6ed5f4d1594db
e0ff66eca4b89f4e2680ab8975be69e4a9c15c5b04634c06cdc6c707e6768ed3

HTTP Headers

GET /images/skins/Bewise/images/icon-home-black.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 227
cache-control: max-age=31536000
last-modified: Tue, 01 Mar 2022 12:47:29 GMT
x-backendserver: c101web7_live_ws8_dandomain_dk
etag: W/"b0ac45836a2dd81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/icon-right-white.svg

94.143.8.110

388 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/icon-right-white.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
388 B (388 bytes)
Hash
5bbe9c88de2775afc0f2e4de42e48765
62327c3ebe03c13df77c21b3911af48f692a4644
09254ea83d841fa9a2d13c1a5f3dc597281c18376c1709c82bb92795edbed711

HTTP Headers

GET /images/skins/Bewise/images/icon-right-white.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 388
cache-control: max-age=31536000
last-modified: Thu, 27 Jan 2022 07:28:20 GMT
x-backendserver: c101web5_live_ws8_dandomain_dk
etag: W/"ced7ea754f13d81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/icon-menu-eco.svg

94.143.8.110

493 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/icon-menu-eco.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
493 B (493 bytes)
Hash
4bf9e040ea265b70de9ab9c0902e9cf5
677f5ebf780e853f791ac17fe62c311e2ad14da1
63a1bd2d811d285f8eea94f4f0d319825d132fd00476e5a2543ebb60b4d35dae

HTTP Headers

GET /images/skins/Bewise/images/icon-menu-eco.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 493
cache-control: max-age=31536000
last-modified: Mon, 07 Nov 2022 18:08:40 GMT
x-backendserver: c101web4_live_ws8_dandomain_dk
etag: W/"685a5cf7d3f2d81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/icon-cart-white.svg

94.143.8.110

565 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/icon-cart-white.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
565 B (565 bytes)
Hash
54ea0262f2199919da7505556fe2ea43
51f726bd8c01bbe9db741d667bff43ad48a3116e
645450151e187b535a2d36f968fa819639a4fc4531e41941f922c44086936e2d

HTTP Headers

GET /images/skins/Bewise/images/icon-cart-white.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 565
cache-control: max-age=31536000
last-modified: Thu, 27 Jan 2022 07:36:53 GMT
x-backendserver: c101web7_live_ws8_dandomain_dk
etag: W/"54aa92a75013d81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/flags/dk.svg

94.143.8.110

175 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/flags/dk.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
175 B (175 bytes)
Hash
527602ba515bb52063e414225b631ae5
9c6b9ae945179d73ed08a1f1dfe4bd3312e6d5b3
fdd09296ac803a8cf4066ff5488821458a9788985e3cc09356d4c4ef81959ecf

HTTP Headers

GET /images/skins/Bewise/images/flags/dk.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 175
cache-control: max-age=31536000
last-modified: Wed, 26 Jan 2022 12:58:11 GMT
x-backendserver: c101web1_live_ws8_dandomain_dk
etag: W/"2072e95fb412d81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/icon-right-orange.svg

94.143.8.110

390 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/icon-right-orange.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
390 B (390 bytes)
Hash
b0ca2acda6540bea187fac838c1f7682
7bd78ecaf0266cf85dbada2ad2a4abb10810f8b6
ed706254ff97733bc67ae56c7b131182e85e9e79b40f6ca0a8dc9888619df444

HTTP Headers

GET /images/skins/Bewise/images/icon-right-orange.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 390
cache-control: max-age=31536000
last-modified: Tue, 05 Apr 2022 10:43:38 GMT
x-backendserver: c101web6_live_ws8_dandomain_dk
etag: W/"40243a2da48d81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/icon-right-black.svg

94.143.8.110

387 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/icon-right-black.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
387 B (387 bytes)
Hash
3af4f50c6c4ae3edf387680552582963
3cd96670447d2a517fa500cb4ef1fba396ea30a4
b73cf2f4714a9c85e9de1df363d8eebcfc37ef39b5147e14bc24236a565e22bb

HTTP Headers

GET /images/skins/Bewise/images/icon-right-black.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 387
cache-control: max-age=31536000
last-modified: Thu, 27 Jan 2022 06:34:27 GMT
x-backendserver: c101web3_live_ws8_dandomain_dk
etag: W/"a51577ee4713d81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/icon-quick-search-black.svg

94.143.8.110

785 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/icon-quick-search-black.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
785 B (785 bytes)
Hash
4dba2d15dbf9aaae05a3358780b5a666
d4b88812e4ef3631c2bf09205ddc399985344362
6a5d115491a57f568ef661359a805b6a262cb7225ec97c073418f540833729d2

HTTP Headers

GET /images/skins/Bewise/images/icon-quick-search-black.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 785
cache-control: max-age=31536000
last-modified: Thu, 27 Jan 2022 09:56:49 GMT
x-backendserver: c101web5_live_ws8_dandomain_dk
etag: W/"e996a6336413d81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44138
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/pages/rs/frontSearch.js?1sopa2=1

94.143.8.110

1.7 kB

URL
www.mytrendyphone.no/pages/rs/frontSearch.js?1sopa2=1
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (901), with CRLF line terminators
Size
1.7 kB (1700 bytes)
Hash
3ab1a4cd61b196ffe3b1dbfb53c13f74
4739c1ec49f3c303d51ba86cf9e91e488c002b1e
58fef6b9449f1889d4eaa01ad2f1a6dda44338b265c713df607d8881ce2dcdeb

HTTP Headers

GET /pages/rs/frontSearch.js?1sopa2=1 HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: application/javascript
content-length: 1700
cache-control: max-age=31536000
etag: "798597cac6ebd91:0"
content-encoding: gzip
last-modified: Wed, 20 Sep 2023 13:31:41 GMT
vary: Accept-Encoding
x-backendserver: c101web5_live_ws8_dandomain_dk
age: 390
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/Baseus-Osculum-Gravity-Car-Holder-with-Suction-Cup-11072018-01-t.webp

94.143.8.110

3.4 kB

URL
www.mytrendyphone.no/images/Baseus-Osculum-Gravity-Car-Holder-with-Suction-Cup-11072018-01-t.webp
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp
Size
3.4 kB (3442 bytes)
Hash
2580600786cbe34dc2e480fcd834d896
91490bc07957a7cbc977c9c1532e1a7ffab1c5c9
7626715114e6f7e416c998d0ca28b2bd6b07fcde9c029508d38f38904e038194

HTTP Headers

GET /images/Baseus-Osculum-Gravity-Car-Holder-with-Suction-Cup-11072018-01-t.webp HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/webp
content-length: 3442
cache-control: max-age=31536000
last-modified: Thu, 22 Dec 2022 10:15:30 GMT
etag: "fc82fe51ee15d91:0"
x-backendserver: c101web4_live_ws8_dandomain_dk
age: 44192
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/Waterproof-Smartwatch-with-Heart-Rate-K12-BlackNone-24102023-01-t.webp

94.143.8.110

2.9 kB

URL
www.mytrendyphone.no/images/Waterproof-Smartwatch-with-Heart-Rate-K12-BlackNone-24102023-01-t.webp
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp
Size
2.9 kB (2930 bytes)
Hash
488b0f7c6f0107b62d77f2966850b2a9
ae7e0a55612ccb3e7e1da1622e31887b6ff6973d
068a6dc471ad38b08ebee6c72af9be6d564bc3e645b584cb500feda0abcf8cae

HTTP Headers

GET /images/Waterproof-Smartwatch-with-Heart-Rate-K12-BlackNone-24102023-01-t.webp HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/webp
content-length: 2930
cache-control: max-age=31536000
last-modified: Tue, 02 Apr 2024 14:23:07 GMT
etag: "31c45448985da1:0"
x-backendserver: c101web4_live_ws8_dandomain_dk
age: 44138
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/pages/ro/promo/outdoor_accessories/2024/front-mobile/outdoors24-small_no.webp

94.143.8.110

20 kB

URL
www.mytrendyphone.no/pages/ro/promo/outdoor_accessories/2024/front-mobile/outdoors24-small_no.webp
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
RIFF (little-endian) data, Web/P image
Size
20 kB (19690 bytes)
Hash
06abba306f663a617c74b503c3295da7
4fd4c2d89057175348ad9bbfdc422b6f312e58c2
40d99639f090758262b11c7f0ace725eb790f45602bea39ad84a533ccf137980

HTTP Headers

GET /pages/ro/promo/outdoor_accessories/2024/front-mobile/outdoors24-small_no.webp HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/webp
content-length: 19690
cache-control: max-age=31536000
last-modified: Mon, 01 Apr 2024 11:52:41 GMT
etag: "4ddb8192b84da1:0"
x-backendserver: c101web5_live_ws8_dandomain_dk
age: 44448
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/js/scripts.v61.js?version=35

94.143.8.110

88 kB

URL
www.mytrendyphone.no/images/skins/Bewise/js/scripts.v61.js?version=35
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (1790)
Size
88 kB (87526 bytes)
Hash
eac7860fe507b4319eee868a40cf39d4
ed2a6c46330debd86cc1e8fc4e600502fc2ab9dc
35c33625c39461f10918e3188d43413ab60d4d5099683b5d06a49ca9fbbaf32d

HTTP Headers

GET /images/skins/Bewise/js/scripts.v61.js?version=35 HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: application/javascript
content-length: 87526
cache-control: max-age=31536000
etag: "f2356c7c688bda1:0"
content-encoding: gzip
last-modified: Wed, 10 Apr 2024 16:59:44 GMT
vary: Accept-Encoding
x-backendserver: c101web5_live_ws8_dandomain_dk
age: 1116
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/js/exitintent.v2.js?version=3

94.143.8.110

1.9 kB

URL
www.mytrendyphone.no/images/skins/Bewise/js/exitintent.v2.js?version=3
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
JavaScript source, Unicode text, UTF-8 text
Size
1.9 kB (1938 bytes)
Hash
2fcf4f7b3ed658cb40e264c2123b4cbd
68960a5512634b5368b003156cf4a73c4d4427e4
38efbd0d17f2385eb9d91af9153ac380cc35386fb809645164ef91b1ab8a2f23

HTTP Headers

GET /images/skins/Bewise/js/exitintent.v2.js?version=3 HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: application/javascript
content-length: 1938
cache-control: max-age=31536000
content-encoding: gzip
last-modified: Wed, 27 Mar 2024 20:21:00 GMT
etag: "01e6d488480da1:0"
vary: Accept-Encoding
x-backendserver: c101web8_live_ws8_dandomain_dk
age: 1126
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/css/defer.v1.css

94.143.8.110

7.7 kB

URL
www.mytrendyphone.no/images/skins/Bewise/css/defer.v1.css
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
ASCII text, with very long lines (15512), with CRLF line terminators
Size
7.7 kB (7689 bytes)
Hash
a71003eec98c1cda8307ddff2fda1ef5
e13e4355d8b415f6b2636bc4986c366604cfcf3d
0991377158a9d03da425ac7a08f847dacbe3ff091a1c9d36510f5507830a692a

HTTP Headers

GET /images/skins/Bewise/css/defer.v1.css HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: text/css
content-length: 7689
cache-control: max-age=31536000
etag: "a2fdd5a1db7ada1:0"
content-encoding: gzip
last-modified: Wed, 20 Mar 2024 15:31:09 GMT
vary: Accept-Encoding
x-backendserver: c101web4_live_ws8_dandomain_dk
age: 1051
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-F0Q2Z1LN9Y

142.250.74.168

102 kB

URL
www.googletagmanager.com/gtag/js?id=G-F0Q2Z1LN9Y
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (14160)
Size
102 kB (102431 bytes)
Hash
4f27c99c1bd5f4604291359fe7cee799
eadf2bb5132d4ca0c24f3350b37ad51fc5001143
a77a7df0fc6f28faf5904d3995e543b06759bb2a2aaebe8ee01907af366ec0d7

HTTP Headers

GET /gtag/js?id=G-F0Q2Z1LN9Y HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 13:51:27 GMT
expires: Thu, 18 Apr 2024 13:51:27 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 102431
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/icon-search-white.svg

94.143.8.110

463 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/icon-search-white.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
463 B (463 bytes)
Hash
ffdf1ee9512a66162d77ceb222441e16
fe1437b41767975dc2b2bf00a2f1fdefb7d1126d
0616963cb0c3e08bec294c34c00bbf754dae52e4ed50a675cba3393fe53484c8

HTTP Headers

GET /images/skins/Bewise/images/icon-search-white.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mytrendyphone.no/images/skins/Bewise/css/main.v42.css?v=46
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 463
cache-control: max-age=31536000
last-modified: Thu, 17 Feb 2022 06:49:04 GMT
x-backendserver: c101web4_live_ws8_dandomain_dk
etag: W/"5101674ca23d81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/sellphone.webp

94.143.8.110

1.6 kB

URL
www.mytrendyphone.no/images/skins/Bewise/images/sellphone.webp
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
RIFF (little-endian) data, Web/P image
Size
1.6 kB (1596 bytes)
Hash
d7815047197cd4a73cfe79662666986a
02639bdca3ea0674febeb77dee23a0b050470a94
7e341707475da35e8a398d39379835591cb6cfa487c1ceed05d79fa221c70d45

HTTP Headers

GET /images/skins/Bewise/images/sellphone.webp HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/webp
content-length: 1596
cache-control: max-age=31536000
last-modified: Mon, 27 Feb 2023 12:21:53 GMT
etag: "2dee3713a64ad91:0"
x-backendserver: c101web5_live_ws8_dandomain_dk
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f

94.143.8.110

79 kB

URL
www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT)
Size
79 kB (79265 bytes)
Hash
ada61966c594ffea73aa5045a92ce8fd
4ba32ff89c91d36f06f55864f624f9db97e99d1b
09c1acf1b0e459cd69558279811a32bc4e23bf5601220215b1e4f5cc5c16d8eb

HTTP Headers

GET /shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://clk.tradedoubler.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: text/html; Charset=UTF-8
cache-control: no-store, must-revalidate,no-cache
pragma: no-cache,no-cache,no-cache,no-cache,no-cache
content-encoding: gzip
expires: Thu, 18 Apr 2024 13:50:26 GMT
vary: Accept-Encoding
strict-transport-security: max-age=63072000
referrer-policy: strict-origin-when-cross-origin
p3p: CP='OUR PSA PSD BUS UNI NID DSP NOI COR'
set-cookie: SharedSessionId=286FD0B9%2D6400%2D41A3%2DB235%2DC1FB11D4C39D; path=/shop; HttpOnly; SameSite=Lax; Secure
ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC; path=/; HttpOnly; SameSite=Lax; Secure
x-frame-options: SAMEORIGIN
x-backendserver: c101web4_live_ws8_dandomain_dk
age: 0
via: 1.1 varnish (Varnish/6.0)
x-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/pages/ro/promo/outdoor_accessories/2024/search/outdoors24-search_no.webp

94.143.8.110

3.4 kB

URL
www.mytrendyphone.no/pages/ro/promo/outdoor_accessories/2024/search/outdoors24-search_no.webp
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
RIFF (little-endian) data, Web/P image
Size
3.4 kB (3404 bytes)
Hash
3a8431af3d145e69282ebe21743ad454
a20dd5d5b0201b52b22f2d0fb76b03eba61b3070
811316577dc4757c051ee552badb3376c543d0496bc34adec7e55f1c73e42d44

HTTP Headers

GET /pages/ro/promo/outdoor_accessories/2024/search/outdoors24-search_no.webp HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/webp
content-length: 3404
cache-control: max-age=31536000
last-modified: Mon, 01 Apr 2024 11:53:11 GMT
etag: "a130b12b2b84da1:0"
x-backendserver: c101web7_live_ws8_dandomain_dk
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/_images/brands/64x64.png

94.143.8.110

25 kB

URL
www.mytrendyphone.no/_images/brands/64x64.png
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
Size
25 kB (24776 bytes)
Hash
635f5102158530cb529804e2c7feb9d1
f8e03b43ad88ef20fe08fcfe26abbd2d3338b799
664ddc9475639bb63dc52f1c4786a9d61e316a4290a3b84b06a54e27abb07214

HTTP Headers

GET /_images/brands/64x64.png HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/png
content-length: 24776
cache-control: max-age=31536000
last-modified: Fri, 23 Apr 2021 13:27:37 GMT
etag: "965856d4438d71:0"
x-backendserver: c101web8_live_ws8_dandomain_dk
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/icon-email-black.svg

94.143.8.110

380 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/icon-email-black.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
380 B (380 bytes)
Hash
809fb48a172da269f88945c24ebc48c5
ce6e435a66fd94da3e090baf33cdd74386936955
7b3b5cc90c12fc7abea1b82d6d6de9555237e62c78ebf40539bbb41d85dc8fd1

HTTP Headers

GET /images/skins/Bewise/images/icon-email-black.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mytrendyphone.no/images/skins/Bewise/css/main.v42.css?v=46
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 380
cache-control: max-age=31536000
last-modified: Thu, 27 Jan 2022 19:00:39 GMT
x-backendserver: c101web8_live_ws8_dandomain_dk
etag: W/"3ffbc2cb013d81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44137
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/icon-check-green.svg

94.143.8.110

367 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/icon-check-green.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
367 B (367 bytes)
Hash
1c924b6db6f102af72d6b60d8edcf6b9
c1732ab57e8c8bb71c8b76090aa051d9d21f8740
ae23b22bb15262b56f83e235deaebd257a20061111cda21341b0b070d75fd109

HTTP Headers

GET /images/skins/Bewise/images/icon-check-green.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mytrendyphone.no/images/skins/Bewise/css/main.v42.css?v=46
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 367
cache-control: max-age=31536000
last-modified: Thu, 24 Mar 2022 09:40:51 GMT
x-backendserver: c101web5_live_ws8_dandomain_dk
etag: W/"f0ff040633fd81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn-4.convertexperiments.com/js/10043132-10044303.js

184.86.224.76

71 kB

URL
cdn-4.convertexperiments.com/js/10043132-10044303.js
IP
184.86.224.76:0
ASN
#16625 AKAMAI-AS

File type
ASCII text, with very long lines (34763)
Size
71 kB (71112 bytes)
Hash
d9516b4ebfe663c98dd427dd2628cfc7
407546308b64bc8c2cf0d3fbf8c4bd5e6f5040c0
8f2803fe334a8ce73607bc3d446a40cbe3ebf96d895221f8728de7a6b49042b3

HTTP Headers

GET /js/10043132-10044303.js HTTP/1.1
Host: cdn-4.convertexperiments.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
vary: Accept-Encoding
content-encoding: gzip
cache-control: public, max-age=300
expires: Thu, 18 Apr 2024 13:56:27 GMT
date: Thu, 18 Apr 2024 13:51:27 GMT
content-length: 71112
access-control-allow-origin: *
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/arrow-up-white.svg

94.143.8.110

442 B

URL
www.mytrendyphone.no/images/skins/Bewise/images/arrow-up-white.svg
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
SVG Scalable Vector Graphics image
Size
442 B (442 bytes)
Hash
06a5b8bbeb24d873dd7d5043853eeedb
70016cd54d8ed4538e52f8b8e2bfcc9ef119307a
78b85c89475cedd2af9349a48341b7505ce35d6fcc1e2c24999d0f427f6ed68d

HTTP Headers

GET /images/skins/Bewise/images/arrow-up-white.svg HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://www.mytrendyphone.no/images/skins/Bewise/css/main.v42.css?v=46
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/svg+xml
content-length: 442
cache-control: max-age=31536000
last-modified: Mon, 18 Jul 2022 13:06:29 GMT
x-backendserver: c101web6_live_ws8_dandomain_dk
etag: W/"1a33232a79ad81:0"
content-encoding: gzip
vary: Accept-Encoding
age: 44231
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/skins/Bewise/images/popular.webp

94.143.8.110

1.7 kB

URL
www.mytrendyphone.no/images/skins/Bewise/images/popular.webp
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
RIFF (little-endian) data, Web/P image
Size
1.7 kB (1738 bytes)
Hash
9fd3f2b3f6eb38ae020d6a541e81fff3
716d07b89c0eeddbb1fc7c70ce59f375722d5486
4521e8b0ae479eb9c5ef953d600c388592c7d849fa9d3aff076562112e1a2676

HTTP Headers

GET /images/skins/Bewise/images/popular.webp HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/webp
content-length: 1738
cache-control: max-age=31536000
last-modified: Tue, 23 Aug 2022 13:33:04 GMT
etag: "91d1aedff4b6d81:0"
x-backendserver: c101web1_live_ws8_dandomain_dk
age: 44354
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/CARLINKIT-2Air-OEM-BK-Wireless-Android-Auto-Carplay-Adapter-Dongle-Support-OTA-UpgradeNone-22112023-00-t.webp

94.143.8.110

1.4 kB

URL
www.mytrendyphone.no/images/CARLINKIT-2Air-OEM-BK-Wireless-Android-Auto-Carplay-Adapter-Dongle-Support-OTA-UpgradeNone-22112023-00-t.webp
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp
Size
1.4 kB (1362 bytes)
Hash
984e73e44769e21a299216e01b687d82
3df1f7fd5707e9ef931378df646f144ada060e55
c45d41daaa84eeea77a5762a77e2758615910e2970dc2a0b03a281a808ce1720

HTTP Headers

GET /images/CARLINKIT-2Air-OEM-BK-Wireless-Android-Auto-Carplay-Adapter-Dongle-Support-OTA-UpgradeNone-22112023-00-t.webp HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/webp
content-length: 1362
cache-control: max-age=31536000
last-modified: Fri, 05 Apr 2024 23:22:09 GMT
etag: "d320c314b087da1:0"
x-backendserver: c101web5_live_ws8_dandomain_dk
age: 44138
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

cdn1.profitmetrics.io/EB0A188C461F8DE6/bundle.js

104.21.65.221

9.1 kB

URL
cdn1.profitmetrics.io/EB0A188C461F8DE6/bundle.js
IP
104.21.65.221:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (20868)
Size
9.1 kB (9135 bytes)
Hash
3f281676bfab8d598ff4b402fa7f01b7
ef8be147c3397c9c49cb784887d900b979ed4da4
d02698930ae7734534ed7fa0d401fca4ee4d975c2f22a61479122548febed049

HTTP Headers

GET /EB0A188C461F8DE6/bundle.js HTTP/1.1
Host: cdn1.profitmetrics.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 06:17:37 GMT
etag: W/"3f281676bfab8d598ff4b402fa7f01b7"
cache-control: max-age=120
cf-cache-status: HIT
age: 5926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iGSrBXr2xp6gkgoAf4gDbqfLEFKSJKFX%2BtNWQays35hQQhlXkvGthnckfoQhtcPjmfA4MkOjBp3hShb0l939x5IJeLQJcKU6NJEVFdKSJ1FcME0W8ZGNy3GTcPI1QMiZoMBQ7r6baeA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876521343ba7b515-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=4ab0d0c80000640005016e13

143.204.55.110

1.9 kB

URL
widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=4ab0d0c80000640005016e13
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
HTML document, ASCII text, with very long lines (4945)
Size
1.9 kB (1930 bytes)
Hash
55b3ceb7ca6978d9dab4e23e8ae678b1
6f1413f542e9056af4ce1d663382850acc7a8ff3
49f5900d74ef78a3c5c1a737f1c851cd20c9fd6cc814783cdb19b3b24ba4bdfc

HTTP Headers

GET /trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=4ab0d0c80000640005016e13 HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: text/html
content-length: 1930
last-modified: Mon, 08 May 2023 11:42:34 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
date: Thu, 18 Apr 2024 05:01:41 GMT
cache-control: max-age=86400
etag: "1b1a56d9c9fcf8acab07f238231461df"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: BGyhFOGF_bPVCH8kuzVV1LOIzgOhI8agWJbZQNMo58IDcOTcaUzmhg==
age: 31787
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/Universal-Fast-Wireless-Charger-Black-02082019-01-t.webp

94.143.8.110

766 B

URL
www.mytrendyphone.no/images/Universal-Fast-Wireless-Charger-Black-02082019-01-t.webp
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp
Size
766 B (766 bytes)
Hash
65a6537f72107b154a697dbc7c956df7
16370dd730cdc2d929c319c0379a14ecc2b1b79d
3eea3bf485b665c29eddf135d7518678f86cf9c2092c143640c4b0103266bed0

HTTP Headers

GET /images/Universal-Fast-Wireless-Charger-Black-02082019-01-t.webp HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/webp
content-length: 766
cache-control: max-age=31536000
last-modified: Mon, 30 Jan 2023 18:29:37 GMT
etag: "15ca1bcfd834d91:0"
x-backendserver: c101web7_live_ws8_dandomain_dk
age: 44226
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/pages/ro/promo/panzer_banner/no1.webp

94.143.8.110

8.5 kB

URL
www.mytrendyphone.no/pages/ro/promo/panzer_banner/no1.webp
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
RIFF (little-endian) data, Web/P image
Size
8.5 kB (8458 bytes)
Hash
e28ec595483cecfeb7f3966b5e82899f
9312c47f824dbdb5cd9519676c2afe1fe02e26e4
ee8144e4b55409cd87ba938699f598f527fcb9b17879aa7317eb4d6f25fce446

HTTP Headers

GET /pages/ro/promo/panzer_banner/no1.webp HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/webp
content-length: 8458
cache-control: max-age=31536000
last-modified: Tue, 08 Aug 2023 13:51:08 GMT
etag: "df83062ffc9d91:0"
x-backendserver: c101web5_live_ws8_dandomain_dk
age: 44138
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/pages/ro/promo/panzer_banner/no2.webp

94.143.8.110

9.8 kB

URL
www.mytrendyphone.no/pages/ro/promo/panzer_banner/no2.webp
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
RIFF (little-endian) data, Web/P image
Size
9.8 kB (9774 bytes)
Hash
80e8aeefe4c105fd72c87e4c14adfbf0
9b4fa6e01b4e89b2379a6f7010b95c6925246174
0d70657fa39b6612a6bafd3106c15539b9cc7ab8d30daf8ee62abcd02d27b8f1

HTTP Headers

GET /pages/ro/promo/panzer_banner/no2.webp HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/webp
content-length: 9774
cache-control: max-age=31536000
last-modified: Tue, 08 Aug 2023 13:51:08 GMT
etag: "d0725362ffc9d91:0"
x-backendserver: c101web3_live_ws8_dandomain_dk
age: 44138
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/pages/ro/promo/outdoor_accessories/2024/outdoors24_no.webp

94.143.8.110

70 kB

URL
www.mytrendyphone.no/pages/ro/promo/outdoor_accessories/2024/outdoors24_no.webp
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
RIFF (little-endian) data, Web/P image
Size
70 kB (69700 bytes)
Hash
44140f40c64dbfd9ac8a1c27f7a6133c
a18d714cc823665dba7676e54818bd9cff281229
cb661a3c5ec2218fe4fb6a380c365ef9e223bde7889a84a85f0288634eb9c7fb

HTTP Headers

GET /pages/ro/promo/outdoor_accessories/2024/outdoors24_no.webp HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: image/webp
content-length: 69700
cache-control: max-age=31536000
last-modified: Mon, 01 Apr 2024 11:52:13 GMT
etag: "ee79692b84da1:0"
x-backendserver: c101web1_live_ws8_dandomain_dk
age: 36172
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.mytrendyphone.no/shop/StatInit.asp

94.143.8.110

0 B

URL
www.mytrendyphone.no/shop/StatInit.asp
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /shop/StatInit.asp HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 52
Origin: https://www.mytrendyphone.no
DNT: 1
Connection: keep-alive
Cookie: SharedSessionId=286FD0B9%2D6400%2D41A3%2DB235%2DC1FB11D4C39D; ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: text/html; Charset=UTF-8
content-length: 0
cache-control: no-cache
pragma: no-cache
expires: Thu, 18 Apr 2024 13:50:27 GMT
set-cookie: ASPSESSIONIDCQDQQDDT=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/; HttpOnly; SameSite=Lax; Secure
SharedSessionId=286FD0B9%2D6400%2D41A3%2DB235%2DC1FB11D4C39D; path=/shop; HttpOnly; SameSite=Lax; Secure
ASPSESSIONIDCQCQRDRB=DHHGEAGABHOHLKMMAOKKIHHC; path=/; HttpOnly; SameSite=Lax; Secure
x-frame-options: SAMEORIGIN
x-robots-tag: noindex, nofollow
x-backendserver: c101web3_live_ws8_dandomain_dk
age: 0
via: 1.1 varnish (Varnish/6.0)
x-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-F0Q2Z1LN9Y&l=dataLayer&cx=c

142.250.74.168

102 kB

URL
www.googletagmanager.com/gtag/js?id=G-F0Q2Z1LN9Y&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (14160)
Size
102 kB (102401 bytes)
Hash
d2243da3be12c9f78003b0a1d094663c
c89e485690e51a6f443bf2a3a8a4e8a798338db9
9c7b5257a43f89aaa4360ce640a3314009308cf538e66c75118d6cb038b95360

HTTP Headers

GET /gtag/js?id=G-F0Q2Z1LN9Y&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 13:51:27 GMT
expires: Thu, 18 Apr 2024 13:51:27 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 102401
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtm.js?id=GTM-L5RX

142.250.74.168

113 kB

URL
www.googletagmanager.com/gtm.js?id=GTM-L5RX
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (50695)
Size
113 kB (113295 bytes)
Hash
d5852923baa8bc0f48b6a68452b2b2b9
c377fe4e29d348e6807917f3b9496e82f57b1b4d
a7a5ade96e495a9d48386b78a4ac227571e93ea8ee49e423efb3f1e920a5eb9a

HTTP Headers

GET /gtm.js?id=GTM-L5RX HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 13:51:27 GMT
expires: Thu, 18 Apr 2024 13:51:27 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 113295
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/main.js

143.204.55.110

16 kB

URL
widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/main.js
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type
JavaScript source, Unicode text, UTF-8 (with BOM) text, with very long lines (50929)
Size
16 kB (15571 bytes)
Hash
ee881e36621624477d03bab184693d7b
b3cbf185ba8c6797ea9b3af9dd04c0c848272a54
86d97a14033933535289ca54a639089c071ac95d4694128d74cbe1ceea3cdfe3

HTTP Headers

GET /trustboxes/53aa8807dec7e10d38f59f32/main.js HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=4ab0d0c80000640005016e13
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/x-javascript
content-length: 15571
last-modified: Mon, 08 May 2023 11:42:56 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
date: Thu, 18 Apr 2024 02:33:43 GMT
cache-control: max-age=86400
etag: "f90daf8c8f47c6afab7d4e27466118b5"
x-cache: Hit from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: FYu4ybC995Nzr6X8A7kt9eeqEgcV5N6J-szXfkwwOXiTXVkkfD0Ghw==
age: 40668
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

bi.heyloyalty.com/dandomain.js

46.36.214.64

10 kB

URL
bi.heyloyalty.com/dandomain.js
IP
46.36.214.64:0
ASN
#48854 team.blue Denmark A/S

File type
JavaScript source, ASCII text
Size
10 kB (9975 bytes)
Hash
7eb2321e127d0f3cc7d9848b0ac6bb06
72ea700c6503ce2ce9b76c96baeae268aca70a86
8037fc2a60bc07f5f3109823454385c0d8ff39bbf91aa6dfaf0cb0adaaf8ef1e

HTTP Headers

GET /dandomain.js HTTP/1.1
Host: bi.heyloyalty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:27 GMT
content-type: application/javascript
content-length: 9975
last-modified: Thu, 18 Apr 2024 11:05:11 GMT
etag: "6620fe67-26f7"
accept-ranges: bytes
X-Firefox-Spdy: h2

tracking.heycommerce.dk/tracking/dandomainv2/UAeoVI1B88aGyAqV?cookie=ff803d61-72f3-4cff-9fee-17520ff1d4a3&session=5a50a097-bd15-44be-8f71-1cb4d62ab100&communicationData=&url=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&integrationId=4333&heartbeat=true

46.36.214.64

0 B

URL
tracking.heycommerce.dk/tracking/dandomainv2/UAeoVI1B88aGyAqV?cookie=ff803d61-72f3-4cff-9fee-17520ff1d4a3&session=5a50a097-bd15-44be-8f71-1cb4d62ab100&communicationData=&url=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&integrationId=4333&heartbeat=true
IP
46.36.214.64:0
ASN
#48854 team.blue Denmark A/S

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /tracking/dandomainv2/UAeoVI1B88aGyAqV?cookie=ff803d61-72f3-4cff-9fee-17520ff1d4a3&session=5a50a097-bd15-44be-8f71-1cb4d62ab100&communicationData=&url=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&integrationId=4333&heartbeat=true HTTP/1.1
Host: tracking.heycommerce.dk
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
Origin: https://www.mytrendyphone.no
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 204 No Content
server: nginx
date: Thu, 18 Apr 2024 13:51:28 GMT
cache-control: private, must-revalidate
pragma: no-cache
expires: -1
access-control-allow-origin: *
set-cookie: XSRF-TOKEN=eyJpdiI6InAzc2FrQ2FRRDVRc0ZIMzVVd2xWNlE9PSIsInZhbHVlIjoiUy85SGFRbkwwa3NSZGVlVGFsN2xoWEtCK1V3UGsxUHAvQ2xkSlliVVlXUkxZcWZkckVreWp2OTc3R0NzaElhZDR6MkhHNThlVkQzcVAwc2hKYklOQXVLbzI1Yk0xZVFSKy9NS1Z0Mm1HTjgxaEdpTVdjRUxCL21uRnZOdkxzRHMiLCJtYWMiOiIwYjZmNTc5M2ZkMGExOGQ4MTA5NDFkODZiNTQwMjczNzUzZjYzOGM3MGU3NGM0MmY1ODcwMTcwYzIwZmVjZTlmIiwidGFnIjoiIn0%3D; expires=Thu, 18 Apr 2024 15:51:28 GMT; Max-Age=7200; path=/
laravel_session=eyJpdiI6ImdnMmNTSzErN3VTZExURWlSTUtPTEE9PSIsInZhbHVlIjoiODJqUDJiR3A4VE00OHB0MjAvZ1lDRlkwSFF5a0dJbjBhYkdRMjdUNEhOdXhKN1BWV0piekkrM3N1MnNTRExPSVRZTEZIY1VBQmdnR1BDL0MrNStLNFdxWkJlMllBKzlIRG8xSkJDMWl5bGFmTWowSkM3SEN1M0tOU1NVVzB3MjciLCJtYWMiOiJiYjdjM2NjODY1YjFlYzIzY2I5MjMxNDlhZjY3YzI0NGI3YWNmYzEyNjFkYzZlN2Y1NzU3MTkyZWU1NDJiNDJiIiwidGFnIjoiIn0%3D; expires=Thu, 18 Apr 2024 15:51:28 GMT; Max-Age=7200; path=/; httponly
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/destination?id=DC-8691808&l=dataLayer&cx=c

142.250.74.168

72 kB

URL
www.googletagmanager.com/gtag/destination?id=DC-8691808&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (2165)
Size
72 kB (72256 bytes)
Hash
e34c466a1925422317ada222d5f45135
b5409e936bdc2320a7ba5352e29b7070ffced414
3d553e53ed538a76eeae47aa1fa23c63205cf7ad31bb076ec683ae1bd85c6cc6

HTTP Headers

GET /gtag/destination?id=DC-8691808&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 13:51:28 GMT
expires: Thu, 18 Apr 2024 13:51:28 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72256
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=G-XXXXXXXX&l=dataLayer&cx=c

142.250.74.168

80 kB

URL
www.googletagmanager.com/gtag/js?id=G-XXXXXXXX&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (2165)
Size
80 kB (79743 bytes)
Hash
f2272de28f820e08e2786cf53d12e4d7
3f93c62ea9c977249409cc47240d1f76646927d6
6ac4cdf8e122817aca6dd23cb7c1a1c98baeb6269ae7171d6b5caa5dfd6e1917

HTTP Headers

GET /gtag/js?id=G-XXXXXXXX&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 13:51:28 GMT
expires: Thu, 18 Apr 2024 13:51:28 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79743
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/destination?id=AW-1019324150&l=dataLayer&cx=c

142.250.74.168

80 kB

URL
www.googletagmanager.com/gtag/destination?id=AW-1019324150&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
80 kB (79796 bytes)
Hash
8c34ad71acbf99fa590eba8996c6e1dc
2d125b9e2016f855dea9c3e843d7ca135a68fed1
1879721fe076f25abbf906309b96ad6553faf0c7314b83994bd93b21595674f4

HTTP Headers

GET /gtag/destination?id=AW-1019324150&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 13:51:28 GMT
expires: Thu, 18 Apr 2024 13:51:28 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79796
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/destination?id=AW-789003275&l=dataLayer&cx=c

142.250.74.168

77 kB

URL
www.googletagmanager.com/gtag/destination?id=AW-789003275&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (2165)
Size
77 kB (77166 bytes)
Hash
021fd08c7fc8555bc3528dedca5efb88
b99efad12f5341b8deda19333c13d005d2151b9a
405bcecb5bd0034db9a527cbf4e410c5416340fa1d2604c0c4ddbbd8fc8ead4f

HTTP Headers

GET /gtag/destination?id=AW-789003275&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 13:51:28 GMT
expires: Thu, 18 Apr 2024 13:51:28 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 77166
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.googletagmanager.com/gtag/js?id=UA-2419701-73

142.250.74.168

73 kB

URL
www.googletagmanager.com/gtag/js?id=UA-2419701-73
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (4179)
Size
73 kB (72940 bytes)
Hash
136d5d2461635e733848e3f18d37569c
29dac3e6cd7ec9955d31794cfb4e3d484c7f7b00
19f8487b6049eb8c32b3d0fd7bed87b4c565c1d43863a526ced053c0e88e7354

HTTP Headers

GET /gtag/js?id=UA-2419701-73 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 13:51:28 GMT
expires: Thu, 18 Apr 2024 13:51:28 GMT
cache-control: private, max-age=900
last-modified: Thu, 18 Apr 2024 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72940
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

widget.trustpilot.com/stats/TrustboxImpression?locale=nb-NO&styleHeight=150px&styleWidth=100%25&theme=light&url=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&referrer=https%3A%2F%2Fclk.tradedoubler.com%2F&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&language=en-US&platform=Linux%20x86_64&nosettings=1&businessUnitId=4ab0d0c80000640005016e13&widgetId=53aa8807dec7e10d38f59f32

143.204.55.110

0 B

URL
widget.trustpilot.com/stats/TrustboxImpression?locale=nb-NO&styleHeight=150px&styleWidth=100%25&theme=light&url=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&referrer=https%3A%2F%2Fclk.tradedoubler.com%2F&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&language=en-US&platform=Linux%20x86_64&nosettings=1&businessUnitId=4ab0d0c80000640005016e13&widgetId=53aa8807dec7e10d38f59f32
IP
143.204.55.110:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /stats/TrustboxImpression?locale=nb-NO&styleHeight=150px&styleWidth=100%25&theme=light&url=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&referrer=https%3A%2F%2Fclk.tradedoubler.com%2F&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&language=en-US&platform=Linux%20x86_64&nosettings=1&businessUnitId=4ab0d0c80000640005016e13&widgetId=53aa8807dec7e10d38f59f32 HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
DNT: 1
Connection: keep-alive
Referer: https://widget.trustpilot.com/trustboxes/53aa8807dec7e10d38f59f32/index.html?templateId=53aa8807dec7e10d38f59f32&businessunitId=4ab0d0c80000640005016e13
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 204 No Content
cache-control: no-store,no-cache
date: Thu, 18 Apr 2024 13:51:27 GMT
pragma: no-cache
server: Kestrel
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-cache: Miss from cloudfront
via: 1.1 96c778ce6156d12f24b8b6cdaa0cbf66.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: zf6rDAT8BzFrXwzilFZDTkkctrlk5hl3D2I-Ga7fBlOkPL8boEa8vQ==
X-Firefox-Spdy: h2

www.mytrendyphone.no/_do/ajax_status_prlist_variants.asp?callback=jQuery36009210744599203756_1713448287190&skus=%23197973%234001345%233003609%23256490%23214062%23201255%23235544%23229349%23224759%23229004%23245488%23221916%23245488-VAR%23232388%23226489%23259277&lang=3&_=1713448287191

94.143.8.110

2.3 kB

URL
www.mytrendyphone.no/_do/ajax_status_prlist_variants.asp?callback=jQuery36009210744599203756_1713448287190&skus=%23197973%234001345%233003609%23256490%23214062%23201255%23235544%23229349%23224759%23229004%23245488%23221916%23245488-VAR%23232388%23226489%23259277&lang=3&_=1713448287191
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
ASCII text, with very long lines (23008), with no line terminators
Size
2.3 kB (2299 bytes)
Hash
1c277651b8cda395fc848c55f824d601
bed0f99b2eb1e94674f61f459f23a44569bc4b2b
3d26e9a6470a647669067d6d1f7cc9755fd80b079dba49b30d02d1a1f05ae87e

HTTP Headers

GET /_do/ajax_status_prlist_variants.asp?callback=jQuery36009210744599203756_1713448287190&skus=%23197973%234001345%233003609%23256490%23214062%23201255%23235544%23229349%23224759%23229004%23245488%23221916%23245488-VAR%23232388%23226489%23259277&lang=3&_=1713448287191 HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
X-Requested-With: XMLHttpRequest
DNT: 1
Connection: keep-alive
Cookie: ASPSESSIONIDCQDQQDDT=MDINHPFAKOAOFICEEMJAJAHC; exitintentpageviews=1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:28 GMT
content-type: application/json
cache-control: private
set-cookie: ASPSESSIONIDCSDRRDCT=OKAHGPFADLNKGBBJJAKBCMDC; path=/
x-robots-tag: noindex, nofollow
x-backendserver: c101web4_live_ws8_dandomain_dk
content-encoding: gzip
vary: Accept-Encoding
age: 0
via: 1.1 varnish (Varnish/6.0)
x-cache: MISS
accept-ranges: bytes
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-5F0WEKQXC8&l=dataLayer&cx=c

142.250.74.168

88 kB

URL
www.googletagmanager.com/gtag/js?id=G-5F0WEKQXC8&l=dataLayer&cx=c
IP
142.250.74.168:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (5955)
Size
88 kB (88296 bytes)
Hash
56a69cf30edbf4b673bad8155c58dd84
520028f1b3685607cec2adb81f421e7bc41ee39f
cab4d9c8431d04d4e95d48a70c3a9b8359dbc3fae445f9a30b4fb4f61fdafab2

HTTP Headers

GET /gtag/js?id=G-5F0WEKQXC8&l=dataLayer&cx=c HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 18 Apr 2024 13:51:28 GMT
expires: Thu, 18 Apr 2024 13:51:28 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 88296
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

region1.analytics.google.com/g/collect?v=2&tid=G-F0Q2Z1LN9Y&gtm=45je44f0v888138410za200&_p=1713448287202&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1589318980.1713448288&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1713448287&sct=1&seg=0&dl=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&dr=https%3A%2F%2Fclk.tradedoubler.com%2F&dt=Mobiltilbeh%C3%B8r%20%7C%20iPhone%2C%20iPad%2C%20iPod%2C%20HTC%2C%20Samsung%2C%20Nokia%2C%20deksel&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1438

216.239.32.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-F0Q2Z1LN9Y&gtm=45je44f0v888138410za200&_p=1713448287202&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1589318980.1713448288&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1713448287&sct=1&seg=0&dl=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&dr=https%3A%2F%2Fclk.tradedoubler.com%2F&dt=Mobiltilbeh%C3%B8r%20%7C%20iPhone%2C%20iPad%2C%20iPod%2C%20HTC%2C%20Samsung%2C%20Nokia%2C%20deksel&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1438
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-F0Q2Z1LN9Y&gtm=45je44f0v888138410za200&_p=1713448287202&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1589318980.1713448288&ul=en-us&sr=1280x1024&pscdl=noapi&_s=1&sid=1713448287&sct=1&seg=0&dl=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&dr=https%3A%2F%2Fclk.tradedoubler.com%2F&dt=Mobiltilbeh%C3%B8r%20%7C%20iPhone%2C%20iPad%2C%20iPod%2C%20HTC%2C%20Samsung%2C%20Nokia%2C%20deksel&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1438 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
Origin: https://www.mytrendyphone.no
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: https://www.mytrendyphone.no
date: Thu, 18 Apr 2024 13:51:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.mytrendyphone.no/images/Waterproof-Smartwatch-with-Heart-Rate-GW33-SE-BlackNone-24102023-01-t.webp

94.143.8.110

3.4 kB

URL
www.mytrendyphone.no/images/Waterproof-Smartwatch-with-Heart-Rate-GW33-SE-BlackNone-24102023-01-t.webp
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp
Size
3.4 kB (3390 bytes)
Hash
477e3ad87805e68f9136b750b131ff90
57f75031e1a9d5d40fae66c922e182db00bc9cb5
0f14c4f3ded41c9b23a359da0ba1caa1e7869bac1a80b71d784da142b3a123d8

HTTP Headers

GET /images/Waterproof-Smartwatch-with-Heart-Rate-GW33-SE-BlackNone-24102023-01-t.webp HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: exitintentpageviews=1; ASPSESSIONIDCQCQRDRB=DHHGEAGABHOHLKMMAOKKIHHC; _ga_F0Q2Z1LN9Y=GS1.1.1713448287.1.0.1713448287.60.0.0; _ga=GA1.1.1589318980.1713448288; _conv_v=vi%3A1*sc%3A1*cs%3A1713448288*fs%3A1713448288*pv%3A1; _conv_s=si%3A1*sh%3A1713448287788-0.4387521245970484*pv%3A1; _conv_r=s%3Atd_no*m%3Areferral*t%3A*c%3A2894007; UAeoVI1B88aGyAqVrsa=ff803d61-72f3-4cff-9fee-17520ff1d4a3; UAeoVI1B88aGyAqVrsaSession=5a50a097-bd15-44be-8f71-1cb4d62ab100; _gcl_au=1.1.211651304.1713448288; deduplication_cookie=TD_NO; deduplication_cookie=TD_NO; source=adrecord; ASPSESSIONIDCSDRRDCT=OKAHGPFADLNKGBBJJAKBCMDC; pmStorage={"etid":null,"pid":"EB0A188C461F8DE6","referer":null,"cc_statistics":true,"cc_marketing":true,"gacid_source":"gatracker","uid":null,"gclid":null,"fbp":null,"fbc":null,"cip":"0.0.0.0","gbraid":"","wbraid":"","ga4SessionId":"1713448287","ga4SessionNumber":"1","em_md5":null,"em_sha256":null,"em":null}; _ga_XXXXXXXX=GS1.1.1713448288.1.0.1713448288.0.0.993751680
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:28 GMT
content-type: image/webp
content-length: 3390
cache-control: max-age=31536000
last-modified: Tue, 02 Apr 2024 14:23:10 GMT
etag: "4da6344a985da1:0"
x-backendserver: c101web5_live_ws8_dandomain_dk
age: 44137
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

my.profitmetrics.io/ev.php?v=1&ipfromclient=true&cv=ac4ad362101705e436dfd49deb2fc94530b8ea54-false-modern-universal

167.235.182.60

94 B

URL
my.profitmetrics.io/ev.php?v=1&ipfromclient=true&cv=ac4ad362101705e436dfd49deb2fc94530b8ea54-false-modern-universal
IP
167.235.182.60:0
ASN
#24940 Hetzner Online GmbH

File type
JSON text data
Size
94 B (94 bytes)
Hash
75bf0eba8fa055bfefdc53f21d27fb95
a1babfb6fc8dc05aa5159ed7a976d6dc8320b4dc
dd7a1db76954467e240394d755bb0afde397d401098a20b712ec25859af63fc2

HTTP Headers

POST /ev.php?v=1&ipfromclient=true&cv=ac4ad362101705e436dfd49deb2fc94530b8ea54-false-modern-universal HTTP/1.1
Host: my.profitmetrics.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
Content-type: application/json; charset=utf-8
Content-Length: 493
Origin: https://www.mytrendyphone.no
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 18 Apr 2024 13:51:28 GMT
Server: Apache/2.4.57 (Debian)
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Max-Age: 86400
Content-Length: 94
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: application/json

metrics.mytrendyphone.no/g/collect?v=2&tid=G-XXXXXXXX&gtm=45je44f0z8565634za200&_p=1713448287202&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1589318980.1713448288&ecid=993751680&ul=en-us&sr=1280x1024&_fplc=0&ur=NO-03&pscdl=noapi&sst.etld=google.no&sst.gcsub=region1&sst.gcd=13l3l3l2l1&sst.tft=1713448287202&sst.ude=0&_s=1&sid=1713448288&sct=1&seg=0&dl=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&dr=https%3A%2F%2Fclk.tradedoubler.com%2F&dt=Mobiltilbeh%C3%B8r%20%7C%20iPhone%2C%20iPad%2C%20iPod%2C%20HTC%2C%20Samsung%2C%20Nokia%2C%20deksel&en=page_view&_fv=1&_ss=1&ep.event_id=page-view-1713448288&tfd=2009&richsstsse

172.217.21.179

272 B

URL
metrics.mytrendyphone.no/g/collect?v=2&tid=G-XXXXXXXX&gtm=45je44f0z8565634za200&_p=1713448287202&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1589318980.1713448288&ecid=993751680&ul=en-us&sr=1280x1024&_fplc=0&ur=NO-03&pscdl=noapi&sst.etld=google.no&sst.gcsub=region1&sst.gcd=13l3l3l2l1&sst.tft=1713448287202&sst.ude=0&_s=1&sid=1713448288&sct=1&seg=0&dl=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&dr=https%3A%2F%2Fclk.tradedoubler.com%2F&dt=Mobiltilbeh%C3%B8r%20%7C%20iPhone%2C%20iPad%2C%20iPod%2C%20HTC%2C%20Samsung%2C%20Nokia%2C%20deksel&en=page_view&_fv=1&_ss=1&ep.event_id=page-view-1713448288&tfd=2009&richsstsse
IP
172.217.21.179:0
ASN
#15169 GOOGLE

File type
HTML document, ASCII text
Size
272 B (272 bytes)
Hash
9902fb9f7cf3e9a8dd26f45a5cb94113
91995c443aa89cdcf3ab52e2ea1ae3d4893624bc
6b43b396ba4708e5ffe9da06909bc2059e55b300f2434bc4181ca3a842d83bd6

HTTP Headers

GET /g/collect?v=2&tid=G-XXXXXXXX&gtm=45je44f0z8565634za200&_p=1713448287202&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1589318980.1713448288&ecid=993751680&ul=en-us&sr=1280x1024&_fplc=0&ur=NO-03&pscdl=noapi&sst.etld=google.no&sst.gcsub=region1&sst.gcd=13l3l3l2l1&sst.tft=1713448287202&sst.ude=0&_s=1&sid=1713448288&sct=1&seg=0&dl=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&dr=https%3A%2F%2Fclk.tradedoubler.com%2F&dt=Mobiltilbeh%C3%B8r%20%7C%20iPhone%2C%20iPad%2C%20iPod%2C%20HTC%2C%20Samsung%2C%20Nokia%2C%20deksel&en=page_view&_fv=1&_ss=1&ep.event_id=page-view-1713448288&tfd=2009&richsstsse HTTP/1.1
Host: metrics.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
Origin: https://www.mytrendyphone.no
DNT: 1
Connection: keep-alive
Cookie: _ga_F0Q2Z1LN9Y=GS1.1.1713448287.1.0.1713448287.60.0.0; _ga=GA1.1.1589318980.1713448288; _conv_v=vi%3A1*sc%3A1*cs%3A1713448288*fs%3A1713448288*pv%3A1; _conv_s=si%3A1*sh%3A1713448287788-0.4387521245970484*pv%3A1; _conv_r=s%3Atd_no*m%3Areferral*t%3A*c%3A2894007; _gcl_au=1.1.211651304.1713448288; source=adrecord; _ga_XXXXXXXX=GS1.1.1713448288.1.0.1713448288.0.0.993751680
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
content-length: 272
content-type: text/html; charset=UTF-8
date: Thu, 18 Apr 2024 13:51:28 GMT
X-Firefox-Spdy: h2

s3.amazonaws.com/downloads.mailchimp.com/js/goal.min.js

52.217.122.224

2.7 kB

URL
s3.amazonaws.com/downloads.mailchimp.com/js/goal.min.js
IP
52.217.122.224:0
ASN
#16509 AMAZON-02

File type
JavaScript source, ASCII text, with very long lines (2699), with no line terminators
Size
2.7 kB (2699 bytes)
Hash
db78cc3fefd4dc191250a00cf7b530a3
056bc0b8803cc6a3d4a69dc9d0c2f9bda45e5a63
95988cd724c335017a45083d6113304f8ff09502a3aa961b804f8ae03f4c3ada

HTTP Headers

GET /downloads.mailchimp.com/js/goal.min.js HTTP/1.1
Host: s3.amazonaws.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
x-amz-id-2: UQ1sjElxxiFw+y5oYDT4EPZRSqTWzQMjv1b2gDvPfSk0s1CUmh9AeCNB6PqkcH2jP3Ud33nPIK0=
x-amz-request-id: RMMWEWYAG8CEV39K
Date: Thu, 18 Apr 2024 13:51:29 GMT
Last-Modified: Mon, 20 Aug 2018 17:42:37 GMT
ETag: "db78cc3fefd4dc191250a00cf7b530a3"
Cache-Control: public,max-age=2592000
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Content-Length: 2699

s.pinimg.com/ct/core.js

151.101.236.84

1.9 kB

URL
s.pinimg.com/ct/core.js
IP
151.101.236.84:0
ASN
#54113 FASTLY

File type
JavaScript source, ASCII text, with very long lines (4777), with no line terminators
Size
1.9 kB (1899 bytes)
Hash
157038e34123cc34939c37ef460356f4
bc65c9c0071a0d483a78ff7d5abe5f2500b265c1
62e7cb03e8f65ceb4f43a5a56a3b9c3950158fae3fea85699e3f4c68672f4c2f

HTTP Headers

GET /ct/core.js HTTP/1.1
Host: s.pinimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
etag: "2a48a6694c41c203319b5f6018c2bbbc"
x-amz-server-side-encryption: AES256
content-encoding: br
content-type: application/javascript
x-cdn: fastly
alt-svc: h3=":443";ma=600
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 86400
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=7200
date: Thu, 18 Apr 2024 13:51:28 GMT
content-length: 1899
X-Firefox-Spdy: h2

s.pinimg.com/ct/lib/main.6192ffb7.js

151.101.236.84

20 kB

URL
s.pinimg.com/ct/lib/main.6192ffb7.js
IP
151.101.236.84:0
ASN
#54113 FASTLY

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
20 kB (19940 bytes)
Hash
48bfea2777d079c1aabec184c1b54b34
2fb78ec90eacc0159becd954b8613edf1fcd6e66
6982e83b9ea7682534a77808bc53b3e516bc5d26dc406de1a2ea81c2fdf63a33

HTTP Headers

GET /ct/lib/main.6192ffb7.js HTTP/1.1
Host: s.pinimg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
etag: "0c0f2aed16e51276069e2c6e45c878c1"
x-amz-server-side-encryption: AES256
content-encoding: br
content-type: application/javascript
x-cdn: fastly
alt-svc: h3=":443";ma=600
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 86400
access-control-expose-headers: X-CDN
vary: Accept-Encoding, Origin
cache-control: max-age=1209600
date: Thu, 18 Apr 2024 13:51:28 GMT
content-length: 19940
X-Firefox-Spdy: h2

www.mytrendyphone.no/favicon.ico

94.143.8.110

5.4 kB

URL
www.mytrendyphone.no/favicon.ico
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size
5.4 kB (5430 bytes)
Hash
c012d3dedd88b8a4f170cd72c4f1caeb
7b1aa84688c288ac60a968553ee9bf011017893c
649fc593c834fc19112500d987855b5b9756d28592990d7145924a548035cfc2

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: exitintentpageviews=1; ASPSESSIONIDCQCQRDRB=DHHGEAGABHOHLKMMAOKKIHHC; _ga_F0Q2Z1LN9Y=GS1.1.1713448287.1.0.1713448287.60.0.0; _ga=GA1.1.1589318980.1713448288; _conv_v=vi%3A1*sc%3A1*cs%3A1713448288*fs%3A1713448288*pv%3A1; _conv_s=si%3A1*sh%3A1713448287788-0.4387521245970484*pv%3A1; _conv_r=s%3Atd_no*m%3Areferral*t%3A*c%3A2894007; UAeoVI1B88aGyAqVrsa=ff803d61-72f3-4cff-9fee-17520ff1d4a3; UAeoVI1B88aGyAqVrsaSession=5a50a097-bd15-44be-8f71-1cb4d62ab100; _gcl_au=1.1.211651304.1713448288; deduplication_cookie=TD_NO; deduplication_cookie=TD_NO; source=adrecord; ASPSESSIONIDCSDRRDCT=OKAHGPFADLNKGBBJJAKBCMDC; pmStorage={"etid":null,"pid":"EB0A188C461F8DE6","referer":null,"cc_statistics":true,"cc_marketing":true,"gacid_source":"gatracker","uid":null,"gclid":null,"fbp":null,"fbc":null,"cip":"0.0.0.0","gbraid":"","wbraid":"","ga4SessionId":"1713448287","ga4SessionNumber":"1","em_md5":null,"em_sha256":null,"em":null}; _ga_XXXXXXXX=GS1.1.1713448288.1.0.1713448288.0.0.993751680; _ga_5F0WEKQXC8=GS1.1.1713448288.1.0.1713448288.0.0.0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:28 GMT
content-type: image/x-icon
content-length: 5430
cache-control: max-age=31536000
last-modified: Thu, 20 Aug 2009 15:03:07 GMT
etag: "e85e8553a721ca1:0"
x-backendserver: c101web8_live_ws8_dandomain_dk
age: 44232
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-F0Q2Z1LN9Y&cid=1589318980.1713448288&gtm=45je44f0v888138410za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=912032022

142.250.74.35

42 B

URL
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-F0Q2Z1LN9Y&cid=1589318980.1713448288&gtm=45je44f0v888138410za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=912032022
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-F0Q2Z1LN9Y&cid=1589318980.1713448288&gtm=45je44f0v888138410za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&z=912032022 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 18 Apr 2024 13:51:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ct.pinterest.com/user/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2612918681843&cb=1713448288753&dep=5%2CEVENT_TAGS_ABSENT

151.101.64.84

186 B

URL
ct.pinterest.com/user/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2612918681843&cb=1713448288753&dep=5%2CEVENT_TAGS_ABSENT
IP
151.101.64.84:0
ASN
#54113 FASTLY

File type
JSON text data
Size
186 B (186 bytes)
Hash
40260988c119615b76adfab7646eb184
1efb15b006b070653cdecfd57d00f67c5b890188
e8e9572f007fadd6e99822807a113a4917836c22152b04c4f515eb1c98d06084

HTTP Headers

GET /user/?event=pagevisit&ed=%7B%22np%22%3A%22gtm%22%7D&tid=2612918681843&cb=1713448288753&dep=5%2CEVENT_TAGS_ABSENT HTTP/1.1
Host: ct.pinterest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
Origin: https://www.mytrendyphone.no
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-expose-headers: Epik,Pin-Unauth
pin-unauth: dWlkPVpUVTRORFJsWW1RdE9XSTNNeTAwTmpjekxUazJOREl0TTJWa01qVXhPVGN6TjJVMQ
cache-control: no-cache,no-store,must-revalidate,max-age=0
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
access-control-allow-origin: https://www.mytrendyphone.no
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-encoding: gzip
x-envoy-upstream-service-time: 0
referrer-policy: origin
x-pinterest-rid: 4713000479473025
date: Thu, 18 Apr 2024 13:51:28 GMT
x-cdn: fastly
alt-svc: h3=":443";ma=600
pinterest-version: 0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
content-length: 186
X-Firefox-Spdy: h2

ct.pinterest.com/user/?tid=2612918681843&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1713448288751&dep=2%2CPAGE_LOAD

151.101.64.84

186 B

URL
ct.pinterest.com/user/?tid=2612918681843&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1713448288751&dep=2%2CPAGE_LOAD
IP
151.101.64.84:0
ASN
#54113 FASTLY

File type
JSON text data
Size
186 B (186 bytes)
Hash
40260988c119615b76adfab7646eb184
1efb15b006b070653cdecfd57d00f67c5b890188
e8e9572f007fadd6e99822807a113a4917836c22152b04c4f515eb1c98d06084

HTTP Headers

GET /user/?tid=2612918681843&pd=%7B%22np%22%3A%22gtm%22%7D&cb=1713448288751&dep=2%2CPAGE_LOAD HTTP/1.1
Host: ct.pinterest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
Origin: https://www.mytrendyphone.no
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-expose-headers: Epik,Pin-Unauth
pin-unauth: dWlkPU16ZGxOR1JoWW1NdE1HTmxNUzAwWTJGbUxXSmpaVEF0TWpRM1lXVmhZMkpqTmpCbQ
cache-control: no-cache,no-store,must-revalidate,max-age=0
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
access-control-allow-origin: https://www.mytrendyphone.no
access-control-allow-credentials: true
content-type: application/json; charset=utf-8
content-encoding: gzip
x-envoy-upstream-service-time: 1
referrer-policy: origin
x-pinterest-rid: 1193036294432987
date: Thu, 18 Apr 2024 13:51:28 GMT
x-cdn: fastly
alt-svc: h3=":443";ma=600
pinterest-version: 0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
content-length: 186
X-Firefox-Spdy: h2

ct.pinterest.com/v3/?tid=2612918681843&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f%22%2C%22ref%22%3A%22https%3A%2F%2Fclk.tradedoubler.com%2F%22%2C%22if%22%3Afalse%2C%22sh%22%3A1024%2C%22sw%22%3A1280%2C%22mh%22%3A%226192ffb7%22%2C%22is_eu%22%3Atrue%2C%22ecm_enabled%22%3Afalse%7D&cb=1713448288753

151.101.64.84

35 B

URL
ct.pinterest.com/v3/?tid=2612918681843&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f%22%2C%22ref%22%3A%22https%3A%2F%2Fclk.tradedoubler.com%2F%22%2C%22if%22%3Afalse%2C%22sh%22%3A1024%2C%22sw%22%3A1280%2C%22mh%22%3A%226192ffb7%22%2C%22is_eu%22%3Atrue%2C%22ecm_enabled%22%3Afalse%7D&cb=1713448288753
IP
151.101.64.84:0
ASN
#54113 FASTLY

File type
GIF image data, version 89a, 1 x 1
Size
35 B (35 bytes)
Hash
9b8d19f4310c758344e40bf17fbc7e85
2290ef058812d5f5e398736e2316cba8cf8093cf
37b17c5135a176a9474521af147d96dfa1fb4ca0f43f00d1400bd1885be3ab9b

HTTP Headers

GET /v3/?tid=2612918681843&pd=%7B%22np%22%3A%22gtm%22%7D&event=init&ad=%7B%22loc%22%3A%22https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f%22%2C%22ref%22%3A%22https%3A%2F%2Fclk.tradedoubler.com%2F%22%2C%22if%22%3Afalse%2C%22sh%22%3A1024%2C%22sw%22%3A1280%2C%22mh%22%3A%226192ffb7%22%2C%22is_eu%22%3Atrue%2C%22ecm_enabled%22%3Afalse%7D&cb=1713448288753 HTTP/1.1
Host: ct.pinterest.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
Origin: https://www.mytrendyphone.no
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: no-cache,no-store,must-revalidate,max-age=0
pragma: no-cache
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-type: image/gif
access-control-allow-origin: https://www.mytrendyphone.no
access-control-allow-credentials: true
set-cookie: ar_debug=1; Expires=Fri, 18 Apr 2025 13:51:28 GMT; Path=/; Domain=.pinterest.com; Secure; HTTPOnly; SameSite=None
x-envoy-upstream-service-time: 2
referrer-policy: origin
x-pinterest-rid: 1464168070760197
date: Thu, 18 Apr 2024 13:51:28 GMT
x-cdn: fastly
alt-svc: h3=":443";ma=600
pinterest-version: 0fd3a7bfcf735a2bdf1240be9d2c00e05a32dcff
content-length: 35
X-Firefox-Spdy: h2

www.artfut.com/static/tagtag.min.js?campaign_code=b7b1477b96

104.26.1.109

7.1 kB

URL
www.artfut.com/static/tagtag.min.js?campaign_code=b7b1477b96
IP
104.26.1.109:0
ASN
#13335 CLOUDFLARENET

File type
gzip compressed data, from Unix
Size
7.1 kB (7073 bytes)
Hash
66c67baff56068dce12bc4b3c2c3454f
2fb542398f1180c803da151ed300621db3513ae5
2c57346ba6a4f6a0a03f31a037c68ecc1d8cc1dc8ac0edab75556ec2e9e43c6d

HTTP Headers

GET /static/tagtag.min.js?campaign_code=b7b1477b96 HTTP/1.1
Host: www.artfut.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:51:28 GMT
content-type: application/javascript
x-guploader-uploadid: ABPtcPqz-_aCnvC1wd5yaMMe5tqyJEw9rpW0WP-KACQVF4DwTKE3Bz2S30Pm-6QlM5D4Y4LoQx0
expires: Thu, 18 Apr 2024 14:22:19 GMT
cache-control: public, max-age=3600
last-modified: Mon, 25 Sep 2023 13:46:17 GMT
etag: W/"4812f8fd83d5cf6651f0b28f549ae045"
x-goog-generation: 1695649577073691
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 3293
x-goog-hash: crc32c=rtpocA==, md5=SBL4/YPVz2ZR8LKPVJrgRQ==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1749
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZDna3IOikZXz%2F7mvZ9sFJ7RPlXXZ0s%2B3U5MDrwiGUoClMheme4grAYaa%2FA3H6by4kei1JfHpVh89ejMOaV1qM%2F9xoydjGwOu62sOsK6xSTmtpAgg5f0sqJn2WV7PJEVO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765213d68c7b51d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

www.artfut.com/static/crossdevice.min.js?campaign_code=b7b1477b96

104.26.1.109

8.3 kB

URL
www.artfut.com/static/crossdevice.min.js?campaign_code=b7b1477b96
IP
104.26.1.109:0
ASN
#13335 CLOUDFLARENET

File type
JavaScript source, ASCII text, with very long lines (15555)
Size
8.3 kB (8261 bytes)
Hash
b8d770ce0bcd82dbed7b64e55c4a7c4b
6c8a86f7d7429791b70fd77e6e99526a48cd47ea
1b44f06069a0b648b6f861147ab32b33420579afac0fa7e2180d597afb98939b

HTTP Headers

GET /static/crossdevice.min.js?campaign_code=b7b1477b96 HTTP/1.1
Host: www.artfut.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:51:28 GMT
content-type: application/javascript
x-guploader-uploadid: ABPtcPqbcGfjDESzBpb1nnP0MFQBJCvLZZmeIIh0u2H5QVHn8p004Bj0PCyou5PxYIbF9lbgDlZwpbZ6_Q
expires: Thu, 18 Apr 2024 14:22:19 GMT
cache-control: public, max-age=3600
last-modified: Mon, 25 Sep 2023 13:46:12 GMT
etag: W/"0a118869c6d6400c0817b2e5dc07ec58"
x-goog-generation: 1695649572769609
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 26443
x-goog-hash: crc32c=4qSaRw==, md5=ChGIacbWQAwIF7Ll3AfsWA==
x-goog-storage-class: STANDARD
cf-cache-status: HIT
age: 1749
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kIwOgjn1260x16G%2BupyzZk2y6ZXwMef1MwzSwAREWOtFGigH7%2BdeINalb2WKm2EboVUQX1U55ONo3xYltOgkPxMHqgkkRd3Shv8srsT1UuUlhBTOikmNJydFvzzAK5Kj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8765213da91fb51d-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-F0Q2Z1LN9Y&gtm=45je44f0v888138410za200&_p=1713448287202&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1589318980.1713448288&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&sid=1713448287&sct=1&seg=0&dl=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&dr=https%3A%2F%2Fclk.tradedoubler.com%2F&dt=Mobiltilbeh%C3%B8r%20%7C%20iPhone%2C%20iPad%2C%20iPod%2C%20HTC%2C%20Samsung%2C%20Nokia%2C%20deksel&tfd=6450

216.239.32.36

0 B

URL
region1.analytics.google.com/g/collect?v=2&tid=G-F0Q2Z1LN9Y&gtm=45je44f0v888138410za200&_p=1713448287202&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1589318980.1713448288&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&sid=1713448287&sct=1&seg=0&dl=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&dr=https%3A%2F%2Fclk.tradedoubler.com%2F&dt=Mobiltilbeh%C3%B8r%20%7C%20iPhone%2C%20iPad%2C%20iPod%2C%20HTC%2C%20Samsung%2C%20Nokia%2C%20deksel&tfd=6450
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-F0Q2Z1LN9Y&gtm=45je44f0v888138410za200&_p=1713448287202&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&cid=1589318980.1713448288&ul=en-us&sr=1280x1024&pscdl=noapi&_s=2&sid=1713448287&sct=1&seg=0&dl=https%3A%2F%2Fwww.mytrendyphone.no%2Fshop%2Ffrontpage.html%3FaffId%3D2894007%26utm_source%3DTD_NO%26utm_campaign%3D2894007%26utm_content%3D0%26tduid%3D6e23c5c4ba60534288a24ad2f6b3683f&dr=https%3A%2F%2Fclk.tradedoubler.com%2F&dt=Mobiltilbeh%C3%B8r%20%7C%20iPhone%2C%20iPad%2C%20iPod%2C%20HTC%2C%20Samsung%2C%20Nokia%2C%20deksel&tfd=6450 HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/
Content-Type: text/plain;charset=UTF-8
Content-Length: 3351
Origin: https://www.mytrendyphone.no
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/3 204 No Content
access-control-allow-origin: https://www.mytrendyphone.no
date: Thu, 18 Apr 2024 13:51:33 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

www.mytrendyphone.no/images/Quick-Charge-3-0-30W-Fast-Car-Charger-DC-681-2xUSB-6A-Black-15122018-01A-t.webp

94.143.8.110

2.6 kB

URL
www.mytrendyphone.no/images/Quick-Charge-3-0-30W-Fast-Car-Charger-DC-681-2xUSB-6A-Black-15122018-01A-t.webp
IP
94.143.8.110:0
ASN
#48854 team.blue Denmark A/S

File type
RIFF (little-endian) data, Web/P image, VP8 encoding, 120x120, Scaling: [none]x[none], YUV color, decoders should clamp
Size
2.6 kB (2604 bytes)
Hash
1b3ea48b121f43afecc548c6742c929a
693c8b8a285de188335220aa7d4dfe37cc9d294c
170ae66f4b71821806015a28502a57aced3b3ca0e7d97c61facf4126bc6e116d

HTTP Headers

GET /images/Quick-Charge-3-0-30W-Fast-Car-Charger-DC-681-2xUSB-6A-Black-15122018-01A-t.webp HTTP/1.1
Host: www.mytrendyphone.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.mytrendyphone.no/shop/frontpage.html?affId=2894007&utm_source=TD_NO&utm_campaign=2894007&utm_content=0&tduid=6e23c5c4ba60534288a24ad2f6b3683f
DNT: 1
Connection: keep-alive
Cookie: exitintentpageviews=1; ASPSESSIONIDCQCQRDRB=DHHGEAGABHOHLKMMAOKKIHHC; _ga_F0Q2Z1LN9Y=GS1.1.1713448287.1.0.1713448287.60.0.0; _ga=GA1.1.1589318980.1713448288; _conv_v=vi%3A1*sc%3A1*cs%3A1713448288*fs%3A1713448288*pv%3A1; _conv_s=si%3A1*sh%3A1713448287788-0.4387521245970484*pv%3A1; _conv_r=s%3Atd_no*m%3Areferral*t%3A*c%3A2894007; UAeoVI1B88aGyAqVrsa=ff803d61-72f3-4cff-9fee-17520ff1d4a3; UAeoVI1B88aGyAqVrsaSession=5a50a097-bd15-44be-8f71-1cb4d62ab100; _gcl_au=1.1.211651304.1713448288; deduplication_cookie=TD_NO; deduplication_cookie=TD_NO; source=adrecord; ASPSESSIONIDCSDRRDCT=OKAHGPFADLNKGBBJJAKBCMDC; pmStorage={"etid":186016374,"pid":"EB0A188C461F8DE6","referer":null,"cc_statistics":true,"cc_marketing":true,"gacid_source":"gatracker","uid":null,"gclid":null,"fbp":null,"fbc":null,"cip":"0.0.0.0","gbraid":"","wbraid":"","ga4SessionId":"1713448287","ga4SessionNumber":"1","em_md5":null,"em_sha256":null,"em":null}; _ga_XXXXXXXX=GS1.1.1713448288.1.0.1713448288.0.0.993751680; _ga_5F0WEKQXC8=GS1.1.1713448288.1.0.1713448288.0.0.0; _pin_unauth=dWlkPU16ZGxOR1JoWW1NdE1HTmxNUzAwWTJGbUxXSmpaVEF0TWpRM1lXVmhZMkpqTmpCbQ; tt_deduplication_cookie=TD_NO; tt_deduplication_cookie=TD_NO; tt_deduplication_cookie=TD_NO
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:36 GMT
content-type: image/webp
content-length: 2604
cache-control: max-age=31536000
last-modified: Tue, 25 Oct 2022 09:05:42 GMT
etag: "eab0d2f550e8d81:0"
x-backendserver: c101web3_live_ws8_dandomain_dk
age: 44235
via: 1.1 varnish (Varnish/6.0)
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2

aapks.com/js/lazysizes.min.js

172.67.210.173

200 OK

7.1 kB

URL GET HTTP/3
aapks.com/js/lazysizes.min.js
IP
172.67.210.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaapks.com
FingerprintE3:08:E5:D9:EF:E4:31:FA:7D:EC:6B:5E:DE:B6:E0:E6:3E:E5:0E:05
ValidityWed, 03 Apr 2024 04:20:20 GMT - Tue, 02 Jul 2024 04:20:19 GMT

File type
JavaScript source, ASCII text, with very long lines (7234), with no line terminators
Size
7.1 kB (7057 bytes)
Hash
5d50c73aec1a1b43cf481ab20eb8ddfb
425f9a3c480cd366ca30fbb8e562fdff3cdfbdea
ac1c82fbd89852e701594177efde5814f2a7849509700a8faf2846a890537deb

HTTP Headers

GET /js/lazysizes.min.js HTTP/1.1
Host: aapks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/apk/valida-mais/version/52827122/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: application/javascript
last-modified: Sun, 21 Jul 2019 22:05:01 GMT
cache-control: max-age=2592000
expires: Sat, 18 May 2024 12:46:33 GMT
cf-cache-status: HIT
age: 704
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2NTH0nE5q%2BLWOerI8eBS59DI1A4ghsrNfgLH%2F1CjsQFun6gdFANWm1c%2FyLlId02mRovNPpb6xLZDNRvvGnlt3uYGy4c2YFAT56rS80n%2FDPW0KFYNrgqNrfA2hHI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876520e3ab50712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

i1.wp.com/img.aapks.com/imgs/c/9/5/c9521169fde718173cd8cdd360f7ee24_icon.png?h=32

192.0.77.2

200 OK

2.5 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/c/9/5/c9521169fde718173cd8cdd360f7ee24_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.5 kB (2504 bytes)
Hash
e7d701669c5b3532f2d4fa2163fdc6dc
580f1f047551b5e8fb8fca5224c5abd32dce9f6a
713ab402d13ba61ef95558c985f7f1c720ab2da7e5cfc347d58c6e1bfca0161f

HTTP Headers

GET /img.aapks.com/imgs/c/9/5/c9521169fde718173cd8cdd360f7ee24_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: image/webp
content-length: 2504
last-modified: Thu, 18 Apr 2024 13:47:32 GMT
expires: Sun, 19 Apr 2026 01:47:32 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/c/9/5/c9521169fde718173cd8cdd360f7ee24_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "ff8273165fe42511"
vary: Accept
x-nc: MISS arn 1
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

gishejuy.com/400/6395363

139.45.197.242

200 OK

81 kB

URL GET HTTP/2
gishejuy.com/400/6395363
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
81 kB (80994 bytes)
Hash
786e40bd9c294a001e81fb5fe8cffff8
eb2a2e7ec2dba381db6e49a94d7b2d50a02b1ff2
c7fb680b3632dd8746765e8cae185674059836f1bfd746e758e30a591d275120

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /400/6395363 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/javascript
x-trace-id: e253f429124a8a6650760a2c9ebfd0d6
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=03004292c544449aed3fc3e7dd53dbd8; expires=Fri, 18 Apr 2025 13:51:15 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

i1.wp.com/img.aapks.com/imgs/4/5/9/4594f12698d74ef41c3645ac0697f10d_icon.png?h=32

192.0.77.2

200 OK

716 B

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/4/5/9/4594f12698d74ef41c3645ac0697f10d_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
716 B (716 bytes)
Hash
975fcf961f5d8e9bba3e7dcda4dfc8e2
ee95bcb86756b2f8135a4a8c0d7b612d3e801042
0609a6fbc46406e95467004419c52abb856ee220d8e5f3ca6b5a08e0a68eaabd

HTTP Headers

GET /img.aapks.com/imgs/4/5/9/4594f12698d74ef41c3645ac0697f10d_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: image/webp
content-length: 716
last-modified: Sun, 21 Aug 2022 13:23:39 GMT
expires: Wed, 21 Aug 2024 01:23:39 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/4/5/9/4594f12698d74ef41c3645ac0697f10d_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "34ba7b666d1567e3"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

cameesse.net/1?z=6395364

139.45.197.242

200 OK

42 kB

URL GET HTTP/2
cameesse.net/1?z=6395364
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectcameesse.net
Fingerprint40:09:71:B1:17:F8:74:15:9B:3D:0A:95:73:15:74:D6:05:A5:5B:44
ValidityFri, 22 Mar 2024 19:24:17 GMT - Thu, 20 Jun 2024 19:24:16 GMT

File type
JavaScript source, ASCII text, with very long lines (42427)
Size
42 kB (42483 bytes)
Hash
a2d4f9ca3216004f82e878fded2371df
2c3aa94eba0f146a0a681e23b40073d83141ccad
d83961711f0864b90745352edf54bbc59abffa958d4a4ca16b7db09e422b90b7

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /1?z=6395364 HTTP/1.1
Host: cameesse.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin: 
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION, X-Ancestor-Origins, X-Zone-ID, baggage, sentry-trace
x-trace-id: 505393c2c739d4bfe4a80297f38c3d81
access-control-expose-headers: X-Sc
x-sc: YRd_3k82kDXmnMF7aW_d9ncsrfZSFVqXy_F3rb2DU_4kEDbyRzuC_MgYohNNsjVO2gDcs3exiMpjm1XiVb8Q6RyxCjo=
set-cookie: scm=1; expires=Fri, 18 Apr 2025 13:51:15 GMT; secure; SameSite=None
OAID=040042bd138f458efd3b9f2a23647a90; expires=Fri, 18 Apr 2025 13:51:15 GMT; secure; SameSite=None
oaidts=1713448275; expires=Fri, 18 Apr 2025 13:51:15 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

i1.wp.com/img.aapks.com/imgs/3/1/5/315ebbac2221c3932cb016a1494c5290_icon.png?h=32

192.0.77.2

200 OK

1.8 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/3/1/5/315ebbac2221c3932cb016a1494c5290_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.8 kB (1834 bytes)
Hash
72e717e41658d22a48699e902fbb84e8
b39c38763a7ee1524c3daff92af4db25a4dbf95f
351e5dd79db5b2a5b13f529424acffdc83a23e4beb03c042b4b24445cbc1ecac

HTTP Headers

GET /img.aapks.com/imgs/3/1/5/315ebbac2221c3932cb016a1494c5290_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:16 GMT
content-type: image/webp
content-length: 1834
last-modified: Tue, 16 Apr 2024 10:03:54 GMT
expires: Thu, 16 Apr 2026 22:03:54 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/3/1/5/315ebbac2221c3932cb016a1494c5290_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "175babefaa1e8ed5"
vary: Accept
x-nc: HIT arn 3
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

aapks.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js

172.67.210.173

200 OK

7.8 kB

URL GET HTTP/3
aapks.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js
IP
172.67.210.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaapks.com
FingerprintE3:08:E5:D9:EF:E4:31:FA:7D:EC:6B:5E:DE:B6:E0:E6:3E:E5:0E:05
ValidityWed, 03 Apr 2024 04:20:20 GMT - Tue, 02 Jul 2024 04:20:19 GMT

File type
JavaScript source, ASCII text, with very long lines (7842), with no line terminators
Size
7.8 kB (7842 bytes)
Hash
8a2550dcf1285b29e4d763f8a5432321
1edde3a8c59ef34b6578c55598a7157b48269310
44f44689282b6fa5d0a2e129a4575c877853c43340b055c75ecee22827eef03a

HTTP Headers

GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/54ea73d52131/main.js HTTP/1.1
Host: aapks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-content-type-options: nosniff
vary: accept-encoding
cache-control: max-age=14400, public
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ubhrMmDcoSL4Zp8dFqTld4Ou%2BBM3kZkDzBz%2FQ6%2ByOchpIGXkMHzxY69FJvq3hTquaxI8yuu2Nf10vO3c5lQQ7HlT9le3cg2PgXMYFZ6QmRwFtjw5AEWkGpBGVY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 876520e52d91712f-OSL
alt-svc: h3=":443"; ma=86400

moonoafy.net/pfe/current/defaultSkin.min.js

139.45.197.250

200 OK

57 kB

URL GET HTTP/2
moonoafy.net/pfe/current/defaultSkin.min.js
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type

Size
57 kB (57187 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /pfe/current/defaultSkin.min.js HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/javascript
last-modified: Tue, 16 Apr 2024 15:56:42 GMT
etag: W/"661e9fba-df63"
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2

aapks.com/sw.js

172.67.210.173

200 OK

5.2 kB

URL GET HTTP/3
aapks.com/sw.js
IP
172.67.210.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaapks.com
FingerprintE3:08:E5:D9:EF:E4:31:FA:7D:EC:6B:5E:DE:B6:E0:E6:3E:E5:0E:05
ValidityWed, 03 Apr 2024 04:20:20 GMT - Tue, 02 Jul 2024 04:20:19 GMT

File type
JavaScript source, ASCII text, with very long lines (5211), with no line terminators
Size
5.2 kB (5209 bytes)
Hash
7348c7434a29f340796986eec3d3dd58
1833c389e2bcd8289d4500c471b7ac966f04ab0d
3ecfc27b679e251df608e1c15fd4e7880d88574e816f71a07172bbd897dfbbe6

HTTP Headers

GET /sw.js HTTP/1.1
Host: aapks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aapks.com/apk/valida-mais/version/52827122/
DNT: 1
Connection: keep-alive
Cookie: cf_clearance=7VM8l_YC4M5KAPCVMD3NgDkRh_YC6FZhKw3jpnFddnc-1713448274-1.0.1.1-pkvgg9Z9jfMyOD9gJGG4WRTkCfWKaUTg.MhxL0vtcAjjCbUkwu0nj8SMN_HXKloZ8csn.nXRwJTbW71ihU660A; prefetchAd_6395362=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/javascript
cache-control: max-age=2592000
cf-bgj: minify
cf-polished: origSize=5236
expires: Sat, 18 May 2024 13:33:36 GMT
last-modified: Sun, 17 Sep 2023 13:09:15 GMT
cf-cache-status: HIT
age: 511
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kmseYKVsjXnBbOFgRYRalAug6npXIa%2FjVu4MXdJTAeFn71N%2FGB40fuUyYLAURC1p%2FnwsClqT2imJzW8b5m87vQwWomrVwCJiBJXiuc2u8GnQhpncz%2BnHisST1c4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876520e94c20712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

aapks.com/apk/valida-mais/version/52827122/

172.67.210.173

200 OK

38 kB

URL User Request GET HTTP/2
aapks.com/apk/valida-mais/version/52827122/
IP
172.67.210.173:443
ASN
#13335 CLOUDFLARENET

Certificate
IssuerLet's Encrypt
Subjectaapks.com
FingerprintE3:08:E5:D9:EF:E4:31:FA:7D:EC:6B:5E:DE:B6:E0:E6:3E:E5:0E:05
ValidityWed, 03 Apr 2024 04:20:20 GMT - Tue, 02 Jul 2024 04:20:19 GMT

File type

Size
38 kB (37590 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /apk/valida-mais/version/52827122/ HTTP/1.1
Host: aapks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: text/html; charset=UTF-8
last-modified: Thu, 18 Apr 2024 13:51:13 GMT
cache-control: max-age=86400
cf-cache-status: MISS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lC7EoXyG2PX9B9M60TSNHe1QSpw8zym92lecs7qk0OfdKJG7KmE24lgQ41yAaOOGMLeVBVFXtnRt8lpxdZqyYfGIKq%2BRlDTOkzxz3Vf5GZP7NdCujDlKHApHba0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876520dd3d53b509-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

i1.wp.com/img.aapks.com/imgs/7/e/7/7e703c365434845697aade42a2598964_icon.png?h=32

192.0.77.2

200 OK

1.3 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/7/e/7/7e703c365434845697aade42a2598964_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
1.3 kB (1288 bytes)
Hash
0ea8cd986c2f60cfd81c3e50b98c0dca
36db31b81cdf44c3ff8f6f6136817c39ae5f0426
057115707620292357dd0a3104dbf4f166c2083e4d8571f91531b8496f5f8492

HTTP Headers

GET /img.aapks.com/imgs/7/e/7/7e703c365434845697aade42a2598964_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: image/webp
content-length: 1288
last-modified: Thu, 18 Apr 2024 13:47:36 GMT
expires: Sun, 19 Apr 2026 01:47:36 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/7/e/7/7e703c365434845697aade42a2598964_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "78864df095a2ec9d"
vary: Accept
x-nc: MISS arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

aistekso.net/401/6395365

139.45.197.244

200 OK

88 kB

URL GET HTTP/2
aistekso.net/401/6395365
IP
139.45.197.244:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaistekso.net
Fingerprint3E:A5:CE:35:F4:D9:45:6B:A1:3B:2E:9C:B3:9E:78:4D:8A:4B:51:BB
ValiditySun, 24 Mar 2024 05:08:27 GMT - Sat, 22 Jun 2024 05:08:26 GMT

File type
JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size
88 kB (87882 bytes)
Hash
02e7f4d17d39402ab8070088b2a7aa64
6d46f10a7e2cac62affd5ee90dc24af0af26a0a0
5eb9688779fca619511197b7c73d9318e7a52de051d1589bb0905c3f6a715020

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /401/6395365 HTTP/1.1
Host: aistekso.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/javascript
x-trace-id: 0e4c0c4cd60a8aae87e6c9fa5f4cf2c4
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
set-cookie: OAID=030042602ba94b88f19785d84f6f452c; expires=Fri, 18 Apr 2025 13:51:15 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

veepteero.com/?rb=8MCiDnIZN2hKHnMhrhu4OR_Gja-3D4ITfhxfZm13PtyhtWUsHyPlp6yOeiKhEn1hEHNiW0hKNymd2M8mKqBMs_rLegyIniqdQm1ixLJJ6IpuujM-C5NcUzZg2ZUxBssME5OrxMlXqYYQ8wicpm5lmGjn9tUwOqKYSAFxEzDIiISmiXrr2NUZy3FqIb7U1srWbqviyxJDeXNSGFGUG-NZIQPpbM0BDEY6vmPMZNJs4JqA3aCn5tDiEzf8a1hUqS0BzL_PzA%3D%3D&request_ab2=0&zoneid=6395362&js_build=iclick-v1.773.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=1&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.773.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=c0989a34-dc72-4107-93c1-90ac698566a4&userId=0080422411ec4da3eae37b21f1057fb7&m=link

139.45.197.242

200 OK

2.4 kB

URL GET HTTP/2
veepteero.com/?rb=8MCiDnIZN2hKHnMhrhu4OR_Gja-3D4ITfhxfZm13PtyhtWUsHyPlp6yOeiKhEn1hEHNiW0hKNymd2M8mKqBMs_rLegyIniqdQm1ixLJJ6IpuujM-C5NcUzZg2ZUxBssME5OrxMlXqYYQ8wicpm5lmGjn9tUwOqKYSAFxEzDIiISmiXrr2NUZy3FqIb7U1srWbqviyxJDeXNSGFGUG-NZIQPpbM0BDEY6vmPMZNJs4JqA3aCn5tDiEzf8a1hUqS0BzL_PzA%3D%3D&request_ab2=0&zoneid=6395362&js_build=iclick-v1.773.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=1&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.773.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=c0989a34-dc72-4107-93c1-90ac698566a4&userId=0080422411ec4da3eae37b21f1057fb7&m=link
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectveepteero.com
Fingerprint13:68:56:48:EC:67:A6:93:BE:E0:36:BC:FA:04:75:6D:6E:D2:C1:91
ValiditySat, 23 Mar 2024 05:18:36 GMT - Fri, 21 Jun 2024 05:18:35 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (2427), with no line terminators
Size
2.4 kB (2405 bytes)
Hash
5c3783ca098cee9e178246662f2eab6d
69ff0c53823cb11b10d305835b71de04788378c2
5d6cc9ad147bf82fd8de2822ce594f1fc821b45f16e6c444ce60216cec047e03

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?rb=8MCiDnIZN2hKHnMhrhu4OR_Gja-3D4ITfhxfZm13PtyhtWUsHyPlp6yOeiKhEn1hEHNiW0hKNymd2M8mKqBMs_rLegyIniqdQm1ixLJJ6IpuujM-C5NcUzZg2ZUxBssME5OrxMlXqYYQ8wicpm5lmGjn9tUwOqKYSAFxEzDIiISmiXrr2NUZy3FqIb7U1srWbqviyxJDeXNSGFGUG-NZIQPpbM0BDEY6vmPMZNJs4JqA3aCn5tDiEzf8a1hUqS0BzL_PzA%3D%3D&request_ab2=0&zoneid=6395362&js_build=iclick-v1.773.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=1&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.773.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=c0989a34-dc72-4107-93c1-90ac698566a4&userId=0080422411ec4da3eae37b21f1057fb7&m=link HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/json
x-trace-id: 801499803ef489debe314081984b6604
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=0080422411ec4da3eae37b21f1057fb7; expires=Fri, 18 Apr 2025 13:51:15 GMT; path=/; secure; SameSite=None
oaidts=1713448275; expires=Fri, 18 Apr 2025 13:51:15 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Thu, 25 Apr 2024 13:51:15 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

veepteero.com/88/13016

139.45.197.242

200 OK

3.1 kB

URL GET HTTP/2
veepteero.com/88/13016
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectveepteero.com
Fingerprint13:68:56:48:EC:67:A6:93:BE:E0:36:BC:FA:04:75:6D:6E:D2:C1:91
ValiditySat, 23 Mar 2024 05:18:36 GMT - Fri, 21 Jun 2024 05:18:35 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (3338), with no line terminators
Size
3.1 kB (3076 bytes)
Hash
21cf069e2f215145fe2e690b68afac94
28a524a7c62140d9c0931271b625f21c1ea8a467
1ff883c627d5964765a6f3dd181b03fa2e2e83f49f1283ff610c7b4500cc6d32

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /88/13016 HTTP/1.1
Host: veepteero.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: application/json
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/ga-lite@2/dist/ga-lite.min.js

151.101.65.229

200 OK

9.6 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/ga-lite@2/dist/ga-lite.min.js
IP
151.101.65.229:443
ASN
#54113 FASTLY

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
JavaScript source, ASCII text, with very long lines (9896), with no line terminators
Size
9.6 kB (9625 bytes)
Hash
7e498ac28d11af8e47c23ece173fcd28
221ca9936670049feabeb678cabf903cf2cf9aa6
63ed2c6446fc47264cf7b2649e682a3802d34c6d1d67b117386fb4604d1b4a27

HTTP Headers

GET /npm/ga-lite@2/dist/ga-lite.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 2.1.6
x-jsd-version-type: version
etag: W/"2599-Q8etw5TNVUQIdTO/OgGPBWqbS8A"
content-encoding: br
accept-ranges: bytes
date: Thu, 18 Apr 2024 13:51:14 GMT
age: 22890
x-served-by: cache-fra-eddf8230072-FRA, cache-hel1410029-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3390
X-Firefox-Spdy: h2

gishejuy.com/impression/6O_X_OnrbEqFR6kygSZ5WsI7Vh6EUpeSCp6kmfJYLxCwbPZqSJ-_IJumbLTU7bN016zUvAvFMoEi8Zbffvdg5ufowmFNEdb80WbrsMMS5r0R3LptcD7xVJ0DHwWas1GQwnLHk9NghSynu2irrsQ69QJfYgCQQzLz3lwzhzaOA4btAF5B3q4s47KsyvCdgFLa46xGbu2Rey2bGYNtM9bGYwlap3RNwf7i_pUDs8gNJgsAfwNZZ8Yk3A77hIDBKO_oknFNETBC7vbGUbnw8cM-4JBedxGYl2xcQcTarTbz5GeLxDPMA3_sQ_etf4ZU_wGS4vM7KOCPyafbcvNOXx4m3D0lsBT5GAay0MyL9L5BOk1lLeyWsFZEUcdUcFJNU0hgXdqbCwuYT78nIUaSKZe5E-jLahP5mxm7ZwU2p1PwXNOr_iQ2vU_bYSBrpdn9n8Tn08O7eDo_HjjsYmNRS8ZMZ8UjsE0yJx_fBECRPNYENoRsAszj1uKtNj4UWEKQzHXOhrDRRnUhzL2pTCUNXb10OfF4YlC_dH8O3OJmcBebnCS9THyXRf4r_8rAfbdIeiNFhxtjEMdl1SrB6eBRvcMCAQ==?_z=6395363&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0

139.45.197.242

200 OK

43 B

URL GET HTTP/2
gishejuy.com/impression/6O_X_OnrbEqFR6kygSZ5WsI7Vh6EUpeSCp6kmfJYLxCwbPZqSJ-_IJumbLTU7bN016zUvAvFMoEi8Zbffvdg5ufowmFNEdb80WbrsMMS5r0R3LptcD7xVJ0DHwWas1GQwnLHk9NghSynu2irrsQ69QJfYgCQQzLz3lwzhzaOA4btAF5B3q4s47KsyvCdgFLa46xGbu2Rey2bGYNtM9bGYwlap3RNwf7i_pUDs8gNJgsAfwNZZ8Yk3A77hIDBKO_oknFNETBC7vbGUbnw8cM-4JBedxGYl2xcQcTarTbz5GeLxDPMA3_sQ_etf4ZU_wGS4vM7KOCPyafbcvNOXx4m3D0lsBT5GAay0MyL9L5BOk1lLeyWsFZEUcdUcFJNU0hgXdqbCwuYT78nIUaSKZe5E-jLahP5mxm7ZwU2p1PwXNOr_iQ2vU_bYSBrpdn9n8Tn08O7eDo_HjjsYmNRS8ZMZ8UjsE0yJx_fBECRPNYENoRsAszj1uKtNj4UWEKQzHXOhrDRRnUhzL2pTCUNXb10OfF4YlC_dH8O3OJmcBebnCS9THyXRf4r_8rAfbdIeiNFhxtjEMdl1SrB6eBRvcMCAQ==?_z=6395363&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectgishejuy.com
Fingerprint0E:1A:AC:78:15:75:C8:D7:77:E9:9F:1E:8F:A6:05:8C:F6:CA:AC:80
ValidityTue, 02 Apr 2024 05:15:48 GMT - Mon, 01 Jul 2024 05:15:47 GMT

File type
GIF image data, version 89a, 1 x 1
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /impression/6O_X_OnrbEqFR6kygSZ5WsI7Vh6EUpeSCp6kmfJYLxCwbPZqSJ-_IJumbLTU7bN016zUvAvFMoEi8Zbffvdg5ufowmFNEdb80WbrsMMS5r0R3LptcD7xVJ0DHwWas1GQwnLHk9NghSynu2irrsQ69QJfYgCQQzLz3lwzhzaOA4btAF5B3q4s47KsyvCdgFLa46xGbu2Rey2bGYNtM9bGYwlap3RNwf7i_pUDs8gNJgsAfwNZZ8Yk3A77hIDBKO_oknFNETBC7vbGUbnw8cM-4JBedxGYl2xcQcTarTbz5GeLxDPMA3_sQ_etf4ZU_wGS4vM7KOCPyafbcvNOXx4m3D0lsBT5GAay0MyL9L5BOk1lLeyWsFZEUcdUcFJNU0hgXdqbCwuYT78nIUaSKZe5E-jLahP5mxm7ZwU2p1PwXNOr_iQ2vU_bYSBrpdn9n8Tn08O7eDo_HjjsYmNRS8ZMZ8UjsE0yJx_fBECRPNYENoRsAszj1uKtNj4UWEKQzHXOhrDRRnUhzL2pTCUNXb10OfF4YlC_dH8O3OJmcBebnCS9THyXRf4r_8rAfbdIeiNFhxtjEMdl1SrB6eBRvcMCAQ==?_z=6395363&fs=0&cf=0&sw=1280&sh=1024&sah=1024&wx=0&wy=0&ww=1280&wh=1024&cw=1280&wiw=1280&wih=1024&wfc=3&pl=https%3A%2F%2Faapks.com%2Fapk%2Fvalida-mais%2Fversion%2F52827122%2F&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&tzofs=0&btz=UTC&bto=0&js_build=8&sw_version=v1.335.0 HTTP/1.1
Host: gishejuy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Cookie: OAID=0080422411ec4da3eae37b21f1057fb7
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:20 GMT
content-type: image/gif
content-length: 43
x-trace-id: d1f3ac62d13acc7ec8e30fea51c85c74
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

interbuzznews.com/contents/s/bf/d7/2e/f40596a5c0a0afe0b2e8054b51/0113074669598.jpeg

139.45.197.154

200 OK

22 kB

URL GET HTTP/2
interbuzznews.com/contents/s/bf/d7/2e/f40596a5c0a0afe0b2e8054b51/0113074669598.jpeg
IP
139.45.197.154:443
ASN
#9002 RETN Limited

Requested by
https://interbuzznews.com/?l=FjRUkS19wUvwzxr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D709300561%26z%3D6395364%26b%3D20554763%26c%3D8014413%26var%3D%26varid%3D0%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D2265%2526key%253Dae7c6e37acb2af365375447fdcbca2a0%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfGOGaerXqmyO6F89iyfQXGWDYgPF7Qvc1gEvinsR1DlT4PKW9gAkE-mEqxo7zRlp4W4iFQCD70-zAeRpOrt3GHA1-Vcb0Jc3RZIOQyc8Qo6eOcianNyfL0_vbQB78gyPG7RjtF2psWKdB1Ajgee1uDQWMedLdRB7Wz6Dj5r5kEL76aIYyMb1h3JQwisjq-AqFzT_S84H_ARl88gMIWEoSLsBMgNXQzs9BQfGHhm-E0tCf2KYLkqVQ4jQPSomA8k0bUo6hh2FtTddb0oIrWdNQwb6MeCeQCBrkO1N6Bwz5DsBSBpmG1ln02t2MEtUMv4w4uHgbBqC119e8YHIK62a78oe12bgwiic1PCVkJxvj0nRxuaV8rjnGsd45BdMj2QNOd_RnJ27GmkweF3dXVvq2Qc4ON29MxClRBaxmeTHS0ZfeWP2eyYgb6kdwZHgU2P_ABawuJaM0GElkiMgJHid3kgdIBO8L6rCMsnV9FqvFZC4456rrvxiutIjt0JM1puH2NGolJKkwlV621TcTALmsvUdDq1DSkG0DyEQ7XqE9cWP14aDD7tQ6JumEk_U_7FgeyXSyHf2zLBLm4uzZ2L2QiCszx1xu6Zo8TtjcpJhqe8GhMtiPvihQVNfYN39hySC3fjluuZ0Mr2bHgzWmYCO_jzJywKFbBrzErJPJLL6O32JYaVnPOGEuQ7rkJJAkN3AMiALp4AxscY6E80Jl8WtLlpAu46uFkr4GtnzsA%3D%3D%26bag%3DXC_NdiERrzCB43Jo38Cu1w%3D%3D%26ruid%3D928a0f33-1a87-4de5-8430-8da79264a4bc%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Faapks.com%252Fapk%252Fvalida-mais%252Fversion%252F52827122%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D1%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
Certificate
IssuerLet's Encrypt
Subjectinterbuzznews.com
Fingerprint68:C3:B4:C2:C5:45:68:EC:5F:B6:2A:10:57:7A:F8:2B:94:11:B7:F0
ValidityThu, 29 Feb 2024 05:14:58 GMT - Wed, 29 May 2024 05:14:57 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 256x256, components 3
Size
22 kB (22120 bytes)
Hash
bfd72ef40596a5c0a0afe0b2e8054b51
9518ad2600d190604424224565eecf22b2af3c10
613615ef6e488dfacadb4b3c9c97687cb562befe5b120b4e766d593a496672a5

HTTP Headers

GET /contents/s/bf/d7/2e/f40596a5c0a0afe0b2e8054b51/0113074669598.jpeg HTTP/1.1
Host: interbuzznews.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://interbuzznews.com/?l=FjRUkS19wUvwzxr&cd_meta_crid=50535&trkintimp&target_url=https%3A%2F%2Fcameesse.net%2F12%3Frnd%3D709300561%26z%3D6395364%26b%3D20554763%26c%3D8014413%26var%3D%26varid%3D0%26d%3Dhttp%253A%252F%252Ftryhardnow.com%252Fbase.php%253Fc%253D2265%2526key%253Dae7c6e37acb2af365375447fdcbca2a0%2526zoneid%253D%257Bzoneid%257D%2526banner%253D%257Bbannerid%257D%26cln%3D1%26btp%3D7%26rb%3DfGOGaerXqmyO6F89iyfQXGWDYgPF7Qvc1gEvinsR1DlT4PKW9gAkE-mEqxo7zRlp4W4iFQCD70-zAeRpOrt3GHA1-Vcb0Jc3RZIOQyc8Qo6eOcianNyfL0_vbQB78gyPG7RjtF2psWKdB1Ajgee1uDQWMedLdRB7Wz6Dj5r5kEL76aIYyMb1h3JQwisjq-AqFzT_S84H_ARl88gMIWEoSLsBMgNXQzs9BQfGHhm-E0tCf2KYLkqVQ4jQPSomA8k0bUo6hh2FtTddb0oIrWdNQwb6MeCeQCBrkO1N6Bwz5DsBSBpmG1ln02t2MEtUMv4w4uHgbBqC119e8YHIK62a78oe12bgwiic1PCVkJxvj0nRxuaV8rjnGsd45BdMj2QNOd_RnJ27GmkweF3dXVvq2Qc4ON29MxClRBaxmeTHS0ZfeWP2eyYgb6kdwZHgU2P_ABawuJaM0GElkiMgJHid3kgdIBO8L6rCMsnV9FqvFZC4456rrvxiutIjt0JM1puH2NGolJKkwlV621TcTALmsvUdDq1DSkG0DyEQ7XqE9cWP14aDD7tQ6JumEk_U_7FgeyXSyHf2zLBLm4uzZ2L2QiCszx1xu6Zo8TtjcpJhqe8GhMtiPvihQVNfYN39hySC3fjluuZ0Mr2bHgzWmYCO_jzJywKFbBrzErJPJLL6O32JYaVnPOGEuQ7rkJJAkN3AMiALp4AxscY6E80Jl8WtLlpAu46uFkr4GtnzsA%3D%3D%26bag%3DXC_NdiERrzCB43Jo38Cu1w%3D%3D%26ruid%3D928a0f33-1a87-4de5-8430-8da79264a4bc%26ng%3D0%26ix%3D0%26pt%3D0%26np%3D0%26gp%3D5%26bp%3D4%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Faapks.com%252Fapk%252Fvalida-mais%252Fversion%252F52827122%252F%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D1280%26wiw%3D1280%26wih%3D1024%26wfc%3D1%26sah%3D1024%26drf%3D%26hil%3D1%26ist%3D0%26tbc%3D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:16 GMT
content-type: image/jpeg
content-length: 22120
last-modified: Tue, 28 Jun 2022 07:37:52 GMT
vary: Accept-Encoding
etag: "62baafd0-5668"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2

i1.wp.com/img.aapks.com/imgs/b/a/e/bae2a1e87f6ecb6badafe926621372a1_icon.png?h=48

192.0.77.2

200 OK

2.1 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/b/a/e/bae2a1e87f6ecb6badafe926621372a1_icon.png?h=48
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.1 kB (2098 bytes)
Hash
fde54b7b38a34826de42488ddf1da239
2852dca4a49bf27c5c927ad3df1253ffaff1c735
cfccc24d2a29bdfb9a4bef28d1f4b0dd13c4fdee332d92058c31077d64a83463

HTTP Headers

GET /img.aapks.com/imgs/b/a/e/bae2a1e87f6ecb6badafe926621372a1_icon.png?h=48 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:16 GMT
content-type: image/webp
content-length: 2098
last-modified: Thu, 18 Apr 2024 13:51:16 GMT
expires: Sun, 19 Apr 2026 01:51:16 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/b/a/e/bae2a1e87f6ecb6badafe926621372a1_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "e0d98dcfd9243b63"
vary: Accept
x-nc: MISS arn 2
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

i1.wp.com/img.aapks.com/imgs/3/4/8/34824ee9301d4d1a827c261db7019ec8_icon.png?h=32

192.0.77.2

200 OK

2.5 kB

URL GET HTTP/3
i1.wp.com/img.aapks.com/imgs/3/4/8/34824ee9301d4d1a827c261db7019ec8_icon.png?h=32
IP
192.0.77.2:443
ASN
#2635 AUTOMATTIC

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerSectigo Limited
Subject*.wp.com
Fingerprint5D:DB:6E:AA:9E:A8:4A:C3:10:A5:DA:89:DC:1C:BB:D1:87:5F:E1:D2
ValidityTue, 28 Nov 2023 00:00:00 GMT - Sat, 28 Dec 2024 23:59:59 GMT

File type
RIFF (little-endian) data, Web/P image
Size
2.5 kB (2514 bytes)
Hash
72d0dd853409ccfa931b7a1f99e02018
73e6b58fdd4a89fd206907dda6ad9e39470b6c6b
540c9c2e53ef1d8fa588e392e0e288d71f6aa33fcbee363b68e14697ed05ade2

HTTP Headers

GET /img.aapks.com/imgs/3/4/8/34824ee9301d4d1a827c261db7019ec8_icon.png?h=32 HTTP/1.1
Host: i1.wp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: image/webp
content-length: 2514
last-modified: Wed, 17 Apr 2024 13:45:15 GMT
expires: Sat, 18 Apr 2026 01:45:15 GMT
cache-control: public, max-age=63115200
link: <http://img.aapks.com/imgs/3/4/8/34824ee9301d4d1a827c261db7019ec8_icon.png>; rel="canonical"
x-content-type-options: nosniff
etag: "e0d72f3f2d8c5def"
vary: Accept
x-nc: HIT arn 7
alt-svc: h3=":443"; ma=86400
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
timing-allow-origin: *

moonoafy.net/zone?pub=0&zone_id=6395366&is_mobile=false&domain=aapks.com&var=&ymid=&var_3=&tg=0&sw=3.1.500

139.45.197.250

200 OK

880 B

URL GET HTTP/2
moonoafy.net/zone?pub=0&zone_id=6395366&is_mobile=false&domain=aapks.com&var=&ymid=&var_3=&tg=0&sw=3.1.500
IP
139.45.197.250:443
ASN
#9002 RETN Limited

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectmoonoafy.net
Fingerprint17:AD:95:C9:DA:29:B4:0A:55:33:11:0A:74:DF:AF:4D:05:13:AC:A0
ValidityFri, 29 Mar 2024 05:18:37 GMT - Thu, 27 Jun 2024 05:18:36 GMT

File type
troff or preprocessor input, ASCII text, with very long lines (977), with no line terminators
Size
880 B (880 bytes)
Hash
ff165c2ce5d38b69fd97e7497ee267dc
0e2c7e8d951a20a2254eb12afe3a3680cbc888ff
af14b1d71f24a80be056bbecdabf3a4db7e9bb4e7eaf99fb25d99d28d8f1bde3

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /zone?pub=0&zone_id=6395366&is_mobile=false&domain=aapks.com&var=&ymid=&var_3=&tg=0&sw=3.1.500 HTTP/1.1
Host: moonoafy.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://aapks.com/
Origin: https://aapks.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 18 Apr 2024 13:51:15 GMT
content-type: application/json; charset=utf-8
content-length: 880
x-trace-id: 8707b88eac21a2d366877f612bff7c62
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://aapks.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
X-Firefox-Spdy: h2

aapks.com/cdn-cgi/apps/head/H0Ad4u_2_X7zR3EInUqhncQH0lQ.js

172.67.210.173

200 OK

5.3 kB

URL GET HTTP/3
aapks.com/cdn-cgi/apps/head/H0Ad4u_2_X7zR3EInUqhncQH0lQ.js
IP
172.67.210.173:443
ASN
#13335 CLOUDFLARENET

Requested by
https://aapks.com/apk/valida-mais/version/52827122/
Certificate
IssuerLet's Encrypt
Subjectaapks.com
FingerprintE3:08:E5:D9:EF:E4:31:FA:7D:EC:6B:5E:DE:B6:E0:E6:3E:E5:0E:05
ValidityWed, 03 Apr 2024 04:20:20 GMT - Tue, 02 Jul 2024 04:20:19 GMT

File type
JavaScript source, ASCII text, with very long lines (5499), with no line terminators
Size
5.3 kB (5312 bytes)
Hash
21e63ac5cf41371127d8aca00cac472e
bde60cf75d2e41372a2055d9fc42b84502e69c40
6eb8c9807b1f30c826dca9855cedf53dc16d24e3fd40e1437fafaa6f27ac3bd8

HTTP Headers

GET /cdn-cgi/apps/head/H0Ad4u_2_X7zR3EInUqhncQH0lQ.js HTTP/1.1
Host: aapks.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://aapks.com/apk/valida-mais/version/52827122/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 18 Apr 2024 13:51:14 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: 6PAZ5J0mV/svnrK+oSMzpWf/gy6WRIq+D/Bz8gx3Esl4ZGtl/mWZraObai2UGM16D+9cwse+swA=
x-amz-request-id: 61FDK74XD3FV53F3
cache-control: public, max-age=31536000
last-modified: Wed, 13 May 2020 16:06:08 GMT
x-amz-version-id: 0HFVFD8TOb_CWhAwqy15P3j60.GpFr47
etag: W/"b4eafc81d9617923bd90bcb744c907c4"
cf-cache-status: HIT
age: 704
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Aszk5aLaI6KRe2hYO7GY0WO%2B0JmEmnxwt5p5IoYq9l3J%2F%2BCwu8XpYwfXAAjasM4%2BUwKUgqtJJuSIZcJjSLJNzHFv98Ypz796HRkogztXnm28KEy%2FcDTLY7EQyBM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 876520e39b40712f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (26)

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash