Report - galynuh.com/login.phphT

Report Overview

Visited public
2025-05-04 05:49:39
Tags
URL
galynuh.com/login.phphT
Finishing URL
no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D629D01JTCXFDHQ630AD7HCD28NCK8Y%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no&dc=false
IP / ASN
64.225.91.73
#14061 DIGITALOCEAN-ASN
Title
kelkoogroup.net

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
no-go.kelkoogroup.net	unknown	2017-08-18	2017-10-30	2025-04-30	3.4 kB	3.2 kB	95.211.116.26
q1.quotes.com	unknown	1997-05-20	2022-09-19	2025-04-26	952 B	331 B	5.79.68.236
xml.sedodna.com	278378	2009-12-21	2020-10-22	2025-05-03	540 B	211 B	173.239.53.32
galynuh.com	unknown	2022-06-10	2018-06-16	2025-04-30	931 B	1.7 kB	64.225.91.73
dd.prod.captcha-delivery.com	unknown	2019-12-23	2022-04-28	2025-05-04	1.1 kB	28 kB	54.240.174.31
ct.captcha-delivery.com	42546	2019-12-23	2020-02-05	2025-05-04	422 B	14 kB	54.240.174.6
api.yadore.com	591567	2014-09-12	2017-11-28	2025-05-01	580 B	249 kB	88.99.112.6
api.kelkoogroup.net	468795	2017-08-18	2020-06-09	2025-05-01	811 B	250 kB	54.240.174.22
domaincntrol.com	274993	2017-03-03	2018-01-06	2025-04-27	467 B	770 B	104.18.26.45
ww2.galynuh.com	unknown	2022-06-10	2022-06-26	2025-04-29	4.8 kB	5.6 kB	64.190.63.136
arveaoy.com	unknown	2023-01-06	2023-01-10	2025-05-03	2.9 kB	1.1 kB	3.125.239.17
geo.captcha-delivery.com	43337	2019-12-23	2020-03-18	2025-05-04	7.4 kB	1.2 MB	13.49.167.109
static.captcha-delivery.com	38537	2019-12-23	2020-05-12	2025-04-28	3.1 kB	46 kB	54.240.174.73
ingun-fhl.com	unknown	2025-04-23	2025-04-30	2025-04-30	3.3 kB	4.7 kB	54.146.90.40

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-05-04	medium	galynuh.com	Sinkholed
2025-05-04	medium	galynuh.com	Sinkholed
2025-05-04	medium	galynuh.com	Sinkholed
2025-05-04	medium	galynuh.com	Sinkholed
2025-05-04	medium	galynuh.com	Sinkholed
2025-05-04	medium	galynuh.com	Sinkholed
2025-05-04	medium	galynuh.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (9)

	URL	From	Size	First Seen	Last Seen
	ww2.galynuh.com/	ScriptElement	1.9 kB	2025-05-04	2025-05-04
Pretty URL ww2.galynuh.com/ IP 64.190.63.136 ASN #47846 SEDO GmbH Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-04 05:49 Last Seen2025-05-04 05:49 Times Seen1 Hash 180fab8d81efbf5e462dca48f2b4d58e 5b125f3bf494e02d3944cc5dcb6243cd7724a188 645ab84c8e6ef7fc9108e0f85f410f481a5f11979a2d6847ee43a5e343e29fa7 Loading...

	ingun-fhl.com/zclkvisitor/7f39abd1-28ab-11f0-b859-0affc23e4b13/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381	ScriptElement	2.8 kB	2025-05-04	2025-05-04
Pretty URL ingun-fhl.com/zclkvisitor/7f39abd1-28ab-11f0-b859-0affc23e4b13/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381 IP 54.146.90.40 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-04 05:49 Last Seen2025-05-04 05:49 Times Seen1 Hash 71db5bb0c850d30e2a82e0cbe5146a68 22c365bf19a52f55320748cdaf75076f4c5b28b2 11b8efe1320f0dad8c9a736ccd6d1d9c2e4f7f22e31a2555f17dfd7c8f10484c Loading...

	ct.captcha-delivery.com/i.js	ScriptElement	13 kB	2025-02-18	2025-05-09
Pretty URL ct.captcha-delivery.com/i.js IP 54.240.174.6 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-18 06:11 Last Seen2025-05-09 09:53 Times Seen233 Hash c289d6c8b0e743fd024d52618d546f20 cd29405db7518c6943bacc943ac35c3d314ac722 8d973ba5eafa4328ff1feaefd70cccd0472b8af0c006285ba63eed00977935cc Loading...

	galynuh.com/login.phphT	ScriptElement	450 B	2025-03-03	2025-05-10
Pretty URL galynuh.com/login.phphT IP 64.225.91.73 ASN #14061 DIGITALOCEAN-ASN Introduced by scriptElement Embedded in HTML true Observations First Seen2025-03-03 18:21 Last Seen2025-05-10 00:31 Times Seen78 Hash 3432aec863794452fa10c92c84dadccb db3e583ad642974bdb201861394571c9e84a8988 037741f7a74ec2adccea4eb9c39d7421eb37638ece22a35a21730116d3a37131 Loading...

	api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=97a675bbca169e000c9a2474359ea4c01d295a683ddf0ab0b749076683cd6cd7&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com	ScriptElement	233 kB	2025-05-04	2025-05-04
Pretty URL api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=97a675bbca169e000c9a2474359ea4c01d295a683ddf0ab0b749076683cd6cd7&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com IP 54.240.174.22 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-04 05:49 Last Seen2025-05-04 05:49 Times Seen1 Hash cbccfc125c8ae7d8a7caaaaa99adbb5f 18753616baa798cf204e286987256fd0bc522b81 3c73947bdb1b3a7eaba5dd669b814be941e6afa01063fdfa268f1b17523d99f9 Loading...

	api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=97a675bbca169e000c9a2474359ea4c01d295a683ddf0ab0b749076683cd6cd7&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com	ScriptElement	12 kB	2025-05-04	2025-05-04
Pretty URL api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=97a675bbca169e000c9a2474359ea4c01d295a683ddf0ab0b749076683cd6cd7&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com IP 54.240.174.22 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-04 05:49 Last Seen2025-05-04 05:49 Times Seen1 Hash f16e30c4a9e26118779e1be624ecd81d d04623f96990959fc10e8e3a35d5ea4876b88926 4e63b9330cb15ecf45fcb7e82a639124475065aedf2bb9dd5f65b5698b9332b2 Loading...

	no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D629D01JTCXFDHQ630AD7HCD28NCK8Y%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no&dc=false	ScriptElement	370 B	2025-05-04	2025-05-04
Pretty URL no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D629D01JTCXFDHQ630AD7HCD28NCK8Y%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no&dc=false IP 95.211.116.26 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-04 05:49 Last Seen2025-05-04 05:49 Times Seen1 Hash 6ca44e10a9cc1195d7a1c0086eb6cf32 f5826edf245444cfb5b34d41cf64271ab7c8439e f0d578b6fb779cea198e39919e576b6d9bb450aac68a5c855f736f29b56481d3 Loading...

	geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=XUBECrOHAez2Sbprqbn0eVLgC2TDQvzKyM9rmUclC7_dKtQkduxCPUiY1QGp7l_YE2rkm9SjKcGgQHzLy51mX16fTD5qJLqDO75q6u42SigfGcMGH1D_OSGjE32C1Y01&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&s=35103&b=32286&dm=cd	ScriptElement	547 kB	2025-05-04	2025-05-04
Pretty URL geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=XUBECrOHAez2Sbprqbn0eVLgC2TDQvzKyM9rmUclC7_dKtQkduxCPUiY1QGp7l_YE2rkm9SjKcGgQHzLy51mX16fTD5qJLqDO75q6u42SigfGcMGH1D_OSGjE32C1Y01&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&s=35103&b=32286&dm=cd IP 13.49.167.109 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-04 05:49 Last Seen2025-05-04 05:49 Times Seen1 Hash c730d0fe84b1baf82881eda15871dbcf 3df0d97fb8cfcebfae83d0cbb27f7695b52d9834 0aac38c6e1808ca03a0fe852713abf3ccbb1d1385f0c9f513cadeb29235b0cff Loading...

	api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=97a675bbca169e000c9a2474359ea4c01d295a683ddf0ab0b749076683cd6cd7&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com	ScriptElement	1.3 kB	2025-05-04	2025-05-04
Pretty URL api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=97a675bbca169e000c9a2474359ea4c01d295a683ddf0ab0b749076683cd6cd7&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com IP 54.240.174.22 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-05-04 05:49 Last Seen2025-05-04 05:49 Times Seen1 Hash fe4156a64a18d6f6daa9043f22f18fa1 7320c6ad5fea2f00873f4bc4ff6c0aed5831a412 e987a7a31ae6315145c54c99465aacaca293a9e1f8478d1626ace81c27ef6be5 Loading...

HTTP Transactions (33)

URL IP Response Size

geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=XUBECrOHAez2Sbprqbn0eVLgC2TDQvzKyM9rmUclC7_dKtQkduxCPUiY1QGp7l_YE2rkm9SjKcGgQHzLy51mX16fTD5qJLqDO75q6u42SigfGcMGH1D_OSGjE32C1Y01&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&s=35103&b=32286&dm=cd

13.49.167.109

200 OK

550 kB

URL GET
geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=XUBECrOHAez2Sbprqbn0eVLgC2TDQvzKyM9rmUclC7_dKtQkduxCPUiY1QGp7l_YE2rkm9SjKcGgQHzLy51mX16fTD5qJLqDO75q6u42SigfGcMGH1D_OSGjE32C1Y01&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&s=35103&b=32286&dm=cd
IP
13.49.167.109:443
ASN
#16509 AMAZON-02

Requested by
https://no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D629D01JTCXFDHQ630AD7HCD28NCK8Y%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no&dc=false
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
FingerprintF2:9E:7E:72:25:57:E3:AF:B6:87:61:A0:0D:B1:85:B4:85:82:E6:96
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (61855)
Size
550 kB (550086 bytes)
Hash
15ce04c4da77de4e0f4b14b105023f21
53b783b310d2a33af577d0997bb753ec293a10b1
d1259e7a4377888ed98d0e1ade139ea3b15deb6cc50788ec32f57d44087808bd

HTTP Headers

GET /interstitial/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=XUBECrOHAez2Sbprqbn0eVLgC2TDQvzKyM9rmUclC7_dKtQkduxCPUiY1QGp7l_YE2rkm9SjKcGgQHzLy51mX16fTD5qJLqDO75q6u42SigfGcMGH1D_OSGjE32C1Y01&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&s=35103&b=32286&dm=cd HTTP/1.1
Host: geo.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 04 May 2025 05:49:33 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

no-go.kelkoogroup.net/favicon.ico

95.211.116.26

404 Not Found

1.1 kB

URL GET
no-go.kelkoogroup.net/favicon.ico
IP
95.211.116.26:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D629D01JTCXFDHQ630AD7HCD28NCK8Y%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no&dc=false
Certificate
IssuerDigiCert Inc
Subject*.kelkoogroup.net
FingerprintAB:7F:31:B1:66:46:76:99:39:20:8C:5B:A4:03:6B:DE:E6:6B:F4:17
ValidityThu, 26 Sep 2024 00:00:00 GMT - Fri, 10 Oct 2025 23:59:59 GMT

File type
HTML document, ASCII text
Size
1.1 kB (1144 bytes)
Hash
8560de521c4990c7c870121fc9643508
0cacf7a6b96cceeb6ceae74d5f14dc87406a6f39
73a434285c3a752bc8c44aebd50e10f1a766853cbc7184e78d5c934c7b52b620

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D629D01JTCXFDHQ630AD7HCD28NCK8Y%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no&dc=false
DNT: 1
Connection: keep-alive
Cookie: kelkooID=a4c6293-19699d7b629-1a3224; datadome=XUBECrOHAez2Sbprqbn0eVLgC2TDQvzKyM9rmUclC7_dKtQkduxCPUiY1QGp7l_YE2rkm9SjKcGgQHzLy51mX16fTD5qJLqDO75q6u42SigfGcMGH1D_OSGjE32C1Y01
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Request-Time: PT0.000241646S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
X-Permitted-Cross-Domain-Policies: master-only
Date: Sun, 04 May 2025 05:49:32 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1144

static.captcha-delivery.com/common/fonts/roboto/roboto.woff2

54.240.174.73

200 OK

16 kB

URL GET
static.captcha-delivery.com/common/fonts/roboto/roboto.woff2
IP
54.240.174.73:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg==&cid=XUBECrOHAez2Sbprqbn0eHhqbnEeTE3AT8WgbtUtvJjPQKzETQmi8BspzxxZ1oC0VvYCYtxFk3_KIN0W5Bd8Ax9YyskJmLvXbnG7VSVOVG2qiIwcylS~fw0Nkb1tGYTe&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=385bae445092a95666dbde93e60360c2f934cd80e819edc3437a279d4e746979&ir=36%2C20%2C676&dm=dc_ir
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15688, version 1.0
Size
16 kB (15688 bytes)
Hash
aa23b7b4bcf2b8f0e876106bb3de69c6
106ac454ba4e503e0a1cd15e1275130918049182
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

HTTP Headers

GET /common/fonts/roboto/roboto.woff2 HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://geo.captcha-delivery.com
DNT: 1
Connection: keep-alive
Referer: https://static.captcha-delivery.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: font/woff2
content-length: 15688
access-control-allow-origin: https://geo.captcha-delivery.com
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Fri, 06 May 2022 16:47:07 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sun, 04 May 2025 01:58:37 GMT
etag: "aa23b7b4bcf2b8f0e876106bb3de69c6"
vary: Origin
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cXmfWLsgr6_-7cAuEf72TJA3_9YPRBoQM50qoo7kq3bay2W7GbWmVw==
age: 14104
X-Firefox-Spdy: h2

q1.quotes.com/7f2bf38c-28ab-11f0-9998-7b574deff6b7

5.79.68.236

302 Found

0 B

URL User Request GET
q1.quotes.com/7f2bf38c-28ab-11f0-9998-7b574deff6b7
IP
5.79.68.236:80
ASN
#60781 LeaseWeb Netherlands B.V.

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /7f2bf38c-28ab-11f0-9998-7b574deff6b7 HTTP/1.1
Host: q1.quotes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
cache-control: max-age=0, private, must-revalidate
connection: close
content-length: 11
date: Sun, 04 May 2025 05:49:30 GMT
location: http://ingun-fhl.com/zclkvisitor/7f39abd1-28ab-11f0-b859-0affc23e4b13/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
server: nginx

ingun-fhl.com/zclkvisitor/7f39abd1-28ab-11f0-b859-0affc23e4b13/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381

54.146.90.40

200

3.1 kB

URL User Request GET
ingun-fhl.com/zclkvisitor/7f39abd1-28ab-11f0-b859-0affc23e4b13/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
IP
54.146.90.40:80
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text, with very long lines (408)
Size
3.1 kB (3086 bytes)
Hash
c0cd264d702262fd5ebf78a05c563bd9
dd56579be65e2a57705765a60a05bf40bc747ed2
539a58d9eebd6d5f4ab6125ac76c4d89ec158ccb191517c04ede9525a378abfe

HTTP Headers

GET /zclkvisitor/7f39abd1-28ab-11f0-b859-0affc23e4b13/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381 HTTP/1.1
Host: ingun-fhl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Sun, 04 May 2025 05:49:31 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 3086
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type

api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=97a675bbca169e000c9a2474359ea4c01d295a683ddf0ab0b749076683cd6cd7&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com

54.240.174.22

200 OK

249 kB

URL User Request GET
api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=97a675bbca169e000c9a2474359ea4c01d295a683ddf0ab0b749076683cd6cd7&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com
IP
54.240.174.22:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectapi.kelkoogroup.net
FingerprintDE:F8:09:ED:61:51:96:48:CB:23:37:6D:A6:4F:C8:7C:0C:15:69:2D
ValidityMon, 18 Nov 2024 00:00:00 GMT - Tue, 16 Dec 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (31608)
Size
249 kB (248564 bytes)
Hash
163e2d958636257f1675a26363cb8285
4e3df2b04ca7e4d673ff3c554d2d56a0b1c4f57e
652f985e4111cc711e286e8b6e66b029d5a7e4c25beaf0e104d5f69a4797b625

HTTP Headers

GET /publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=97a675bbca169e000c9a2474359ea4c01d295a683ddf0ab0b749076683cd6cd7&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com HTTP/1.1
Host: api.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-length: 248564
leadid: 629D01JTCXFDHQ630AD7HCD28NCK8Y
pragma: no-cache
x-dd-b: 3
charset: utf-8
clickid: 107698147_1746337773097_14547046
country: no
accept-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
set-cookie: datadome=xNqt84mTbI5GopLMVgkveZTFl3yHmko0f67FXWkzOaDNuKi7OM6lS~I2OcXfm~P4CKslL9aAgTd1Y~yAEjyinOxl2ZKKbki1nM9msDy5fA1E1tvvXKxMNKnjNkDrOj3c; Max-Age=31104000; Expires=Wed, 29 Apr 2026 05:49:33 GMT; SameSite=Lax; Path=/; Domain=.kelkoo.net; Secure
kelkooID=a4c6293-19699d7b629-1a3224; Max-Age=31536000; Expires=Mon, 04 May 2026 05:49:33 GMT; SameSite=None; Path=/; Domain=kelkoogroup.net; Secure; HTTPOnly
x-datadome: protected
request-time: PT0.023837769S
x-robots-tag: noindex,nofollow
cache-control: max-age=0, private, no-cache, no-store, must-revalidate
x-datadome-cid: AHrlqAAAAAMAsTlm7njICVcAW1oqmg==
referrer-policy: origin-when-cross-origin
x-frame-options: ALLOWALL
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
date: Sun, 04 May 2025 05:49:32 GMT
x-gravitee-transaction-id: 0527229f-0910-4e1b-a722-9f09101e1b2b
x-gravitee-request-id: 0527229f-0910-4e1b-a722-9f09101e1b2b
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: GEvlv4NQu7OOKra_MzwgDbj0YyEAjRx-F22kR8txVe_UdnlHwgaPqw==
X-Firefox-Spdy: h2

domaincntrol.com/?orighost=https://galynuh.com/login.phphT

104.18.26.45

200 OK

24 B

URL GET
domaincntrol.com/?orighost=https://galynuh.com/login.phphT
IP
104.18.26.45:443
ASN
#13335 CLOUDFLARENET

Requested by
https://galynuh.com/login.phphT
Certificate
IssuerGoogle Trust Services
Subjectdomaincntrol.com
FingerprintF5:14:9D:E9:4D:BC:60:0D:43:AF:93:8A:61:99:A7:4D:22:06:C5:40
ValidityMon, 17 Mar 2025 15:50:25 GMT - Sun, 15 Jun 2025 16:49:59 GMT

File type
ASCII text, with no line terminators
Size
24 B (24 bytes)
Hash
f3c40aeaa9222e9c80e4096fdcc4019a
581a1aea776b2f84386d514338b436d0236e297d
c86576cfc75b58127283a0180a5a902c405da7377e2d454680a95e0e617e86cc

HTTP Headers

GET /?orighost=https://galynuh.com/login.phphT HTTP/1.1
Host: domaincntrol.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://galynuh.com/
Origin: https://galynuh.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Sun, 04 May 2025 05:49:07 GMT
content-type: text/javascript;charset=UTF-8
content-length: 24
access-control-allow-origin: *
x_details: {"destination":"sedo","orighost":"galynuh.com","type":"org","finalurl":"http://ww2.galynuh.com","browser":"firefox","os":"windows","country":"NO","device":"desktop","isbot":false,"botscore":44}
set-cookie: __cf_bm=aLAbR8cUmZHw_MAQa7jJbx_a4a.qKrRiRS.wKsm6t0M-1746337747-1.0.1.1-CAzm24ZEBOsrm.7eLRaYeqIY3RFkfurQxGAooRywGOnfYmqc.uM8aCD70yjxOanIZuvP4VN49t2ccE2M9Mad2IEJHtiW9Ft6bw6D_nJmKYg; path=/; expires=Sun, 04-May-25 06:19:07 GMT; domain=.domaincntrol.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 93a5b68a392b56aa-OSL
X-Firefox-Spdy: h2

ww2.galynuh.com/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DDnX8%2Aw-8Nto_0&v=Y2U3M2NkMzkwMTg2NjY2MmMwMGEyNGZjYWJlNmI0YTAJMQl3dzIuZ2FseW51aC5jb202ODE2ZmZkNDZmOTEzOC45MTI5OTI4NQl3dzIuZ2FseW51aC5jb202ODE2ZmZkNDZmOTQ4Ny4zOTMyMjI3MgkxNzQ2MzM3NzQ5CWFkXzYzXzA%3D&l=ogc7hZMTHZRuD1aCNkTkL8Zhw_l7TibUaPzVGFYWMWTdVbYIKVhLp1X0N3qFR_HFjgb-RlffcSotevDS6UlTmHI3HW8WIUrjPbtosec9BUOGkKLdDuAZBUe_BiyTjQ1w2-zDCr5ceRSyBUxNhbCP2ohK2ZqsTODeIGULylPVu7F_1oKEDlb0xw7VlPToAM7t5octxJKtKCBD4GL3C2dDdTRSZvx6SS3JMRPUYVORHxfdfPddjU67s9ZaXfsqsCwsme-KtS8-gWSO2MWvi_uJFIFBYpzSzTa6AzEhYIqzQOfTbvLesfbvoZUW_0zBAMbv-adLv7xFKriwjQZ-zcHDSuPfbar_rl4w3m77lwY_ThWzD70UPkG5PjwNkez7-UTnW0k_C-iLitbhAkqAwo72naj6-IrTwABWTkqmblv1W6bbcGS2vR1HZinba1J1aHnMm6MyWAFD96JGY2bEbn01iNY5jRksnb5tbG0FB_-5kXCefIX3GOFEL3db06A2ddKZ90xGCZN46pljR2su5Uq5MpjkcqDAWXiMFhFo_hPQpXohUH0po5156wRuUWeUTqNG72SRAXP7EZmhsiAM0EKJEmtvnLHgfKuP8eFWlM2M59W9-CUY0CL7TwrCmhEbw3zLBaMcS5-WUuxvaB2uyl834WOuoSwRVRm1RaUQr4cKzvwDvVn0Ys5eINmIGzJflQ9ed-O1ZdIOA

64.190.63.136

302 Found

0 B

URL User Request GET
ww2.galynuh.com/search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DDnX8%2Aw-8Nto_0&v=Y2U3M2NkMzkwMTg2NjY2MmMwMGEyNGZjYWJlNmI0YTAJMQl3dzIuZ2FseW51aC5jb202ODE2ZmZkNDZmOTEzOC45MTI5OTI4NQl3dzIuZ2FseW51aC5jb202ODE2ZmZkNDZmOTQ4Ny4zOTMyMjI3MgkxNzQ2MzM3NzQ5CWFkXzYzXzA%3D&l=ogc7hZMTHZRuD1aCNkTkL8Zhw_l7TibUaPzVGFYWMWTdVbYIKVhLp1X0N3qFR_HFjgb-RlffcSotevDS6UlTmHI3HW8WIUrjPbtosec9BUOGkKLdDuAZBUe_BiyTjQ1w2-zDCr5ceRSyBUxNhbCP2ohK2ZqsTODeIGULylPVu7F_1oKEDlb0xw7VlPToAM7t5octxJKtKCBD4GL3C2dDdTRSZvx6SS3JMRPUYVORHxfdfPddjU67s9ZaXfsqsCwsme-KtS8-gWSO2MWvi_uJFIFBYpzSzTa6AzEhYIqzQOfTbvLesfbvoZUW_0zBAMbv-adLv7xFKriwjQZ-zcHDSuPfbar_rl4w3m77lwY_ThWzD70UPkG5PjwNkez7-UTnW0k_C-iLitbhAkqAwo72naj6-IrTwABWTkqmblv1W6bbcGS2vR1HZinba1J1aHnMm6MyWAFD96JGY2bEbn01iNY5jRksnb5tbG0FB_-5kXCefIX3GOFEL3db06A2ddKZ90xGCZN46pljR2su5Uq5MpjkcqDAWXiMFhFo_hPQpXohUH0po5156wRuUWeUTqNG72SRAXP7EZmhsiAM0EKJEmtvnLHgfKuP8eFWlM2M59W9-CUY0CL7TwrCmhEbw3zLBaMcS5-WUuxvaB2uyl834WOuoSwRVRm1RaUQr4cKzvwDvVn0Ys5eINmIGzJflQ9ed-O1ZdIOA
IP
64.190.63.136:443
ASN
#47846 SEDO GmbH

Certificate
IssuerDigiCert Inc
Subjectww2.galynuh.com
Fingerprint9D:87:DD:92:75:6F:AC:8A:63:56:ED:B5:98:CB:AA:DA:92:F8:01:8C
ValidityThu, 23 May 2024 00:00:00 GMT - Thu, 22 May 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DDnX8%2Aw-8Nto_0&v=Y2U3M2NkMzkwMTg2NjY2MmMwMGEyNGZjYWJlNmI0YTAJMQl3dzIuZ2FseW51aC5jb202ODE2ZmZkNDZmOTEzOC45MTI5OTI4NQl3dzIuZ2FseW51aC5jb202ODE2ZmZkNDZmOTQ4Ny4zOTMyMjI3MgkxNzQ2MzM3NzQ5CWFkXzYzXzA%3D&l=ogc7hZMTHZRuD1aCNkTkL8Zhw_l7TibUaPzVGFYWMWTdVbYIKVhLp1X0N3qFR_HFjgb-RlffcSotevDS6UlTmHI3HW8WIUrjPbtosec9BUOGkKLdDuAZBUe_BiyTjQ1w2-zDCr5ceRSyBUxNhbCP2ohK2ZqsTODeIGULylPVu7F_1oKEDlb0xw7VlPToAM7t5octxJKtKCBD4GL3C2dDdTRSZvx6SS3JMRPUYVORHxfdfPddjU67s9ZaXfsqsCwsme-KtS8-gWSO2MWvi_uJFIFBYpzSzTa6AzEhYIqzQOfTbvLesfbvoZUW_0zBAMbv-adLv7xFKriwjQZ-zcHDSuPfbar_rl4w3m77lwY_ThWzD70UPkG5PjwNkez7-UTnW0k_C-iLitbhAkqAwo72naj6-IrTwABWTkqmblv1W6bbcGS2vR1HZinba1J1aHnMm6MyWAFD96JGY2bEbn01iNY5jRksnb5tbG0FB_-5kXCefIX3GOFEL3db06A2ddKZ90xGCZN46pljR2su5Uq5MpjkcqDAWXiMFhFo_hPQpXohUH0po5156wRuUWeUTqNG72SRAXP7EZmhsiAM0EKJEmtvnLHgfKuP8eFWlM2M59W9-CUY0CL7TwrCmhEbw3zLBaMcS5-WUuxvaB2uyl834WOuoSwRVRm1RaUQr4cKzvwDvVn0Ys5eINmIGzJflQ9ed-O1ZdIOA HTTP/1.1
Host: ww2.galynuh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww2.galynuh.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/html; charset=UTF-8
date: Sun, 04 May 2025 05:49:09 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 04 May 2025 05:49:09 GMT
location: https://xml.sedodna.com/click?i=DnX8*w-8Nto_0
pragma: no-cache
server: Parking/1.0
x-cache-miss-from: parking-6cbd575cd6-44gf2
X-Firefox-Spdy: h2

geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg==&cid=XUBECrOHAez2Sbprqbn0eHhqbnEeTE3AT8WgbtUtvJjPQKzETQmi8BspzxxZ1oC0VvYCYtxFk3_KIN0W5Bd8Ax9YyskJmLvXbnG7VSVOVG2qiIwcylS~fw0Nkb1tGYTe&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=385bae445092a95666dbde93e60360c2f934cd80e819edc3437a279d4e746979&ir=36%2C20%2C676&dm=dc_ir

13.49.167.109

200 OK

602 kB

URL GET
geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg==&cid=XUBECrOHAez2Sbprqbn0eHhqbnEeTE3AT8WgbtUtvJjPQKzETQmi8BspzxxZ1oC0VvYCYtxFk3_KIN0W5Bd8Ax9YyskJmLvXbnG7VSVOVG2qiIwcylS~fw0Nkb1tGYTe&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=385bae445092a95666dbde93e60360c2f934cd80e819edc3437a279d4e746979&ir=36%2C20%2C676&dm=dc_ir
IP
13.49.167.109:443
ASN
#16509 AMAZON-02

Requested by
https://no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D629D01JTCXFDHQ630AD7HCD28NCK8Y%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no&dc=false
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
FingerprintF2:9E:7E:72:25:57:E3:AF:B6:87:61:A0:0D:B1:85:B4:85:82:E6:96
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (40939)
Size
602 kB (602117 bytes)
Hash
bd654cc39f0729cde593a9ee124b430b
336f4fd7d401d7895dd8043237bf56169ffc3a91
dd01f6f0c120403f366788cf9a7dac10596055bd9efa6a74129e8f959c7188a5

HTTP Headers

GET /captcha/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg==&cid=XUBECrOHAez2Sbprqbn0eHhqbnEeTE3AT8WgbtUtvJjPQKzETQmi8BspzxxZ1oC0VvYCYtxFk3_KIN0W5Bd8Ax9YyskJmLvXbnG7VSVOVG2qiIwcylS~fw0Nkb1tGYTe&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=385bae445092a95666dbde93e60360c2f934cd80e819edc3437a279d4e746979&ir=36%2C20%2C676&dm=dc_ir HTTP/1.1
Host: geo.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=XUBECrOHAez2Sbprqbn0eVLgC2TDQvzKyM9rmUclC7_dKtQkduxCPUiY1QGp7l_YE2rkm9SjKcGgQHzLy51mX16fTD5qJLqDO75q6u42SigfGcMGH1D_OSGjE32C1Y01&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&s=35103&b=32286&dm=cd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 04 May 2025 05:49:36 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip

galynuh.com/login.phphT

64.225.91.73

200 OK

593 B

URL User Request GET
galynuh.com/login.phphT
IP
64.225.91.73:443
ASN
#14061 DIGITALOCEAN-ASN

Certificate
IssuerLet's Encrypt
Subjectgalynuh.com
FingerprintAE:8C:19:1C:11:86:6B:0A:DA:48:B7:93:C6:0B:B8:8F:44:64:C6:05
ValidityFri, 11 Apr 2025 23:07:47 GMT - Thu, 10 Jul 2025 23:07:46 GMT

File type
HTML document, ASCII text
Size
593 B (593 bytes)
Hash
3b03d93d3487806337b5c6443ce7a62d
93a7a790bb6348606cbdaf5daeaaf4ea8cf731d0
7392749832c70fcfc2d440d7afc2f880000dd564930d95d634eb1199fa15de30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /login.phphT HTTP/1.1
Host: galynuh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 04 May 2025 05:49:07 GMT
Content-Type: text/html
Last-Modified: Wed, 22 Feb 2023 21:25:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63f68860-251"
Content-Encoding: gzip

static.captcha-delivery.com/common/fonts/roboto/roboto.woff2

54.240.174.73

200 OK

16 kB

URL GET
static.captcha-delivery.com/common/fonts/roboto/roboto.woff2
IP
54.240.174.73:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=XUBECrOHAez2Sbprqbn0eVLgC2TDQvzKyM9rmUclC7_dKtQkduxCPUiY1QGp7l_YE2rkm9SjKcGgQHzLy51mX16fTD5qJLqDO75q6u42SigfGcMGH1D_OSGjE32C1Y01&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&s=35103&b=32286&dm=cd
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15688, version 1.0
Size
16 kB (15688 bytes)
Hash
aa23b7b4bcf2b8f0e876106bb3de69c6
106ac454ba4e503e0a1cd15e1275130918049182
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

HTTP Headers

GET /common/fonts/roboto/roboto.woff2 HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://geo.captcha-delivery.com
DNT: 1
Connection: keep-alive
Referer: https://static.captcha-delivery.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: font/woff2
content-length: 15688
access-control-allow-origin: https://geo.captcha-delivery.com
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Fri, 06 May 2022 16:47:07 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sun, 04 May 2025 01:58:37 GMT
etag: "aa23b7b4bcf2b8f0e876106bb3de69c6"
vary: Origin
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: BsL1UMQBh3-ewlBS35ITqqfpMqJ3zSig6n5HyFQS1ewy-QmfGC1jSQ==
age: 14102
X-Firefox-Spdy: h2

ingun-fhl.com/favicon.ico

0.0.0.0

0 B

URL GET
ingun-fhl.com/favicon.ico
IP
0.0.0.0:0
ASN
#0

Requested by
http://ingun-fhl.com/zclkvisitor/7f39abd1-28ab-11f0-b859-0affc23e4b13/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ingun-fhl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://ingun-fhl.com/zclkvisitor/7f39abd1-28ab-11f0-b859-0affc23e4b13/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
Pragma: no-cache
Cache-Control: no-cache

ingun-fhl.com/zclkredirect?visitid=7f39abd1-28ab-11f0-b859-0affc23e4b13&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=Mesa%3B%20llvmpipe&timezone=UTC%2B00%3A00&timezoneName=UTC

0.0.0.0

0 B

URL User Request GET
ingun-fhl.com/zclkredirect?visitid=7f39abd1-28ab-11f0-b859-0affc23e4b13&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=Mesa%3B%20llvmpipe&timezone=UTC%2B00%3A00&timezoneName=UTC
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zclkredirect?visitid=7f39abd1-28ab-11f0-b859-0affc23e4b13&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=Mesa%3B%20llvmpipe&timezone=UTC%2B00%3A00&timezoneName=UTC HTTP/1.1
Host: ingun-fhl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ingun-fhl.com/zclkvisitor/7f39abd1-28ab-11f0-b859-0affc23e4b13/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

54.146.90.40

302

1.2 kB

URL User Request GET
ingun-fhl.com/zclkredirect?visitid=7f39abd1-28ab-11f0-b859-0affc23e4b13&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=Mesa%3B%20llvmpipe&timezone=UTC%2B00%3A00&timezoneName=UTC
IP
54.146.90.40:80
ASN
#14618 AMAZON-AES

File type

Size
1.2 kB (1189 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zclkredirect?visitid=7f39abd1-28ab-11f0-b859-0affc23e4b13&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=Mesa%3B%20llvmpipe&timezone=UTC%2B00%3A00&timezoneName=UTC HTTP/1.1
Host: ingun-fhl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ingun-fhl.com/zclkvisitor/7f39abd1-28ab-11f0-b859-0affc23e4b13/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

arveaoy.com/double?t=2&d=eyJVUkwiOiJodHRwczovL2FwaS55YWRvcmUuY29tL3YyL2Q_dXJsPWh0dHBzJTNBJTJGJTJGd3d3LmZhcm1hc2lldC5ub1x1MDAyNm1hcmtldD1ub1x1MDAyNnByb2plY3RJZD1TZGU0Nm9wUkhKRFhcdTAwMjZwbGFjZW1lbnRJZD01alhHQmpjd1pUaDAiLCJSZWRpcmVjdFdvcmRpbmciOiIgIiwiUmVkaXJlY3RUaXRsZSI6IlJlZGlyZWN0aW9uLi4uIiwiUmVkaXJlY3RMaW5rVGV4dCI6IiAiLCJJbnN0YWxsSWQiOjIwMDF9

3.125.239.17

200 OK

780 B

URL User Request GET
arveaoy.com/double?t=2&d=eyJVUkwiOiJodHRwczovL2FwaS55YWRvcmUuY29tL3YyL2Q_dXJsPWh0dHBzJTNBJTJGJTJGd3d3LmZhcm1hc2lldC5ub1x1MDAyNm1hcmtldD1ub1x1MDAyNnByb2plY3RJZD1TZGU0Nm9wUkhKRFhcdTAwMjZwbGFjZW1lbnRJZD01alhHQmpjd1pUaDAiLCJSZWRpcmVjdFdvcmRpbmciOiIgIiwiUmVkaXJlY3RUaXRsZSI6IlJlZGlyZWN0aW9uLi4uIiwiUmVkaXJlY3RMaW5rVGV4dCI6IiAiLCJJbnN0YWxsSWQiOjIwMDF9
IP
3.125.239.17:443
ASN
#16509 AMAZON-02

Certificate
IssuerLet's Encrypt
Subjectarveaoy.com
Fingerprint18:24:ED:D6:E3:2E:3D:5B:DD:F8:09:47:D2:D7:9D:37:8D:B0:30:09
ValidityFri, 18 Apr 2025 00:17:54 GMT - Thu, 17 Jul 2025 00:17:53 GMT

File type
HTML document, ASCII text
Size
780 B (780 bytes)
Hash
d8afd5f751bdd7a3753a039c480ea023
e6be3c9b1a3bced78827398f97f06afb46e60a8e
b975c987731787aef2a77abc85fb7aa1a6879407d523da0a871602489cc7bb4e

HTTP Headers

GET /double?t=2&d=eyJVUkwiOiJodHRwczovL2FwaS55YWRvcmUuY29tL3YyL2Q_dXJsPWh0dHBzJTNBJTJGJTJGd3d3LmZhcm1hc2lldC5ub1x1MDAyNm1hcmtldD1ub1x1MDAyNnByb2plY3RJZD1TZGU0Nm9wUkhKRFhcdTAwMjZwbGFjZW1lbnRJZD01alhHQmpjd1pUaDAiLCJSZWRpcmVjdFdvcmRpbmciOiIgIiwiUmVkaXJlY3RUaXRsZSI6IlJlZGlyZWN0aW9uLi4uIiwiUmVkaXJlY3RMaW5rVGV4dCI6IiAiLCJJbnN0YWxsSWQiOjIwMDF9 HTTP/1.1
Host: arveaoy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: ClickDataNG=H4sIAAAAAAAA_7RUWW_bRhD-K8IAAVqAppa3yEAIfMBpitguaqcJir4sd4fy2qtdYg_qSPLfiyVpR2ie-6LRzPdpjp1v9BUGNFZoBQ0kMYkJROAOPUJDIrC-fXj5zrQa0Djk0HRUWoyAScGeP3BooHj68v7iie3-fngMv-fUITRJlZdZVlVVGgGj256KjQrsPC_SJAJhL_84f81ltKNO6JGQlEVWR2C8xOCSCAxyYZC5G3SPmkNTRGC1N2zEsywCSRUXajPTZ--TkdAARKC7Dk3A0jRLsghaQxV7nMkjOFEfnetts1zSXsQHyrXBmOntckiX_J03cj3ib7LzN-n1m_R6t9vFHTVbagW6WOl_PCFpuaXmGd36xe2NfkLmPvD1Pce81P2fv_1-9WXGJGW4RRXQ_7wg09ZBQ2JCijD9gMpPW-jpQXv3o_FLbwwqdoAGPt1fQQTeiNNJzIBUH8YxxnW9c2YQfD3uYOoC907w9dFUXVbTlifpirZJ0pF2VdSEdh1LM8zbJCvTHBNa1qusqPKuTGlHq4IWjLSYVCxvSU3KtK4yihnL65auiil_GGU9TkIImUKOmk2o6aU_e9J4NhwP-5XJy2M-4ZYd-3VLudDenrX-eKSGQwSiP-fcoLXQQJ3ENYnzNE6K_BQqp417i-Z8g8pBAzf6KKSkyyImi18-C8X1zi5uHxYJicnbxWehyvztYh8-zNAkWR6TXxfvkT3rZUoSQhKSLK6FwU7vlyMKYSMdGjTQgFAbr866RxmeOEgfB8Hw9Wh06HWuGYRo__pxbCFRa_TOjonmEq8pLgxVfBpmCtxojvI0cEu3OPlsqgeXtJW4vLr_GF7E9tDAhRT7xb2WPtyWHYXllTNBLrd34yCbqZvbu2_f7qzUi8tAOASmcIcTAIL2DCp3GWQ035URG6E-9ichZ6iylE2nbKFRXsoImLdOb6H5OgsbXvQAEeDeoVFUjn8k_4cMIYKBTN0NSajxs-wClM6UDBr4WXtDPsPFbGehDdVsV7Otg_3-_d8AAAD__85Es7hXBQAA; ClickDataNgFall=H4sIAAAAAAAA_7RUWW_bRhD-K8IAAVqAppa3yEAIfMBpitguaqcJir4sd4fy2qtdYg_qSPLfiyVpR2ie-6LRzPdpjp1v9BUGNFZoBQ0kMYkJROAOPUJDIrC-fXj5zrQa0Djk0HRUWoyAScGeP3BooHj68v7iie3-fngMv-fUITRJlZdZVlVVGgGj256KjQrsPC_SJAJhL_84f81ltKNO6JGQlEVWR2C8xOCSCAxyYZC5G3SPmkNTRGC1N2zEsywCSRUXajPTZ--TkdAARKC7Dk3A0jRLsghaQxV7nMkjOFEfnetts1zSXsQHyrXBmOntckiX_J03cj3ib7LzN-n1m_R6t9vFHTVbagW6WOl_PCFpuaXmGd36xe2NfkLmPvD1Pce81P2fv_1-9WXGJGW4RRXQ_7wg09ZBQ2JCijD9gMpPW-jpQXv3o_FLbwwqdoAGPt1fQQTeiNNJzIBUH8YxxnW9c2YQfD3uYOoC907w9dFUXVbTlifpirZJ0pF2VdSEdh1LM8zbJCvTHBNa1qusqPKuTGlHq4IWjLSYVCxvSU3KtK4yihnL65auiil_GGU9TkIImUKOmk2o6aU_e9J4NhwP-5XJy2M-4ZYd-3VLudDenrX-eKSGQwSiP-fcoLXQQJ3ENYnzNE6K_BQqp417i-Z8g8pBAzf6KKSkyyImi18-C8X1zi5uHxYJicnbxWehyvztYh8-zNAkWR6TXxfvkT3rZUoSQhKSLK6FwU7vlyMKYSMdGjTQgFAbr866RxmeOEgfB8Hw9Wh06HWuGYRo__pxbCFRa_TOjonmEq8pLgxVfBpmCtxojvI0cEu3OPlsqgeXtJW4vLr_GF7E9tDAhRT7xb2WPtyWHYXllTNBLrd34yCbqZvbu2_f7qzUi8tAOASmcIcTAIL2DCp3GWQ035URG6E-9ichZ6iylE2nbKFRXsoImLdOb6H5OgsbXvQAEeDeoVFUjn8k_4cMIYKBTN0NSajxs-wClM6UDBr4WXtDPsPFbGehDdVsV7Otg_3-_d8AAAD__85Es7hXBQAA
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Sun, 04 May 2025 05:49:32 GMT
content-type: text/html; charset=utf-8
content-length: 780
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
expires: Thu, 01 Jan 1970 00:00:00 UTC
pragma: no-cache
X-Firefox-Spdy: h2

geo.captcha-delivery.com/interstitial/

13.49.167.109

200 OK

1.8 kB

URL POST
geo.captcha-delivery.com/interstitial/
IP
13.49.167.109:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=XUBECrOHAez2Sbprqbn0eVLgC2TDQvzKyM9rmUclC7_dKtQkduxCPUiY1QGp7l_YE2rkm9SjKcGgQHzLy51mX16fTD5qJLqDO75q6u42SigfGcMGH1D_OSGjE32C1Y01&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&s=35103&b=32286&dm=cd
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
FingerprintF2:9E:7E:72:25:57:E3:AF:B6:87:61:A0:0D:B1:85:B4:85:82:E6:96
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
JSON text data
Size
1.8 kB (1797 bytes)
Hash
8774f87ba3f6e141c8ac7de20f9aaf5b
a9a8ad22da76c84217de18dab62e60813ddbbb93
441ddbcf902de0d4a9367ca8703e5147c97e271cb2bc5508d8ad75d38cb34920

HTTP Headers

POST /interstitial/ HTTP/1.1
Host: geo.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 7684
Origin: https://geo.captcha-delivery.com
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=XUBECrOHAez2Sbprqbn0eVLgC2TDQvzKyM9rmUclC7_dKtQkduxCPUiY1QGp7l_YE2rkm9SjKcGgQHzLy51mX16fTD5qJLqDO75q6u42SigfGcMGH1D_OSGjE32C1Y01&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&s=35103&b=32286&dm=cd
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sun, 04 May 2025 05:49:36 GMT
Content-Type: application/json;charset=utf-8
Content-Length: 1797
Connection: keep-alive

galynuh.com/favicon.ico

64.225.91.73

200 OK

593 B

URL GET
galynuh.com/favicon.ico
IP
64.225.91.73:443
ASN
#14061 DIGITALOCEAN-ASN

Requested by
https://galynuh.com/login.phphT
Certificate
IssuerLet's Encrypt
Subjectgalynuh.com
FingerprintAE:8C:19:1C:11:86:6B:0A:DA:48:B7:93:C6:0B:B8:8F:44:64:C6:05
ValidityFri, 11 Apr 2025 23:07:47 GMT - Thu, 10 Jul 2025 23:07:46 GMT

File type
HTML document, ASCII text
Size
593 B (593 bytes)
Hash
3b03d93d3487806337b5c6443ce7a62d
93a7a790bb6348606cbdaf5daeaaf4ea8cf731d0
7392749832c70fcfc2d440d7afc2f880000dd564930d95d634eb1199fa15de30

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: galynuh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://galynuh.com/login.phphT
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Sun, 04 May 2025 05:49:07 GMT
Content-Type: text/html
Last-Modified: Wed, 22 Feb 2023 21:25:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63f68860-251"
Content-Encoding: gzip

ww2.galynuh.com/img.sedoparking.com/images/js_preloader.gif

64.190.63.136

441 No Reason Phrase

0 B

URL GET
ww2.galynuh.com/img.sedoparking.com/images/js_preloader.gif
IP
64.190.63.136:443
ASN
#47846 SEDO GmbH

Requested by
https://ww2.galynuh.com/
Certificate
IssuerDigiCert Inc
Subjectww2.galynuh.com
Fingerprint9D:87:DD:92:75:6F:AC:8A:63:56:ED:B5:98:CB:AA:DA:92:F8:01:8C
ValidityThu, 23 May 2024 00:00:00 GMT - Thu, 22 May 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /img.sedoparking.com/images/js_preloader.gif HTTP/1.1
Host: ww2.galynuh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww2.galynuh.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 441 No Reason Phrase
date: Sun, 04 May 2025 05:49:09 GMT
server: Parking/1.0
content-length: 0
X-Firefox-Spdy: h2

ww2.galynuh.com/search/tsc.php?ses=ogcjEeQbKVpEciCOykxYiiUxNJPEj_C6YGAd4dp3oR3L4ROb1bVFpXAGnVjX4aDOZ_69vKOyub9iY6jipxBp1UrmSQff4WPVCcH7B7AoUDK62apMX6p3L9R8MQvUAapUoKPniYl_vrQDpWdBkn9ADN5Gr6wBPLNXpl_Bc9SZ3tQ5y9Q4mHguuQ1Szk_cG0HGhEGNUgvEshRE4e00uKhDicWS4hfQ7cgkE_tBXkc-uqOW5EexQNAsxbB6VIaKYxzR1iAcDNxW39HRHa-hlji1cK2LUdQglnnb5szKBJHIJVMRqQ8AH2B5UcIq76Cdn8RH98SORBBKP8EN2l9at8liitZn0WDNSsOHFpSEXHIBWT6oMEvt7LHdV5MN3kOMw&cv=2

64.190.63.136

200 OK

0 B

URL GET
ww2.galynuh.com/search/tsc.php?ses=ogcjEeQbKVpEciCOykxYiiUxNJPEj_C6YGAd4dp3oR3L4ROb1bVFpXAGnVjX4aDOZ_69vKOyub9iY6jipxBp1UrmSQff4WPVCcH7B7AoUDK62apMX6p3L9R8MQvUAapUoKPniYl_vrQDpWdBkn9ADN5Gr6wBPLNXpl_Bc9SZ3tQ5y9Q4mHguuQ1Szk_cG0HGhEGNUgvEshRE4e00uKhDicWS4hfQ7cgkE_tBXkc-uqOW5EexQNAsxbB6VIaKYxzR1iAcDNxW39HRHa-hlji1cK2LUdQglnnb5szKBJHIJVMRqQ8AH2B5UcIq76Cdn8RH98SORBBKP8EN2l9at8liitZn0WDNSsOHFpSEXHIBWT6oMEvt7LHdV5MN3kOMw&cv=2
IP
64.190.63.136:443
ASN
#47846 SEDO GmbH

Requested by
https://ww2.galynuh.com/
Certificate
IssuerDigiCert Inc
Subjectww2.galynuh.com
Fingerprint9D:87:DD:92:75:6F:AC:8A:63:56:ED:B5:98:CB:AA:DA:92:F8:01:8C
ValidityThu, 23 May 2024 00:00:00 GMT - Thu, 22 May 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /search/tsc.php?ses=ogcjEeQbKVpEciCOykxYiiUxNJPEj_C6YGAd4dp3oR3L4ROb1bVFpXAGnVjX4aDOZ_69vKOyub9iY6jipxBp1UrmSQff4WPVCcH7B7AoUDK62apMX6p3L9R8MQvUAapUoKPniYl_vrQDpWdBkn9ADN5Gr6wBPLNXpl_Bc9SZ3tQ5y9Q4mHguuQ1Szk_cG0HGhEGNUgvEshRE4e00uKhDicWS4hfQ7cgkE_tBXkc-uqOW5EexQNAsxbB6VIaKYxzR1iAcDNxW39HRHa-hlji1cK2LUdQglnnb5szKBJHIJVMRqQ8AH2B5UcIq76Cdn8RH98SORBBKP8EN2l9at8liitZn0WDNSsOHFpSEXHIBWT6oMEvt7LHdV5MN3kOMw&cv=2 HTTP/1.1
Host: ww2.galynuh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww2.galynuh.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
date: Sun, 04 May 2025 05:49:09 GMT
server: Parking/1.0
x-cache-miss-from: parking-6cbd575cd6-bh9st
content-length: 0
X-Firefox-Spdy: h2

ww2.galynuh.com/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DDnX8%2Aw-8Nto_0&v=Y2U3M2NkMzkwMTg2NjY2MmMwMGEyNGZjYWJlNmI0YTAJMQl3dzIuZ2FseW51aC5jb202ODE2ZmZkNDZmOTEzOC45MTI5OTI4NQl3dzIuZ2FseW51aC5jb202ODE2ZmZkNDZmOTQ4Ny4zOTMyMjI3MgkxNzQ2MzM3NzQ5CWFkXzYzXzA%3D&l=ogc7hZMTHZRuD1aCNkTkL8Zhw_l7TibUaPzVGFYWMWTdVbYIKVhLp1X0N3qFR_HFjgb-RlffcSotevDS6UlTmHI3HW8WIUrjPbtosec9BUOGkKLdDuAZBUe_BiyTjQ1w2-zDCr5ceRSyBUxNhbCP2ohK2ZqsTODeIGULylPVu7F_1oKEDlb0xw7VlPToAM7t5octxJKtKCBD4GL3C2dDdTRSZvx6SS3JMRPUYVORHxfdfPddjU67s9ZaXfsqsCwsme-KtS8-gWSO2MWvi_uJFIFBYpzSzTa6AzEhYIqzQOfTbvLesfbvoZUW_0zBAMbv-adLv7xFKriwjQZ-zcHDSuPfbar_rl4w3m77lwY_ThWzD70UPkG5PjwNkez7-UTnW0k_C-iLitbhAkqAwo72naj6-IrTwABWTkqmblv1W6bbcGS2vR1HZinba1J1aHnMm6MyWAFD96JGY2bEbn01iNY5jRksnb5tbG0FB_-5kXCefIX3GOFEL3db06A2ddKZ90xGCZN46pljR2su5Uq5MpjkcqDAWXiMFhFo_hPQpXohUH0po5156wRuUWeUTqNG72SRAXP7EZmhsiAM0EKJEmtvnLHgfKuP8eFWlM2M59W9-CUY0CL7TwrCmhEbw3zLBaMcS5-WUuxvaB2uyl834WOuoSwRVRm1RaUQr4cKzvwDvVn0Ys5eINmIGzJflQ9ed-O1ZdIOA

64.190.63.136

302 Found

0 B

URL User Request GET
ww2.galynuh.com/search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DDnX8%2Aw-8Nto_0&v=Y2U3M2NkMzkwMTg2NjY2MmMwMGEyNGZjYWJlNmI0YTAJMQl3dzIuZ2FseW51aC5jb202ODE2ZmZkNDZmOTEzOC45MTI5OTI4NQl3dzIuZ2FseW51aC5jb202ODE2ZmZkNDZmOTQ4Ny4zOTMyMjI3MgkxNzQ2MzM3NzQ5CWFkXzYzXzA%3D&l=ogc7hZMTHZRuD1aCNkTkL8Zhw_l7TibUaPzVGFYWMWTdVbYIKVhLp1X0N3qFR_HFjgb-RlffcSotevDS6UlTmHI3HW8WIUrjPbtosec9BUOGkKLdDuAZBUe_BiyTjQ1w2-zDCr5ceRSyBUxNhbCP2ohK2ZqsTODeIGULylPVu7F_1oKEDlb0xw7VlPToAM7t5octxJKtKCBD4GL3C2dDdTRSZvx6SS3JMRPUYVORHxfdfPddjU67s9ZaXfsqsCwsme-KtS8-gWSO2MWvi_uJFIFBYpzSzTa6AzEhYIqzQOfTbvLesfbvoZUW_0zBAMbv-adLv7xFKriwjQZ-zcHDSuPfbar_rl4w3m77lwY_ThWzD70UPkG5PjwNkez7-UTnW0k_C-iLitbhAkqAwo72naj6-IrTwABWTkqmblv1W6bbcGS2vR1HZinba1J1aHnMm6MyWAFD96JGY2bEbn01iNY5jRksnb5tbG0FB_-5kXCefIX3GOFEL3db06A2ddKZ90xGCZN46pljR2su5Uq5MpjkcqDAWXiMFhFo_hPQpXohUH0po5156wRuUWeUTqNG72SRAXP7EZmhsiAM0EKJEmtvnLHgfKuP8eFWlM2M59W9-CUY0CL7TwrCmhEbw3zLBaMcS5-WUuxvaB2uyl834WOuoSwRVRm1RaUQr4cKzvwDvVn0Ys5eINmIGzJflQ9ed-O1ZdIOA
IP
64.190.63.136:443
ASN
#47846 SEDO GmbH

Certificate
IssuerDigiCert Inc
Subjectww2.galynuh.com
Fingerprint9D:87:DD:92:75:6F:AC:8A:63:56:ED:B5:98:CB:AA:DA:92:F8:01:8C
ValidityThu, 23 May 2024 00:00:00 GMT - Thu, 22 May 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /search/redirect.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DDnX8%2Aw-8Nto_0&v=Y2U3M2NkMzkwMTg2NjY2MmMwMGEyNGZjYWJlNmI0YTAJMQl3dzIuZ2FseW51aC5jb202ODE2ZmZkNDZmOTEzOC45MTI5OTI4NQl3dzIuZ2FseW51aC5jb202ODE2ZmZkNDZmOTQ4Ny4zOTMyMjI3MgkxNzQ2MzM3NzQ5CWFkXzYzXzA%3D&l=ogc7hZMTHZRuD1aCNkTkL8Zhw_l7TibUaPzVGFYWMWTdVbYIKVhLp1X0N3qFR_HFjgb-RlffcSotevDS6UlTmHI3HW8WIUrjPbtosec9BUOGkKLdDuAZBUe_BiyTjQ1w2-zDCr5ceRSyBUxNhbCP2ohK2ZqsTODeIGULylPVu7F_1oKEDlb0xw7VlPToAM7t5octxJKtKCBD4GL3C2dDdTRSZvx6SS3JMRPUYVORHxfdfPddjU67s9ZaXfsqsCwsme-KtS8-gWSO2MWvi_uJFIFBYpzSzTa6AzEhYIqzQOfTbvLesfbvoZUW_0zBAMbv-adLv7xFKriwjQZ-zcHDSuPfbar_rl4w3m77lwY_ThWzD70UPkG5PjwNkez7-UTnW0k_C-iLitbhAkqAwo72naj6-IrTwABWTkqmblv1W6bbcGS2vR1HZinba1J1aHnMm6MyWAFD96JGY2bEbn01iNY5jRksnb5tbG0FB_-5kXCefIX3GOFEL3db06A2ddKZ90xGCZN46pljR2su5Uq5MpjkcqDAWXiMFhFo_hPQpXohUH0po5156wRuUWeUTqNG72SRAXP7EZmhsiAM0EKJEmtvnLHgfKuP8eFWlM2M59W9-CUY0CL7TwrCmhEbw3zLBaMcS5-WUuxvaB2uyl834WOuoSwRVRm1RaUQr4cKzvwDvVn0Ys5eINmIGzJflQ9ed-O1ZdIOA HTTP/1.1
Host: ww2.galynuh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww2.galynuh.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-type: text/html; charset=UTF-8
date: Sun, 04 May 2025 05:49:09 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 04 May 2025 05:49:09 GMT
location: /search/tcerider.php?f=https%3A%2F%2Fxml.sedodna.com%2Fclick%3Fi%3DDnX8%2Aw-8Nto_0&v=Y2U3M2NkMzkwMTg2NjY2MmMwMGEyNGZjYWJlNmI0YTAJMQl3dzIuZ2FseW51aC5jb202ODE2ZmZkNDZmOTEzOC45MTI5OTI4NQl3dzIuZ2FseW51aC5jb202ODE2ZmZkNDZmOTQ4Ny4zOTMyMjI3MgkxNzQ2MzM3NzQ5CWFkXzYzXzA%3D&l=ogc7hZMTHZRuD1aCNkTkL8Zhw_l7TibUaPzVGFYWMWTdVbYIKVhLp1X0N3qFR_HFjgb-RlffcSotevDS6UlTmHI3HW8WIUrjPbtosec9BUOGkKLdDuAZBUe_BiyTjQ1w2-zDCr5ceRSyBUxNhbCP2ohK2ZqsTODeIGULylPVu7F_1oKEDlb0xw7VlPToAM7t5octxJKtKCBD4GL3C2dDdTRSZvx6SS3JMRPUYVORHxfdfPddjU67s9ZaXfsqsCwsme-KtS8-gWSO2MWvi_uJFIFBYpzSzTa6AzEhYIqzQOfTbvLesfbvoZUW_0zBAMbv-adLv7xFKriwjQZ-zcHDSuPfbar_rl4w3m77lwY_ThWzD70UPkG5PjwNkez7-UTnW0k_C-iLitbhAkqAwo72naj6-IrTwABWTkqmblv1W6bbcGS2vR1HZinba1J1aHnMm6MyWAFD96JGY2bEbn01iNY5jRksnb5tbG0FB_-5kXCefIX3GOFEL3db06A2ddKZ90xGCZN46pljR2su5Uq5MpjkcqDAWXiMFhFo_hPQpXohUH0po5156wRuUWeUTqNG72SRAXP7EZmhsiAM0EKJEmtvnLHgfKuP8eFWlM2M59W9-CUY0CL7TwrCmhEbw3zLBaMcS5-WUuxvaB2uyl834WOuoSwRVRm1RaUQr4cKzvwDvVn0Ys5eINmIGzJflQ9ed-O1ZdIOA
pragma: no-cache
server: Parking/1.0
x-cache-miss-from: parking-6cbd575cd6-44gf2
content-length: 0
X-Firefox-Spdy: h2

xml.sedodna.com/click?i=DnX8*w-8Nto_0

173.239.53.32

302 Found

0 B

URL User Request GET
xml.sedodna.com/click?i=DnX8*w-8Nto_0
IP
173.239.53.32:443
ASN
#27257 WEBAIR-INTERNET

Certificate
IssuerGlobalSign nv-sa
Subject*.sedodna.com
Fingerprint06:84:DD:97:12:C4:0C:48:8D:4F:DE:37:A8:9D:09:15:EA:BF:32:23
ValidityTue, 22 Apr 2025 11:36:56 GMT - Sun, 24 May 2026 11:36:55 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?i=DnX8*w-8Nto_0 HTTP/1.1
Host: xml.sedodna.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww2.galynuh.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 May 2025 05:49:10 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: http://q1.quotes.com/7f2bf38c-28ab-11f0-9998-7b574deff6b7

no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D629D01JTCXFDHQ630AD7HCD28NCK8Y%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no&dc=false

95.211.116.26

403 Forbidden

744 B

URL User Request GET
no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D629D01JTCXFDHQ630AD7HCD28NCK8Y%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no&dc=false
IP
95.211.116.26:443
ASN
#60781 LeaseWeb Netherlands B.V.

Certificate
IssuerDigiCert Inc
Subject*.kelkoogroup.net
FingerprintAB:7F:31:B1:66:46:76:99:39:20:8C:5B:A4:03:6B:DE:E6:6B:F4:17
ValidityThu, 26 Sep 2024 00:00:00 GMT - Fri, 10 Oct 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (744), with no line terminators
Size
744 B (744 bytes)
Hash
51d5edfa68d29d8b314b2216408c317d
0e9c5a7911896a31d7e59dea005da64f2e9f71a2
62e26d92eb17071d96f58ff485244f9ce4848500d58504beb8c8cdb028cc4f8b

HTTP Headers

GET /redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D629D01JTCXFDHQ630AD7HCD28NCK8Y%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no&dc=false HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://api.kelkoogroup.net/
DNT: 1
Connection: keep-alive
Cookie: kelkooID=a4c6293-19699d7b629-1a3224
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Pragma: no-cache
X-DD-B: 3
Charset: utf-8
Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
Set-Cookie: datadome=XUBECrOHAez2Sbprqbn0eVLgC2TDQvzKyM9rmUclC7_dKtQkduxCPUiY1QGp7l_YE2rkm9SjKcGgQHzLy51mX16fTD5qJLqDO75q6u42SigfGcMGH1D_OSGjE32C1Y01; Max-Age=31104000; Expires=Wed, 29 Apr 2026 05:49:33 GMT; SameSite=Lax; Path=/; Domain=.kelkoogroup.net; Secure
X-DataDome: protected
Request-Time: PT0.018573785S
Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
X-DataDome-CID: AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg==
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Sun, 04 May 2025 05:49:33 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 744

dd.prod.captcha-delivery.com/image/2025-05-04/19d11b627d6f7faa8015a8d7e754122b.frag.png

54.240.174.31

200 OK

7.5 kB

URL GET
dd.prod.captcha-delivery.com/image/2025-05-04/19d11b627d6f7faa8015a8d7e754122b.frag.png
IP
54.240.174.31:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg==&cid=XUBECrOHAez2Sbprqbn0eHhqbnEeTE3AT8WgbtUtvJjPQKzETQmi8BspzxxZ1oC0VvYCYtxFk3_KIN0W5Bd8Ax9YyskJmLvXbnG7VSVOVG2qiIwcylS~fw0Nkb1tGYTe&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=385bae445092a95666dbde93e60360c2f934cd80e819edc3437a279d4e746979&ir=36%2C20%2C676&dm=dc_ir
Certificate
IssuerAmazon
Subjectdd.prod.captcha-delivery.com
Fingerprint78:DE:FA:F7:3D:63:84:2A:F7:68:BE:5E:19:5C:02:C6:7A:A4:A2:DA
ValidityMon, 27 Jan 2025 00:00:00 GMT - Wed, 25 Feb 2026 23:59:59 GMT

File type
PNG image data, 63 x 155, 8-bit/color RGBA, non-interlaced
Size
7.5 kB (7542 bytes)
Hash
37792f8dad49504bf3a813bb744386e7
1904e5a78365cdb2d29fd54ce2bb9bc6375576e6
b08a0269323a407f2584440dd7f15cd11b9f8d5bed725f1bb37632b75e52b153

HTTP Headers

GET /image/2025-05-04/19d11b627d6f7faa8015a8d7e754122b.frag.png HTTP/1.1
Host: dd.prod.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://geo.captcha-delivery.com
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 7542
date: Sun, 04 May 2025 00:00:53 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3600
last-modified: Wed, 30 Apr 2025 05:08:48 GMT
x-amz-expiration: expiry-date="Thu, 08 May 2025 00:00:00 GMT", rule-id="auto-clean old captchas image (7 days)"
etag: "37792f8dad49504bf3a813bb744386e7"
x-amz-server-side-encryption: AES256
x-amz-version-id: WfRAuXwRYd0zCCnnqLCLFCGGMup_VkjC
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: lYaKOEcL4QJv0YnFuvFdTCSs5suOZE_DSEHsJrY8gCe4qh3D0mUujQ==
age: 20924
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

ww2.galynuh.com/

64.190.63.136

200 OK

2.9 kB

URL User Request GET
ww2.galynuh.com/
IP
64.190.63.136:443
ASN
#47846 SEDO GmbH

Certificate
IssuerDigiCert Inc
Subjectww2.galynuh.com
Fingerprint9D:87:DD:92:75:6F:AC:8A:63:56:ED:B5:98:CB:AA:DA:92:F8:01:8C
ValidityThu, 23 May 2024 00:00:00 GMT - Thu, 22 May 2025 23:59:59 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (1181)
Size
2.9 kB (2861 bytes)
Hash
02295156add73444b6bbd464cd12c2ca
8b85857f1146331fc1adf7883ebeaa4b31a7410b
1ab802c66f006105865d57efe7b4de3de17489ffb938abfeed348b6a1c7e8f93

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: ww2.galynuh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Sun, 04 May 2025 05:49:09 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Sun, 04 May 2025 05:49:08 GMT
pragma: no-cache
server: Parking/1.0
vary: Accept-Encoding
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_HI436Aifeiu7x50nNzA76RIk3oA/3dsq28za6CBes7YNv3petx/n34LIg+wCDnF7oSAvaapyANos+X6uXzXu7Q==
x-cache-miss-from: parking-6cbd575cd6-44gf2
X-Firefox-Spdy: h2

static.captcha-delivery.com/common/fonts/roboto/font-face.css

54.240.174.73

200 OK

519 B

URL GET
static.captcha-delivery.com/common/fonts/roboto/font-face.css
IP
54.240.174.73:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg==&cid=XUBECrOHAez2Sbprqbn0eHhqbnEeTE3AT8WgbtUtvJjPQKzETQmi8BspzxxZ1oC0VvYCYtxFk3_KIN0W5Bd8Ax9YyskJmLvXbnG7VSVOVG2qiIwcylS~fw0Nkb1tGYTe&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=385bae445092a95666dbde93e60360c2f934cd80e819edc3437a279d4e746979&ir=36%2C20%2C676&dm=dc_ir
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
ASCII text
Size
519 B (519 bytes)
Hash
e4f77074c0ffbfab377011e19283eb13
9160259165ca1ef84209d4dd675c3ed367babff1
66599c34190f7a6a402b38664a30a9b564fc22510f51fa3c5f027fb91e7a0e51

HTTP Headers

GET /common/fonts/roboto/font-face.css HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
content-length: 519
last-modified: Fri, 19 Jul 2024 12:42:09 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sun, 04 May 2025 00:51:41 GMT
etag: "e4f77074c0ffbfab377011e19283eb13"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: spQGjVCs6hhMBwK6-2Iei3C16V2FnH0rywrK30dPaIx6OkjGwfGYKg==
age: 17876
X-Firefox-Spdy: h2

ingun-fhl.com/zclkvisitor/7f39abd1-28ab-11f0-b859-0affc23e4b13/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381

0.0.0.0

0 B

URL User Request GET
ingun-fhl.com/zclkvisitor/7f39abd1-28ab-11f0-b859-0affc23e4b13/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zclkvisitor/7f39abd1-28ab-11f0-b859-0affc23e4b13/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381 HTTP/1.1
Host: ingun-fhl.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

dd.prod.captcha-delivery.com/image/2025-05-04/19d11b627d6f7faa8015a8d7e754122b.jpg

54.240.174.31

200 OK

18 kB

URL GET
dd.prod.captcha-delivery.com/image/2025-05-04/19d11b627d6f7faa8015a8d7e754122b.jpg
IP
54.240.174.31:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg==&cid=XUBECrOHAez2Sbprqbn0eHhqbnEeTE3AT8WgbtUtvJjPQKzETQmi8BspzxxZ1oC0VvYCYtxFk3_KIN0W5Bd8Ax9YyskJmLvXbnG7VSVOVG2qiIwcylS~fw0Nkb1tGYTe&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=385bae445092a95666dbde93e60360c2f934cd80e819edc3437a279d4e746979&ir=36%2C20%2C676&dm=dc_ir
Certificate
IssuerAmazon
Subjectdd.prod.captcha-delivery.com
Fingerprint78:DE:FA:F7:3D:63:84:2A:F7:68:BE:5E:19:5C:02:C6:7A:A4:A2:DA
ValidityMon, 27 Jan 2025 00:00:00 GMT - Wed, 25 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 280x155, components 3
Size
18 kB (17933 bytes)
Hash
56eb60fd3614623e4c710df98fc3b243
749a0adf5910aff90800a24d21525b5c0af57df1
4958e35d4c611239a668f3c8d8adda3ac8e222d16f9389c26927d2040d65a577

HTTP Headers

GET /image/2025-05-04/19d11b627d6f7faa8015a8d7e754122b.jpg HTTP/1.1
Host: dd.prod.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://geo.captcha-delivery.com
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 17933
date: Sun, 04 May 2025 00:00:53 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3600
last-modified: Wed, 30 Apr 2025 05:08:48 GMT
x-amz-expiration: expiry-date="Thu, 08 May 2025 00:00:00 GMT", rule-id="auto-clean old captchas image (7 days)"
etag: "56eb60fd3614623e4c710df98fc3b243"
x-amz-server-side-encryption: AES256
x-amz-version-id: yKlHKRZ8sxGuDKMcZxWNDnAE5wiFdT2r
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: rlMqnhUznxCGAazIIlNNNxcqbAsXMS7-9LXwyPxOdW-A_Y_zGLbDRw==
age: 20924
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

q1.quotes.com/7f2bf38c-28ab-11f0-9998-7b574deff6b7

0.0.0.0

0 B

URL User Request GET
q1.quotes.com/7f2bf38c-28ab-11f0-9998-7b574deff6b7
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /7f2bf38c-28ab-11f0-9998-7b574deff6b7 HTTP/1.1
Host: q1.quotes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

ct.captcha-delivery.com/i.js

54.240.174.6

200 OK

13 kB

URL GET
ct.captcha-delivery.com/i.js
IP
54.240.174.6:443
ASN
#16509 AMAZON-02

Requested by
https://no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D629D01JTCXFDHQ630AD7HCD28NCK8Y%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no&dc=false
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
13 kB (12996 bytes)
Hash
c289d6c8b0e743fd024d52618d546f20
cd29405db7518c6943bacc943ac35c3d314ac722
8d973ba5eafa4328ff1feaefd70cccd0472b8af0c006285ba63eed00977935cc

HTTP Headers

GET /i.js HTTP/1.1
Host: ct.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
content-length: 12996
last-modified: Mon, 17 Feb 2025 09:53:49 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sat, 03 May 2025 06:15:08 GMT
etag: "c289d6c8b0e743fd024d52618d546f20"
x-cache: Hit from cloudfront
via: 1.1 04c4f064943f75498361739eb063cb7a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: faq50dapBVgsiGiSDrqnMY5LS9Nv9lFStDCKPgMcpv3RJAWyTdgVUw==
age: 84866
X-Firefox-Spdy: h2

static.captcha-delivery.com/common/fonts/roboto/font-face.css

54.240.174.73

200 OK

519 B

URL GET
static.captcha-delivery.com/common/fonts/roboto/font-face.css
IP
54.240.174.73:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=XUBECrOHAez2Sbprqbn0eVLgC2TDQvzKyM9rmUclC7_dKtQkduxCPUiY1QGp7l_YE2rkm9SjKcGgQHzLy51mX16fTD5qJLqDO75q6u42SigfGcMGH1D_OSGjE32C1Y01&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&s=35103&b=32286&dm=cd
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
ASCII text
Size
519 B (519 bytes)
Hash
e4f77074c0ffbfab377011e19283eb13
9160259165ca1ef84209d4dd675c3ed367babff1
66599c34190f7a6a402b38664a30a9b564fc22510f51fa3c5f027fb91e7a0e51

HTTP Headers

GET /common/fonts/roboto/font-face.css HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
content-length: 519
last-modified: Fri, 19 Jul 2024 12:42:09 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sun, 04 May 2025 00:51:41 GMT
etag: "e4f77074c0ffbfab377011e19283eb13"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yawPKXEHQyktuyfxJAnUNFjox6w2Xabq7dxHoCRscHj1FKQKmLG2Zw==
age: 17874
X-Firefox-Spdy: h2

static.captcha-delivery.com/captcha/assets/tpl/device-check/index.css

54.240.174.73

200 OK

3.7 kB

URL GET
static.captcha-delivery.com/captcha/assets/tpl/device-check/index.css
IP
54.240.174.73:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=XUBECrOHAez2Sbprqbn0eVLgC2TDQvzKyM9rmUclC7_dKtQkduxCPUiY1QGp7l_YE2rkm9SjKcGgQHzLy51mX16fTD5qJLqDO75q6u42SigfGcMGH1D_OSGjE32C1Y01&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&s=35103&b=32286&dm=cd
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
ASCII text
Size
3.7 kB (3683 bytes)
Hash
d24f433ae1916185b0e4e20ed76cb64b
e0c8d4c58b7d0983f9b4042bea94c014cd5ec668
f40a7b02a8a2d420aa9d4cb5b0b26a92468828984fdc4b0d1202de4e24f59859

HTTP Headers

GET /captcha/assets/tpl/device-check/index.css HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 08 Feb 2024 08:41:29 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
date: Sun, 04 May 2025 02:01:22 GMT
etag: W/"d24f433ae1916185b0e4e20ed76cb64b"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: UZATPrHt8fhoLJxXTyf_O07Bnl1wGYLe1Md8yZqxnzQyD3F7jKBNUA==
age: 13693
X-Firefox-Spdy: h2

static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/index.css

54.240.174.73

200 OK

6.2 kB

URL GET
static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/index.css
IP
54.240.174.73:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAfE1GIvAyjvMAW1oqmg==&cid=XUBECrOHAez2Sbprqbn0eHhqbnEeTE3AT8WgbtUtvJjPQKzETQmi8BspzxxZ1oC0VvYCYtxFk3_KIN0W5Bd8Ax9YyskJmLvXbnG7VSVOVG2qiIwcylS~fw0Nkb1tGYTe&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af22668d91505e9399700d7018713750152e6094412c04473a7b84a4b132282ee422c8f05dc23b84e4009dd99829689cd2bcfdb31f3c157923be6b621377247d0cd1ed550295bb1f20f86d85798da2b38e0b354e2d2d192daad6f1aff106e9c239793a785f93fde506bd6cd4cc585a45b680bc7dee557b15c394143d74ebe187a4f6b10158916e650d9374df3133855e4a01fc5b0a7fdbfd94aeb5b21fbc81ea08dc682b283e2cc9a9b34bfc54465114420296ff49b9fab043b75d11ce74212f6382b5875b92ba302aa31d6bf3c695ce9c917b9dbb30b085e1e26571044e1056145dd9a533481e8e0dec6c4fcc164683db6ffa8336067e8a3bc1c1050d7e7724f271f3b1c7eb81ea9e46076d1ef1ee5a32da4822ef04fb2b3663d3f9c556b70898c22d1f12ca5b85c8c81bb914eef41bc1fea7ffc199854e03ce5583df8d2e6c22a839162fa4c79293fabb4ac4010d4ffd8bade64fc47235e99f0787d769200f1d5bbc64b9f4210ccd40e26a7c30c939cc17%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D629D01JTCXFDHQ630AD7HCD28NCK8Y%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no%26dc%3Dfalse&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=385bae445092a95666dbde93e60360c2f934cd80e819edc3437a279d4e746979&ir=36%2C20%2C676&dm=dc_ir
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
6.2 kB (6162 bytes)
Hash
1f113f0b6d6855568c684e354bb853d1
2a2fbd27d5408fa3e53c74f04b7790ab1aea9b2c
d49fce4d3745c6d9f755f6be625eb218238baec337cfdb30be0e87d8c0ff6653

HTTP Headers

GET /captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/index.css HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 11 Apr 2024 08:21:58 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
date: Sun, 04 May 2025 00:51:48 GMT
etag: W/"1f113f0b6d6855568c684e354bb853d1"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: abipyKl027Q_420ROMJd9VkSr15QGKWQ93k99EPuP_okGbh_i6Bj5Q==
age: 17870
X-Firefox-Spdy: h2

api.yadore.com/v2/d?url=https%3A%2F%2Fwww.farmasiet.no&market=no&projectId=Sde46opRHJDX&placementId=5jXGBjcwZTh0

88.99.112.6

302 Found

249 kB

URL User Request GET
api.yadore.com/v2/d?url=https%3A%2F%2Fwww.farmasiet.no&market=no&projectId=Sde46opRHJDX&placementId=5jXGBjcwZTh0
IP
88.99.112.6:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectyadore.com
FingerprintF7:B8:AC:53:49:AE:DB:B0:9F:2A:35:37:6D:D6:7A:A1:47:57:B1:7F
ValidityWed, 09 Apr 2025 08:46:45 GMT - Tue, 08 Jul 2025 08:46:44 GMT

File type

Size
249 kB (248564 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v2/d?url=https%3A%2F%2Fwww.farmasiet.no&market=no&projectId=Sde46opRHJDX&placementId=5jXGBjcwZTh0 HTTP/1.1
Host: api.yadore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, API-Key
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: *
access-control-max-age: 86400
content-type: text/html; charset=UTF-8
date: Sun, 04 May 2025 05:49:32 GMT
location: https://api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=97a675bbca169e000c9a2474359ea4c01d295a683ddf0ab0b749076683cd6cd7&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com
referrer-policy: no-referrer
server: nginx
x-powered-by: PHP/8.3.19
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (9)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (33)

URL GET

IP

ASN

Requested by