Report - gdcoder.com/

Report Overview

Visited public
2025-04-19 06:12:45
Tags
URL
gdcoder.com/
Finishing URL
no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D62B801JS6ATKVR35S81WJ648RA97SR%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no
IP / ASN
185.107.56.57
#43350 NForce Entertainment B.V.
Title
kelkoogroup.net

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
cypri-ang.com	unknown	2025-04-17	2025-04-18	2025-04-18	2.5 kB	3.7 kB	3.215.19.52
gdcoder.com	350702	unknown	2019-05-01	2023-02-10	1.8 kB	1.6 kB	185.107.56.57
api.kelkoogroup.net	468795	2017-08-18	2020-06-09	2025-04-17	811 B	232 kB	143.204.55.22
geo.captcha-delivery.com	43337	2019-12-23	2020-03-18	2025-04-12	6.9 kB	1.1 MB	13.49.167.109
no-go.kelkoogroup.net	unknown	2017-08-18	2017-10-30	2025-04-16	3.1 kB	3.2 kB	95.211.116.26
api.yadore.com	591567	2014-09-12	2017-11-28	2025-04-17	580 B	231 kB	88.99.112.2
dd.prod.captcha-delivery.com	unknown	2019-12-23	2022-04-28	2025-04-12	1.1 kB	22 kB	54.240.174.31
static.captcha-delivery.com	38537	2019-12-23	2020-05-12	2025-04-14	3.6 kB	62 kB	143.204.55.50
ct.captcha-delivery.com	42546	2019-12-23	2020-02-05	2025-04-12	422 B	14 kB	54.240.174.114

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2025-04-19	medium	gdcoder.com	Sinkholed
2025-04-19	medium	gdcoder.com	Sinkholed
2025-04-19	medium	gdcoder.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (6)

	URL	From	Size	First Seen	Last Seen
	cypri-ang.com/zclkvisitor/42a14880-1ce5-11f0-bf15-0affe191143b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381	ScriptElement	2.8 kB	2025-04-19	2025-04-19
Pretty URL cypri-ang.com/zclkvisitor/42a14880-1ce5-11f0-bf15-0affe191143b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381 IP 3.215.19.52 ASN #14618 AMAZON-AES Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-19 06:12 Last Seen2025-04-19 06:12 Times Seen1 Hash 03755c2d6326eb80ca25188e802eaaed 6d5fd35a3d0fba784b077869cfc041b34df4c406 f09d919c6cf5423a0b9052d247232f097aa6753748b5431a143c0c01d57449b7 Loading...

	api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=8ffa4c197a444844429389594123213d9cf783846213512da7842b52da29bd67&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com	ScriptElement	216 kB	2025-04-19	2025-04-19
Pretty URL api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=8ffa4c197a444844429389594123213d9cf783846213512da7842b52da29bd67&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com IP 143.204.55.22 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-19 06:12 Last Seen2025-04-19 06:12 Times Seen1 Hash 56f5f39873e3caf5b9153a89f64cb818 39fd55ea754385d4dc44088d86aed1f92c0dda50 b4b1c57d77abee2b291f9bb6723d830b1596fd97cf063da5704ff53e751a57e0 Loading...

	api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=8ffa4c197a444844429389594123213d9cf783846213512da7842b52da29bd67&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com	ScriptElement	10 kB	2025-04-19	2025-04-19
Pretty URL api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=8ffa4c197a444844429389594123213d9cf783846213512da7842b52da29bd67&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com IP 143.204.55.22 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-19 06:12 Last Seen2025-04-19 06:12 Times Seen1 Hash c2f8369a941c6c37cbc0e494d7ce4e38 d115fe42aabf2d32e789f6173295433e7aba45cc db3b746e966ce79a5a80b3404fe7fa3750627cbaec726b8a9448b1cdf98fb904 Loading...

	api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=8ffa4c197a444844429389594123213d9cf783846213512da7842b52da29bd67&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com	ScriptElement	1.3 kB	2025-04-19	2025-04-19
Pretty URL api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=8ffa4c197a444844429389594123213d9cf783846213512da7842b52da29bd67&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com IP 143.204.55.22 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-19 06:12 Last Seen2025-04-19 06:12 Times Seen1 Hash df3f42753a1f7557b83aafd1977fb5e3 4ab16ab9e7e6259176decffea76cc5dbb6bbd647 0e8fc6e78f7488c720996fdb8ad58be5e9601cfd45a86576a57e82a86ad25bab Loading...

	no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D62B801JS6ATKVR35S81WJ648RA97SR%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no	ScriptElement	299 B	2025-04-19	2025-04-19
Pretty URL no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D62B801JS6ATKVR35S81WJ648RA97SR%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no IP 95.211.116.26 ASN #60781 LeaseWeb Netherlands B.V. Introduced by scriptElement Embedded in HTML true Observations First Seen2025-04-19 06:12 Last Seen2025-04-19 06:12 Times Seen1 Hash c30ab9f0b11d932f056f8e809fe49687 7655e66ac41399c2c48d8cad00ceab88715aa6e3 14689c65dade4b4762f0bf0887ed5d3aa02f5a096877aceca9252fcd85bc256a Loading...

	ct.captcha-delivery.com/i.js	ScriptElement	13 kB	2025-02-18	2025-06-05
Pretty URL ct.captcha-delivery.com/i.js IP 54.240.174.114 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2025-02-18 06:11 Last Seen2025-06-05 18:49 Times Seen548 Hash c289d6c8b0e743fd024d52618d546f20 cd29405db7518c6943bacc943ac35c3d314ac722 8d973ba5eafa4328ff1feaefd70cccd0472b8af0c006285ba63eed00977935cc Loading...

HTTP Transactions (24)

URL IP Response Size

cypri-ang.com/favicon.ico

3.215.19.52

404

82 B

URL GET
cypri-ang.com/favicon.ico
IP
3.215.19.52:80
ASN
#14618 AMAZON-AES

Requested by
http://cypri-ang.com/zclkvisitor/42a14880-1ce5-11f0-bf15-0affe191143b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381

File type
JSON text data
Size
82 B (82 bytes)
Hash
9ca01e2ffc52fea8b086933c043685b7
788b9acca6811c625d0c6e035fc402fa5436f026
26820cc85e4b8e69b81b6acffd35240ffcfe180ccecb143d54343c04650332af

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: cypri-ang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Referer: http://cypri-ang.com/zclkvisitor/42a14880-1ce5-11f0-bf15-0affe191143b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 
Date: Sat, 19 Apr 2025 06:12:26 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive

dd.prod.captcha-delivery.com/image/2025-04-19/1c8af21cc1c1e153387e0b29d0b9c5d7.frag.png

54.240.174.31

200 OK

7.0 kB

URL GET
dd.prod.captcha-delivery.com/image/2025-04-19/1c8af21cc1c1e153387e0b29d0b9c5d7.frag.png
IP
54.240.174.31:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg==&cid=LXH7VYOAUcTH20z2kXfcfn0xupOE4bQT4YoVvWhLWFMf_kZTi7Mphas_oOGauXJFNheY533lF~Uyn7eAcJ0k7fw2V5jnbNKYFLy7oYXfuJPjzzTqs2bLZtR5xBoPcMRu&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=15017ddbf3e1decc3d9b44c46f36a031e2d462c630f2a5c7020ed6bc3af9189a&ir=36%2C20%2C676&dm=dc_ir
Certificate
IssuerAmazon
Subjectdd.prod.captcha-delivery.com
Fingerprint78:DE:FA:F7:3D:63:84:2A:F7:68:BE:5E:19:5C:02:C6:7A:A4:A2:DA
ValidityMon, 27 Jan 2025 00:00:00 GMT - Wed, 25 Feb 2026 23:59:59 GMT

File type
PNG image data, 63 x 155, 8-bit/color RGBA, non-interlaced
Size
7.0 kB (6954 bytes)
Hash
6a656da790d8d2c488149950f6cd35d6
bf5eb54e809f517b97577f2eccca188086923d47
e9ce0c83a484162c752e945e84fe3d77b6e7c7598258a14b8f29313b6e85975a

HTTP Headers

GET /image/2025-04-19/1c8af21cc1c1e153387e0b29d0b9c5d7.frag.png HTTP/1.1
Host: dd.prod.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://geo.captcha-delivery.com
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 6954
date: Sat, 19 Apr 2025 00:00:40 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3600
last-modified: Wed, 16 Apr 2025 07:56:23 GMT
x-amz-expiration: expiry-date="Thu, 24 Apr 2025 00:00:00 GMT", rule-id="auto-clean old captchas (7 days)"
etag: "6a656da790d8d2c488149950f6cd35d6"
x-amz-server-side-encryption: AES256
x-amz-version-id: O9Rdlc7cfYOw7Zd9vgQfHbYx3rigUZ5i
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ryNZ9T7XGBRZ6aplHgC_7Ol5QC8ige8lI9JBeEzkPYmDPqqsVszUag==
age: 22316
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

static.captcha-delivery.com/common/fonts/roboto/font-face.css

143.204.55.50

200 OK

519 B

URL GET
static.captcha-delivery.com/common/fonts/roboto/font-face.css
IP
143.204.55.50:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg==&cid=LXH7VYOAUcTH20z2kXfcfn0xupOE4bQT4YoVvWhLWFMf_kZTi7Mphas_oOGauXJFNheY533lF~Uyn7eAcJ0k7fw2V5jnbNKYFLy7oYXfuJPjzzTqs2bLZtR5xBoPcMRu&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=15017ddbf3e1decc3d9b44c46f36a031e2d462c630f2a5c7020ed6bc3af9189a&ir=36%2C20%2C676&dm=dc_ir
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
ASCII text
Size
519 B (519 bytes)
Hash
e4f77074c0ffbfab377011e19283eb13
9160259165ca1ef84209d4dd675c3ed367babff1
66599c34190f7a6a402b38664a30a9b564fc22510f51fa3c5f027fb91e7a0e51

HTTP Headers

GET /common/fonts/roboto/font-face.css HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
content-length: 519
last-modified: Fri, 19 Jul 2024 12:42:09 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sat, 19 Apr 2025 00:51:43 GMT
etag: "e4f77074c0ffbfab377011e19283eb13"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: m4-r6aOn0GpGO3UvlGltMKgu9cUVEFBU6QP20dGnRWsn7XnBAJ0TeQ==
age: 19258
X-Firefox-Spdy: h2

gdcoder.com/

185.107.56.57

200 OK

473 B

URL User Request GET
gdcoder.com/
IP
185.107.56.57:443
ASN
#43350 NForce Entertainment B.V.

Certificate
IssuerLet's Encrypt
Subjectgdcoder.com
FingerprintE8:79:66:3A:9E:8B:D4:ED:DE:7B:10:83:76:5F:21:B3:0A:8F:0F:AB
ValidityThu, 13 Feb 2025 11:31:55 GMT - Wed, 14 May 2025 11:31:54 GMT

File type
HTML document, ASCII text, with very long lines (473), with no line terminators
Size
473 B (473 bytes)
Hash
3ec25e9a85de3f4a03da36e8659c3292
e34b4710931b8ebdce1b623b34af379b73a3970d
0c80feaaeddcd92b807040933051b74d40c226ebb30bf6fdd602616d98444cea

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET / HTTP/1.1
Host: gdcoder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: max-age=0, private, must-revalidate
content-length: 473
content-type: text/html; charset=utf-8
date: Sat, 19 Apr 2025 06:12:22 GMT
server: Cowboy
set-cookie: sid=421bdbf9-1ce5-11f0-b150-c09178107e8d; path=/; domain=.gdcoder.com; expires=Thu, 07 May 2093 09:26:30 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

cypri-ang.com/zclkredirect?visitid=42a14880-1ce5-11f0-bf15-0affe191143b&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=Mesa%3B%20llvmpipe&timezone=UTC%2B00%3A00&timezoneName=UTC

0.0.0.0

0 B

URL User Request GET
cypri-ang.com/zclkredirect?visitid=42a14880-1ce5-11f0-bf15-0affe191143b&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=Mesa%3B%20llvmpipe&timezone=UTC%2B00%3A00&timezoneName=UTC
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zclkredirect?visitid=42a14880-1ce5-11f0-bf15-0affe191143b&type=js&browserWidth=1280&browserHeight=1024&iframeDetected=false&webdriverDetected=false&gpu=Mesa%3B%20llvmpipe&timezone=UTC%2B00%3A00&timezoneName=UTC HTTP/1.1
Host: cypri-ang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://cypri-ang.com/zclkvisitor/42a14880-1ce5-11f0-bf15-0affe191143b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=8ffa4c197a444844429389594123213d9cf783846213512da7842b52da29bd67&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com

143.204.55.22

200 OK

230 kB

URL User Request GET
api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=8ffa4c197a444844429389594123213d9cf783846213512da7842b52da29bd67&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com
IP
143.204.55.22:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectapi.kelkoogroup.net
FingerprintDE:F8:09:ED:61:51:96:48:CB:23:37:6D:A6:4F:C8:7C:0C:15:69:2D
ValidityMon, 18 Nov 2024 00:00:00 GMT - Tue, 16 Dec 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (45390)
Size
230 kB (230277 bytes)
Hash
06849167707a9375f0a3c3322deb1f27
bec4f53210bb9320f36bc27586c045a6edc3f946
9a2b8152eb1d1c2e026d58f26d4e1208a2374405b3ffae39ecd559c2766ee3be

HTTP Headers

GET /publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=8ffa4c197a444844429389594123213d9cf783846213512da7842b52da29bd67&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com HTTP/1.1
Host: api.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/html; charset=UTF-8
content-length: 230277
leadid: 62B801JS6ATKVR35S81WJ648RA97SR
pragma: no-cache
x-dd-b: 3
charset: utf-8
clickid: 107698149_1745043148650_38985387
country: no
accept-ch: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
set-cookie: datadome=R0F~r3iFJ2fIevDMoNfoiS4BRsY31KpauiHBV8ieSnKGznjtDRe8b7AeDX7IEuPrtaRH4AII~5A2lSRUFDA889llQVVLdnB_z8gs~Xbu05znKX1hhzRh2xAktQ2_pJ2e; Max-Age=31104000; Expires=Tue, 14 Apr 2026 06:12:28 GMT; SameSite=Lax; Path=/; Domain=.kelkoo.net; Secure
kelkooID=a4c6295-1964cad4f6a-5df10b; Max-Age=31536000; Expires=Sun, 19 Apr 2026 06:12:28 GMT; SameSite=None; Path=/; Domain=kelkoogroup.net; Secure; HTTPOnly
x-datadome: protected
request-time: PT0.027286377S
x-robots-tag: noindex,nofollow
cache-control: max-age=0, private, no-cache, no-store, must-revalidate
x-datadome-cid: AHrlqAAAAAMAYOl-ogXZl_EAW1oqmg==
referrer-policy: origin-when-cross-origin
x-frame-options: ALLOWALL
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-permitted-cross-domain-policies: master-only
date: Sat, 19 Apr 2025 06:12:27 GMT
x-gravitee-transaction-id: b4588802-6b76-452a-9888-026b76452ac6
x-gravitee-request-id: b4588802-6b76-452a-9888-026b76452ac6
x-cache: Miss from cloudfront
via: 1.1 b9f0050ca4d212d7c855e005be54b1ac.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: ahLeiBVkWrX6ORluSiuJoUjjIl8_WKxICPiUhWZmx8PfQnknupTVYA==
X-Firefox-Spdy: h2

static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/index.css

143.204.55.50

200 OK

6.2 kB

URL GET
static.captcha-delivery.com/captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/index.css
IP
143.204.55.50:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg==&cid=LXH7VYOAUcTH20z2kXfcfn0xupOE4bQT4YoVvWhLWFMf_kZTi7Mphas_oOGauXJFNheY533lF~Uyn7eAcJ0k7fw2V5jnbNKYFLy7oYXfuJPjzzTqs2bLZtR5xBoPcMRu&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=15017ddbf3e1decc3d9b44c46f36a031e2d462c630f2a5c7020ed6bc3af9189a&ir=36%2C20%2C676&dm=dc_ir
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
ASCII text, with CRLF line terminators
Size
6.2 kB (6162 bytes)
Hash
1f113f0b6d6855568c684e354bb853d1
2a2fbd27d5408fa3e53c74f04b7790ab1aea9b2c
d49fce4d3745c6d9f755f6be625eb218238baec337cfdb30be0e87d8c0ff6653

HTTP Headers

GET /captcha/assets/tpl/6dc485c0c428c35b53577b146dc6f9179f55ef9ad41b327a2a179998839364bf/index.css HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 11 Apr 2024 08:21:58 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
date: Sat, 19 Apr 2025 00:51:47 GMT
etag: W/"1f113f0b6d6855568c684e354bb853d1"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DNxQXaHmhzCbvfcFsJ9H8zUahz-LiR85boXtbpfZDnl_9H17OLHM9A==
age: 19250
X-Firefox-Spdy: h2

ct.captcha-delivery.com/i.js

54.240.174.114

200 OK

13 kB

URL GET
ct.captcha-delivery.com/i.js
IP
54.240.174.114:443
ASN
#16509 AMAZON-02

Requested by
https://no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D62B801JS6ATKVR35S81WJ648RA97SR%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
JavaScript source, ASCII text
Size
13 kB (12996 bytes)
Hash
c289d6c8b0e743fd024d52618d546f20
cd29405db7518c6943bacc943ac35c3d314ac722
8d973ba5eafa4328ff1feaefd70cccd0472b8af0c006285ba63eed00977935cc

HTTP Headers

GET /i.js HTTP/1.1
Host: ct.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript
content-length: 12996
date: Fri, 18 Apr 2025 19:34:43 GMT
last-modified: Mon, 17 Feb 2025 09:53:49 GMT
etag: "c289d6c8b0e743fd024d52618d546f20"
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: v8x5pjNOanBvaHarL-6Mhk_1puu7RKjpytasZsJKxDlILCg75aj_iA==
age: 38267
X-Firefox-Spdy: h2

geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=LXH7VYOAUcTH20z2kXfcfqoxDe6sJ03LO7vrhj6Tj3tgH6bgJK7b3itMvUbG1HOkYlSI7TiBBMpL_o4ygQKcVtnjJN12psxppVlk8izzOiU8PWo_t1GnSiO5KDbenHpB&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&s=35103&b=32286&dm=cd

13.49.167.109

200 OK

546 kB

URL GET
geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=LXH7VYOAUcTH20z2kXfcfqoxDe6sJ03LO7vrhj6Tj3tgH6bgJK7b3itMvUbG1HOkYlSI7TiBBMpL_o4ygQKcVtnjJN12psxppVlk8izzOiU8PWo_t1GnSiO5KDbenHpB&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&s=35103&b=32286&dm=cd
IP
13.49.167.109:443
ASN
#16509 AMAZON-02

Requested by
https://no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D62B801JS6ATKVR35S81WJ648RA97SR%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
FingerprintF2:9E:7E:72:25:57:E3:AF:B6:87:61:A0:0D:B1:85:B4:85:82:E6:96
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (61869)
Size
546 kB (546321 bytes)
Hash
3b94677d052da05e94ab0fd7aa0b3579
0dc41481ed7526dae8bbd9320952828f751be00c
50d1cf149176b0096805ca1830de36fae0b43ad7312acb3ad8dadc3bed635d07

HTTP Headers

GET /interstitial/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=LXH7VYOAUcTH20z2kXfcfqoxDe6sJ03LO7vrhj6Tj3tgH6bgJK7b3itMvUbG1HOkYlSI7TiBBMpL_o4ygQKcVtnjJN12psxppVlk8izzOiU8PWo_t1GnSiO5KDbenHpB&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&s=35103&b=32286&dm=cd HTTP/1.1
Host: geo.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://no-go.kelkoogroup.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 19 Apr 2025 06:12:30 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip

geo.captcha-delivery.com/interstitial/

13.49.167.109

200 OK

1.7 kB

URL POST
geo.captcha-delivery.com/interstitial/
IP
13.49.167.109:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=LXH7VYOAUcTH20z2kXfcfqoxDe6sJ03LO7vrhj6Tj3tgH6bgJK7b3itMvUbG1HOkYlSI7TiBBMpL_o4ygQKcVtnjJN12psxppVlk8izzOiU8PWo_t1GnSiO5KDbenHpB&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&s=35103&b=32286&dm=cd
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
FingerprintF2:9E:7E:72:25:57:E3:AF:B6:87:61:A0:0D:B1:85:B4:85:82:E6:96
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
JSON text data
Size
1.7 kB (1656 bytes)
Hash
43492152aa84454420cf56a2df58de94
be07330698878bc0dbb58b37e096c97877dec953
1e7ba91d511de95c0ac929cd2d3cd1d849dc0d28cfdda5e5ac08fde49b20ff38

HTTP Headers

POST /interstitial/ HTTP/1.1
Host: geo.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 7011
Origin: https://geo.captcha-delivery.com
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=LXH7VYOAUcTH20z2kXfcfqoxDe6sJ03LO7vrhj6Tj3tgH6bgJK7b3itMvUbG1HOkYlSI7TiBBMpL_o4ygQKcVtnjJN12psxppVlk8izzOiU8PWo_t1GnSiO5KDbenHpB&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&s=35103&b=32286&dm=cd
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 19 Apr 2025 06:12:34 GMT
Content-Type: application/json;charset=utf-8
Content-Length: 1656
Connection: keep-alive

static.captcha-delivery.com/common/fonts/roboto/roboto.woff2

143.204.55.50

200 OK

16 kB

URL GET
static.captcha-delivery.com/common/fonts/roboto/roboto.woff2
IP
143.204.55.50:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg==&cid=LXH7VYOAUcTH20z2kXfcfn0xupOE4bQT4YoVvWhLWFMf_kZTi7Mphas_oOGauXJFNheY533lF~Uyn7eAcJ0k7fw2V5jnbNKYFLy7oYXfuJPjzzTqs2bLZtR5xBoPcMRu&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=15017ddbf3e1decc3d9b44c46f36a031e2d462c630f2a5c7020ed6bc3af9189a&ir=36%2C20%2C676&dm=dc_ir
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15688, version 1.0
Size
16 kB (15688 bytes)
Hash
aa23b7b4bcf2b8f0e876106bb3de69c6
106ac454ba4e503e0a1cd15e1275130918049182
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

HTTP Headers

GET /common/fonts/roboto/roboto.woff2 HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://geo.captcha-delivery.com
DNT: 1
Connection: keep-alive
Referer: https://static.captcha-delivery.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: font/woff2
content-length: 15688
access-control-allow-origin: https://geo.captcha-delivery.com
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Fri, 06 May 2022 16:47:07 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sat, 19 Apr 2025 02:28:15 GMT
etag: "aa23b7b4bcf2b8f0e876106bb3de69c6"
vary: Origin
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: QWnf9E1-R_38AqYnFTnmkb81oOjzTNKM9Rku9YJ5IFUkzuD56Mw0_A==
age: 13462
X-Firefox-Spdy: h2

static.captcha-delivery.com/common/fonts/roboto/roboto.woff2

143.204.55.50

200 OK

16 kB

URL GET
static.captcha-delivery.com/common/fonts/roboto/roboto.woff2
IP
143.204.55.50:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg==&cid=LXH7VYOAUcTH20z2kXfcfn0xupOE4bQT4YoVvWhLWFMf_kZTi7Mphas_oOGauXJFNheY533lF~Uyn7eAcJ0k7fw2V5jnbNKYFLy7oYXfuJPjzzTqs2bLZtR5xBoPcMRu&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=15017ddbf3e1decc3d9b44c46f36a031e2d462c630f2a5c7020ed6bc3af9189a&ir=36%2C20%2C676&dm=dc_ir
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15688, version 1.0
Size
16 kB (15688 bytes)
Hash
aa23b7b4bcf2b8f0e876106bb3de69c6
106ac454ba4e503e0a1cd15e1275130918049182
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

HTTP Headers

GET /common/fonts/roboto/roboto.woff2 HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://geo.captcha-delivery.com
DNT: 1
Connection: keep-alive
Referer: https://static.captcha-delivery.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: font/woff2
content-length: 15688
access-control-allow-origin: https://geo.captcha-delivery.com
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Fri, 06 May 2022 16:47:07 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sat, 19 Apr 2025 02:28:15 GMT
etag: "aa23b7b4bcf2b8f0e876106bb3de69c6"
vary: Origin
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: GgfW8MOBBxjXgL6g2FJ29T-Qnb2Kyx1PRN9HwuuzBumHK0wJ91uZUQ==
age: 13465
X-Firefox-Spdy: h2

no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D62B801JS6ATKVR35S81WJ648RA97SR%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no

95.211.116.26

403 Forbidden

673 B

URL User Request GET
no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D62B801JS6ATKVR35S81WJ648RA97SR%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no
IP
95.211.116.26:443
ASN
#60781 LeaseWeb Netherlands B.V.

Certificate
IssuerDigiCert Inc
Subject*.kelkoogroup.net
FingerprintAB:7F:31:B1:66:46:76:99:39:20:8C:5B:A4:03:6B:DE:E6:6B:F4:17
ValidityThu, 26 Sep 2024 00:00:00 GMT - Fri, 10 Oct 2025 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (673), with no line terminators
Size
673 B (673 bytes)
Hash
dfa4b3a9b96547f9f923b7e13cd170bc
4ba7b20d80053d6ae5989af73628dd3d71fe4995
35b105c6a43b4730a279a8c978dd285a69418fdbab6c6218419525dd5b047111

HTTP Headers

GET /redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D62B801JS6ATKVR35S81WJ648RA97SR%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://api.kelkoogroup.net/
DNT: 1
Connection: keep-alive
Cookie: kelkooID=a4c6295-1964cad4f6a-5df10b
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 403 Forbidden
Pragma: no-cache
X-DD-B: 3
Charset: utf-8
Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
Set-Cookie: datadome=LXH7VYOAUcTH20z2kXfcfqoxDe6sJ03LO7vrhj6Tj3tgH6bgJK7b3itMvUbG1HOkYlSI7TiBBMpL_o4ygQKcVtnjJN12psxppVlk8izzOiU8PWo_t1GnSiO5KDbenHpB; Max-Age=31104000; Expires=Tue, 14 Apr 2026 06:12:29 GMT; SameSite=Lax; Path=/; Domain=.kelkoogroup.net; Secure
X-DataDome: protected
Request-Time: PT0.012932664S
Cache-Control: max-age=0, private, no-cache, no-store, must-revalidate
X-DataDome-CID: AHrlqAAAAAMAY5eICCA0LRYAW1oqmg==
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Sat, 19 Apr 2025 06:12:29 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 673

dd.prod.captcha-delivery.com/image/2025-04-19/1c8af21cc1c1e153387e0b29d0b9c5d7.jpg

54.240.174.31

200 OK

13 kB

URL GET
dd.prod.captcha-delivery.com/image/2025-04-19/1c8af21cc1c1e153387e0b29d0b9c5d7.jpg
IP
54.240.174.31:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg==&cid=LXH7VYOAUcTH20z2kXfcfn0xupOE4bQT4YoVvWhLWFMf_kZTi7Mphas_oOGauXJFNheY533lF~Uyn7eAcJ0k7fw2V5jnbNKYFLy7oYXfuJPjzzTqs2bLZtR5xBoPcMRu&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=15017ddbf3e1decc3d9b44c46f36a031e2d462c630f2a5c7020ed6bc3af9189a&ir=36%2C20%2C676&dm=dc_ir
Certificate
IssuerAmazon
Subjectdd.prod.captcha-delivery.com
Fingerprint78:DE:FA:F7:3D:63:84:2A:F7:68:BE:5E:19:5C:02:C6:7A:A4:A2:DA
ValidityMon, 27 Jan 2025 00:00:00 GMT - Wed, 25 Feb 2026 23:59:59 GMT

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 280x155, components 3
Size
13 kB (12991 bytes)
Hash
8da28280ecfc512b02ec479145f9d533
c4d27dcfe0b0203c643fa97ae2fa985b7192c478
031b7474e1cdaf7587cc304ae5cc371d308ec10b4e9918c81417fa2cbd7082a7

HTTP Headers

GET /image/2025-04-19/1c8af21cc1c1e153387e0b29d0b9c5d7.jpg HTTP/1.1
Host: dd.prod.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://geo.captcha-delivery.com
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 12991
date: Sat, 19 Apr 2025 00:00:40 GMT
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3600
last-modified: Wed, 16 Apr 2025 07:56:23 GMT
x-amz-expiration: expiry-date="Thu, 24 Apr 2025 00:00:00 GMT", rule-id="auto-clean old captchas (7 days)"
etag: "8da28280ecfc512b02ec479145f9d533"
x-amz-server-side-encryption: AES256
x-amz-version-id: qoclufG7B5R5yRgcyOdVRY6JFuAKQ8Cv
accept-ranges: bytes
server: AmazonS3
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method
x-cache: Hit from cloudfront
via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: cIcbqoXHuY8UF1QAPsEkQMNGdkGD8bZtMHOY0FaLEz-uYVWjGB4adw==
age: 22316
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2

cypri-ang.com/zclkvisitor/42a14880-1ce5-11f0-bf15-0affe191143b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381

3.215.19.52

200

3.1 kB

URL User Request GET
cypri-ang.com/zclkvisitor/42a14880-1ce5-11f0-bf15-0affe191143b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
IP
3.215.19.52:80
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text, with very long lines (408)
Size
3.1 kB (3086 bytes)
Hash
2c6e2fccbab272096a6b28e1a5fd4eb1
5907661bb6a22ab2b498bc199d15e6783f5ac5c3
65729684cac45b5887721ca8514eeab7bc5638e8475972abbab4c1dd54818668

HTTP Headers

GET /zclkvisitor/42a14880-1ce5-11f0-bf15-0affe191143b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381 HTTP/1.1
Host: cypri-ang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 
Date: Sat, 19 Apr 2025 06:12:25 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 3086
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET,POST,OPTIONS
Access-Control-Allow-Headers: X-Requested-With,Content-Type

api.yadore.com/v2/d?url=https%3A%2F%2Fwww.farmasiet.no&market=no&projectId=Sde46opRHJDX&placementId=4zmBL1ExyV2g

88.99.112.2

302 Found

230 kB

URL User Request GET
api.yadore.com/v2/d?url=https%3A%2F%2Fwww.farmasiet.no&market=no&projectId=Sde46opRHJDX&placementId=4zmBL1ExyV2g
IP
88.99.112.2:443
ASN
#24940 Hetzner Online GmbH

Certificate
IssuerLet's Encrypt
Subjectyadore.com
Fingerprint12:0F:65:95:06:0F:A7:D7:31:79:00:DD:B4:E7:F2:42:47:B3:7F:42
ValidityWed, 09 Apr 2025 06:40:24 GMT - Tue, 08 Jul 2025 06:40:23 GMT

File type

Size
230 kB (230277 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /v2/d?url=https%3A%2F%2Fwww.farmasiet.no&market=no&projectId=Sde46opRHJDX&placementId=4zmBL1ExyV2g HTTP/1.1
Host: api.yadore.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
access-control-allow-credentials: true
access-control-allow-headers: Origin, Content-Type, Accept, API-Key
access-control-allow-methods: GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: *
access-control-max-age: 86400
content-type: text/html; charset=UTF-8
date: Sat, 19 Apr 2025 06:12:28 GMT
location: https://api.kelkoogroup.net/publisher/shopping/v2/link-monetizer/link?country=no&id=e4ef5dec-03eb-11eb-bf21-ba5ec25d7100&merchantUrl=https%3A%2F%2Fwww.farmasiet.no&custom1=8ffa4c197a444844429389594123213d9cf783846213512da7842b52da29bd67&publisherSubId=Sde46opRHJDX&publisherTrafficType=publishernetwork&originReferer=https%253A%252F%252Fwww.yadore.com
referrer-policy: no-referrer
server: nginx
x-powered-by: PHP/8.3.19
X-Firefox-Spdy: h2

gdcoder.com/favicon.ico

185.107.56.57

404 Not Found

9 B

URL GET
gdcoder.com/favicon.ico
IP
185.107.56.57:443
ASN
#43350 NForce Entertainment B.V.

Requested by
https://gdcoder.com/
Certificate
IssuerLet's Encrypt
Subjectgdcoder.com
FingerprintE8:79:66:3A:9E:8B:D4:ED:DE:7B:10:83:76:5F:21:B3:0A:8F:0F:AB
ValidityThu, 13 Feb 2025 11:31:55 GMT - Wed, 14 May 2025 11:31:54 GMT

File type
ASCII text, with no line terminators
Size
9 B (9 bytes)
Hash
d8f4a1993546cc4b850cde3599e27aec
094b763b4cfcc0b05e5d040581cd513c3ca08067
907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: gdcoder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gdcoder.com/
Cookie: sid=421bdbf9-1ce5-11f0-b150-c09178107e8d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
cache-control: max-age=0, private, must-revalidate
content-length: 9
date: Sat, 19 Apr 2025 06:12:23 GMT
server: Cowboy
X-Firefox-Spdy: h2

cypri-ang.com/zclkvisitor/42a14880-1ce5-11f0-bf15-0affe191143b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381

0.0.0.0

0 B

URL User Request GET
cypri-ang.com/zclkvisitor/42a14880-1ce5-11f0-bf15-0affe191143b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
IP
0.0.0.0:0
ASN
#0

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /zclkvisitor/42a14880-1ce5-11f0-bf15-0affe191143b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381 HTTP/1.1
Host: cypri-ang.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

static.captcha-delivery.com/captcha/assets/tpl/device-check/index.css

143.204.55.50

200 OK

3.7 kB

URL GET
static.captcha-delivery.com/captcha/assets/tpl/device-check/index.css
IP
143.204.55.50:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=LXH7VYOAUcTH20z2kXfcfqoxDe6sJ03LO7vrhj6Tj3tgH6bgJK7b3itMvUbG1HOkYlSI7TiBBMpL_o4ygQKcVtnjJN12psxppVlk8izzOiU8PWo_t1GnSiO5KDbenHpB&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&s=35103&b=32286&dm=cd
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
ASCII text
Size
3.7 kB (3683 bytes)
Hash
d24f433ae1916185b0e4e20ed76cb64b
e0c8d4c58b7d0983f9b4042bea94c014cd5ec668
f40a7b02a8a2d420aa9d4cb5b0b26a92468828984fdc4b0d1202de4e24f59859

HTTP Headers

GET /captcha/assets/tpl/device-check/index.css HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
last-modified: Thu, 08 Feb 2024 08:41:29 GMT
content-encoding: gzip
x-amz-server-side-encryption: AES256
x-amz-version-id: null
server: AmazonS3
date: Sat, 19 Apr 2025 02:48:15 GMT
etag: W/"d24f433ae1916185b0e4e20ed76cb64b"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: v1zhOvBBmSAcEp59FCknK__Y4aBH7e0BGiO02x9AXRAqRklLu0leiQ==
age: 12280
X-Firefox-Spdy: h2

geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg==&cid=LXH7VYOAUcTH20z2kXfcfn0xupOE4bQT4YoVvWhLWFMf_kZTi7Mphas_oOGauXJFNheY533lF~Uyn7eAcJ0k7fw2V5jnbNKYFLy7oYXfuJPjzzTqs2bLZtR5xBoPcMRu&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=15017ddbf3e1decc3d9b44c46f36a031e2d462c630f2a5c7020ed6bc3af9189a&ir=36%2C20%2C676&dm=dc_ir

13.49.167.109

200 OK

601 kB

URL GET
geo.captcha-delivery.com/captcha/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg==&cid=LXH7VYOAUcTH20z2kXfcfn0xupOE4bQT4YoVvWhLWFMf_kZTi7Mphas_oOGauXJFNheY533lF~Uyn7eAcJ0k7fw2V5jnbNKYFLy7oYXfuJPjzzTqs2bLZtR5xBoPcMRu&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=15017ddbf3e1decc3d9b44c46f36a031e2d462c630f2a5c7020ed6bc3af9189a&ir=36%2C20%2C676&dm=dc_ir
IP
13.49.167.109:443
ASN
#16509 AMAZON-02

Requested by
https://no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D62B801JS6ATKVR35S81WJ648RA97SR%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
FingerprintF2:9E:7E:72:25:57:E3:AF:B6:87:61:A0:0D:B1:85:B4:85:82:E6:96
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (41960)
Size
601 kB (601375 bytes)
Hash
83dbb378951bb409390bcc45192ccc6e
27d8feb78b1053588135d2cb208f09ed1541fc72
e640af7cf292fffd9bef3c18e525a6e8c039d642a35221405bb03ea6c530d0cc

HTTP Headers

GET /captcha/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg==&cid=LXH7VYOAUcTH20z2kXfcfn0xupOE4bQT4YoVvWhLWFMf_kZTi7Mphas_oOGauXJFNheY533lF~Uyn7eAcJ0k7fw2V5jnbNKYFLy7oYXfuJPjzzTqs2bLZtR5xBoPcMRu&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&hash=5954443B90DC91C1E924DE9BFBEAA5&t=fe&s=35103&e=15017ddbf3e1decc3d9b44c46f36a031e2d462c630f2a5c7020ed6bc3af9189a&ir=36%2C20%2C676&dm=dc_ir HTTP/1.1
Host: geo.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=LXH7VYOAUcTH20z2kXfcfqoxDe6sJ03LO7vrhj6Tj3tgH6bgJK7b3itMvUbG1HOkYlSI7TiBBMpL_o4ygQKcVtnjJN12psxppVlk8izzOiU8PWo_t1GnSiO5KDbenHpB&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&s=35103&b=32286&dm=cd
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Sat, 19 Apr 2025 06:12:35 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Content-Encoding: gzip

gdcoder.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTc0NTA1MDM0MywiaWF0IjoxNzQ1MDQzMTQzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIzMHJxNnZoa2Y0anJiaDdwNGcxanY0NHYiLCJuYmYiOjE3NDUwNDMxNDMsInRzIjoxNzQ1MDQzMTQzMDcwODU5fQ.2yQoloePjy1bu9F0kFoyXskx62hC-T_gAhc6x6hEkjw&sid=421bdbf9-1ce5-11f0-b150-c09178107e8d

185.107.56.57

302 Found

0 B

URL User Request GET
gdcoder.com/?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTc0NTA1MDM0MywiaWF0IjoxNzQ1MDQzMTQzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIzMHJxNnZoa2Y0anJiaDdwNGcxanY0NHYiLCJuYmYiOjE3NDUwNDMxNDMsInRzIjoxNzQ1MDQzMTQzMDcwODU5fQ.2yQoloePjy1bu9F0kFoyXskx62hC-T_gAhc6x6hEkjw&sid=421bdbf9-1ce5-11f0-b150-c09178107e8d
IP
185.107.56.57:443
ASN
#43350 NForce Entertainment B.V.

Certificate
IssuerLet's Encrypt
Subjectgdcoder.com
FingerprintE8:79:66:3A:9E:8B:D4:ED:DE:7B:10:83:76:5F:21:B3:0A:8F:0F:AB
ValidityThu, 13 Feb 2025 11:31:55 GMT - Wed, 14 May 2025 11:31:54 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /?ch=1&js=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJKb2tlbiIsImV4cCI6MTc0NTA1MDM0MywiaWF0IjoxNzQ1MDQzMTQzLCJpc3MiOiJKb2tlbiIsImpzIjoxLCJqdGkiOiIzMHJxNnZoa2Y0anJiaDdwNGcxanY0NHYiLCJuYmYiOjE3NDUwNDMxNDMsInRzIjoxNzQ1MDQzMTQzMDcwODU5fQ.2yQoloePjy1bu9F0kFoyXskx62hC-T_gAhc6x6hEkjw&sid=421bdbf9-1ce5-11f0-b150-c09178107e8d HTTP/1.1
Host: gdcoder.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://gdcoder.com/
Cookie: sid=421bdbf9-1ce5-11f0-b150-c09178107e8d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
cache-control: max-age=0, private, must-revalidate
content-length: 11
date: Sat, 19 Apr 2025 06:12:24 GMT
location: http://cypri-ang.com/zclkvisitor/42a14880-1ce5-11f0-bf15-0affe191143b/72092e88-2c53-401c-b988-51ef43ce1034?campaignid=1f221ad0-16c2-11ef-994a-12832fc4c381
server: Cowboy
set-cookie: sid=421bdbf9-1ce5-11f0-b150-c09178107e8d; path=/; domain=.gdcoder.com; expires=Thu, 07 May 2093 09:26:32 GMT; max-age=2147483647; secure; HttpOnly
X-Firefox-Spdy: h2

no-go.kelkoogroup.net/favicon.ico

95.211.116.26

404 Not Found

1.1 kB

URL GET
no-go.kelkoogroup.net/favicon.ico
IP
95.211.116.26:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D62B801JS6ATKVR35S81WJ648RA97SR%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no
Certificate
IssuerDigiCert Inc
Subject*.kelkoogroup.net
FingerprintAB:7F:31:B1:66:46:76:99:39:20:8C:5B:A4:03:6B:DE:E6:6B:F4:17
ValidityThu, 26 Sep 2024 00:00:00 GMT - Fri, 10 Oct 2025 23:59:59 GMT

File type
HTML document, ASCII text
Size
1.1 kB (1144 bytes)
Hash
8560de521c4990c7c870121fc9643508
0cacf7a6b96cceeb6ceae74d5f14dc87406a6f39
73a434285c3a752bc8c44aebd50e10f1a766853cbc7184e78d5c934c7b52b620

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no-go.kelkoogroup.net/redirect?country=no&k=612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84&url=https%3A%2F%2Fpdt.tradedoubler.com%2Fclick%3Fa%3D332280%26p%3D302669%26epi%3D62B801JS6ATKVR35S81WJ648RA97SR%26url%3Dhttps%253A%252F%252Fwww.farmasiet.no
DNT: 1
Connection: keep-alive
Cookie: kelkooID=a4c6295-1964cad4f6a-5df10b; datadome=LXH7VYOAUcTH20z2kXfcfqoxDe6sJ03LO7vrhj6Tj3tgH6bgJK7b3itMvUbG1HOkYlSI7TiBBMpL_o4ygQKcVtnjJN12psxppVlk8izzOiU8PWo_t1GnSiO5KDbenHpB
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 404 Not Found
Request-Time: PT0.000428783S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'none'
X-Permitted-Cross-Domain-Policies: master-only
Date: Sat, 19 Apr 2025 06:12:29 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 1144

static.captcha-delivery.com/common/fonts/roboto/font-face.css

143.204.55.50

200 OK

519 B

URL GET
static.captcha-delivery.com/common/fonts/roboto/font-face.css
IP
143.204.55.50:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=LXH7VYOAUcTH20z2kXfcfqoxDe6sJ03LO7vrhj6Tj3tgH6bgJK7b3itMvUbG1HOkYlSI7TiBBMpL_o4ygQKcVtnjJN12psxppVlk8izzOiU8PWo_t1GnSiO5KDbenHpB&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&s=35103&b=32286&dm=cd
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
ASCII text
Size
519 B (519 bytes)
Hash
e4f77074c0ffbfab377011e19283eb13
9160259165ca1ef84209d4dd675c3ed367babff1
66599c34190f7a6a402b38664a30a9b564fc22510f51fa3c5f027fb91e7a0e51

HTTP Headers

GET /common/fonts/roboto/font-face.css HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://geo.captcha-delivery.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: text/css
content-length: 519
last-modified: Fri, 19 Jul 2024 12:42:09 GMT
x-amz-server-side-encryption: AES256
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sat, 19 Apr 2025 00:51:43 GMT
etag: "e4f77074c0ffbfab377011e19283eb13"
vary: accept-encoding
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: rUWioDNCa05RXscWRQYM5CNYDQ5x0iUv4b4guj4VtSK4w13vIKlX6g==
age: 19254
X-Firefox-Spdy: h2

static.captcha-delivery.com/common/fonts/roboto/roboto.woff2

143.204.55.50

200 OK

16 kB

URL GET
static.captcha-delivery.com/common/fonts/roboto/roboto.woff2
IP
143.204.55.50:443
ASN
#16509 AMAZON-02

Requested by
https://geo.captcha-delivery.com/interstitial/?initialCid=AHrlqAAAAAMAY5eICCA0LRYAW1oqmg%3D%3D&hash=5954443B90DC91C1E924DE9BFBEAA5&cid=LXH7VYOAUcTH20z2kXfcfqoxDe6sJ03LO7vrhj6Tj3tgH6bgJK7b3itMvUbG1HOkYlSI7TiBBMpL_o4ygQKcVtnjJN12psxppVlk8izzOiU8PWo_t1GnSiO5KDbenHpB&referer=https%3A%2F%2Fno-go.kelkoogroup.net%2Fredirect%3Fcountry%3Dno%26k%3D612f7a9541cd6ea61eb554c0e4cff43751c4e6ff4b34703f59267ef246260421ffe940a20aebd8854c374c9166d3f94caa8844910c81593b5cf37a8b6c51689154f9f9be5469b66c3942661dfe69af225df7128c65d1e9ef2a6545891884372c2bfd5b60ccc715bd0c1821565ae152ca905d7dc0c75c7c2ffb9337c5e5324dbd4809a936a8bb5aa0e045e2d98239726a16ac2b46e913be63e7c840a70ff64b4788e4ed23b707958d6bbc8ee9422a73254f4f74678138f273cd500c3c3d2ecfc4a93353198a897c42beab72f672636808921eb7f22830aa6ec13261dcd6a82629b413f26270ae0ae5d6c7219b446cddd5810191d81c1d6df9307c6a744b71cb2874453ffbddf4d148ac12bfcde40836a2d15b3b799c583dabbd56ccf66d2cd56f60cfbd5bfa9a57f0b2517fb4683a6520f867532bf4cb8ca02111a26eca1d19d41714366d0524b2009da8f609c8d18ed96c1d059bf0338773e4754447c0696fe31758ec1498c663c7a48c9cf2d9e6748ff57e0bc863c5d54be5e81f42c7d11a84%26url%3Dhttps%253A%252F%252Fpdt.tradedoubler.com%252Fclick%253Fa%253D332280%2526p%253D302669%2526epi%253D62B801JS6ATKVR35S81WJ648RA97SR%2526url%253Dhttps%25253A%25252F%25252Fwww.farmasiet.no&s=35103&b=32286&dm=cd
Certificate
IssuerAmazon
Subject*.captcha-delivery.com
Fingerprint08:34:DB:37:CB:02:09:ED:82:0C:B3:27:9F:BA:AF:45:DA:77:DD:3D
ValidityThu, 13 Feb 2025 00:00:00 GMT - Sat, 14 Mar 2026 23:59:59 GMT

File type
Web Open Font Format (Version 2), TrueType, length 15688, version 1.0
Size
16 kB (15688 bytes)
Hash
aa23b7b4bcf2b8f0e876106bb3de69c6
106ac454ba4e503e0a1cd15e1275130918049182
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

HTTP Headers

GET /common/fonts/roboto/roboto.woff2 HTTP/1.1
Host: static.captcha-delivery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://geo.captcha-delivery.com
DNT: 1
Connection: keep-alive
Referer: https://static.captcha-delivery.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: font/woff2
content-length: 15688
access-control-allow-origin: https://geo.captcha-delivery.com
access-control-allow-methods: GET, HEAD
access-control-max-age: 3000
access-control-allow-credentials: true
last-modified: Fri, 06 May 2022 16:47:07 GMT
x-amz-version-id: null
accept-ranges: bytes
server: AmazonS3
date: Sat, 19 Apr 2025 02:28:15 GMT
etag: "aa23b7b4bcf2b8f0e876106bb3de69c6"
vary: Origin
x-cache: Hit from cloudfront
via: 1.1 76c917e0bb0ba45eb834d25d76ee125e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: B7UZUcduqI5X_Mg067B27L5eMZdv1Lu5ZRiLEi9VnfSXn51cZJtLhQ==
age: 13458
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

JavaScript (6)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (24)

URL GET

IP

ASN

Requested by

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL GET

IP

ASN

Requested by

Certificate

File type

Size

Hash