urlscan.io logo urlscan.io
SecurityTrails logo

ww25.nortkon.com Open in urlscan Pro
199.59.243.200  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://webjump.com/
Effective URL: http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c
Submission Tags: tranco_l324
Submission: On November 12 via api from DE — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 9 domains to perform 15 HTTP transactions. The main IP is 199.59.243.200, located in United States and belongs to AMAZON-02, US. The main domain is ww25.nortkon.com.
This is the only time ww25.nortkon.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 209.15.13.134 13768 (COGECO-PEER1)
1 2 209.15.13.136 13768 (COGECO-PEER1)
2 2 173.192.101.24 36351 (SOFTLAYER)
2 2 192.254.234.214 46606 (UNIFIEDLA...)
2 4 50.97.212.250 36351 (SOFTLAYER)
1 1 103.224.182.241 133618 (TRELLIAN-...)
6 199.59.243.200 16509 (AMAZON-02)
3 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2606:4700:310... 13335 (CLOUDFLAR...)
15 6
1    209.15.13.134 (Toronto, Canada)

ASN13768 (COGECO-PEER1, CA)
webjump.com
2    209.15.13.136 (Toronto, Canada)

ASN13768 (COGECO-PEER1, CA)
btpnative.com
2    173.192.101.24 (Dallas, United States)

ASN36351 (SOFTLAYER, US)
PTR: 18.65.c0ad.ip4.static.sl-reverse.com
mybetterdl.com
p274639.mybetterdl.com
2    192.254.234.214 (United States)

ASN46606 (UNIFIEDLAYER-AS-1, US)
PTR: 192-254-234-214.unifiedlayer.com
qvikar.com
4    50.97.212.250 (San Jose, United States)

ASN36351 (SOFTLAYER, US)
PTR: fa.d4.6132.ip4.static.sl-reverse.com
www.clkmg.com
1    103.224.182.241 (Australia)

ASN133618 (TRELLIAN-AS-AP Trellian Pty. Limited, AU)
PTR: lb-182-241.above.com
nortkon.com
6    199.59.243.200 (United States)

ASN16509 (AMAZON-02, US)
ww25.nortkon.com
3    2607:f8b0:4006:817::2004 (United States)

ASN15169 (GOOGLE, US)
www.google.com
2    2607:f8b0:4006:81d::2001 (United States)

ASN15169 (GOOGLE, US)
afs.googleusercontent.com
1    2606:4700:3108::ac42:28c7 (United States)

ASN13335 (CLOUDFLARENET, US)
parking.bodiscdn.com
Domain Requested by
6 ww25.nortkon.com ww25.nortkon.com
4 www.clkmg.com 2 redirects
3 www.google.com ww25.nortkon.com
www.google.com
2 afs.googleusercontent.com www.google.com
2 qvikar.com 2 redirects
2 btpnative.com 1 redirects
1 parking.bodiscdn.com
1 nortkon.com 1 redirects
1 p274639.mybetterdl.com 1 redirects
1 mybetterdl.com 1 redirects
1 webjump.com 1 redirects
15 11

This site contains no links.

Subject Issuer Validity Valid
*.clkmg.com
AlphaSSL CA - SHA256 - G2		 2021-02-03 -
2022-03-07		 a year crt.sh
www.google.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
*.googleusercontent.com
GTS CA 1C3		 2021-10-18 -
2022-01-10		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-26 -
2022-07-25		 a year crt.sh

This page contains 2 frames:

Primary Page: http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c
Frame ID: 3B6C126C6D81F7F5AAB50DF5DB0BF731
Requests: 11 HTTP requests in this frame

Frame: https://www.google.com/afs/ads?adtest=off&channel=pid-bodis-gcontrol252%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol311%2Cpid-bodis-gcontrol152&hl=en&pcsa=false&client=dp-bodis31_3ph&r=m&psid=4572869586&type=3&max_radlink_len=60&swp=as-drid-2835951744608698&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300769%2C17300771%2C17300842%2C17300863%2C17300866&format=r3&nocache=1091636717821596&num=0&output=afd_ads&domain_name=ww25.nortkon.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1636717821596&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1584&psh=77&frm=0&uio=-&cont=rs&inames=master-1&jsv=11498&rurl=http%3A%2F%2Fww25.nortkon.com%2F%3Fsubid1%3D20211112-2250-21ea-b589-1601da63e46c
Frame ID: 3A7562E9BB0CE08F9C9184F93D0368A3
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Nortkon.com

Page URL History Show full URLs

  1. http://webjump.com/ HTTP 302
    http://btpnative.com/click?data=UjdaRFBYMTNCMWFqdWkxMF9BTnFKbnc4amNBOHYxWHVfQ3RyM3JBSU9rWVpVRE1FX... Page URL
  2. http://btpnative.com/Redirect/ HTTP 302
    https://mybetterdl.com/aS/feedclick?s=NnlfnMR-U-qtikMKriREJ-RQmJGd3rltX7kIXd00STMa9a_lv6mtuhG_6U4hq... HTTP 302
    https://p274639.mybetterdl.com/adServe/domainClick?ai=aMZ3O5C3_XuLRZhJ3TPdu_8QfEfzLeYtrbZFHs2DJR5iinvZ_Bwha... HTTP 302
    https://qvikar.com/freshly/food/364333942 HTTP 302
    https://www.clkmg.com/qvikar/freshly/food/364333942/ HTTP 302
    https://www.clkmg.com/redir.cgi?url=https%3a%2f%2fqvikar.com%2f1j0a2y%2ffresh&pixel=0&lidc=1225271910 Page URL
  3. https://qvikar.com/1j0a2y/fresh HTTP 302
    https://www.clkmg.com/qvikar/1j0a2y/fresh/ HTTP 302
    https://www.clkmg.com/redir.cgi?url=http%3a%2f%2fnortkon.com&pixel=0&lidc=1225271916 Page URL
  4. http://nortkon.com/ HTTP 302
    http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c Page URL

Page Statistics

15
Requests

53 %
HTTPS

30 %
IPv6

9
Domains

11
Subdomains

6
IPs

3
Countries

141 kB
Transfer

369 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://webjump.com/ HTTP 302
    http://btpnative.com/click?data=UjdaRFBYMTNCMWFqdWkxMF9BTnFKbnc4amNBOHYxWHVfQ3RyM3JBSU9rWVpVRE1FX1VDWHBWcmdWaElvN3J5QWpwTjMweTJzUXF0TlYyYnB5c1VraUs0UVhhRjZBVXJEdHRjeVFmTXZERTBESXE1d2xlcUxjR3JJdmJnVWxUdFJ3M29ESy1WYnNQbWxqV3BuZXJpaHB3Mg2&id=eda5fd82-58e5-4624-9644-df7f6eebb6ef Page URL
  2. http://btpnative.com/Redirect/ HTTP 302
    https://mybetterdl.com/aS/feedclick?s=NnlfnMR-U-qtikMKriREJ-RQmJGd3rltX7kIXd00STMa9a_lv6mtuhG_6U4hqQTcO4eq_lgR48_oiQJuDuwoS9gcFc4_-stlp2aWWne-fJxz6OB2fa3dyhCXFuIjqMK5qWfap4yUt_iPH1TzciB1Qg6AZUDRz9bjOEX4iGGchU0rqPQnJ6mIk7U50-nNqRzqZAU8cdCKrjYU60nWZiw1XlYdorspdPBmqBM_MSKq5pnahf5Tl3-X_4a8OktJWN0rXYhvwDv1oiZtYWW3i5JGZEeBduNQ8KLKdai0nZtSFGXosaaFEFYhdmwZbh1Utvonvlp2EZnoNog_mjQOLJl6WcW0HsqEOSsmqJ6zyV5wOMZULBmPixv6WO-ujvlVxXgVoP-53kOxoCXBe2hCr7zXOscqct4dqRCPJLQfIDT3edl0L6McPuBgmIlifnNP3s4aMYgjVbyfNKgfV88Z3uNIm1I4MdWIZMP6XqGPdkOMvuCMsBtwHvixPTv_Hn59MaWbD4vaYJYX7zmvgmBpGeZwbVn0juk5tehmA6argCvavE6F-gwEtZaddPVvF0i19_WeqmPU2mgI4J7t7aNo_6ipshrLmmywZhgIIAtlgHDdf6AI3Cz8OHBX7pFtaZ7EMk_6k1QNRZc7voWv7dzPnsVW1SruaiyEmJpI2EpaYg23bjW6HfJ_HZSjqsU4StoIEwlE5JKi7zgxh9WxZSuaPC2NvPVuTYHwp39eLVhSAJuefwZqDElh1Nojb0T5M5KPxtAAGOT72Akcd7gHAZ9z6YnI5WLmTAql0VdhGexZA0otFj8GJsIcU7HbACzmQAYbaiMnc56pPluw9L3XEkP6Dxjal9dQPEoG28cC6Eo-GlqKWykkV3Z06XLcH0ySSLDR6L6K7o9JojJ7J_07jJEhZkRO7oxg4gd5q5APeD74mhPT7I8WJwFzkhIDWCVHr-wy7_iRwxqXCY2lyA4VYV8b6dN7JJalaBnLoyJCYiyOEWPR29n-r8VXCPqOcoA-FpfkOC4BybAloepyG0KOdz_8x0yl_omo20cR7GocoXcgv5n0VP5Bg6qV4tK9f8VDsDhsC2a4mLmmnU4_osZ5AD92skGQ6PY9fOX96HvOgHOFIGwGfQc4GbRridD32wnx5kyJI3ZEmw8mutEvlmEPoz10v2JvDJvwDuSsRlQB8Xoz1R_emM7ifRMiz-S_Nk7GpipnULnJhI9XgHECKiTryIRyL66vXq2-ZL9q7nxw6zSAk8tgHrtbkK76CHmmfgIrE-0HoZog1s_6SN_9Bt4mSe6FKMq5X5lqUO9m3OLdx8eOw4YWdeOqj530FqKHUNYkp2ht_S2uolZEpUfClSgyegj8BE2kFD_1OgwQ8ysseszEqe2VJ2ET1fcBhCwKkASfel2cZKhCkdMDsrP1-j3iYqdNQvLa15CBN6w_2GHEYNEdYbi5ZYgJcbCgfywccgzFgxHCKxLJbhQpVcshSAOragiVpSF7j4l4po_srV7CCYXHFyN-XaNaNGUFq_Mhn055gZV-wDaT1TNEtCoAQwAqE9dQfKY-34ti_uAjrFnU5SD-abU_6WILcERBzmWnXJjhH9GBoEp7K9otSnHblYkLfhHgZfGCC4eTe-3VxwX7ZP5bF-6V_hU664yNsaE1oMa4EAlCWnE2BTambCDUpD3fKcPlQ5sGLhQSCU0e0WlUEWiguOful7D_EHxH8y3mLa22RR7NgyUeYop72fwcIWob9kd5ITLGg-SKp6M-HtiWNXAnYC4dta_3iSqCMiqS-1uhBNyKplJ1rMaSQDJmmUFTx6TDBEYWHAqADBnk1rG1ReA5SGBBVprAT8jzh9ZNHJDOtVSrWl7T4rZ4od6XOnhTPbwVHq36IWphmjfsaIK3mEtcc8b5MrldD8KLRNG-dCNAoUPrrZHEAXH45lA6qQ5uhEUB6xln4YlzlQwhUKGj1pvAsxOXmXYnwjJ7mtSO5zmMMKiT1gys_xB8R_Mt5i3v0VHYjkVKcVv_dQmnoScxU-KRkKOncwTTJ1OB_sxLlPQaTYYMFQxDEwrLEAaOW_jx5qF0Sqi0yCtyeF9_GwvC HTTP 302
    https://p274639.mybetterdl.com/adServe/domainClick?ai=aMZ3O5C3_XuLRZhJ3TPdu_8QfEfzLeYtrbZFHs2DJR5iinvZ_Bwhahv2R3khMsaD5Iqnoz4e2JY1cCdgLh21r_eJKoIyKpL7W6EE3IqmUnWsxpJAMmaZQVPHpMMERhYcCoAMGeTWsbVF4DlIYEFWmsBPyPOH1k0ckM61VKtaXtPitnih3pc6eFM9vBUerfohamGaN-xogreYS1xzxvkyuV0PwotE0b50I0ChQ-utkcQBcfjmUDqpDm6ERQHrGWfhiXOVDCFQoaPWm8CzE5eZdifCMnua1I7nA4MA7ESrrFZ1cjz_lpACC_AlvSP79bLO2Bq-dxkyyzJKgbz0VF_-WH_9b8ky2I1bMEKKyYgoxk5DxnkX_alLPF2k4XVJzHJX8mFgHSWE3TZFy0dflvxRpGw8yWyaFr90ZT4gk-eVXV8JbewQCztnWSK-7RwuheHnBQd1IaOwKpV_qCYvh_QGQ0Pm6c85yrQlJw-FFOFT-DtI5QReynpnqI4XRKiQejY9l5g72F1sPYafqhWZ-YKZz6rRPbGyYnCcF9nxG1Y8QfZKdkAM850vP-n44YFBbd7ECEomdw_JheznrOLBc4qhAQyqjlO6KXLyUgDHGPx9sdOxxaLzhkg6TSol4S5osn5YR0Ng4Sbb-ez4Kbfkwb3MQhMKyxAGjlv48eahdEqotMjAA_7nJ21J41Yy3XW5yq2M&ui=NnlfnMR-U-qtikMKriREJ_RSFD4s8gvtIaIc3yOo5HIUEglNHtFpVFu4p8gkPwy94DpbUoVW4ySe0TH3US8OuUtfS45rvLGTrPP5Kyd0WndRxPvqayqRAw&si=1&oref=4f0d7f57f2df99ec34315c38cce06b46&optunit=LnG5MSU1ZHTomJ5wtw7vIA&rb=6HrvxnDas3s&rr=1&abtg=0 HTTP 302
    https://qvikar.com/freshly/food/364333942 HTTP 302
    https://www.clkmg.com/qvikar/freshly/food/364333942/ HTTP 302
    https://www.clkmg.com/redir.cgi?url=https%3a%2f%2fqvikar.com%2f1j0a2y%2ffresh&pixel=0&lidc=1225271910 Page URL
  3. https://qvikar.com/1j0a2y/fresh HTTP 302
    https://www.clkmg.com/qvikar/1j0a2y/fresh/ HTTP 302
    https://www.clkmg.com/redir.cgi?url=http%3a%2f%2fnortkon.com&pixel=0&lidc=1225271916 Page URL
  4. http://nortkon.com/ HTTP 302
    http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://webjump.com/ HTTP 302
  • http://btpnative.com/click?data=UjdaRFBYMTNCMWFqdWkxMF9BTnFKbnc4amNBOHYxWHVfQ3RyM3JBSU9rWVpVRE1FX1VDWHBWcmdWaElvN3J5QWpwTjMweTJzUXF0TlYyYnB5c1VraUs0UVhhRjZBVXJEdHRjeVFmTXZERTBESXE1d2xlcUxjR3JJdmJnVWxUdFJ3M29ESy1WYnNQbWxqV3BuZXJpaHB3Mg2&id=eda5fd82-58e5-4624-9644-df7f6eebb6ef
Request Chain 1
  • http://btpnative.com/Redirect/ HTTP 302
  • https://mybetterdl.com/aS/feedclick?s=NnlfnMR-U-qtikMKriREJ-RQmJGd3rltX7kIXd00STMa9a_lv6mtuhG_6U4hqQTcO4eq_lgR48_oiQJuDuwoS9gcFc4_-stlp2aWWne-fJxz6OB2fa3dyhCXFuIjqMK5qWfap4yUt_iPH1TzciB1Qg6AZUDRz9bjOEX4iGGchU0rqPQnJ6mIk7U50-nNqRzqZAU8cdCKrjYU60nWZiw1XlYdorspdPBmqBM_MSKq5pnahf5Tl3-X_4a8OktJWN0rXYhvwDv1oiZtYWW3i5JGZEeBduNQ8KLKdai0nZtSFGXosaaFEFYhdmwZbh1Utvonvlp2EZnoNog_mjQOLJl6WcW0HsqEOSsmqJ6zyV5wOMZULBmPixv6WO-ujvlVxXgVoP-53kOxoCXBe2hCr7zXOscqct4dqRCPJLQfIDT3edl0L6McPuBgmIlifnNP3s4aMYgjVbyfNKgfV88Z3uNIm1I4MdWIZMP6XqGPdkOMvuCMsBtwHvixPTv_Hn59MaWbD4vaYJYX7zmvgmBpGeZwbVn0juk5tehmA6argCvavE6F-gwEtZaddPVvF0i19_WeqmPU2mgI4J7t7aNo_6ipshrLmmywZhgIIAtlgHDdf6AI3Cz8OHBX7pFtaZ7EMk_6k1QNRZc7voWv7dzPnsVW1SruaiyEmJpI2EpaYg23bjW6HfJ_HZSjqsU4StoIEwlE5JKi7zgxh9WxZSuaPC2NvPVuTYHwp39eLVhSAJuefwZqDElh1Nojb0T5M5KPxtAAGOT72Akcd7gHAZ9z6YnI5WLmTAql0VdhGexZA0otFj8GJsIcU7HbACzmQAYbaiMnc56pPluw9L3XEkP6Dxjal9dQPEoG28cC6Eo-GlqKWykkV3Z06XLcH0ySSLDR6L6K7o9JojJ7J_07jJEhZkRO7oxg4gd5q5APeD74mhPT7I8WJwFzkhIDWCVHr-wy7_iRwxqXCY2lyA4VYV8b6dN7JJalaBnLoyJCYiyOEWPR29n-r8VXCPqOcoA-FpfkOC4BybAloepyG0KOdz_8x0yl_omo20cR7GocoXcgv5n0VP5Bg6qV4tK9f8VDsDhsC2a4mLmmnU4_osZ5AD92skGQ6PY9fOX96HvOgHOFIGwGfQc4GbRridD32wnx5kyJI3ZEmw8mutEvlmEPoz10v2JvDJvwDuSsRlQB8Xoz1R_emM7ifRMiz-S_Nk7GpipnULnJhI9XgHECKiTryIRyL66vXq2-ZL9q7nxw6zSAk8tgHrtbkK76CHmmfgIrE-0HoZog1s_6SN_9Bt4mSe6FKMq5X5lqUO9m3OLdx8eOw4YWdeOqj530FqKHUNYkp2ht_S2uolZEpUfClSgyegj8BE2kFD_1OgwQ8ysseszEqe2VJ2ET1fcBhCwKkASfel2cZKhCkdMDsrP1-j3iYqdNQvLa15CBN6w_2GHEYNEdYbi5ZYgJcbCgfywccgzFgxHCKxLJbhQpVcshSAOragiVpSF7j4l4po_srV7CCYXHFyN-XaNaNGUFq_Mhn055gZV-wDaT1TNEtCoAQwAqE9dQfKY-34ti_uAjrFnU5SD-abU_6WILcERBzmWnXJjhH9GBoEp7K9otSnHblYkLfhHgZfGCC4eTe-3VxwX7ZP5bF-6V_hU664yNsaE1oMa4EAlCWnE2BTambCDUpD3fKcPlQ5sGLhQSCU0e0WlUEWiguOful7D_EHxH8y3mLa22RR7NgyUeYop72fwcIWob9kd5ITLGg-SKp6M-HtiWNXAnYC4dta_3iSqCMiqS-1uhBNyKplJ1rMaSQDJmmUFTx6TDBEYWHAqADBnk1rG1ReA5SGBBVprAT8jzh9ZNHJDOtVSrWl7T4rZ4od6XOnhTPbwVHq36IWphmjfsaIK3mEtcc8b5MrldD8KLRNG-dCNAoUPrrZHEAXH45lA6qQ5uhEUB6xln4YlzlQwhUKGj1pvAsxOXmXYnwjJ7mtSO5zmMMKiT1gys_xB8R_Mt5i3v0VHYjkVKcVv_dQmnoScxU-KRkKOncwTTJ1OB_sxLlPQaTYYMFQxDEwrLEAaOW_jx5qF0Sqi0yCtyeF9_GwvC HTTP 302
  • https://p274639.mybetterdl.com/adServe/domainClick?ai=aMZ3O5C3_XuLRZhJ3TPdu_8QfEfzLeYtrbZFHs2DJR5iinvZ_Bwhahv2R3khMsaD5Iqnoz4e2JY1cCdgLh21r_eJKoIyKpL7W6EE3IqmUnWsxpJAMmaZQVPHpMMERhYcCoAMGeTWsbVF4DlIYEFWmsBPyPOH1k0ckM61VKtaXtPitnih3pc6eFM9vBUerfohamGaN-xogreYS1xzxvkyuV0PwotE0b50I0ChQ-utkcQBcfjmUDqpDm6ERQHrGWfhiXOVDCFQoaPWm8CzE5eZdifCMnua1I7nA4MA7ESrrFZ1cjz_lpACC_AlvSP79bLO2Bq-dxkyyzJKgbz0VF_-WH_9b8ky2I1bMEKKyYgoxk5DxnkX_alLPF2k4XVJzHJX8mFgHSWE3TZFy0dflvxRpGw8yWyaFr90ZT4gk-eVXV8JbewQCztnWSK-7RwuheHnBQd1IaOwKpV_qCYvh_QGQ0Pm6c85yrQlJw-FFOFT-DtI5QReynpnqI4XRKiQejY9l5g72F1sPYafqhWZ-YKZz6rRPbGyYnCcF9nxG1Y8QfZKdkAM850vP-n44YFBbd7ECEomdw_JheznrOLBc4qhAQyqjlO6KXLyUgDHGPx9sdOxxaLzhkg6TSol4S5osn5YR0Ng4Sbb-ez4Kbfkwb3MQhMKyxAGjlv48eahdEqotMjAA_7nJ21J41Yy3XW5yq2M&ui=NnlfnMR-U-qtikMKriREJ_RSFD4s8gvtIaIc3yOo5HIUEglNHtFpVFu4p8gkPwy94DpbUoVW4ySe0TH3US8OuUtfS45rvLGTrPP5Kyd0WndRxPvqayqRAw&si=1&oref=4f0d7f57f2df99ec34315c38cce06b46&optunit=LnG5MSU1ZHTomJ5wtw7vIA&rb=6HrvxnDas3s&rr=1&abtg=0 HTTP 302
  • https://qvikar.com/freshly/food/364333942 HTTP 302
  • https://www.clkmg.com/qvikar/freshly/food/364333942/ HTTP 302
  • https://www.clkmg.com/redir.cgi?url=https%3a%2f%2fqvikar.com%2f1j0a2y%2ffresh&pixel=0&lidc=1225271910
Request Chain 2
  • https://qvikar.com/1j0a2y/fresh HTTP 302
  • https://www.clkmg.com/qvikar/1j0a2y/fresh/ HTTP 302
  • https://www.clkmg.com/redir.cgi?url=http%3a%2f%2fnortkon.com&pixel=0&lidc=1225271916

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
click
btpnative.com/
Redirect Chain
  • http://webjump.com/
  • http://btpnative.com/click?data=UjdaRFBYMTNCMWFqdWkxMF9BTnFKbnc4amNBOHYxWHVfQ3RyM3JBSU9rWVpVRE1FX1VDWHBWcmdWaElvN3J5QWpwTjMweTJzUXF0TlYyYnB5c1VraUs0UVhhRjZBVXJEdHRjeVFmTXZERTBESXE1d2xlcUxjR3JJdmJnV...
5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://btpnative.com/click?data=UjdaRFBYMTNCMWFqdWkxMF9BTnFKbnc4amNBOHYxWHVfQ3RyM3JBSU9rWVpVRE1FX1VDWHBWcmdWaElvN3J5QWpwTjMweTJzUXF0TlYyYnB5c1VraUs0UVhhRjZBVXJEdHRjeVFmTXZERTBESXE1d2xlcUxjR3JJdmJnVWxUdFJ3M29ESy1WYnNQbWxqV3BuZXJpaHB3Mg2&id=eda5fd82-58e5-4624-9644-df7f6eebb6ef
Protocol
HTTP/1.1
Server
209.15.13.136 Toronto, Canada, ASN13768 (COGECO-PEER1, CA),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
16bc288b3f8505f06b873421aa0fc157a35735c0f9ca165178e668e23283f2e0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9

Response headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
X-AspNetMvc-Version
5.2
X-AspNet-Version
4.0.30319
X-Server
web01
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Content-Type
Date
Fri, 12 Nov 2021 11:50:18 GMT
Content-Length
2161

Redirect headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Location
http://btpnative.com/click?data=UjdaRFBYMTNCMWFqdWkxMF9BTnFKbnc4amNBOHYxWHVfQ3RyM3JBSU9rWVpVRE1FX1VDWHBWcmdWaElvN3J5QWpwTjMweTJzUXF0TlYyYnB5c1VraUs0UVhhRjZBVXJEdHRjeVFmTXZERTBESXE1d2xlcUxjR3JJdmJnVWxUdFJ3M29ESy1WYnNQbWxqV3BuZXJpaHB3Mg2&id=eda5fd82-58e5-4624-9644-df7f6eebb6ef
Server
Microsoft-IIS/8.5
X-AspNetMvc-Version
5.2
X-AspNet-Version
4.0.30319
X-Server
web01
Date
Fri, 12 Nov 2021 11:50:18 GMT
Connection
close
Content-Length
396
redir.cgi
www.clkmg.com/
Redirect Chain
  • http://btpnative.com/Redirect/
  • https://mybetterdl.com/aS/feedclick?s=NnlfnMR-U-qtikMKriREJ-RQmJGd3rltX7kIXd00STMa9a_lv6mtuhG_6U4hqQTcO4eq_lgR48_oiQJuDuwoS9gcFc4_-stlp2aWWne-fJxz6OB2fa3dyhCXFuIjqMK5qWfap4yUt_iPH1TzciB1Qg6AZUDRz9b...
  • https://p274639.mybetterdl.com/adServe/domainClick?ai=aMZ3O5C3_XuLRZhJ3TPdu_8QfEfzLeYtrbZFHs2DJR5iinvZ_Bwhahv2R3khMsaD5Iqnoz4e2JY1cCdgLh21r_eJKoIyKpL7W6EE3IqmUnWsxpJAMmaZQVPHpMMERhYcCoAMGeTWsbVF4Dl...
  • https://qvikar.com/freshly/food/364333942
  • https://www.clkmg.com/qvikar/freshly/food/364333942/
  • https://www.clkmg.com/redir.cgi?url=https%3a%2f%2fqvikar.com%2f1j0a2y%2ffresh&pixel=0&lidc=1225271910
123 B
362 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.clkmg.com/redir.cgi?url=https%3a%2f%2fqvikar.com%2f1j0a2y%2ffresh&pixel=0&lidc=1225271910
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
50.97.212.250 San Jose, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
fa.d4.6132.ip4.static.sl-reverse.com
Software
nginx /
Resource Hash
a709737194c9a45caa3b44f030ee9d9172af4d72a5437fa4f65c0e30d0942dc7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
Origin
http://btpnative.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
http://btpnative.com/

Response headers

date
Fri, 12 Nov 2021 11:50:20 GMT
content-type
text/html; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://www.clkmg.com for more info."
server
nginx
x-permitted-cross-domain-policies
none
x-cm-fe
httpfe-01.clickmagick.com
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

date
Fri, 12 Nov 2021 11:50:19 GMT
content-type
text/html; charset=iso-8859-1
content-length
293
p3p
CP="This is not a P3P policy! See https://www.clkmg.com for more info."
location
https://www.clkmg.com/redir.cgi?url=https%3a%2f%2fqvikar.com%2f1j0a2y%2ffresh&pixel=0&lidc=1225271910
server
nginx
x-permitted-cross-domain-policies
none
x-cm-fe
httpfe-01.clickmagick.com
x-content-type-options
nosniff
x-xss-protection
1; mode=block
redir.cgi
www.clkmg.com/
Redirect Chain
  • https://qvikar.com/1j0a2y/fresh
  • https://www.clkmg.com/qvikar/1j0a2y/fresh/
  • https://www.clkmg.com/redir.cgi?url=http%3a%2f%2fnortkon.com&pixel=0&lidc=1225271916
110 B
349 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.clkmg.com/redir.cgi?url=http%3a%2f%2fnortkon.com&pixel=0&lidc=1225271916
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
50.97.212.250 San Jose, United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
fa.d4.6132.ip4.static.sl-reverse.com
Software
nginx /
Resource Hash
7ab7c20b4cdc3180555e24bd3a41e70d242527dc377a346e6e2ab59696db1c40
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://www.clkmg.com/redir.cgi?url=https%3a%2f%2fqvikar.com%2f1j0a2y%2ffresh&pixel=0&lidc=1225271910

Response headers

date
Fri, 12 Nov 2021 11:50:20 GMT
content-type
text/html; charset=UTF-8
p3p
CP="This is not a P3P policy! See http://www.clkmg.com for more info."
server
nginx
x-permitted-cross-domain-policies
none
x-cm-fe
httpfe-01.clickmagick.com
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

date
Fri, 12 Nov 2021 11:50:20 GMT
content-type
text/html; charset=iso-8859-1
content-length
276
p3p
CP="This is not a P3P policy! See https://www.clkmg.com for more info."
location
https://www.clkmg.com/redir.cgi?url=http%3a%2f%2fnortkon.com&pixel=0&lidc=1225271916
server
nginx
x-permitted-cross-domain-policies
none
x-cm-fe
httpfe-01.clickmagick.com
x-content-type-options
nosniff
x-xss-protection
1; mode=block
Primary Request /
ww25.nortkon.com/
Redirect Chain
  • http://nortkon.com/
  • http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c
Protocol
HTTP/1.1
Server
199.59.243.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
49f6ff23f8830771f069a62b42ae7ce0260658f10f6749304155272075ff4e4c

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://www.clkmg.com/redir.cgi?url=http%3a%2f%2fnortkon.com&pixel=0&lidc=1225271916

Response headers

Server
openresty
Date
Fri, 12 Nov 2021 11:50:21 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
X-Adblock-Key
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_epQ6CpivBip0hjICNfPf5RKWOp7P1MjgOERN6YwiGqppeNND7T7zYHrMSawn7ysTdnYqB5CGC+0pnXBJUVfY7Q==
Cache-Control
no-cache no-store, must-revalidate post-check=0, pre-check=0
Expires
Thu, 01 Jan 1970 00:00:01 GMT
Pragma
no-cache
Content-Encoding
gzip

Redirect headers

Date
Fri, 12 Nov 2021 11:50:21 GMT
Server
Apache/2.4.25 (Debian)
Location
http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c
Content-Length
0
Connection
close
Content-Type
text/html; charset=UTF-8
parking.2.72.5.js
ww25.nortkon.com/js/ 		58 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://ww25.nortkon.com/js/parking.2.72.5.js
Requested by
Host: ww25.nortkon.com
URL: http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c
Protocol
HTTP/1.1
Server
199.59.243.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
0a4974b2b0f4039529e5fd1dd0c45ac81727c9542cd3315c55b05c2feda85bb4

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 12 Nov 2021 11:50:21 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 Oct 2021 20:42:08 GMT
Server
openresty
Transfer-Encoding
chunked
Content-Type
application/javascript; charset=utf-8
Cache-Control
no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Expires
Thu, 01 Jan 1970 00:00:01 GMT
_fd
ww25.nortkon.com/ 		6 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
http://ww25.nortkon.com/_fd?subid1=20211112-2250-21ea-b589-1601da63e46c
Requested by
Host: ww25.nortkon.com
URL: http://ww25.nortkon.com/js/parking.2.72.5.js
Protocol
HTTP/1.1
Server
199.59.243.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
e9189d2a64a50b021460caac8eb633dc25a30fe02babdb7eb7b8324e3cb8450a

Request headers

Accept
application/json
Referer
http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
application/json

Response headers

X-Version
2.72.5
Date
Fri, 12 Nov 2021 11:50:21 GMT
Content-Encoding
gzip
Server
openresty
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Pragma
no-cache
Cache-Control
no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Expires
Thu, 01 Jan 1970 00:00:01 GMT
caf.js
www.google.com/adsense/domains/ 		145 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/adsense/domains/caf.js
Requested by
Host: ww25.nortkon.com
URL: http://ww25.nortkon.com/js/parking.2.72.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
327e69c673ede76eceb454c73068ce55b2ba85da7a38ad084a7f12358a94e2e6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
http://ww25.nortkon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 12 Nov 2021 11:50:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
clear
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
etag
"1427309844491145555"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
expires
Fri, 12 Nov 2021 11:50:21 GMT
px.gif
ww25.nortkon.com/ 		42 B
421 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ww25.nortkon.com/px.gif?ch=1&rn=10.05098491368048
Requested by
Host: ww25.nortkon.com
URL: http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c
Protocol
HTTP/1.1
Server
199.59.243.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 12 Nov 2021 11:50:21 GMT
Last-Modified
Wed, 15 Sep 2021 19:38:30 GMT
Server
openresty
Content-Type
image/gif
Cache-Control
no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:01 GMT
px.gif
ww25.nortkon.com/ 		42 B
421 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://ww25.nortkon.com/px.gif?ch=2&rn=10.05098491368048
Requested by
Host: ww25.nortkon.com
URL: http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c
Protocol
HTTP/1.1
Server
199.59.243.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 12 Nov 2021 11:50:21 GMT
Last-Modified
Wed, 15 Sep 2021 19:38:30 GMT
Server
openresty
Content-Type
image/gif
Cache-Control
no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:01 GMT
ads
www.google.com/afs/ Frame 3A75 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/afs/ads?adtest=off&channel=pid-bodis-gcontrol252%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol311%2Cpid-bodis-gcontrol152&hl=en&pcsa=false&client=dp-bodis31_3ph&r=m&psid=4572869586&type=3&max_radlink_len=60&swp=as-drid-2835951744608698&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300769%2C17300771%2C17300842%2C17300863%2C17300866&format=r3&nocache=1091636717821596&num=0&output=afd_ads&domain_name=ww25.nortkon.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1636717821596&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1584&psh=77&frm=0&uio=-&cont=rs&inames=master-1&jsv=11498&rurl=http%3A%2F%2Fww25.nortkon.com%2F%3Fsubid1%3D20211112-2250-21ea-b589-1601da63e46c
Requested by
Host: www.google.com
URL: https://www.google.com/adsense/domains/caf.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
gws /
Resource Hash
0e2c189e5344ed384327700087fbeeb02557bc25739f66234cbcf7b5cbbb9442
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
http://ww25.nortkon.com/

Response headers

content-type
text/html; charset=UTF-8
content-disposition
inline
date
Fri, 12 Nov 2021 11:50:21 GMT
expires
Fri, 12 Nov 2021 11:50:21 GMT
cache-control
private, max-age=3600
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
content-encoding
br
server
gws
content-length
1905
x-xss-protection
0
alt-svc
clear
caf.js
www.google.com/adsense/domains/ Frame 3A75 		145 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/adsense/domains/caf.js
Requested by
Host: www.google.com
URL: https://www.google.com/afs/ads?adtest=off&channel=pid-bodis-gcontrol252%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol311%2Cpid-bodis-gcontrol152&hl=en&pcsa=false&client=dp-bodis31_3ph&r=m&psid=4572869586&type=3&max_radlink_len=60&swp=as-drid-2835951744608698&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300769%2C17300771%2C17300842%2C17300863%2C17300866&format=r3&nocache=1091636717821596&num=0&output=afd_ads&domain_name=ww25.nortkon.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1636717821596&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1584&psh=77&frm=0&uio=-&cont=rs&inames=master-1&jsv=11498&rurl=http%3A%2F%2Fww25.nortkon.com%2F%3Fsubid1%3D20211112-2250-21ea-b589-1601da63e46c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
dc9bbc234701521aef82ebef9fb1df14a8707d3e33bb133c13e5fd3b84e06bc0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 12 Nov 2021 11:50:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/ads-afs-ui
cross-origin-resource-policy
cross-origin
alt-svc
clear
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="ads-afs-ui"
etag
"10999900373392156611"
vary
Accept-Encoding
report-to
{"group":"ads-afs-ui","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-afs-ui"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
accept-ranges
bytes
expires
Fri, 12 Nov 2021 11:50:21 GMT
search.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame 3A75 		391 B
451 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23081126
Requested by
Host: www.google.com
URL: https://www.google.com/afs/ads?adtest=off&channel=pid-bodis-gcontrol252%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol311%2Cpid-bodis-gcontrol152&hl=en&pcsa=false&client=dp-bodis31_3ph&r=m&psid=4572869586&type=3&max_radlink_len=60&swp=as-drid-2835951744608698&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300769%2C17300771%2C17300842%2C17300863%2C17300866&format=r3&nocache=1091636717821596&num=0&output=afd_ads&domain_name=ww25.nortkon.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1636717821596&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1584&psh=77&frm=0&uio=-&cont=rs&inames=master-1&jsv=11498&rurl=http%3A%2F%2Fww25.nortkon.com%2F%3Fsubid1%3D20211112-2250-21ea-b589-1601da63e46c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
243f452f9659bfa32f82cc9d485f7a88050a395b121ad2a7271260f8687db6d8
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-encoding
gzip
x-content-type-options
nosniff
age
31345
alt-svc
clear
content-length
272
x-xss-protection
0
last-modified
Thu, 19 Dec 2019 14:15:00 GMT
server
sffe
date
Fri, 12 Nov 2021 03:07:56 GMT
vary
Accept-Encoding
report-to
{"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-type
image/svg+xml
cache-control
public, max-age=82800
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="afs-native-asset-managers"
expires
Sat, 13 Nov 2021 02:07:56 GMT
chevron.svg
afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/ Frame 3A75 		200 B
668 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff
Requested by
Host: www.google.com
URL: https://www.google.com/afs/ads?adtest=off&channel=pid-bodis-gcontrol252%2Cpid-bodis-gcontrol97%2Cpid-bodis-gcontrol311%2Cpid-bodis-gcontrol152&hl=en&pcsa=false&client=dp-bodis31_3ph&r=m&psid=4572869586&type=3&max_radlink_len=60&swp=as-drid-2835951744608698&uiopt=false&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300769%2C17300771%2C17300842%2C17300863%2C17300866&format=r3&nocache=1091636717821596&num=0&output=afd_ads&domain_name=ww25.nortkon.com&v=3&bsl=8&pac=0&u_his=3&u_tz=0&dt=1636717821596&u_w=1600&u_h=1200&biw=1600&bih=1200&psw=1584&psh=77&frm=0&uio=-&cont=rs&inames=master-1&jsv=11498&rurl=http%3A%2F%2Fww25.nortkon.com%2F%3Fsubid1%3D20211112-2250-21ea-b589-1601da63e46c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/afs-native-asset-managers
content-encoding
gzip
x-content-type-options
nosniff
age
19561
alt-svc
clear
content-length
174
x-xss-protection
0
last-modified
Thu, 22 Oct 2020 21:45:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="afs-native-asset-managers"
date
Fri, 12 Nov 2021 06:24:20 GMT
vary
Accept-Encoding
report-to
{"group":"afs-native-asset-managers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/afs-native-asset-managers"}]}
content-type
image/svg+xml
cache-control
public, max-age=82800
accept-ranges
bytes
expires
Sat, 13 Nov 2021 05:24:20 GMT
arrows-bg-single.png
parking.bodiscdn.com/parking/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://parking.bodiscdn.com/parking/arrows-bg-single.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3108::ac42:28c7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8436c93cfe365821cf9ec9d10320c9abb9862f4292a10e6c6fe75c15f5316b68

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
http://ww25.nortkon.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

date
Fri, 12 Nov 2021 11:50:21 GMT
cf-cache-status
HIT
age
2316
cf-polished
origFmt=png, origSize=3365
cf-ray
6acf8ad35d11ca57-YUL
content-disposition
inline; filename="arrows-bg-single.webp"
content-length
2740
x-amz-id-2
3y46c7uiI3TUgbdsM8xcQtGxn62QCY2+cj9jOCArIZeGdwN3sQIe+FB5XnTWSWcSdtcsfTSm/Gg=
last-modified
Fri, 13 Aug 2021 17:44:53 GMT
server
cloudflare
etag
"be0ad31eeb486cdcc271ce6ebab43d97"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept
x-amz-request-id
EG8YGHCFW7K4KB1V
cache-control
max-age=14400
accept-ranges
bytes
content-type
image/webp
cf-bgj
imgq:100,h2pri
_tr
ww25.nortkon.com/ 		2 B
0 		Fetch
General
Check archive.org
Download Go to
Full URL
http://ww25.nortkon.com/_tr
Requested by
Host: ww25.nortkon.com
URL: http://ww25.nortkon.com/js/parking.2.72.5.js
Protocol
HTTP/1.1
Server
199.59.243.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
openresty /
Resource Hash

Request headers

Accept
application/json
Referer
http://ww25.nortkon.com/?subid1=20211112-2250-21ea-b589-1601da63e46c
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
application/json

Response headers

X-Version
2.72.5
Date
Fri, 12 Nov 2021 11:50:21 GMT
Content-Encoding
gzip
Server
openresty
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
Pragma
no-cache
Cache-Control
no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Connection
keep-alive
Expires
Thu, 01 Jan 1970 00:00:01 GMT

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler string| park object| regeneratorRuntime function| setImmediate function| clearImmediate number| googleNDT_ number| googleAltLoader object| google

10 Cookies

Domain/Path Name / Value
btpnative.com/ Name: WLRlwEZdKMIzfgp
Value: WLRlwEZdKMIzfgp
.mybetterdl.com/ Name: rhid
Value: 80087548794
.mybetterdl.com/ Name: loi
Value: ad_1082681_off_530710_aff_11454_cid_274639-435875027-WEBJUMP.COM_ts_1636717819
.clkmg.com/ Name: vid
Value: 676468135
.clkmg.com/ Name: alc
Value: 2
.clkmg.com/ Name: lids
Value: 1220924-139738+
nortkon.com/ Name: __tad
Value: 1636717821.8688713
ww25.nortkon.com/ Name: parking_session
Value: ab02c599-4bb2-add9-3a8b-16acbc0241b8
.google.com/ Name: 1P_JAR
Value: 2021-11-12-11
.google.com/ Name: NID
Value: 511=Rh4B1vU2VHyUWsox60RBqPjzpS34q56b_lC28jTnnuyxkZDckXvJzkulqGxj0yUrBTrP5P2kvRflRUOy9b1cWQKUdiMXPs2SQviSIlf9xlnbe5Y4Gexc5_Ua8AhseWy-nW5fgqIb6dxPhoVWGiELOEgqUVgUu7YGoGzDBM1692M