www.sultanmarked.no Open in urlscan Pro
172.67.199.174 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.sultanmarked.no/Pay/spotfiy/
Effective URL:
https://www.sultanmarked.no/Pay/spotfiy/verification/
Submission: On June 20 via manual (June 20th 2022, 2:50:18 pm UTC) from DE — Scanned from NO

Summary HTTP 15 Redirects Behaviour Indicators

Summary

This website contacted 8 IPs in 3 countries across 10 domains to perform 15 HTTP transactions. The main IP is 172.67.199.174, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.sultanmarked.no.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 5th 2022. Valid for: a year.

This is the only time www.sultanmarked.no was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Spotify (Online)

Domain & IP information

	IP Address	AS Autonomous System
1 6	172.67.199.174 172.67.199.174	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	69.16.175.10 69.16.175.10	20446 (STACKPATH...) (STACKPATH-CDN)
1	104.17.25.14 104.17.25.14	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.47.230 104.18.47.230	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	142.250.179.170 142.250.179.170	15169 (GOOGLE) (GOOGLE)
2	151.101.62.248 151.101.62.248	54113 (FASTLY) (FASTLY)
1 1	142.250.185.162 142.250.185.162	15169 (GOOGLE) (GOOGLE)
2 2	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2 2	142.250.185.164 142.250.185.164	15169 (GOOGLE) (GOOGLE)
2	216.58.212.163 216.58.212.163	15169 (GOOGLE) (GOOGLE)
15	8

6 172.67.199.174 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

www.sultanmarked.no	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.16.175.10 (United States)

ASN20446 (STACKPATH-CDN, US)
PTR: tlb.hwcdn.net

code.jquery.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.47.230 (None, )

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.179.170 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s41-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.62.248 (London, United Kingdom)

ASN54113 (FASTLY, US)

accounts.scdn.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.162 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.130 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.164 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.163 (United States)

ASN15169 (GOOGLE, US)
PTR: ams15s22-in-f3.1e100.net

www.google.no	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
6	sultanmarked.no 1 redirects www.sultanmarked.no	60 KB
3	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67	187 KB
2	google.no www.google.no — Cisco Umbrella Rank: 21350
2	google.com 2 redirects www.google.com — Cisco Umbrella Rank: 9	1 KB
2	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 55	1 KB
2	scdn.co accounts.scdn.co — Cisco Umbrella Rank: 44216	139 KB
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 133	729 B
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1332	5 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 246	6 KB
1	jquery.com code.jquery.com — Cisco Umbrella Rank: 686	30 KB
15	10

	Domain	Requested by
6	www.sultanmarked.no	1 redirects www.sultanmarked.no static.cloudflareinsights.com
3	fonts.googleapis.com	www.sultanmarked.no
2	www.google.no
2	www.google.com	2 redirects
2	googleads.g.doubleclick.net	2 redirects
2	accounts.scdn.co	www.sultanmarked.no
1	www.googleadservices.com	1 redirects
1	static.cloudflareinsights.com	www.sultanmarked.no
1	cdnjs.cloudflare.com	www.sultanmarked.no
1	code.jquery.com	www.sultanmarked.no
15	10

This site contains no links.

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-05` - `2023-06-04`	a year	crt.sh
*.jquery.com Sectigo RSA Domain Validation Secure Server CA	`2021-07-14` - `2022-08-14`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-05-30` - `2022-08-22`	3 months	crt.sh
*.scdn.co DigiCert TLS RSA SHA256 2020 CA1	`2021-08-06` - `2022-09-02`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.sultanmarked.no/Pay/spotfiy/verification/
Frame ID: 8071EB1740D6FC4DE88386000DCFE361
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Account overview - Spotify

Page URL History Show full URLs

https://www.sultanmarked.no/Pay/spotfiy/ HTTP 302
https://www.sultanmarked.no/Pay/spotfiy/verification/ Page URL

Detected technologies

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

87 %
HTTPS

0 %
IPv6

10
Domains

10
Subdomains

8
IPs

3
Countries

427 kB
Transfer

1261 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.sultanmarked.no/Pay/spotfiy/ HTTP 302
https://www.sultanmarked.no/Pay/spotfiy/verification/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12

https://www.googleadservices.com/pagead/conversion/832-215-0454/?guid=ON&random=1655736951259&fst=1655736589453&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy%2Fverification%2F&tiba=Account+overview+-+Spotify&u_tz=0&u_his=10&ig=1&label=null HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/832-215-0454/?guid=ON&random=331351737&fst=1655736589453&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy%2Fverification%2F&tiba=Account+overview+-+Spotify&u_tz=0&u_his=10&ig=1&label=null&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=DYmwYoiOKe-G9fgP9u60mAU&sscte=1&crd= HTTP 302
https://www.google.com/pagead/1p-conversion/832-215-0454/?guid=ON&random=331351737&fst=1655736589453&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy%2Fverification%2F&tiba=Account+overview+-+Spotify&u_tz=0&u_his=10&ig=1&label=null&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=DYmwYoiOKe-G9fgP9u60mAU&random=3478631669 HTTP 302
https://www.google.no/pagead/1p-conversion/832-215-0454/?guid=ON&random=331351737&fst=1655736589453&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy%2Fverification%2F&tiba=Account+overview+-+Spotify&u_tz=0&u_his=10&ig=1&label=null&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=DYmwYoiOKe-G9fgP9u60mAU&random=3478631669&ipr=y&prhg=0

Request Chain 13

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/832-215-0454/?guid=ON&random=1655736951259&fst=1655736589453&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy%2Fverification%2F&tiba=Account+overview+-+Spotify&u_tz=0&u_his=10&ig=1&label=null HTTP 302
https://www.google.com/pagead/1p-user-list/832-215-0454/?guid=ON&random=1655736951259&fst=1655733600000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy%2Fverification%2F&tiba=Account+overview+-+Spotify&u_tz=0&u_his=10&label=null&is_vtc=1&random=447786409 HTTP 302
https://www.google.no/pagead/1p-user-list/832-215-0454/?guid=ON&random=1655736951259&fst=1655733600000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy%2Fverification%2F&tiba=Account+overview+-+Spotify&u_tz=0&u_his=10&label=null&is_vtc=1&random=447786409&ipr=y

15 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.sultanmarked.no/Pay/spotfiy/verification/
Redirect Chain

https://www.sultanmarked.no/Pay/spotfiy/
https://www.sultanmarked.no/Pay/spotfiy/verification/

4 KB
2 KB

268ms
267ms

Document
text/html

172.67.199.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sultanmarked.no/Pay/spotfiy/verification/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.199.174 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4648eba58294e5f86512a47196d0d0a6ecd1f99ef0ed7efa94f85d18064e3c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language: no-NO,no;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 71e5502a0a5d0b02-OSL
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 20 Jun 2022 14:49:48 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 19 Nov 1981 08:52:00 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lPmkdqMoQRuiRT1AKK62ICnqqTuaJJPhPAxlrAq7CAAQiyQJyXBeVMO%2FC%2BeHwS5PpKn31dafpzmwzgk%2FK9dmsllA8unYhsGn%2FKMO7T8T8sryOrUVmVO42oVD4QEPbZTY6dYtGVjh"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15768000
vary: Accept-Encoding,Accept-Encoding
x-turbo-charged-by: LiteSpeed

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, no-store, must-revalidate, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 71e5502828300b02-OSL
content-type: text/html; charset=UTF-8
date: Mon, 20 Jun 2022 14:49:47 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Thu, 19 Nov 1981 08:52:00 GMT
location: ./verification/
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7bjHFeYHMTHnBk7CxaiJB%2BXTlNOZwrq6KsiHZO3MFB4SVg5FhAc4KhFXXzdQthWRaSSDEq%2FxYXpBcKBQqmeWKslzqD49MxgYkKYqYzIbSPTxrcPYucKcvrcCQ9m2lh6F8H%2BpLjt0"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15768000
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed

GET
H2 200 index.b48f2b8327399f826bfd.css
www.sultanmarked.no/Pay/spotfiy/verification/file/ 296 KB
50 KB 144ms
143ms Stylesheet
text/css 172.67.199.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sultanmarked.no/Pay/spotfiy/verification/file/index.b48f2b8327399f826bfd.css

Requested by

Host: www.sultanmarked.no
URL: https://www.sultanmarked.no/Pay/spotfiy/verification/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.199.174 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7337a005d1a4682d43a4ca3d5137b11b8282724911555d786d1456e66af4d18d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.sultanmarked.no/Pay/spotfiy/verification/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 14:49:48 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15768000
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Mon, 20 Jun 2022 11:24:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding,Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iuGo%2B698PSxGVj91bb8uuYQrup9fWAp2vJJPKeCzM03wzjSk%2BQFMsbkudwJFBLrGiWR8VvXSnrLGpidZ2SGuqbnpG8GeuRhxkPJS%2BdWIbGTb5EOhXucUngG3VO%2FB4jKXc8NLZq3j"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=UTF-8
cf-bgj: minify
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
cf-ray: 71e5502bcd1c0b02-OSL
expires: Tue, 20 Jun 2023 11:24:56 GMT

GET
H2 200 x.png
www.sultanmarked.no/Pay/spotfiy/verification/file/ 5 KB
5 KB 91ms
90ms Image
image/png 172.67.199.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sultanmarked.no/Pay/spotfiy/verification/file/x.png

Requested by

Host: www.sultanmarked.no
URL: https://www.sultanmarked.no/Pay/spotfiy/verification/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.199.174 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82ef74ccf02ada06c74cf0fa8a1f57f69ad9f589c51504fa839494b0456e020d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.sultanmarked.no/Pay/spotfiy/verification/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 14:49:48 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4789
last-modified: Mon, 20 Jun 2022 11:24:12 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15768000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EC7kqpIcTCSGQURIMU5RNvEOi8Oof1%2FNBZFMTn5NhdYNol9u%2BoIZwcwPv%2BL4B%2FLbHiNV9lVmGJlkdOCTITBeDsTGeEGB3DpqT7OUtoNd43S5HK4iqktqg%2FTHmGVFHh9YOmh9HCAy"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: public, max-age=31536000
x-turbo-charged-by: LiteSpeed
accept-ranges: bytes
cf-ray: 71e5502bcd1d0b02-OSL
expires: Tue, 18 Oct 2022 11:24:56 GMT

GET
H2 200 jquery-3.6.0.min.js Show response
code.jquery.com/ 87 KB
30 KB 450ms
49ms Script
application/javascript 69.16.175.10
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://code.jquery.com/jquery-3.6.0.min.js
Requested by: Host: www.sultanmarked.no
URL: https://www.sultanmarked.no/Pay/spotfiy/verification/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 69.16.175.10 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS: tlb.hwcdn.net
Software: nginx /
Resource Hash: ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.sultanmarked.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 14:49:48 GMT
content-encoding: gzip
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
server: nginx
etag: W/"28feccc0-15d9d"
vary: Accept-Encoding
x-hw: 1655736588.dop219.sk1.t,1655736588.cds251.sk1.hn,1655736588.cds221.sk1.c
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=315360000, public
accept-ranges: bytes
content-length: 30875

GET
H2 200 jquery.mask.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/ 23 KB
6 KB 433ms
49ms Script
application/javascript 104.17.25.14
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery.mask/1.14.16/jquery.mask.js

Requested by

Host: www.sultanmarked.no
URL: https://www.sultanmarked.no/Pay/spotfiy/verification/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.sultanmarked.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 14:49:48 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1182458
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 4957
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:11:47 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03ec3-5a89"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CDfKcUhqcXsXbEex32RzkQpTaCKaNFHENnkdXCdBm46J%2FN3rzOROczOLEZQNQLPvvMG3XoHktMCkLF0oFkOtl3AMdM1N1nFJSR5JQClHI5Sg%2BmkzbfSdFRL%2BnBLvirUjgWma0CnN"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 71e5502f1eb7b50b-OSL
expires: Sat, 10 Jun 2023 14:49:48 GMT

GET
H2 200 v652eace1692a40cfa3763df669d7439c1639079717194 Show response
static.cloudflareinsights.com/beacon.min.js/ 14 KB
5 KB 453ms
67ms Script
text/javascript 104.18.47.230
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194
Requested by: Host: www.sultanmarked.no
URL: https://www.sultanmarked.no/Pay/spotfiy/verification/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.47.230 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505

Request headers

Referer: https://www.sultanmarked.no/
Origin: https://www.sultanmarked.no
accept-language: no-NO,no;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 14:49:49 GMT
content-encoding: gzip
last-modified: Thu, 09 Dec 2021 19:55:17 GMT
server: cloudflare
etag: W/2021.12.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 71e550339f02b515-OSL

GET
H2 200 css2
fonts.googleapis.com/ 10 KB
1 KB 513ms
74ms Stylesheet
text/css 142.250.179.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Noto+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap

Requested by

Host: www.sultanmarked.no
URL: https://www.sultanmarked.no/Pay/spotfiy/verification/file/index.b48f2b8327399f826bfd.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.179.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s41-in-f10.1e100.net

Software

ESF /

Resource Hash

87b5d080acabc2fdbe4bb8cb95c3dcbd1b82b9e0d776f5f089b8454cc4af7f96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.sultanmarked.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 20 Jun 2022 14:36:52 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 20 Jun 2022 14:49:48 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Jun 2022 14:49:48 GMT

GET
H2 200 css2
fonts.googleapis.com/ 441 KB
120 KB 521ms
82ms Stylesheet
text/css 142.250.179.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Noto+Sans+JP:wght@400;700&family=Noto+Sans+SC:wght@400;700&display=swap

Requested by

Host: www.sultanmarked.no
URL: https://www.sultanmarked.no/Pay/spotfiy/verification/file/index.b48f2b8327399f826bfd.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.179.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s41-in-f10.1e100.net

Software

ESF /

Resource Hash

1afcfdfa5e2aa750d09b333388b636f6529d37e08ef279e7ae947590e436c617

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.sultanmarked.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 20 Jun 2022 14:49:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 20 Jun 2022 14:49:48 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Jun 2022 14:49:48 GMT

GET
H2 200 css2
fonts.googleapis.com/ 234 KB
65 KB 572ms
133ms Stylesheet
text/css 142.250.179.170
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Noto+Sans+TC:wght@400;700&display=swap

Requested by

Host: www.sultanmarked.no
URL: https://www.sultanmarked.no/Pay/spotfiy/verification/file/index.b48f2b8327399f826bfd.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.179.170 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s41-in-f10.1e100.net

Software

ESF /

Resource Hash

f4324875926c2de99a93c8da643403b868d0a7779a9a4a74ddd7c0844617f834

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.sultanmarked.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Mon, 20 Jun 2022 14:49:48 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Mon, 20 Jun 2022 14:49:48 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Mon, 20 Jun 2022 14:49:48 GMT

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f771fe217119432dbcdb59fe3d3ac37547eadd1a118d1646011d1d7ba7e053bf

Request headers

accept-language: no-NO,no;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK CircularSpUIv3T-Book.6ff898ba447ac00bc6e457d25bcb0be8.woff2
accounts.scdn.co/sso/fonts/ 67 KB
68 KB 526ms
65ms Font
font/woff2 151.101.62.248
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.scdn.co/sso/fonts/CircularSpUIv3T-Book.6ff898ba447ac00bc6e457d25bcb0be8.woff2
Requested by: Host: www.sultanmarked.no
URL: https://www.sultanmarked.no/Pay/spotfiy/verification/file/index.b48f2b8327399f826bfd.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.62.248 London, United Kingdom, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47

Request headers

Referer: https://www.sultanmarked.no/
Origin: https://www.sultanmarked.no
accept-language: no-NO,no;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Mon, 20 Jun 2022 14:49:49 GMT
Last-Modified: Wed, 26 Jan 2022 15:28:21 GMT
Age: 3563650
x-amz-meta-goog-reserved-file-mtime: 1643210422
ETag: "6ff898ba447ac00bc6e457d25bcb0be8"
X-Served-By: cache-ord1724-ORD, cache-lhr7350-LHR
X-Cache: HIT, HIT
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 68852
X-Cache-Hits: 1, 1

GET
H/1.1 200
OK CircularSpUIv3T-Bold.c147cc237b8b07e0a8875dfbbe857b29.woff2
accounts.scdn.co/sso/fonts/ 71 KB
72 KB 524ms
63ms Font
font/woff2 151.101.62.248
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://accounts.scdn.co/sso/fonts/CircularSpUIv3T-Bold.c147cc237b8b07e0a8875dfbbe857b29.woff2
Requested by: Host: www.sultanmarked.no
URL: https://www.sultanmarked.no/Pay/spotfiy/verification/file/index.b48f2b8327399f826bfd.css
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.62.248 London, United Kingdom, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda

Request headers

Referer: https://www.sultanmarked.no/
Origin: https://www.sultanmarked.no
accept-language: no-NO,no;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

Date: Mon, 20 Jun 2022 14:49:49 GMT
Last-Modified: Wed, 26 Jan 2022 15:28:20 GMT
Age: 2342183
x-amz-meta-goog-reserved-file-mtime: 1643210422
ETag: "c147cc237b8b07e0a8875dfbbe857b29"
X-Served-By: cache-ord1720-ORD, cache-lhr7359-LHR
X-Cache: HIT, HIT
Content-Type: font/woff2
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000, no-transform
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 72840
X-Cache-Hits: 1, 1

GET
H2 200 s.js Show response
www.sultanmarked.no/cdn-cgi/zaraz/ 5 KB
2 KB 52ms
52ms Script
text/javascript 172.67.199.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sultanmarked.no/cdn-cgi/zaraz/s.js?z=JTdCJTIyZXhlY3V0ZWQlMjIlM0ElNUIlNUQlMkMlMjJ0JTIyJTNBJTIyQWNjb3VudCUyMG92ZXJ2aWV3JTIwLSUyMFNwb3RpZnklMjIlMkMlMjJ4JTIyJTNBMC4yODIwMjU3MDE2NzQ0MTQxJTJDJTIydyUyMiUzQTE2MDAlMkMlMjJoJTIyJTNBMTIwMCUyQyUyMmolMjIlM0ExMjAwJTJDJTIyZSUyMiUzQTE2MDAlMkMlMjJsJTIyJTNBJTIyaHR0cHMlM0ElMkYlMkZ3d3cuc3VsdGFubWFya2VkLm5vJTJGUGF5JTJGc3BvdGZpeSUyRnZlcmlmaWNhdGlvbiUyRiUyMiUyQyUyMnIlMjIlM0ElMjIlMjIlMkMlMjJrJTIyJTNBMjQlMkMlMjJuJTIyJTNBJTIyVVRGLTglMjIlMkMlMjJvJTIyJTNBMCUyQyUyMnElMjIlM0ElNUIlNUQlN0Q=
Requested by: Host: www.sultanmarked.no
URL: https://www.sultanmarked.no/Pay/spotfiy/verification/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.67.199.174 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7432b8116f34f5099506f221b7f9a4eda6802d6880c23d5ff425ce7f60d16d0c

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.sultanmarked.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

date: Mon, 20 Jun 2022 14:49:49 GMT
content-encoding: br
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Origin, Accept-Encoding
access-control-allow-methods: GET, HEAD, POST, OPTIONS
content-type: text/javascript
access-control-allow-origin: https://www.sultanmarked.no
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ptziU2hFo3VnCKZwXfG0sZc8qQlMXt18tDua6mIPJVcQE7oit1qLScfrJaaGrSCXBc1nf465W1AUg1OleXuxFNepUWOkVkD%2BRKFX1q0xvIhT9KBqRtWVhmzwxuelRfOVjlhw78t"}],"group":"cf-nel","max_age":604800}
access-control-max-age: 600
access-control-allow-credentials: true
cf-ray: 71e550340f6f0b02-OSL
access-control-allow-headers: Content-Type, Set-Cookie, Cache-Control
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H2

200

/
www.google.no/pagead/1p-conversion/832-215-0454/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/832-215-0454/?guid=ON&random=1655736951259&fst=1655736589453&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2...
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/832-215-0454/?guid=ON&random=331351737&fst=1655736589453&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked....
https://www.google.com/pagead/1p-conversion/832-215-0454/?guid=ON&random=331351737&fst=1655736589453&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy%2F...
https://www.google.no/pagead/1p-conversion/832-215-0454/?guid=ON&random=331351737&fst=1655736589453&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy%2Fv...

42 B
0

568ms
94ms

Fetch
image/gif

216.58.212.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.no/pagead/1p-conversion/832-215-0454/?guid=ON&random=331351737&fst=1655736589453&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy%2Fverification%2F&tiba=Account+overview+-+Spotify&u_tz=0&u_his=10&ig=1&label=null&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=DYmwYoiOKe-G9fgP9u60mAU&random=3478631669&ipr=y&prhg=0

Protocol

Server

216.58.212.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f3.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.sultanmarked.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 14:49:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 20 Jun 2022 14:49:50 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.no/pagead/1p-conversion/832-215-0454/?guid=ON&random=331351737&fst=1655736589453&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy%2Fverification%2F&tiba=Account+overview+-+Spotify&u_tz=0&u_his=10&ig=1&label=null&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=DYmwYoiOKe-G9fgP9u60mAU&random=3478631669&ipr=y&prhg=0
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
www.google.no/pagead/1p-user-list/832-215-0454/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/832-215-0454/?guid=ON&random=1655736951259&fst=1655736589453&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmar...
https://www.google.com/pagead/1p-user-list/832-215-0454/?guid=ON&random=1655736951259&fst=1655733600000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy...
https://www.google.no/pagead/1p-user-list/832-215-0454/?guid=ON&random=1655736951259&fst=1655733600000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy%...

42 B
0

566ms
92ms

Fetch
image/gif

216.58.212.163
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.no/pagead/1p-user-list/832-215-0454/?guid=ON&random=1655736951259&fst=1655733600000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy%2Fverification%2F&tiba=Account+overview+-+Spotify&u_tz=0&u_his=10&label=null&is_vtc=1&random=447786409&ipr=y

Protocol

Server

216.58.212.163 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ams15s22-in-f3.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: no-NO,no;q=0.9
Referer: https://www.sultanmarked.no/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 20 Jun 2022 14:49:51 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 20 Jun 2022 14:49:50 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type: image/gif
location: https://www.google.no/pagead/1p-user-list/832-215-0454/?guid=ON&random=1655736951259&fst=1655733600000&cv=9&sendb=1&num=1&u_cd=24&u_java=false&url=https%3A%2F%2Fwww.sultanmarked.no%2FPay%2Fspotfiy%2Fverification%2F&tiba=Account+overview+-+Spotify&u_tz=0&u_his=10&label=null&is_vtc=1&random=447786409&ipr=y
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 rum Show response
www.sultanmarked.no/cdn-cgi/ 0
154 B 43ms
42ms XHR
text/plain 172.67.199.174
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sultanmarked.no/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.67.199.174 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.sultanmarked.no/Pay/spotfiy/verification/
accept-language: no-NO,no;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
content-type: application/json

Response headers

date: Mon, 20 Jun 2022 14:49:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: POST,OPTIONS
content-type: text/plain
access-control-allow-origin: https://www.sultanmarked.no
access-control-max-age: 86400
access-control-allow-credentials: true
cf-ray: 71e5503538a10b02-OSL
vary: Origin

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Spotify (Online)

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.sultanmarked.no/	1969-12-31 23:59:59	Name: PHPSESSID Value: be2d8dc54ee4e40aa19bfd54491be45a
.sultanmarked.no/	1970-01-22 13:11:59	Name: _fbp Value: fb.2.1655736589453.2083821092
.doubleclick.net/	1970-01-20 03:55:37	Name: test_cookie Value: CheckForPermission

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15768000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.scdn.co
cdnjs.cloudflare.com
code.jquery.com
fonts.googleapis.com
googleads.g.doubleclick.net
static.cloudflareinsights.com
www.google.com
www.google.no
www.googleadservices.com
www.sultanmarked.no
104.17.25.14
104.18.47.230
142.250.179.170
142.250.185.130
142.250.185.162
142.250.185.164
151.101.62.248
172.67.199.174
216.58.212.163
69.16.175.10
1afcfdfa5e2aa750d09b333388b636f6529d37e08ef279e7ae947590e436c617
1e9022d2e68559c3306657470dc8b02a28508564a67a45d70012205aca3eba47
7337a005d1a4682d43a4ca3d5137b11b8282724911555d786d1456e66af4d18d
7432b8116f34f5099506f221b7f9a4eda6802d6880c23d5ff425ce7f60d16d0c
82ef74ccf02ada06c74cf0fa8a1f57f69ad9f589c51504fa839494b0456e020d
87b5d080acabc2fdbe4bb8cb95c3dcbd1b82b9e0d776f5f089b8454cc4af7f96
897cda707d438f8d6b6b92cfcb2c1fd2035ff59f5f0c5b9943d2f04d411f7fda
c84e4b2e9e47490ff3fa125e0aa933f617633649358da8861b4b430ab6ae9a70
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4324875926c2de99a93c8da643403b868d0a7779a9a4a74ddd7c0844617f834
f4648eba58294e5f86512a47196d0d0a6ecd1f99ef0ed7efa94f85d18064e3c3
f771fe217119432dbcdb59fe3d3ac37547eadd1a118d1646011d1d7ba7e053bf
fd0a1ac929c11b08e819fe4b0a18c5574012c44f09de8987c6be99a0f055a505
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

www.sultanmarked.no Open in urlscan Pro 172.67.199.174 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

87 %HTTPS

0 %IPv6

10 Domains

10 Subdomains

8 IPs

3 Countries

427 kBTransfer

1261 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

15 JavaScript Global Variables

3 Cookies

Security Headers

Indicators

www.sultanmarked.no Open in urlscan Pro
172.67.199.174 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

87 %
HTTPS

0 %
IPv6

10
Domains

10
Subdomains

8
IPs

3
Countries

427 kB
Transfer

1261 kB
Size

3
Cookies

15 HTTP transactions
1 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!