gtoonfd.com/link?z=5450494&var=&ymid=7Ux4QzYyBuNPfdYhUsBfQB
139.45.197.239302 Found 0 B URL HTTP/1.1 gtoonfd.com/link?z=5450494&var=&ymid=7Ux4QzYyBuNPfdYhUsBfQB
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /link?z=5450494&var=&ymid=7Ux4QzYyBuNPfdYhUsBfQB HTTP/1.1
Host: gtoonfd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 24 Oct 2022 04:24:29 GMT
Content-Length: 0
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin:
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
X-Trace-Id: 6632e41de621a9ac7236c6af8bee7bc3
Link: <https://cdntechone.com>; rel="dns-prefetch preconnect"
Location: https://cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5450494&axcusid1=&clid={ymid}&r=http%3A%2F%2Fgtoonfd.com%2Flink%3Fz%3D5450494%26var%3D%26ymid%3D7Ux4QzYyBuNPfdYhUsBfQB%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=7402
Set-Cookie: OAID=2553019c61dd495fa966bae691792315; expires=Tue, 24 Oct 2023 04:24:29 GMT
oaidts=1666585469; expires=Tue, 24 Oct 2023 04:24:29 GMT
phpckd5450494=true; expires=Tue, 25 Oct 2022 04:24:29 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bdb8b66c705a7b996496d780f50c00b5
403ae92039fcc933870f51f913f78ccaf9652256
c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Alert, Content-Length, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 24 Oct 2022 03:52:56 GMT
Expires: Mon, 24 Oct 2022 04:22:28 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: cL6sJc-tAJTnyy21EZLsTPhFXhzsdp1HZvp4pOXC2zbfcKTrv4lxRQ==
Age: 1893
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c19f4a1def760c07cbc4aec1d0d6c050
6ad911a7c02f5e5fdd82fa86cae0453528d53a6d
750bba81910a4bbd78ab484ba03781a36459a0aec147d7c47424e9a9bf152b40
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "750BBA81910A4BBD78AB484BA03781A36459A0AEC147D7C47424E9A9BF152B40"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2523
Expires: Mon, 24 Oct 2022 05:06:33 GMT
Date: Mon, 24 Oct 2022 04:24:30 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash ae56efd62a0d9249d98573172eb8b28b
5ff4e9959be677ad76c26ca73f9ef4feb9fa2f28
82d9ee4948fce839f7edb1f8490c4213cded3912464a4169b0bf6a61278694bd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2570
Expires: Mon, 24 Oct 2022 05:07:20 GMT
Date: Mon, 24 Oct 2022 04:24:30 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: IHKr9Jl8S2rdQPxsw/kBLjv/Cz0T2rAyATWfi8gzviMjkc4FtqjYVok46W34Y4fCiRVE1uJlwdE=
x-amz-request-id: J706SEYQYPTHS5EQ
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 24 Oct 2022 04:08:22 GMT
age: 968
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 7a274a1f19e6361ddba48ce142095bcc
6d38708c43b309f19b44a65600a1c84e0e9c6342
3537273f59f100d1829b9b9c460e3a4f8c3f3363c3bdf8260709df49bab6fc6e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2556
Cache-Control: max-age=156278
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:30 GMT
Etag: "6355c8f8-118"
Expires: Tue, 25 Oct 2022 23:49:08 GMT
Last-Modified: Sun, 23 Oct 2022 23:06:32 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 24 Oct 2022 04:24:30 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 7a274a1f19e6361ddba48ce142095bcc
6d38708c43b309f19b44a65600a1c84e0e9c6342
3537273f59f100d1829b9b9c460e3a4f8c3f3363c3bdf8260709df49bab6fc6e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2556
Cache-Control: max-age=156278
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:30 GMT
Etag: "6355c8f8-118"
Expires: Tue, 25 Oct 2022 23:49:08 GMT
Last-Modified: Sun, 23 Oct 2022 23:06:32 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 280
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash ad0d16c5b38d268246921f1254bb7339
1fbc794df1dbb4d8d1e723130fae8695b6c16eb0
dcfabf263941ecea1bca3595dc697f184515ad8bd8debc80f506e781816be6af
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 24 Oct 2022 04:24:30 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 16:52:36 GMT
Expires: Thu, 27 Oct 2022 16:52:35 GMT
Etag: "1fbc794df1dbb4d8d1e723130fae8695b6c16eb0"
Cache-Control: max-age=303484,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75eff176f897fab4-OSL
datatechone.com/log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
37.48.68.71200 OK 2 B URL HTTP/1.1 datatechone.com/log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
File type ASCII text, with no line terminators
Hash 444bcb3a3fcf8389296c49467f27e1d6
7a85f4764bbd6daf1c3545efbbf0f279a6dc0beb
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=e7ddf874-40d2-43d7-b8fd-56541bff0853 HTTP/1.1
Host: datatechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1128
Origin: https://cdntechone.com
Connection: keep-alive
Referer: https://cdntechone.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 24 Oct 2022 04:24:30 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 2
Connection: keep-alive
Access-Control-Allow-Origin: https://cdntechone.com
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
gtoonfd.com/link?z=5450494&var=&ymid=7Ux4QzYyBuNPfdYhUsBfQB&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=7402
139.45.197.239200 OK 3.0 kB URL HTTP/1.1 gtoonfd.com/link?z=5450494&var=&ymid=7Ux4QzYyBuNPfdYhUsBfQB&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=7402
IP 139.45.197.239:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5406)
Hash 12420908e47612c36e8e30b37dc2de59
b8df7938bf96e63baf780b820bb301caca3098ed
bfedd078c1a5294f6130cf2286d1d6f78c8e8b978ddf768d85a72ae71132a98b
Analyzer Verdict Alert quad9 Sinkholed
GET /link?z=5450494&var=&ymid=7Ux4QzYyBuNPfdYhUsBfQB&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=7402 HTTP/1.1
Host: gtoonfd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: OAID=2553019c61dd495fa966bae691792315; oaidts=1666585469; phpckd5450494=true
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 24 Oct 2022 04:24:30 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: e42d7ec24f84cc3a13def8f4c7204c90
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=2553019c61dd495fa966bae691792315; expires=Tue, 24 Oct 2023 04:24:30 GMT; path=/
oaidts=1666585469; expires=Tue, 24 Oct 2023 04:24:30 GMT; path=/
allcnt=1; expires=Tue, 24 Oct 2023 04:24:30 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 24 Oct 2022 03:33:32 GMT
Expires: Mon, 24 Oct 2022 03:52:18 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 aa34a836095df9de9d246a53dd63f1d6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: q7Ocloc93qS5bwonXBAMF28Zc237SXPAhv0XY9OY2HP_ueCaQ1NG3w==
Age: 3058
gtoonfd.com/favicon.ico
139.45.197.239204 No Content 0 B IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /favicon.ico HTTP/1.1
Host: gtoonfd.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://gtoonfd.com/link?z=5450494&var=&ymid=7Ux4QzYyBuNPfdYhUsBfQB&acb=proxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=7402
Cookie: OAID=2553019c61dd495fa966bae691792315; oaidts=1666585469; phpckd5450494=true; allcnt=1
HTTP/1.1 204 No Content
Server: nginx
Date: Mon, 24 Oct 2022 04:24:30 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 60d5d7cce6c32a6bdaf0d4c92ec93a1a
cd29edee660366b41749cfd206bdc08fb421449c
fb90c4cc44b32e4ca4a7d1533bbf4a2fd5c482dda5d232f1be2334f3cefbbb0e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 707
Cache-Control: max-age=100440
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:30 GMT
Etag: "6354f613-1d7"
Expires: Tue, 25 Oct 2022 08:18:30 GMT
Last-Modified: Sun, 23 Oct 2022 08:06:43 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash a0599e5067cd89e17ce846b26bbd7009
9a505569f65e64258f707f6b991c97bfeece6d05
c922ca1b17506c5995aa0461360d8c08a0189e2bf0c8c48dbb2da23dc22bd2a1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 24 Oct 2022 04:24:31 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 18:25:22 GMT
Expires: Thu, 27 Oct 2022 18:25:21 GMT
Etag: "9a505569f65e64258f707f6b991c97bfeece6d05"
Cache-Control: max-age=309050,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75eff178b90afab4-OSL
my.rtmark.net/img.gif?f=merge&userId=2553019c61dd495fa966bae691792315
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=2553019c61dd495fa966bae691792315
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=merge&userId=2553019c61dd495fa966bae691792315 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://gtoonfd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 24 Oct 2022 04:24:31 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=2553019c61dd495fa966bae691792315; expires=Tue, 24 Oct 2023 04:24:31 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
whairtoa.com/?z=5450495&syncedCookie=true&rhd=false
139.45.197.238302 Found 0 B URL HTTP/1.1 whairtoa.com/?z=5450495&syncedCookie=true&rhd=false
IP 139.45.197.238:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /?z=5450495&syncedCookie=true&rhd=false HTTP/1.1
Host: whairtoa.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 585
Origin: http://gtoonfd.com
Connection: keep-alive
Referer: http://gtoonfd.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 24 Oct 2022 04:24:31 GMT
Content-Length: 0
Connection: keep-alive
X-Trace-Id: 7cf695a91ada219cc38d33020009090c
Link: <https://toapodazoay.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Referrer-Policy: no-referrer
Location: https://toapodazoay.com/?l=qCqekRDLtEBTXwP&s=608266152598311209&z=5450495&g=NO&svar=1666585471&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1666585471&ssk=242b3bc901d0346bfb81a49816e3965e&svarok=1&b=79056&oaid=0d1b002ade6141c1ae2abc4a4f210c75&rdk=rk3
Access-Control-Allow-Origin: http://gtoonfd.com
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=0d1b002ade6141c1ae2abc4a4f210c75; expires=Tue, 24 Oct 2023 04:24:31 GMT; path=/
oaidts=1666585471; expires=Tue, 24 Oct 2023 04:24:31 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
push.services.mozilla.com/
34.215.56.181101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.215.56.181:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: JED98zlMYUXsPnM5rbmJFA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: UR6Z7wIz+SOHCBY6Flhl1GQV2z0=
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 90f7705c8cbceb4abf3cffaf7ffba94f
76732bba8303ffa62aa3b0488d58dbfce2090d28
a22d07961c079346756d2f5c42d0c184408e4a714092b978e5c7e639870caa11
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A22D07961C079346756D2F5C42D0C184408E4A714092B978E5C7E639870CAA11"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2980
Expires: Mon, 24 Oct 2022 05:14:11 GMT
Date: Mon, 24 Oct 2022 04:24:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 65371b9f246e7bdc33dbeb6a9bb8add9
06e305d10711d069212e113f7d0d5ac6d9d94207
94170587b3e28b6f06a2ad9e2865d0c2d30744e957400e3e06bdcf8e2d8d2e52
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94170587B3E28B6F06A2AD9E2865D0C2D30744E957400E3E06BDCF8E2D8D2E52"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5736
Expires: Mon, 24 Oct 2022 06:00:07 GMT
Date: Mon, 24 Oct 2022 04:24:31 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f76770230ad4de4a25c680db4f224357
dfa17db038953518bf1c358c3a2c13a58fc73d66
2ed6ca824224b622233932b640e1fdc125de509a00899c30c5b9f61e30520148
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2ED6CA824224B622233932B640E1FDC125DE509A00899C30C5B9F61E30520148"
Last-Modified: Sat, 22 Oct 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3737
Expires: Mon, 24 Oct 2022 05:26:48 GMT
Date: Mon, 24 Oct 2022 04:24:31 GMT
Connection: keep-alive
unphionetor.com/vctx?t=56193
139.45.197.236200 OK 72 B URL HTTP/2 unphionetor.com/vctx?t=56193
IP 139.45.197.236:0
File type JSON data\012- , ASCII text
Hash 8e4e84f83ebf29b86ce0f495fd6a6523
e3764b294d1ff6f95ad3232b693ed69a6f6e345a
88d858ffb4e4e2d48c1e0921115055c5f068edcd5b87c083728636a04b6c063f
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=56193 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 24 Oct 2022 04:24:31 GMT
content-type: text/plain; charset=utf-8
content-length: 72
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 7af878570bf5a9f1c6c5c3587d5aca87
set-cookie: PRIT[56193]=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
toapodazoay.com/favicon.ico
139.45.197.151204 No Content 0 B URL HTTP/2 toapodazoay.com/favicon.ico
IP 139.45.197.151:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/?rzi=5450495&rsz=5450495&rid=
Cookie: reverse=8k1SXN7CFS7asdLaCICxfpjY9T-9Maa_HiCdw-RJsTU
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 24 Oct 2022 04:24:31 GMT
strict-transport-security: max-age=60
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=56193&bid=79056&aid=608266152598311209
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=56193&bid=79056&aid=608266152598311209
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=56193&bid=79056&aid=608266152598311209 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 24 Oct 2022 04:24:31 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 06783d217da5c81dde83215150110a6f
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3308
Expires: Mon, 24 Oct 2022 05:19:40 GMT
Date: Mon, 24 Oct 2022 04:24:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3308
Expires: Mon, 24 Oct 2022 05:19:40 GMT
Date: Mon, 24 Oct 2022 04:24:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3308
Expires: Mon, 24 Oct 2022 05:19:40 GMT
Date: Mon, 24 Oct 2022 04:24:32 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash bed68ee568e74be152402c71cbf26510
38092ae53739e8ee13362c84df108bad734c4b64
26cd9ff2fb48cc7fb7c83cc325f4cb4713fc442cc4842baa728c570081be0445
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "26CD9FF2FB48CC7FB7C83CC325F4CB4713FC442CC4842BAA728C570081BE0445"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3308
Expires: Mon, 24 Oct 2022 05:19:40 GMT
Date: Mon, 24 Oct 2022 04:24:32 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456d7d5b-fd41-4fa5-8e9e-d89e82b0dc48.jpeg
34.120.237.76200 OK 9.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456d7d5b-fd41-4fa5-8e9e-d89e82b0dc48.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7ad00d9f89cc4d7f29fd53f89b4545f3
c4dbc6b4b8b9cf4f8868ddc060ee731cf43153d7
6d8e82f5aced08627c83945bc8f011bbaea66789427624baaef5104858472ea2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F456d7d5b-fd41-4fa5-8e9e-d89e82b0dc48.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8953
x-amzn-requestid: 5085f7ea-72de-43e0-a670-d221fc6af736
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelBzHcPIAMFpqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b53e-1c4bfd5c56b0af173eb43001;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:22 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: pCvtOb9B5beB4xJFbTvDQxO37bcXmPVCAwUOw7hOZLHTe_W-ii4T6Q==
via: 1.1 7dcaa43cd0535d889b549e6a30a57aa0.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 22:35:31 GMT
etag: "c4dbc6b4b8b9cf4f8868ddc060ee731cf43153d7"
content-type: image/jpeg
age: 20941
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee5168c9-3f97-43d9-a9b4-3b0f415b3bc0.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee5168c9-3f97-43d9-a9b4-3b0f415b3bc0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9983bdfe8dbe8386970aae586bb57575
4c5ff521fec700a1cda73325eebbeb88f97baa39
775d510a8d82ed993085e3d828c33b75eee99db2911b90d6151faf5c2e25b5d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee5168c9-3f97-43d9-a9b4-3b0f415b3bc0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9894
x-amzn-requestid: 8d639b03-49d2-411b-b0ca-39c5dafe21f8
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelOtF6YIAMF-4Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b591-230070a06848d4d90ea4f6ef;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:43:45 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: mYzFAcyUErnaOlGBX0ygFYZ4608EanLq5V4xzX7qCHQRGzkKwwWvHw==
via: 1.1 c7c3cdef911c9ee3c1a83a78f425dc5a.cloudfront.net (CloudFront), 1.1 ee330666adf9f04c8c30094f8ddcd004.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 22:14:18 GMT
age: 22214
etag: "4c5ff521fec700a1cda73325eebbeb88f97baa39"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7361cd7-8ea8-4a4b-8e5a-6e3ef375eb7e.webp
34.120.237.76200 OK 7.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7361cd7-8ea8-4a4b-8e5a-6e3ef375eb7e.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c16ee3c480c8ee5b51b7dd88375649ae
885e2070d3ea7973fd978e1e9c247ce248afdbbb
4086d5476b9f3b6c06535fc588784c19a52008178cbdeccbff4c98497bd8e428
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff7361cd7-8ea8-4a4b-8e5a-6e3ef375eb7e.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7185
x-amzn-requestid: 5bbcd9f1-fa0a-4591-a38c-b472e2ef148f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelC7EZ4oAMFmvA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b545-754aa64e1249811f2c019641;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:29 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: qkk3lDqVtpedvxCxGrNyJVjGIW6-VJqpMgBxHjaRatILglKJ96Tfvg==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2f7934de1dfe281c3e4446892eab6462.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:46:36 GMT
age: 23876
etag: "885e2070d3ea7973fd978e1e9c247ce248afdbbb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F337e2b0e-2813-4291-b863-bbc99409db00.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F337e2b0e-2813-4291-b863-bbc99409db00.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6cd3b0c2f628a973659cdb368dfc64cf
c5097681a4dcff980dc788191356e7e7c21ef3b1
03374811ad045fafd0d6898ef3b1beea094b785e8144f570e2d7e9912773c2a9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F337e2b0e-2813-4291-b863-bbc99409db00.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10380
x-amzn-requestid: 9027dbc2-08da-449f-9a40-59c58169fa28
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelDlG5XIAMFTTw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b549-4dd10f5c123194ff6ce4070f;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 8wGo-DXHbBkHTL0pga_Er5trO69wmUsUc7oOSz4zJ8yskzOVjF98Zg==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 61bc723adb3b1884ed759711e84e13a8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:59:31 GMT
age: 23101
etag: "c5097681a4dcff980dc788191356e7e7c21ef3b1"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
unphionetor.com/fv.js?t=56193&cb=1544324611
139.45.197.236200 OK 14 kB URL HTTP/2 unphionetor.com/fv.js?t=56193&cb=1544324611
IP 139.45.197.236:0
Hash f0ee84398393ee1d72596fa308c36f7e
a9d7158de36a195e9100c8ba5f200af84ed05a73
0f6216d1d34155946c01d295457cbd4885706b28e85a83a57d3311296e231597
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=56193&cb=1544324611 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 24 Oct 2022 04:24:31 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 2acc9bfbcad609583efbd0f8434de7e6
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
ptauxofi.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319
139.45.197.250200 OK 35 kB URL HTTP/2 ptauxofi.net/pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319
IP 139.45.197.250:0
Hash 0f8f09106b774ca2d3f5f72453a79722
a220155f2131923d91244581f0d17c68f8d900a6
7013bca4e809139ef11daa0ff8d8ade9f456ac0e9dde2326bbec674182d16bf0
GET /pfe/current/micro.tag.min.js?sw=/sw-check-permissions/3683319&var=qCqekRDLtEBTXwP&z=3683319 HTTP/1.1
Host: ptauxofi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 24 Oct 2022 04:24:31 GMT
content-type: application/javascript
last-modified: Thu, 20 Oct 2022 16:39:30 GMT
etag: W/"635179c2-126ff"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
go.ad2upapp.com/afu.php?id=792658&rt=1
139.45.197.237302 Moved Temporarily 138 B URL HTTP/1.1 go.ad2upapp.com/afu.php?id=792658&rt=1
IP 139.45.197.237:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /afu.php?id=792658&rt=1 HTTP/1.1
Host: go.ad2upapp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Mon, 24 Oct 2022 04:24:33 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: http://go.deliverymodo.com/afu.php?id=792658&rt=1
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *
go.deliverymodo.com/afu.php?id=792658&rt=1
139.45.197.236200 OK 639 B URL HTTP/1.1 go.deliverymodo.com/afu.php?id=792658&rt=1
IP 139.45.197.236:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d5f1b2dedc6efd94e807d83bd3b99530
38fa2a79602b93173d8db2a59e808c5f7a6f96a5
b8d920f2acc1bcbf9d489a6cd3b6808453476c41347dc381d2baeee11aebcfba
GET /afu.php?id=792658&rt=1 HTTP/1.1
Host: go.deliverymodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 24 Oct 2022 04:24:33 GMT
Content-Type: text/html; charset=utf8
Transfer-Encoding: chunked
Connection: keep-alive
X-Trace-Id: 50425936f1a677eb6ecf7ecf2c5b035b
Link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://www.highperformancegate.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding
Access-Control-Max-Age: 86400
Pragma: no-cache
Cache-Control: no-transform, no-store, no-cache, must-revalidate, max-age=0
Expires: Tue, 11 Jan 1994 10:00:00 GMT
Set-Cookie: OAID=47c3bd95c8a54982ab68fb022ad80f74; expires=Tue, 24 Oct 2023 04:24:33 GMT; path=/
oaidts=1666585473; expires=Tue, 24 Oct 2023 04:24:33 GMT; path=/
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *, *
Content-Encoding: gzip
unphionetor.com/vb?t=56193&bid=79056&aid=608266152598311209&tp=2045
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vb?t=56193&bid=79056&aid=608266152598311209&tp=2045
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vb?t=56193&bid=79056&aid=608266152598311209&tp=2045 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://toapodazoay.com
Connection: keep-alive
Referer: https://toapodazoay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Mon, 24 Oct 2022 04:24:33 GMT
access-control-allow-origin: https://toapodazoay.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 6f5427cab36a0f3a1c1068738c510e55
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
go.deliverymodo.com/favicon.ico
139.45.197.236204 No Content 0 B URL HTTP/1.1 go.deliverymodo.com/favicon.ico
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: go.deliverymodo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cookie: OAID=47c3bd95c8a54982ab68fb022ad80f74; oaidts=1666585473
HTTP/1.1 204 No Content
Server: nginx
Date: Mon, 24 Oct 2022 04:24:33 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Pragma: public
Cache-Control: max-age=315360000, public, must-revalidate, proxy-revalidate
ocsp.sectigo.com/
104.18.32.68200 OK 471 B IP 104.18.32.68:0
Hash a0599e5067cd89e17ce846b26bbd7009
9a505569f65e64258f707f6b991c97bfeece6d05
c922ca1b17506c5995aa0461360d8c08a0189e2bf0c8c48dbb2da23dc22bd2a1
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 24 Oct 2022 04:24:33 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 18:25:22 GMT
Expires: Thu, 27 Oct 2022 18:25:21 GMT
Etag: "9a505569f65e64258f707f6b991c97bfeece6d05"
Cache-Control: max-age=309047,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75eff1886d61fab4-OSL
my.rtmark.net/img.gif?f=merge&userId=47c3bd95c8a54982ab68fb022ad80f74
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=47c3bd95c8a54982ab68fb022ad80f74
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=47c3bd95c8a54982ab68fb022ad80f74 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Mon, 24 Oct 2022 04:24:33 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=47c3bd95c8a54982ab68fb022ad80f74; expires=Tue, 24 Oct 2023 04:24:33 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 420ccf9503f08084c08c44383ea11710
c512dce1155325d6d953c075200244af45f0ba2a
4154b935cb6e4823366790eb4ba998eb89856c2ffac9d67d957b71db2a8bdcca
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4154B935CB6E4823366790EB4BA998EB89856C2FFAC9D67D957B71DB2A8BDCCA"
Last-Modified: Fri, 21 Oct 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5126
Expires: Mon, 24 Oct 2022 05:49:59 GMT
Date: Mon, 24 Oct 2022 04:24:33 GMT
Connection: keep-alive
www.highperformancegate.com/cam2dwqai?key=9b44cd6350a69fb630694c066f2c6a98&psid=792658&rdk=rk1
173.233.137.36200 OK 2.4 kB URL HTTP/1.1 www.highperformancegate.com/cam2dwqai?key=9b44cd6350a69fb630694c066f2c6a98&psid=792658&rdk=rk1
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (339)
Hash bb641eada5490fad66b028e5b7e34395
9e143c856225eef010aba645be6e00cd552904fc
9a5a6bec7117ce5b3cdef4318d8e3f974b08d041ba354ab31905b49e7bec7cf5
Analyzer Verdict Alert quad9 Sinkholed
GET /cam2dwqai?key=9b44cd6350a69fb630694c066f2c6a98&psid=792658&rdk=rk1 HTTP/1.1
Host: www.highperformancegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Mon, 24 Oct 2022 04:24:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17381785; expires=Tue, 25 Oct 2022 04:24:33 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM4MTc4NSwiayI6IjliNDRjZDYzNTBhNjlmYjYzMDY5NGMwNjZmMmM2YTk4Iiwic2lkIjoiNzkyNjU4IiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYwMDE2LCJwaWQiOjI3NzQxNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMywiYWlkIjoyOCwicHQiOjQsInBrIjoiY2FtMmR3cWFpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiIifX0.4Fe1fO5laIg1jCiL4ENBsYzlH4qET8nVymE6vzr31SY; expires=Mon, 24 Oct 2022 04:25:33 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8c1d772cdccec2211b3b6f0dacd5bca8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
www.highperformancegate.com/cam2dwqai?pst=1666585533&rmtc=t&uuid=&pii=&in=false&key=9b44cd6350a69fb630694c066f2c6a98&rdk=rk1&shu=620545248c9639b96c1bca9b4942b77816da244dfa86f6ab089a23c4a6b3fbaeeafa4376327ef64257994a6c1e46060b0e06e7f0656b0969a937587d219e6d37d5ef3fe8dcd94f3140a54da596dad28228bac025b8fceb4b9a7b8b6010b563&fr=0&sw2=1280&sh2=939&sw3=1280&sh3=176&sw4=1280&sh4=939&sw5=1280&sh5=1024&sw6=1280&sh6=1024&sw7=1280&sh7=1002
173.233.137.36302 Found 0 B URL HTTP/1.1 www.highperformancegate.com/cam2dwqai?pst=1666585533&rmtc=t&uuid=&pii=&in=false&key=9b44cd6350a69fb630694c066f2c6a98&rdk=rk1&shu=620545248c9639b96c1bca9b4942b77816da244dfa86f6ab089a23c4a6b3fbaeeafa4376327ef64257994a6c1e46060b0e06e7f0656b0969a937587d219e6d37d5ef3fe8dcd94f3140a54da596dad28228bac025b8fceb4b9a7b8b6010b563&fr=0&sw2=1280&sh2=939&sw3=1280&sh3=176&sw4=1280&sh4=939&sw5=1280&sh5=1024&sw6=1280&sh6=1024&sw7=1280&sh7=1002
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /cam2dwqai?pst=1666585533&rmtc=t&uuid=&pii=&in=false&key=9b44cd6350a69fb630694c066f2c6a98&rdk=rk1&shu=620545248c9639b96c1bca9b4942b77816da244dfa86f6ab089a23c4a6b3fbaeeafa4376327ef64257994a6c1e46060b0e06e7f0656b0969a937587d219e6d37d5ef3fe8dcd94f3140a54da596dad28228bac025b8fceb4b9a7b8b6010b563&fr=0&sw2=1280&sh2=939&sw3=1280&sh3=176&sw4=1280&sh4=939&sw5=1280&sh5=1024&sw6=1280&sh6=1024&sw7=1280&sh7=1002 HTTP/1.1
Host: www.highperformancegate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.highperformancegate.com/cam2dwqai?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=17381785
Cookie: u_pl=17381785; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzM4MTc4NSwiayI6IjliNDRjZDYzNTBhNjlmYjYzMDY5NGMwNjZmMmM2YTk4Iiwic2lkIjoiNzkyNjU4IiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxNjYwMDE2LCJwaWQiOjI3NzQxNywiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozMywiYWlkIjoyOCwicHQiOjQsInBrIjoiY2FtMmR3cWFpIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjc5OTU0MTk2LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6MTgxMTAsIm9uIjoiTGludXgiLCJvdiI6IlVua25vd24iLCJiaWQiOjExNjY3MCwiYm4iOiJGaXJlZm94IiwiYnYiOiI5Ni4wIiwid3YiOmZhbHNlLCJlIjpmYWxzZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiIifX0.4Fe1fO5laIg1jCiL4ENBsYzlH4qET8nVymE6vzr31SY; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.19.5
Date: Mon, 24 Oct 2022 04:24:34 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://eu.pushnow.net/postback/click?key=v2-1666585474265-4-9875-999800-41bf5612-243e-e423-ae87-a72f956b7211
Set-Cookie: pdhtkv=true; expires=Tue, 25 Oct 2022 04:24:34 GMT
uncs=1; expires=Tue, 25 Oct 2022 04:24:34 GMT
pdhtkv28=true; expires=Tue, 25 Oct 2022 04:24:34 GMT
uncs28=1; expires=Tue, 25 Oct 2022 04:24:34 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b74160aa401deb2eaaabefe6e13cd303
Strict-Transport-Security: max-age=0; includeSubdomains
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f3d286ea77724f8672bf8e4d05533dc5
a23b3dbd4687afb928ee53e7389d4a90d8aea4e3
4f9595f3b97c0f7d0d44eb3634caa6fff0c58803601f1e26036f8ac005da5ef4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4F9595F3B97C0F7D0D44EB3634CAA6FFF0C58803601F1E26036F8AC005DA5EF4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8878
Expires: Mon, 24 Oct 2022 06:52:32 GMT
Date: Mon, 24 Oct 2022 04:24:34 GMT
Connection: keep-alive
eu.pushnow.net/postback/click?key=v2-1666585474265-4-9875-999800-41bf5612-243e-e423-ae87-a72f956b7211
38.100.129.195200 OK 2.1 kB URL HTTP/2 eu.pushnow.net/postback/click?key=v2-1666585474265-4-9875-999800-41bf5612-243e-e423-ae87-a72f956b7211
IP 38.100.129.195:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ecb627500897aedcdc8cd37d4e00ffce
77d6e3335ca40dc2421441fb12be626492848d79
d448d4455cc0ddd7ed44dada4a6e8525687b1af52117f799e342d3ebb9a6a7fa
GET /postback/click?key=v2-1666585474265-4-9875-999800-41bf5612-243e-e423-ae87-a72f956b7211 HTTP/1.1
Host: eu.pushnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.highperformancegate.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.15.8.3
date: Mon, 24 Oct 2022 04:24:34 GMT
content-type: text/html;charset=UTF-8
content-length: 2089
X-Firefox-Spdy: h2
eu.pushnow.net/postback/click?key=v2-1666585474265-4-9875-999800-41bf5612-243e-e423-ae87-a72f956b7211&token=da866011c4b3dd42ce0a7a3526576a07&timezone=0&iframe_test=false&webdriver_test=false
38.100.129.195302 Found 0 B URL HTTP/2 eu.pushnow.net/postback/click?key=v2-1666585474265-4-9875-999800-41bf5612-243e-e423-ae87-a72f956b7211&token=da866011c4b3dd42ce0a7a3526576a07&timezone=0&iframe_test=false&webdriver_test=false
IP 38.100.129.195:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /postback/click?key=v2-1666585474265-4-9875-999800-41bf5612-243e-e423-ae87-a72f956b7211&token=da866011c4b3dd42ce0a7a3526576a07&timezone=0&iframe_test=false&webdriver_test=false HTTP/1.1
Host: eu.pushnow.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://eu.pushnow.net/postback/click?key=v2-1666585474265-4-9875-999800-41bf5612-243e-e423-ae87-a72f956b7211
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 302 Found
server: openresty/1.15.8.3
date: Mon, 24 Oct 2022 04:24:34 GMT
content-length: 0
set-cookie: platform_user_id=desktop:7980a459be274bf511db30c901634a36
platform_user_id_3rd_party=desktop:7980a459be274bf511db30c901634a36; SameSite=None; Secure; Max-Age=31556952
location: https://media.bigbasketshop.com/track?q=y9mVqLVe3evR
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
54.230.245.118200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.118:0
Hash bd604e242b6312eca8f32a7ddf3c2381
cc6dca0f37249aa86878ea70e345b33db5de820f
3ce9b21ca4b630d8f87d79ab584c596172b2f023cfe50d63e13d8ab924f96509
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=166697
Date: Mon, 24 Oct 2022 04:24:35 GMT
Etag: "6355fa33-1d7"
Expires: Wed, 26 Oct 2022 02:42:52 GMT
Last-Modified: Mon, 24 Oct 2022 02:36:35 GMT
Server: ECS (nyb/1D11)
X-Cache: Miss from cloudfront
Via: 1.1 db0992ba349fc51d5151ec8330e36c28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ZVqwSjKrSdQE-mozR7Bs4NvqNFxsKiRCSJ19QRhz1OjI0ZNYzbAmvw==
Age: 378
tc.tradetracker.net/?c=31502&m=12&a=416060&r=RA&u=
52.215.33.156301 Moved Permanently 16 kB URL HTTP/2 tc.tradetracker.net/?c=31502&m=12&a=416060&r=RA&u=
IP 52.215.33.156:0
File type gzip compressed data, from Unix\012- data
Hash 5e84dd1d08cf4831cc32b4669e2b3de6
d62bede8ec5218a2b63bd0bad4cfeeb1ec635c1e
e8c89ea827a871e1dd71f6a3a6b93c6d298545038d5aa69c3010acedd0133347
GET /?c=31502&m=12&a=416060&r=RA&u= HTTP/1.1
Host: tc.tradetracker.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.bigbasketshop.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Mon, 24 Oct 2022 04:24:35 GMT
content-type: text/html; charset=UTF-8
location: https://celis.no/
server: nginx
cache-control: no-cache, must-revalidate
set-cookie: uf=sOqTCgKmjYl9hc%2FE8krszm51MW5rWm1NV1licXBCT2ZHVEZmek9aUFBLV1U4MTBBMHBoUWNiSXZsK0w1R2dRelMvaWlKMENTMWNBNUNvY1J6aisraW9pcVl2bjBnOURaeklVcGhnPT0%3D; expires=Tue, 24-Oct-2023 04:24:35 GMT; Max-Age=31536000; path=/; domain=.tradetracker.net; secure; SameSite=None
__tdat31502=MTY2NjU4NTQ3NTo6MTI6OjQxNjA2MDo6UkE6OmY6OmFmZjIyNmVlMjQxYWY5YWE3Zjc4YmEwMzc2NTc0YTky; expires=Wed, 23-Nov-2022 05:24:35 GMT; Max-Age=2595600; path=/; domain=.tradetracker.net; secure; SameSite=None
X-Firefox-Spdy: h2
celis.no/assets/themes/afterburner/css/afterburner.compiled.css?ver=1575982250
193.107.30.42200 OK 39 kB URL HTTP/1.1 celis.no/assets/themes/afterburner/css/afterburner.compiled.css?ver=1575982250
IP 193.107.30.42:0
File type ASCII text, with very long lines (65425)
Hash 59a2ce90ebfbdad3a756b517c0f88ba8
718d9f2514203722d8aad597f5866ce85663399d
7805eb72e4e6ddc49c65a24f4f3d0882889ac0332ef987ccc990081366f3e0b4
GET /assets/themes/afterburner/css/afterburner.compiled.css?ver=1575982250 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: text/css
Content-Length: 38985
Connection: keep-alive
Last-Modified: Tue, 10 Dec 2019 12:50:50 GMT
ETag: "42584-59958f63ddd3a-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/assets/js/modernizr.min-dev.js
193.107.30.42200 OK 4.8 kB URL HTTP/1.1 celis.no/assets/js/modernizr.min-dev.js
IP 193.107.30.42:0
File type HTML document, ASCII text, with very long lines (10835)
Hash b1455783dc6934fc9da050919f63e7b2
e1e7a7a08e141c0ddcbb8a50bae5fc845352515b
f16bfb5663df5cd6d55463eb801edbf74c2acc5375d199ecc21664e757efe3ab
GET /assets/js/modernizr.min-dev.js HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: application/javascript
Content-Length: 4844
Connection: keep-alive
Expires: Mon, 24 Oct 2022 04:24:35 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/icons/shop.png
193.107.30.42200 OK 13 kB URL HTTP/1.1 celis.no/images_hovedside/24/icons/shop.png
IP 193.107.30.42:0
File type PNG image data, 134 x 113, 8-bit/color RGBA, non-interlaced\012- data
Hash db0af4837acf35603da0d5218581bb3a
63fab402cafc21499e7ba03021a3930e3c0a047c
81b79f832d24e0b319bbf0f9520062b6ad262109f70de7e5406aefc09f308705
GET /images_hovedside/24/icons/shop.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/png
Content-Length: 13159
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:04 GMT
ETag: "3367-59c024d54e1f8"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/icons/truck.png
193.107.30.42200 OK 9.1 kB URL HTTP/1.1 celis.no/images_hovedside/24/icons/truck.png
IP 193.107.30.42:0
File type PNG image data, 134 x 98, 8-bit/color RGBA, non-interlaced\012- data
Hash 735b3622549953e0ced0e06f3ac49ef8
ae55158915ef4a74a5de8fa8954c5e146d37caf1
32686c27465c3115e14a079f94efddeca2d6de009bcacd06b6028b37ba758148
GET /images_hovedside/24/icons/truck.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/png
Content-Length: 9131
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:05 GMT
ETag: "23ab-59c024d5e38ac"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/js/slider-cart.js?v=433d4581379f0a04f683c5adbcd86727
193.107.30.42200 OK 144 kB URL HTTP/1.1 celis.no/js/slider-cart.js?v=433d4581379f0a04f683c5adbcd86727
IP 193.107.30.42:0
File type Unicode text, UTF-8 text, with very long lines (54822)
Size 144 kB (144278 bytes)
Hash b4f321dea9ee9d0dec44efc87b3f27a8
e042a9c862a22ec3361bcd2f3af64c7380cea93f
d5fa6cad74c067348bb2e88d272cbbb5216d417e39c56d0ba00d0911ef85e263
GET /js/slider-cart.js?v=433d4581379f0a04f683c5adbcd86727 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 22:35:18 GMT
ETag: "671c3-5ea28f55054ce-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/css/cookie_consent.css
193.107.30.42200 OK 4.4 kB URL HTTP/1.1 celis.no/css/cookie_consent.css
IP 193.107.30.42:0
File type ASCII text, with very long lines (18698), with no line terminators
Hash 166166356a197dc79d7abf95aef97e66
dae0b9bc69625ccf4469b8bcfd45088c712f6cb7
217049ace8de69b61ff92d668ab19c1354716d3c10e7519f415bbd6f694c0900
GET /css/cookie_consent.css HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: text/css
Content-Length: 4431
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 22:35:18 GMT
ETag: "490a-5ea28f54fe76e-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/assets/js/vendor.js?m=1664803414
193.107.30.42200 OK 100 kB URL HTTP/1.1 celis.no/assets/js/vendor.js?m=1664803414
IP 193.107.30.42:0
File type ASCII text, with very long lines (559)
Hash 838ed85ac65d7222122159a9f13e0c21
3de4c539610ae94aded34f5f8f76473bc359dc37
dd89b3d0bb32594c1bcb77f3f2c96c14454b102aa245d202592120e76b1d84fd
GET /assets/js/vendor.js?m=1664803414 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 13:23:34 GMT
ETag: "58774-5ea21401cc180-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
143.204.55.101200 OK 6.1 kB URL HTTP/2 widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js
IP 143.204.55.101:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (19239)
Hash 5add60196e5f96a414fb4b9586764e5d
633f471b3c2fcedeef9cad90cb5bf56f5fe55588
5370f4ba91dda790c7cae92817b812fcbd1ab367cbb4862f5669960ae4e2c9e0
GET /bootstrap/v5/tp.widget.bootstrap.min.js HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/x-javascript
content-length: 6124
last-modified: Mon, 30 May 2022 14:38:02 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Mon, 24 Oct 2022 01:34:28 GMT
cache-control: max-age=86400
etag: "5add60196e5f96a414fb4b9586764e5d"
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CBqp4Y84Vu_TiWqjdWa1fVdiEheJVzpVzmbnvT981ocmevvhMm9jaw==
age: 10208
X-Firefox-Spdy: h2
celis.no/js/cookie_consent.js
193.107.30.42200 OK 6.8 kB URL HTTP/1.1 celis.no/js/cookie_consent.js
IP 193.107.30.42:0
File type ASCII text, with very long lines (1022)
Hash fe0290e5cd3f7b65a629e4207915b7c0
2d3f28169abd3a0faa5fa8a749431a42a33aea83
c5bc71256e67080a533aa8e191e9b377b629406ab12f5c786ba1f523bdd59180
GET /js/cookie_consent.js HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: application/javascript
Content-Length: 6816
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 22:35:18 GMT
ETag: "4de8-5ea28f550452e-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
assets2.24nettbutikk.no/logos/vipps_logo_rgb_trimmed.png
193.107.29.107200 OK 3.5 kB URL HTTP/1.1 assets2.24nettbutikk.no/logos/vipps_logo_rgb_trimmed.png
IP 193.107.29.107:0
File type PNG image data, 126 x 32, 8-bit/color RGBA, non-interlaced\012- data
Hash 08304e6043314b994d728592a20b16f2
898d1c320db91722a7d15f99719716fe5db71715
5ab5c4baf539e790f3e49b4a250599e8854363714f38a7f060b19c7bb845d9e9
GET /logos/vipps_logo_rgb_trimmed.png HTTP/1.1
Host: assets2.24nettbutikk.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 24 Oct 2022 04:23:41 GMT
Content-Type: image/png
Content-Length: 3507
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Last-Modified: Thu, 30 Aug 2018 13:57:05 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Tue, 24 Oct 2023 04:24:35 GMT
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
assets2.24nettbutikk.no/24960style/images/logo/klarna_konto.png
193.107.29.107200 OK 3.4 kB URL HTTP/1.1 assets2.24nettbutikk.no/24960style/images/logo/klarna_konto.png
IP 193.107.29.107:0
File type PNG image data, 100 x 40, 8-bit/color RGBA, non-interlaced\012- data
Hash 73e27a9ea2473b3e22ea7eb69f6abc76
9d9aee22ddd75749035cc78c3e43a7c5aa573ed3
a47bbeff0e3361638a73c958087cd2eab0d49bb90abb47680bd8c747e68d51aa
GET /24960style/images/logo/klarna_konto.png HTTP/1.1
Host: assets2.24nettbutikk.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 24 Oct 2022 04:23:41 GMT
Content-Type: image/png
Content-Length: 3424
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Last-Modified: Thu, 15 Dec 2016 17:46:08 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Tue, 24 Oct 2023 04:24:35 GMT
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 1ea30e37b7f86b7d0a7cb7341087fdc1
2e88a09e17356724c7e0f488d70be82ebc64f55c
bb85d7fbaf1d4c0dc0a7cd27aebc8f21f942bf703896186a765131c80c87f059
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 05ee461624e2ec37f65e859afe6543ba
b99dcb558535d3d35d140e730aeeb41587622b30
576b3bf619d0a152889cc44165a229ad0100ccc319cf4d9044b2f26d4b676658
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4c236f4ca13cd8fafc580bceb0995642
b6a7de7a8d994ed2cfb5ac74b6d7703de515ecdb
671228953eba5b2678df03acebb493e411752c6f5f72ff7f1e485032241d4aeb
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=AW-871076749
142.250.74.168200 OK 53 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=AW-871076749
IP 142.250.74.168:0
File type ASCII text, with very long lines (1588)
Hash 5637162cd0a5aa99a95d8f40fb8789d8
4ac6f93e8392c743d57e90872956d2652f3babd7
552194922c608603fcd3ebdd9346ed597740dadf57b9fea3915a2501a624ee80
GET /gtag/js?id=AW-871076749 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 24 Oct 2022 04:24:35 GMT
expires: Mon, 24 Oct 2022 04:24:35 GMT
cache-control: private, max-age=900
last-modified: Mon, 24 Oct 2022 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 52815
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-0VEB93L6P3
142.250.74.168200 OK 77 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-0VEB93L6P3
IP 142.250.74.168:0
File type ASCII text, with very long lines (21373)
Hash 9c4853be13c9ac01c9cfb40389b34a58
ef89a148c1aa60c5c036d182fb1b33ec71c926a1
5bca76af196f61be2931a04255cf9ea5791b89aaf2b56d702807183de07408fb
GET /gtag/js?id=G-0VEB93L6P3 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 24 Oct 2022 04:24:35 GMT
expires: Mon, 24 Oct 2022 04:24:35 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76630
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
assets2.24nettbutikk.no/24960style/images/logo/posten_bring.png
193.107.29.107200 OK 7.9 kB URL HTTP/1.1 assets2.24nettbutikk.no/24960style/images/logo/posten_bring.png
IP 193.107.29.107:0
File type PNG image data, 155 x 84, 8-bit/color RGBA, non-interlaced\012- data
Hash 39649c575ee9031d6088b5d32fcab958
69afe59a8e08e4fa29841450ae7b3729c60cffd2
d0ee72c420fee38cbba66da4b21fa3f8670faa8619e79ee1e48f1f98573ef31d
GET /24960style/images/logo/posten_bring.png HTTP/1.1
Host: assets2.24nettbutikk.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.4.6 (Ubuntu)
Date: Mon, 24 Oct 2022 04:23:41 GMT
Content-Type: image/png
Content-Length: 7860
Connection: keep-alive
Strict-Transport-Security: max-age=63072000; includeSubdomains;
Last-Modified: Wed, 24 Apr 2019 12:59:31 GMT
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Expires: Tue, 24 Oct 2023 04:24:35 GMT
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/icons/rocket.png
193.107.30.42200 OK 8.2 kB URL HTTP/1.1 celis.no/images_hovedside/24/icons/rocket.png
IP 193.107.30.42:0
File type PNG image data, 134 x 134, 8-bit/color RGBA, non-interlaced\012- data
Hash 03a11e047cb1ece27675a53adb4395ee
ed909f72dd2e9c641ccab20abd3f5c2ef8153783
099c4e1894ed1f05056bbe129734e4eab7c050f6438532b8c91ff081616ae580
GET /images_hovedside/24/icons/rocket.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/png
Content-Length: 8240
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:04 GMT
ETag: "2030-59c024d49685a"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/icons/people.png
193.107.30.42200 OK 18 kB URL HTTP/1.1 celis.no/images_hovedside/24/icons/people.png
IP 193.107.30.42:0
File type PNG image data, 134 x 134, 8-bit/color RGBA, non-interlaced\012- data
Hash d7cd7d1c2173d39fd896413750b0107c
c17f3ad2cc49fffd6f026f55f67657890547e5f7
29b4446f96a73aa06b88e1dffc78c792555b0a5da786b20e933e01e0ee585069
GET /images_hovedside/24/icons/people.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/png
Content-Length: 17921
Connection: keep-alive
Last-Modified: Mon, 13 Jan 2020 09:43:04 GMT
ETag: "4601-59c024d49685a"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/kalendere.jpg?1664521833547
193.107.30.42200 OK 94 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/kalendere.jpg?1664521833547
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 6117904aaf414d4584ce393974a76d5c
ed1b4f3a18201ddd46538a71dd08fda6180566b1
6546732524cfcc8d56b45d1c5052d385bc1c8a89837e524eb40482cd61b08ac2
GET /images_hovedside/24/h%C3%B8stogvinter2022/kalendere.jpg?1664521833547 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/jpeg
Content-Length: 93488
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:36 GMT
ETag: "16d30-5e83a75431a5c"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/j%20(800%20%C3%97%20800%C2%A0px)%20(400%20%C3%97%20400%C2%A0px)%20(800%20%C3%97%20800%C2%A0px)%20(400%20%C3%97%20400%C2%A0px)%20(6).png?1666546092379
193.107.30.42200 OK 192 kB URL HTTP/1.1 celis.no/images_hovedside/j%20(800%20%C3%97%20800%C2%A0px)%20(400%20%C3%97%20400%C2%A0px)%20(800%20%C3%97%20800%C2%A0px)%20(400%20%C3%97%20400%C2%A0px)%20(6).png?1666546092379
IP 193.107.30.42:0
File type PNG image data, 400 x 400, 8-bit/color RGBA, non-interlaced\012- data
Size 192 kB (191809 bytes)
Hash 819913fc8d7e6177874c3bee05911109
862f26c15fdeb15787a7c5644cdae69e0654f2cf
4f51433dbc612e0fd602c03792fcb53513c11a32d9cb31cad3287085430e0304
GET /images_hovedside/j%20(800%20%C3%97%20800%C2%A0px)%20(400%20%C3%97%20400%C2%A0px)%20(800%20%C3%97%20800%C2%A0px)%20(400%20%C3%97%20400%C2%A0px)%20(6).png?1666546092379 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/png
Content-Length: 191809
Connection: keep-alive
Last-Modified: Sun, 23 Oct 2022 17:28:09 GMT
ETag: "2ed41-5ebb6ffababdf"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/vinter2022/bestselgere.jpg?1664783239684
193.107.30.42200 OK 42 kB URL HTTP/1.1 celis.no/images_hovedside/24/vinter2022/bestselgere.jpg?1664783239684
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 676e20376c1fd3d74bb5c9f37c8fb0ef
07f992f99c1ad71a563be019dd6c521c79bd9ad3
5d229dfc80ad8fd41bc251a19b152c3d82957377f49da2ba5f87591f9af079ce
GET /images_hovedside/24/vinter2022/bestselgere.jpg?1664783239684 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/jpeg
Content-Length: 41454
Connection: keep-alive
Last-Modified: Thu, 03 Feb 2022 13:38:02 GMT
ETag: "a1ee-5d71d3e470929"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 1ea30e37b7f86b7d0a7cb7341087fdc1
2e88a09e17356724c7e0f488d70be82ebc64f55c
bb85d7fbaf1d4c0dc0a7cd27aebc8f21f942bf703896186a765131c80c87f059
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:35 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/holdvarmen.jpg?1664521796308
193.107.30.42200 OK 90 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/holdvarmen.jpg?1664521796308
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 1eb5490988b0577a5918e2dcad260ca0
c6dc3555a7723478467c6b9dd598749e12f82dda
22d0ce82b18d9fbcc6b5dd69d6ccdd7cfa05c38b0bb277c68a2a5fe8e1252ed0
GET /images_hovedside/24/h%C3%B8stogvinter2022/holdvarmen.jpg?1664521796308 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/jpeg
Content-Length: 90017
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:36:48 GMT
ETag: "15fa1-5e83a7263082e"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/jul2021/toalettsefw.jpg?1664484518932
193.107.30.42200 OK 210 kB URL HTTP/1.1 celis.no/images_hovedside/24/jul2021/toalettsefw.jpg?1664484518932
IP 193.107.30.42:0
File type JPEG image data, progressive, precision 8, 1250x550, components 3\012- data
Size 210 kB (209526 bytes)
Hash 826b7a18242884759cc4d35c3fc8bbf0
cf23fbd1606a5e68aed3dcc39d41299a83b41216
105a7c66191c0b32cc1e3af8f3c6077a9cfecf1f4450d29dc5e3b74782eac086
GET /images_hovedside/24/jul2021/toalettsefw.jpg?1664484518932 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/jpeg
Content-Length: 209526
Connection: keep-alive
Last-Modified: Thu, 29 Sep 2022 20:48:36 GMT
ETag: "33276-5e9d70053627a"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/drikkeflasker.jpg?1664521782717
193.107.30.42200 OK 116 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/drikkeflasker.jpg?1664521782717
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size 116 kB (115665 bytes)
Hash b9e3d215664abbc4b74cb037912a99c2
795d1e77e564ab72679457f21bf34d1806bff723
f2ccc9df805331af79a2492e9d798d319d46f4d6cae352c5ee86164d7bd2952f
GET /images_hovedside/24/h%C3%B8stogvinter2022/drikkeflasker.jpg?1664521782717 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/jpeg
Content-Length: 115665
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:36:48 GMT
ETag: "1c3d1-5e83a726a1ca6"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/alvene.jpg?1664521818193
193.107.30.42200 OK 111 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/alvene.jpg?1664521818193
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size 111 kB (110810 bytes)
Hash 0768c5094cf972081e403293273a5173
0d0d9f5a1f531bbf6d4dd98b1a7dd1294ac03ee3
ca595433ba6af9ed2aa0e8d53e5082abe20841859985717295168cbf62507213
GET /images_hovedside/24/h%C3%B8stogvinter2022/alvene.jpg?1664521818193 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/jpeg
Content-Length: 110810
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:35 GMT
ETag: "1b0da-5e83a75335b2e"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/bilder_diverse/slide_1664692824.png
193.107.30.42200 OK 1.5 MB URL HTTP/1.1 celis.no/bilder_diverse/slide_1664692824.png
IP 193.107.30.42:0
File type PNG image data, 1406 x 767, 8-bit/color RGBA, non-interlaced\012- data
Size 1.5 MB (1508061 bytes)
Hash bd4605d07ad50b597981caeff4c35e5f
a4ecfeb89e8eabecbade83f948d6973d7ea589a0
6e4f5a46648d803dbf7700934c0f4319cf9060261db7aab2cefb3a6d17fcf00c
GET /bilder_diverse/slide_1664692824.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/png
Content-Length: 1508061
Connection: keep-alive
Last-Modified: Sun, 02 Oct 2022 06:40:24 GMT
ETag: "1702dd-5ea0780732049"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/vinter2022/lager.jpg?1664783352341
193.107.30.42200 OK 84 kB URL HTTP/1.1 celis.no/images_hovedside/24/vinter2022/lager.jpg?1664783352341
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 9aedb6350c1a3a59e3985adc3390b140
6c2e29c00d8f2b50add76188eae191130f907b8e
af7b42dcdf0bdd004c725e77918f6a5ee80078a82888a515ee175498ae7dea54
GET /images_hovedside/24/vinter2022/lager.jpg?1664783352341 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/jpeg
Content-Length: 84333
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 07:48:28 GMT
ETag: "1496d-5ea1c91c1d9e4"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/vinter2022/nyheter.jpg?1664783229456
193.107.30.42200 OK 35 kB URL HTTP/1.1 celis.no/images_hovedside/24/vinter2022/nyheter.jpg?1664783229456
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 9b5eb2d0659c52ea1ed7e1325be17bf5
2e1b249ae7fd76a7969a5659f6582313d79d1926
f56be72773655d66478ed5b512adb2189bf53f51518e180ea6f938392ab642b2
GET /images_hovedside/24/vinter2022/nyheter.jpg?1664783229456 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/jpeg
Content-Length: 34987
Connection: keep-alive
Last-Modified: Thu, 03 Feb 2022 13:38:07 GMT
ETag: "88ab-5d71d3e8e04b8"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/bilder_diverse/slide_1664692281.png
193.107.30.42200 OK 1.6 MB URL HTTP/1.1 celis.no/bilder_diverse/slide_1664692281.png
IP 193.107.30.42:0
File type PNG image data, 1406 x 767, 8-bit/color RGBA, non-interlaced\012- data
Size 1.6 MB (1560625 bytes)
Hash dd613907ded8894cd067a867ad7b7550
17ae4a232ce96d74cb3ae5b23d0388e85fba4984
d02ef2432b25625d69433dd55e4f78b984fad1b34b10bbdf24b725407ffc3cb4
GET /bilder_diverse/slide_1664692281.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/png
Content-Length: 1560625
Connection: keep-alive
Last-Modified: Sun, 02 Oct 2022 06:31:21 GMT
ETag: "17d031-5ea07601ea796"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/vinter2022/plukkogmiks.jpg?1664783379958
193.107.30.42200 OK 105 kB URL HTTP/1.1 celis.no/images_hovedside/24/vinter2022/plukkogmiks.jpg?1664783379958
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Size 105 kB (104561 bytes)
Hash 4881ffb7dd17ad4f21849955522365d4
8c9eb8a92cb00f87a5fc30c4f6f11562c9b00634
5cbf2d0a75ee7cd46c78313b3bc1bb3b716843879b71c30dffd8c789d0c3295e
GET /images_hovedside/24/vinter2022/plukkogmiks.jpg?1664783379958 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/jpeg
Content-Length: 104561
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 07:48:29 GMT
ETag: "19871-5ea1c91ca461b"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/bilder_diverse/1540589626.png
193.107.30.42200 OK 45 kB URL HTTP/1.1 celis.no/bilder_diverse/1540589626.png
IP 193.107.30.42:0
File type PNG image data, 450 x 150, 8-bit/color RGBA, non-interlaced\012- data
Hash b64491f7df2b869702a502b225a07e0e
5228403f00878b1ff1a2cb26fb572f7620183c10
5c51f468680f9ce41b25e59cb9602dbc16ad62cdef5468b27f251c8e7bbc6c16
GET /bilder_diverse/1540589626.png HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:36 GMT
Content-Type: image/png
Content-Length: 45051
Connection: keep-alive
Last-Modified: Fri, 26 Oct 2018 21:33:46 GMT
ETag: "affb-57928796a1581"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/vinter2022/99marked.jpg?1664783316706
193.107.30.42200 OK 70 kB URL HTTP/1.1 celis.no/images_hovedside/24/vinter2022/99marked.jpg?1664783316706
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash e6078db9952600fe44da27c6c2fb9416
9787d0ac984fc0108ec36713b4242fcf2b40ad80
c66892e713f6ed18b461fb5ffb8fc022185fdb0512480c83be5c5ac0d3151089
GET /images_hovedside/24/vinter2022/99marked.jpg?1664783316706 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:36 GMT
Content-Type: image/jpeg
Content-Length: 70222
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 13:10:25 GMT
ETag: "1124e-5e83e44f281ec"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/hostferie.jpg?1664522065057
193.107.30.42200 OK 89 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/hostferie.jpg?1664522065057
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash 438e10193057723055022e854cd97824
1451a20816dd919569c18bef1c0a6a2bbd5e7bea
5ce193ba239f304784b4e50b05b27e7270d74d88c7685c732d5b9f170926f0d9
GET /images_hovedside/24/h%C3%B8stogvinter2022/hostferie.jpg?1664522065057 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:36 GMT
Content-Type: image/jpeg
Content-Length: 88878
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:36:49 GMT
ETag: "15b2e-5e83a72717f3d"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/assets/js/fbremarketing.js?4b8a936472fbca5bed11
193.107.30.42200 OK 754 B URL HTTP/1.1 celis.no/assets/js/fbremarketing.js?4b8a936472fbca5bed11
IP 193.107.30.42:0
Hash e76c45545671cece5ad7531d3832c50d
f26e0e3b80d30486b6ffaa5f54a0187da8fd352f
1085896e2ed2470bb080f0824199227b33b5f531ab7472ce1f9c8f742513f118
GET /assets/js/fbremarketing.js?4b8a936472fbca5bed11 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited; javascript=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:36 GMT
Content-Type: application/javascript
Content-Length: 754
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 13:23:34 GMT
ETag: "6a8-5ea21401cc180-gzip"
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Encoding: gzip
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
fonts.googleapis.com/css?family=Noto+Sans:400,700|Bitter:400,700,400italic
142.250.74.10200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css?family=Noto+Sans:400,700|Bitter:400,700,400italic
IP 142.250.74.10:0
Hash 6e9be0f5ecd59ee76931bae038870423
92a0be3600a49f6e4357e392157f155adb38fb4a
54c2ecb987b0c4908d790cde3ccd539f57bbdf1273b9d32ec3fea0e987b4da15
GET /css?family=Noto+Sans:400,700|Bitter:400,700,400italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 24 Oct 2022 04:24:35 GMT
date: Mon, 24 Oct 2022 04:24:35 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
celis.no/images_hovedside/24/h%C3%B8stogvinter2022/seogblisett.jpg?1664522101424
193.107.30.42200 OK 62 kB URL HTTP/1.1 celis.no/images_hovedside/24/h%C3%B8stogvinter2022/seogblisett.jpg?1664522101424
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 650x500, components 3\012- data
Hash f50ad33a09061ef72f7d36fff05585ea
3046d2212e6090b5a07b563daf84cfc3f738dd07
9d6cde05e391150fdd8518ad626d34d5b65bdecadeee8811c4d2b3700dfacb7b
GET /images_hovedside/24/h%C3%B8stogvinter2022/seogblisett.jpg?1664522101424 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:36 GMT
Content-Type: image/jpeg
Content-Length: 61821
Connection: keep-alive
Last-Modified: Fri, 09 Sep 2022 08:37:38 GMT
ETag: "f17d-5e83a755a5b61"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/images_hovedside/24/jul2021/1.jpg?1664483910767
193.107.30.42200 OK 233 kB URL HTTP/1.1 celis.no/images_hovedside/24/jul2021/1.jpg?1664483910767
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1250x550, components 3\012- data
Size 233 kB (233430 bytes)
Hash 0f4e6d99161f9f61062c6cbf2c5d4063
6bc662034bd330360b5b3b92af04c7370108df57
de51cb933d157348391261e3649d290b916becc9d603c8ad20d68ca3d553a228
GET /images_hovedside/24/jul2021/1.jpg?1664483910767 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:36 GMT
Content-Type: image/jpeg
Content-Length: 233430
Connection: keep-alive
Last-Modified: Thu, 04 Nov 2021 13:44:28 GMT
ETag: "38fd6-5cff6b9beb450"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/assets2/fonts/pioneer/pioneer.ttf?tl2cf7
193.107.30.42200 OK 7.2 kB URL HTTP/1.1 celis.no/assets2/fonts/pioneer/pioneer.ttf?tl2cf7
IP 193.107.30.42:0
File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, pioneer \012- data
Hash c17564efd9d2cffc62799399f8ce99d8
43fa0947a23e3f276500d27bda03f9e280c550bf
524b61f6b815524da2899a33ed926a242e1df31a9d8ddc0a46482f61d3bc92b7
GET /assets2/fonts/pioneer/pioneer.ttf?tl2cf7 HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/assets/themes/afterburner/css/afterburner.compiled.css?ver=1575982250
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited; javascript=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:36 GMT
Content-Length: 7236
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 22:35:18 GMT
ETag: "1c44-5ea28f550646e"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
celis.no/bilder_diverse/slide_1666470199.jpg
193.107.30.42200 OK 343 kB URL HTTP/1.1 celis.no/bilder_diverse/slide_1666470199.jpg
IP 193.107.30.42:0
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1550x850, components 3\012- data
Size 343 kB (343334 bytes)
Hash 0bdad3d90e671f7acbb4eec560a62677
83ef3cf2599daa0a26afdfeab7c47157ca4bbdfe
800aac1a2e9bfdc6141f06e3066ee94d6aec0c58cb4f69c21932bb0925f19080
GET /bilder_diverse/slide_1666470199.jpg HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:36 GMT
Content-Type: image/jpeg
Content-Length: 343334
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 20:23:19 GMT
ETag: "53d26-5eba554407f06"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
sc-static.net/scevent.min.js
54.230.82.240200 OK 8.8 kB URL HTTP/2 sc-static.net/scevent.min.js
IP 54.230.82.240:0
File type ASCII text, with very long lines (25360), with no line terminators
Hash e9a9d4e245fb5df1ac33be19306752e8
246e5996a63a71ce325dff7ca6c9ef71f324b62f
64211912b65ff9a15aa212c8e8f5d4e60b86629d305c130f8824eb55837b8d4a
GET /scevent.min.js HTTP/1.1
Host: sc-static.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript;charset=utf-8
content-length: 8764
server: CloudFront
date: Mon, 24 Oct 2022 04:24:36 GMT
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-headers: Content-Type
cache-control: private, s-maxage=0, max-age=600
set-cookie: X-AB=0d6e407936704bd380072f5891d28b0e;max-age=86400;expires=Tue, 25 Oct 2022 04:14:21 GMT;Path=/scevent.min.js; Secure; SameSite=None
x-cache: LambdaGeneratedResponse from cloudfront
via: 1.1 fc5e625db631bc657fc73f189d53fa14.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: YrZlVNyqNAJJVPK7uUbMRNcFjta-9AkCSN77K-P7Wm_C8WJUwuPmZw==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ffbfbd6d5d1e91af3c02313339eed0d0
df6457b655ac278fe32f3015bba4cff22dae5b2d
1991ca3e854e53f89b92ce93e01e6094f815b1d2c7c31e664481760211ac200a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/bitter/v28/rax8HiqOu8IVPmn7f4xp.woff2
216.58.207.195200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/bitter/v28/rax8HiqOu8IVPmn7f4xp.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 30896, version 1.0\012- data
Hash a7332c352b59e1d882b5770b68ed9db5
6a4b2b9a2b35ae86769e0c6a0a6decbf67300db6
c470360f2548fb327562d8ce35185a96f59ab6daeb56c0d45ab712b63de848da
GET /s/bitter/v28/rax8HiqOu8IVPmn7f4xp.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://celis.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30896
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 22 Oct 2022 00:03:08 GMT
expires: Sun, 22 Oct 2023 00:03:08 GMT
cache-control: public, max-age=31536000
age: 188488
last-modified: Fri, 24 Jun 2022 18:46:28 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
216.58.207.195200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 12684, version 1.0\012- data
Hash 0c235386bcf6af06f67e6c89fd19e434
10720574d4609322023984a761f32f9518c07bc4
c1c30918a861cb6a985ab55d54ad7e861682354197f164cb3b7194f20eed67ac
GET /s/notosans/v27/o-0NIpQlx3QUlC5A4PNjXhFVZNyB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://celis.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12684
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 17 Oct 2022 21:03:15 GMT
expires: Tue, 17 Oct 2023 21:03:15 GMT
cache-control: public, max-age=31536000
age: 544881
last-modified: Mon, 09 May 2022 18:28:04 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
216.58.207.195200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 12860, version 1.0\012- data
Hash ab21c24efd75543e16e34807ebc6cdec
eb2562f9729079333fbcbbe94868695669dd3301
88f00438d26021a325247c4427898f7c778a22976df9f1a9d9876429778bf265
GET /s/notosans/v27/o-0IIpQlx3QUlC5A4PNr5TRA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://celis.no
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 17 Oct 2022 21:03:13 GMT
expires: Tue, 17 Oct 2023 21:03:13 GMT
cache-control: public, max-age=31536000
age: 544883
last-modified: Mon, 09 May 2022 18:27:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash ffbfbd6d5d1e91af3c02313339eed0d0
df6457b655ac278fe32f3015bba4cff22dae5b2d
1991ca3e854e53f89b92ce93e01e6094f815b1d2c7c31e664481760211ac200a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:36 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
celis.no/favicon.ico
193.107.30.42200 OK 0 B IP 193.107.30.42:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited; javascript=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:36 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 0
Connection: keep-alive
Last-Modified: Wed, 10 Aug 2016 22:32:33 GMT
ETag: "0-539bf39b2f663"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
143.204.55.101200 OK 3.3 kB URL HTTP/2 widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
IP 143.204.55.101:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (12963)
Hash 2922a85ce6caf46f828c097bf7aa1036
afedbac8e6480a8c59cc6ca3359381731f75795b
12d369c3d585d564678ed15f99b53dad29faa1e05475825ccd0e8f4c50cfb779
GET /trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0 HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/html
content-length: 3267
last-modified: Tue, 04 Oct 2022 10:24:57 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Mon, 24 Oct 2022 04:21:12 GMT
cache-control: max-age=86400
etag: "2922a85ce6caf46f828c097bf7aa1036"
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qVu2tB-iGeiY3tw6_ubIvorQ_w7qVSz0a-SlwNZd25LeTZJr7h2y2w==
age: 205
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 24 Oct 2022 02:41:09 GMT
expires: Mon, 24 Oct 2022 04:41:09 GMT
cache-control: public, max-age=7200
age: 6207
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 40a0c5d9e49870c90a89926a94827939
e944e76746842d210828bc5a7a055eaf52c1a40d
65dcf57709742ef1f069704fac573a16a3914bfe67b584be454ce5ff418b9a40
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5531
Cache-Control: max-age=164654
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:36 GMT
Etag: "6355de17-1d7"
Expires: Wed, 26 Oct 2022 02:08:50 GMT
Last-Modified: Mon, 24 Oct 2022 00:36:39 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
celis.no/bilder_diverse/slide_1664984381.gif
193.107.30.42200 OK 4.4 MB URL HTTP/1.1 celis.no/bilder_diverse/slide_1664984381.gif
IP 193.107.30.42:0
File type GIF image data, version 89a, 1406 x 767\012- data
Size 4.4 MB (4389850 bytes)
Hash 99236f5170bb15bf1682807452b0169c
81a6184a70a1ab8d960b5a4a495d4b6ab80ebf1b
018ed12d97b1bdf13d7fc19d4cde969f97b3661d84bb167eeca610924e149da6
GET /bilder_diverse/slide_1664984381.gif HTTP/1.1
Host: celis.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Cookie: 24nb=eyJpdiI6IkQ3T1BRQlFxRHNlZ3NTY3dFVWZMOWc9PSIsInZhbHVlIjoiQWI0UVwvYWFPSUE0QnlzYTNDaU9OeFJHdUlxdEFvRnlhRnBBSlp0b2VBbGJSVnlJZFBSb3NmWk1DNGw4ZjJpSklnSGZKeVA5MHhiR3NsWE16bnpwb0pRPT0iLCJtYWMiOiIzNjVjYzlmZjAxYjQ5ZDdjMjZmODk1MDJiZWE0NjQ5M2MyYjQyNmI2MjcwZDU0YjFlMTliYTMyNzAxNGIzNjIwIn0%3D; 24db790=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22db8c2a09e729fc8a12b5695a5987d8a6%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22193.107.30.42%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A68%3A%22Mozilla%2F5.0+%28X11%3B+Linux+x86_64%3B+rv%3A96.0%29+Gecko%2F20100101+Firefox%2F96.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1666585475%3B%7Ddb12316e8695c9df9849e2ab5c6eb900; popup_module=visited
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.12.2
Date: Mon, 24 Oct 2022 04:24:35 GMT
Content-Type: image/gif
Content-Length: 4389850
Connection: keep-alive
Last-Modified: Wed, 05 Oct 2022 15:39:41 GMT
ETag: "42fbda-5ea4b62a3104b"
Accept-Ranges: bytes
Strict-Transport-Security: max-age=63072000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
connect.facebook.net/en_US/fbevents.js
157.240.221.16200 OK 27 kB URL HTTP/2 connect.facebook.net/en_US/fbevents.js
IP 157.240.221.16:0
File type ASCII text, with very long lines (64348)
Hash 71875f848896ee82a106224e048bd060
277a624e507dff2cd9cff104aa0c5618ca76e105
a22635e404a419027fc88eee705d254910d05d481953733d5e1fda4bc6ab3c5b
GET /en_US/fbevents.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: application/x-javascript; charset=utf-8
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
x-fb-rlafr: 0
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
pragma: public
cache-control: public, max-age=1200
expires: Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options: nosniff
x-xss-protection: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
x-fb-debug: 066UPeSQeFfJlLKM/Jo47aybd4qNVi2IB7VeqffzvmnZQdDHzFazqzPZCy1bb+B8teBJh4yqMHsEpCgaQCrPzg==
content-length: 27027
x-fb-trip-id: 1679558926
date: Mon, 24 Oct 2022 04:24:36 GMT
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/main.js
143.204.55.101200 OK 30 kB URL HTTP/2 widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/main.js
IP 143.204.55.101:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (64281), with no line terminators
Hash 5b76b943a9533254775b33e002b1c884
4c884b91ed0762c5380da136c5d09edb9b4fbd14
003b5a563be7a0444ca3be97ace94a5b4ec478009ffa159767c5873ee61e5bdb
GET /trustboxes/53aa8912dec7e10d38f59f36/main.js HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/x-javascript
content-length: 29756
last-modified: Tue, 04 Oct 2022 10:24:58 GMT
x-amz-server-side-encryption: AES256
content-encoding: gzip
accept-ranges: bytes
server: AmazonS3
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Sun, 23 Oct 2022 12:15:04 GMT
cache-control: max-age=86400
etag: "5b76b943a9533254775b33e002b1c884"
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: AIOwDLlbjzwFi3rjKigVlgcht0QYbbpQ7Tp0lnGr_OpiTKsp__LtxA==
age: 58173
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 824126ba460978b26e51bbefa77ba83e
1118bf44441420936c009f69db0f1f96883d30f0
3d0a942268e4987a05a4c449f0b67685225112e30f75c5c30fb58e5a839bafd9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4649
Cache-Control: max-age=96116
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Etag: "6354d5d0-1d7"
Expires: Tue, 25 Oct 2022 07:06:33 GMT
Last-Modified: Sun, 23 Oct 2022 05:49:04 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 40a0c5d9e49870c90a89926a94827939
e944e76746842d210828bc5a7a055eaf52c1a40d
65dcf57709742ef1f069704fac573a16a3914bfe67b584be454ce5ff418b9a40
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5532
Cache-Control: max-age=164654
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Etag: "6355de17-1d7"
Expires: Wed, 26 Oct 2022 02:08:51 GMT
Last-Modified: Mon, 24 Oct 2022 00:36:39 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 824126ba460978b26e51bbefa77ba83e
1118bf44441420936c009f69db0f1f96883d30f0
3d0a942268e4987a05a4c449f0b67685225112e30f75c5c30fb58e5a839bafd9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5585
Cache-Control: max-age=97052
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Etag: "6354d5d0-1d7"
Expires: Tue, 25 Oct 2022 07:22:09 GMT
Last-Modified: Sun, 23 Oct 2022 05:49:04 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 824126ba460978b26e51bbefa77ba83e
1118bf44441420936c009f69db0f1f96883d30f0
3d0a942268e4987a05a4c449f0b67685225112e30f75c5c30fb58e5a839bafd9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5792
Cache-Control: max-age=97259
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Etag: "6354d5d0-1d7"
Expires: Tue, 25 Oct 2022 07:25:36 GMT
Last-Modified: Sun, 23 Oct 2022 05:49:04 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 471
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 824126ba460978b26e51bbefa77ba83e
1118bf44441420936c009f69db0f1f96883d30f0
3d0a942268e4987a05a4c449f0b67685225112e30f75c5c30fb58e5a839bafd9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4953
Cache-Control: max-age=96420
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Etag: "6354d5d0-1d7"
Expires: Tue, 25 Oct 2022 07:11:37 GMT
Last-Modified: Sun, 23 Oct 2022 05:49:04 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 471 B IP 142.250.74.35:0
Hash c560beed39cecb5417cb24d408e854bd
8128cbbdbb9357227cff89cf4a0825d62e1821cd
a116fd57470c119c471df4fa54525043cddf2cd4d1c91eaf450155a2293d26f8
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tr.snapchat.com/cm/i?pid=ac51940d-7a99-45df-8891-baebc7fa9a8d&u_scsid=d83a6759-f224-4549-b206-e2de711ca4d2&u_sclid=6ef8a13f-c2c0-4346-af7f-ebf087522967
35.190.43.134200 OK 0 B URL HTTP/2 tr.snapchat.com/cm/i?pid=ac51940d-7a99-45df-8891-baebc7fa9a8d&u_scsid=d83a6759-f224-4549-b206-e2de711ca4d2&u_sclid=6ef8a13f-c2c0-4346-af7f-ebf087522967
IP 35.190.43.134:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/i?pid=ac51940d-7a99-45df-8891-baebc7fa9a8d&u_scsid=d83a6759-f224-4549-b206-e2de711ca4d2&u_sclid=6ef8a13f-c2c0-4346-af7f-ebf087522967 HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 24 Oct 2022 04:24:37 GMT
content-type: text/html
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 0
x-envoy-upstream-service-time: 0
server: API Gateway
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
widget.trustpilot.com/trustbox-data/53aa8912dec7e10d38f59f36?businessUnitId=5eb01c7a50715800017033f0&locale=nb-NO&reviewLanguages=nb&reviewStars=4%2C5&includeReviews=true&reviewsPerPage=15
143.204.55.101200 OK 2.1 kB URL HTTP/2 widget.trustpilot.com/trustbox-data/53aa8912dec7e10d38f59f36?businessUnitId=5eb01c7a50715800017033f0&locale=nb-NO&reviewLanguages=nb&reviewStars=4%2C5&includeReviews=true&reviewsPerPage=15
IP 143.204.55.101:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (7363), with no line terminators
Hash 60fd37ac27e9fb1240ff09cd85f3201e
a72ed25dcd65268513dd71125450ed965bc6c468
01d9578e7093442608cf89fa7701a9bb23558cc7cbdaf67644b649fbe939cfdf
GET /trustbox-data/53aa8912dec7e10d38f59f36?businessUnitId=5eb01c7a50715800017033f0&locale=nb-NO&reviewLanguages=nb&reviewStars=4%2C5&includeReviews=true&reviewsPerPage=15 HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Connection: keep-alive
Referer: https://widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-type: application/json; charset=utf-8
content-length: 2055
content-encoding: gzip
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-fallback-status: BYPASS
x-skip-cache-cookie: 0
x-xss-protection: 1; mode=block
date: Mon, 24 Oct 2022 04:09:29 GMT
cache-control: public,max-age=1800
etag: "1cdbaba210bd479ae7eca3c900385c50"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: FOz27zK7NE5yQGmH6Q2f2AUQ5-H1gBVE6M8pbcf5NBLnsi9iICjbfQ==
age: 978
X-Firefox-Spdy: h2
www.google.com/pagead/conversion_async.js
142.250.74.164200 OK 15 kB URL HTTP/2 www.google.com/pagead/conversion_async.js
IP 142.250.74.164:0
File type ASCII text, with very long lines (1654)
Hash 24fd6c715f1f63277e70251543da72e3
df812f6fc49802cdae539755e361201fa061ebc6
1c2948cf01342a560e7f3669ec3fbe69c4d565ee5e13d0873f89422b8c7c2503
GET /pagead/conversion_async.js HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Mon, 24 Oct 2022 04:24:37 GMT
expires: Mon, 24 Oct 2022 04:24:37 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 10463233247470928422
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 15169
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tr.snapchat.com/p
35.190.43.134200 OK 68 B IP 35.190.43.134:0
File type PNG image data, 1 x 1, 8-bit/color RGBA, non-interlaced\012- data
Hash c4a2b870062c2bb98c500bc1526c0498
528666ccdb12997358077bc8fcdbfb6b825c7788
2aa4fa20701cdd6d8d56046069001186b5267e3ee7d0ef618ad2f4a683723e11
POST /p HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data; boundary=---------------------------34203368761786932007689241565
Content-Length: 2373
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 24 Oct 2022 04:24:37 GMT
access-control-allow-origin: https://celis.no
cache-control: no-cache, no-transform
set-cookie: sc_at=v2|H4sIAAAAAAAAAAXBgQ0AIAgDsItIUBnDcxTiFRxvW7mThiV1oWK5rhwGRBGPWmc+zO7h7ggY2foBoct/9TIAAAA=;SameSite=None;Version=1;Comment=;Domain=.snapchat.com;Path=/;Max-Age=33696000;Secure
content-type: text/html
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 68
x-envoy-upstream-service-time: 6
server: API Gateway
access-control-allow-credentials: true
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 824126ba460978b26e51bbefa77ba83e
1118bf44441420936c009f69db0f1f96883d30f0
3d0a942268e4987a05a4c449f0b67685225112e30f75c5c30fb58e5a839bafd9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4649
Cache-Control: max-age=96116
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Etag: "6354d5d0-1d7"
Expires: Tue, 25 Oct 2022 07:06:33 GMT
Last-Modified: Sun, 23 Oct 2022 05:49:04 GMT
Server: ECS (ska/F70A)
X-Cache: HIT
Content-Length: 471
widget.trustpilot.com/stats/TrustboxImpression?locale=nb-NO&styleHeight=140px&styleWidth=100%25&theme=light&stars=4%2C5&reviewLanguages=nb&url=https%3A%2F%2Fcelis.no%2F&referrer=https%3A%2F%2Fmedia.bigbasketshop.com%2F&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&language=en-US&platform=Linux%20x86_64&nosettings=1&businessUnitId=5eb01c7a50715800017033f0&widgetId=53aa8912dec7e10d38f59f36
143.204.55.101204 No Content 0 B URL HTTP/2 widget.trustpilot.com/stats/TrustboxImpression?locale=nb-NO&styleHeight=140px&styleWidth=100%25&theme=light&stars=4%2C5&reviewLanguages=nb&url=https%3A%2F%2Fcelis.no%2F&referrer=https%3A%2F%2Fmedia.bigbasketshop.com%2F&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&language=en-US&platform=Linux%20x86_64&nosettings=1&businessUnitId=5eb01c7a50715800017033f0&widgetId=53aa8912dec7e10d38f59f36
IP 143.204.55.101:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stats/TrustboxImpression?locale=nb-NO&styleHeight=140px&styleWidth=100%25&theme=light&stars=4%2C5&reviewLanguages=nb&url=https%3A%2F%2Fcelis.no%2F&referrer=https%3A%2F%2Fmedia.bigbasketshop.com%2F&userAgent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&language=en-US&platform=Linux%20x86_64&nosettings=1&businessUnitId=5eb01c7a50715800017033f0&widgetId=53aa8912dec7e10d38f59f36 HTTP/1.1
Host: widget.trustpilot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-type: application/x-www-form-urlencoded
Connection: keep-alive
Referer: https://widget.trustpilot.com/trustboxes/53aa8912dec7e10d38f59f36/index.html?templateId=53aa8912dec7e10d38f59f36&businessunitId=5eb01c7a50715800017033f0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 204 No Content
cache-control: no-store,no-cache
date: Mon, 24 Oct 2022 04:24:36 GMT
pragma: no-cache
server: Kestrel
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
x-cache: Miss from cloudfront
via: 1.1 475d4ecb64796af058573c6f1048e898.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: m4Fz7iESPPcZS_yxaNS8hap1WBmkwmPXPsz5fjcUZewXw8EG7JCoUg==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 7dbe328751574db3465bc8c4f745a487
661ca1463bea33b14bec8f6669dacb2f1ffb78c1
95b3e76c084b00b1d5ca6e02551a48d645b0eae239313b46cfb3468d62b08193
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 03d42e3245268a9d8f602cacf5a4404e
59b42c91ab2ec67086f549de3d47d45560b91fc7
6e88b2d135f33b12b5c8e244ea0ba75dc6acef16aeb0069a87141e49dd4b7ec9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 03d42e3245268a9d8f602cacf5a4404e
59b42c91ab2ec67086f549de3d47d45560b91fc7
6e88b2d135f33b12b5c8e244ea0ba75dc6acef16aeb0069a87141e49dd4b7ec9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 03d42e3245268a9d8f602cacf5a4404e
59b42c91ab2ec67086f549de3d47d45560b91fc7
6e88b2d135f33b12b5c8e244ea0ba75dc6acef16aeb0069a87141e49dd4b7ec9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-85161377-1&cid=1602669690.1666585476&jid=442152417&gjid=2123511447&_gid=1792988559.1666585476&_u=IEDAAEABAAAAACAAI~&z=1928708367
173.194.222.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-85161377-1&cid=1602669690.1666585476&jid=442152417&gjid=2123511447&_gid=1792988559.1666585476&_u=IEDAAEABAAAAACAAI~&z=1928708367
IP 173.194.222.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-85161377-1&cid=1602669690.1666585476&jid=442152417&gjid=2123511447&_gid=1792988559.1666585476&_u=IEDAAEABAAAAACAAI~&z=1928708367 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://celis.no
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 24 Oct 2022 04:24:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-24343184-8&cid=1602669690.1666585476&jid=419892334&gjid=374627956&_gid=1792988559.1666585476&_u=IEDAAEAAAAAAACAAI~&z=885797616
173.194.222.156200 OK 4 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-24343184-8&cid=1602669690.1666585476&jid=419892334&gjid=374627956&_gid=1792988559.1666585476&_u=IEDAAEAAAAAAACAAI~&z=885797616
IP 173.194.222.156:0
File type ASCII text, with no line terminators
Hash 48c0473b7821185d937e685216e2168b
3743e47f8a429a5e87b86cb582d78940733d9d2e
570c4d4674fd20602189c548c145ba1f8ac34bc2e4599a71471969028aa1e25a
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j98&tid=UA-24343184-8&cid=1602669690.1666585476&jid=419892334&gjid=374627956&_gid=1792988559.1666585476&_u=IEDAAEAAAAAAACAAI~&z=885797616 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://celis.no
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 24 Oct 2022 04:24:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
tr.snapchat.com/init?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d
35.190.43.134200 OK 1.2 kB URL HTTP/2 tr.snapchat.com/init?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d
IP 35.190.43.134:0
File type JSON data\012- , ASCII text, with very long lines (2550), with no line terminators
Hash 00c19a40a09c702485f3c02c97ffe763
542f8c9f1c44ebeb40f86f9ec7f215176132d1eb
f4c6167c0b15fb36c894719c41a451972fe7f66fe6c22b9ec2b2e1e63980e66d
GET /init?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://celis.no/
Origin: https://celis.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 24 Oct 2022 04:24:37 GMT
access-control-allow-origin: https://celis.no
content-type: application/json
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-envoy-upstream-service-time: 0
content-encoding: gzip
vary: Accept-Encoding
server: API Gateway
access-control-allow-credentials: true
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 03d42e3245268a9d8f602cacf5a4404e
59b42c91ab2ec67086f549de3d47d45560b91fc7
6e88b2d135f33b12b5c8e244ea0ba75dc6acef16aeb0069a87141e49dd4b7ec9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 03d42e3245268a9d8f602cacf5a4404e
59b42c91ab2ec67086f549de3d47d45560b91fc7
6e88b2d135f33b12b5c8e244ea0ba75dc6acef16aeb0069a87141e49dd4b7ec9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4db1e2a30c82c0ccc424718f6d5656e1
a7b34cd14cb1b934ebcfdcd635e0c09b36824331
5cd5426ef1b527f81e060510b8684313acf5aba276fe41a592011d86b8d92e05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.no/pagead/1p-user-list/871076749/?random=1666585476640&cv=9&fst=1666584000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=13&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcelis.no%2F&ref=https%3A%2F%2Fmedia.bigbasketshop.com%2F&tiba=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&async=1&fmt=3&is_vtc=1&random=4214280248&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/pagead/1p-user-list/871076749/?random=1666585476640&cv=9&fst=1666584000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=13&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcelis.no%2F&ref=https%3A%2F%2Fmedia.bigbasketshop.com%2F&tiba=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&async=1&fmt=3&is_vtc=1&random=4214280248&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /pagead/1p-user-list/871076749/?random=1666585476640&cv=9&fst=1666584000000&num=1&bg=ffffff&guid=ON&u_h=1024&u_w=1280&u_ah=1002&u_aw=1280&u_cd=24&u_his=13&u_tz=0&u_java=false&u_nplug=0&u_nmime=0>m=2oaaj0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fcelis.no%2F&ref=https%3A%2F%2Fmedia.bigbasketshop.com%2F&tiba=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&async=1&fmt=3&is_vtc=1&random=4214280248&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 24 Oct 2022 04:24:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
media.bigbasketshop.com/track?q=y9mVqLVe3evR
172.67.218.148200 OK 366 B URL HTTP/2 media.bigbasketshop.com/track?q=y9mVqLVe3evR
IP 172.67.218.148:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9fb17fddf60b08ff6e5875be4089e0f6
66b01409a4317b43bc0a93b47d099057115c6314
e8e438479a5a1591b599b4fce20af13fdf615bd1cd68eb43e71389897cc67b35
GET /track?q=y9mVqLVe3evR HTTP/1.1
Host: media.bigbasketshop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://eu.pushnow.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 24 Oct 2022 04:24:34 GMT
content-type: text/html
referrer-policy: origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4e03JJ%2FTUoWiph%2Fj2Q2ASitEUPTx7BaqtvSD9Z1n9BoEM3vRnsl7NETOGIj%2B82H0Irut%2FRrFf1beYX%2B5VerPhuoMzYhfipmi%2FwMptikkT8nW2FVDBemRW595ZDWzUcj2kHzq7B5c4kIk6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75eff1910a140af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-0VEB93L6P3>m=2oeaj0&_p=1108424832&cid=1602669690.1666585476&ul=en-us&sr=1280x1024&_s=1&sid=1666585476&sct=1&seg=0&dl=https%3A%2F%2Fcelis.no%2F&dr=https%3A%2F%2Fmedia.bigbasketshop.com%2F&dt=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&en=page_view&_fv=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-0VEB93L6P3>m=2oeaj0&_p=1108424832&cid=1602669690.1666585476&ul=en-us&sr=1280x1024&_s=1&sid=1666585476&sct=1&seg=0&dl=https%3A%2F%2Fcelis.no%2F&dr=https%3A%2F%2Fmedia.bigbasketshop.com%2F&dt=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&en=page_view&_fv=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-0VEB93L6P3>m=2oeaj0&_p=1108424832&cid=1602669690.1666585476&ul=en-us&sr=1280x1024&_s=1&sid=1666585476&sct=1&seg=0&dl=https%3A%2F%2Fcelis.no%2F&dr=https%3A%2F%2Fmedia.bigbasketshop.com%2F&dt=Celis.no%20-%20Pynt%2C%20accessories%2C%20julebutikk%20og%20mye%20mer&en=page_view&_fv=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://celis.no
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://celis.no
date: Mon, 24 Oct 2022 04:24:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-85161377-1&cid=1602669690.1666585476&jid=442152417&_u=IEDAAEABAAAAACAAI~&z=1098522143
142.250.74.3200 OK 42 B URL HTTP/2 www.google.no/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-85161377-1&cid=1602669690.1666585476&jid=442152417&_u=IEDAAEABAAAAACAAI~&z=1098522143
IP 142.250.74.3:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
GET /ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j98&tid=UA-85161377-1&cid=1602669690.1666585476&jid=442152417&_u=IEDAAEABAAAAACAAI~&z=1098522143 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Mon, 24 Oct 2022 04:24:37 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash 4db1e2a30c82c0ccc424718f6d5656e1
a7b34cd14cb1b934ebcfdcd635e0c09b36824331
5cd5426ef1b527f81e060510b8684313acf5aba276fe41a592011d86b8d92e05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 24 Oct 2022 04:24:37 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/tr/?id=363070558056973&ev=PageView&dl=https%3A%2F%2Fcelis.no%2F&rl=https%3A%2F%2Fmedia.bigbasketshop.com%2F&if=false&ts=1666585476862&sw=1280&sh=1024&v=2.9.87&r=stable&ec=0&o=30&fbp=fb.1.1666585476861.327608400&it=1666585476555&coo=false&rqm=GET
157.240.221.35200 OK 0 B URL HTTP/2 www.facebook.com/tr/?id=363070558056973&ev=PageView&dl=https%3A%2F%2Fcelis.no%2F&rl=https%3A%2F%2Fmedia.bigbasketshop.com%2F&if=false&ts=1666585476862&sw=1280&sh=1024&v=2.9.87&r=stable&ec=0&o=30&fbp=fb.1.1666585476861.327608400&it=1666585476555&coo=false&rqm=GET
IP 157.240.221.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr/?id=363070558056973&ev=PageView&dl=https%3A%2F%2Fcelis.no%2F&rl=https%3A%2F%2Fmedia.bigbasketshop.com%2F&if=false&ts=1666585476862&sw=1280&sh=1024&v=2.9.87&r=stable&ec=0&o=30&fbp=fb.1.1666585476861.327608400&it=1666585476555&coo=false&rqm=GET HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Mon, 24 Oct 2022 04:24:37 GMT
X-Firefox-Spdy: h2
toapodazoay.com/?l=qCqekRDLtEBTXwP&s=608266152598311209&z=5450495&g=NO&svar=1666585471&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1666585471&ssk=242b3bc901d0346bfb81a49816e3965e&svarok=1&b=79056&oaid=0d1b002ade6141c1ae2abc4a4f210c75&rdk=rk3
139.45.197.151200 OK 0 B URL HTTP/2 toapodazoay.com/?l=qCqekRDLtEBTXwP&s=608266152598311209&z=5450495&g=NO&svar=1666585471&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1666585471&ssk=242b3bc901d0346bfb81a49816e3965e&svarok=1&b=79056&oaid=0d1b002ade6141c1ae2abc4a4f210c75&rdk=rk3
IP 139.45.197.151:0
GET /?l=qCqekRDLtEBTXwP&s=608266152598311209&z=5450495&g=NO&svar=1666585471&ba=0&dm=0&ep=0&vi=0&vo=0&i18db=0&tr=default&svar=1666585471&ssk=242b3bc901d0346bfb81a49816e3965e&svarok=1&b=79056&oaid=0d1b002ade6141c1ae2abc4a4f210c75&rdk=rk3 HTTP/1.1
Host: toapodazoay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 24 Oct 2022 04:24:31 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.25
set-cookie: reverse=8k1SXN7CFS7asdLaCICxfpjY9T-9Maa_HiCdw-RJsTU; expires=Mon, 24-Oct-2022 05:24:31 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
tr.snapchat.com/collector/is_enabled?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d&tld=no
35.190.43.134200 OK 0 B URL HTTP/2 tr.snapchat.com/collector/is_enabled?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d&tld=no
IP 35.190.43.134:0
GET /collector/is_enabled?pids=ac51940d-7a99-45df-8891-baebc7fa9a8d&tld=no HTTP/1.1
Host: tr.snapchat.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://celis.no/
Origin: https://celis.no
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 24 Oct 2022 04:24:37 GMT
access-control-allow-origin: https://celis.no
content-type: application/json
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-envoy-upstream-service-time: 0
content-encoding: gzip
vary: Accept-Encoding
server: API Gateway
access-control-allow-credentials: true
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
client.24nettbutikk.chat/embed.js
143.204.55.112200 OK 0 B URL HTTP/2 client.24nettbutikk.chat/embed.js
IP 143.204.55.112:0
GET /embed.js HTTP/1.1
Host: client.24nettbutikk.chat
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://celis.no/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
last-modified: Fri, 16 Sep 2022 18:39:07 GMT
server: AmazonS3
content-encoding: gzip
date: Mon, 24 Oct 2022 04:17:14 GMT
cache-control: public,max-age=600
etag: W/"8bbb378e6ea1fc5ce869b8af9ad3111f"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5voCVAHHVIZir4lVrZyK8WS0WPUJNBrYnlmIwXGoa6bMWGDN-lqklg==
age: 442
x-xss-protection: 1; mode=block
referrer-policy: same-origin
content-security-policy: default-src 'self'; base-uri 'none'; object-src 'none'; img-src * data:; form-action 'none'; block-all-mixed-content; connect-src *; style-src 'self' *.gstatic.com *.googleapis.com; font-src 'self' *.gstatic.com *.googleapis.com; worker-src 'self' blob:; child-src 'self' blob:; script-src 'self' *.liveleader.com *.lr-ingest.io *.googletagmanager.com *.google-analytics.com *.gstatic.com; frame-src 'self' *.liveleader.com *.amazonaws.com; frame-ancestors *;
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
permissions-policy: accelerometer=(), autoplay=(), camera=(self), cross-origin-isolated=(), display-capture=(self), document-domain=(), encrypted-media=(), fullscreen=(self), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(self), midi=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(), sync-xhr=(), usb=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(self), idle-detection=(self), serial=()
X-Firefox-Spdy: h2
cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5450494&axcusid1=&clid={ymid}&r=http%3A%2F%2Fgtoonfd.com%2Flink%3Fz%3D5450494%26var%3D%26ymid%3D7Ux4QzYyBuNPfdYhUsBfQB%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=7402
188.114.96.1200 OK 0 B URL HTTP/2 cdntechone.com/r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5450494&axcusid1=&clid={ymid}&r=http%3A%2F%2Fgtoonfd.com%2Flink%3Fz%3D5450494%26var%3D%26ymid%3D7Ux4QzYyBuNPfdYhUsBfQB%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=7402
IP 188.114.96.1:0
GET /r.html?axcid=e7ddf874-40d2-43d7-b8fd-56541bff0853&axtsid=5450494&axcusid1=&clid={ymid}&r=http%3A%2F%2Fgtoonfd.com%2Flink%3Fz%3D5450494%26var%3D%26ymid%3D7Ux4QzYyBuNPfdYhUsBfQB%26acb%3Dproxy-smart-link&axcusid2=Smartlink&axadvid=1053995&axcamid=7402 HTTP/1.1
Host: cdntechone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 24 Oct 2022 04:24:30 GMT
content-type: text/html
last-modified: Tue, 18 Oct 2022 14:05:52 GMT
link: <https://datatechone.com/>; rel=preconnect; crossorigin, <https://datatechonert.com/>; rel=preconnect; crossorigin
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ttgLD%2Bsv%2FoFznnF1VmgIJvH3E4YLp1mVH%2BKU8MgqhH8kbcojolGzZwJfYg4iol2jYLOHDWGGlC6oCsr4n1sySMUaxcdWzVdZOwLVEhOuQpCIJZd213eI69QMhUS%2BKQ0JnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75eff174af350b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2